Feedback
Table Of Contents
ip tcp compression-connections
show ip tcp header-compression
ip mtu
To set the maximum transmission unit (MTU) size of IP packets sent on an interface, use the ip mtu interface configuration command. To restore the default MTU size, use the no form of this command.
ip mtu bytes
no ip mtu
Syntax Description
Defaults
Minimum is 128 bytes; maximum depends on the interface medium.
Command Modes
Interface configuration
Command History
Usage Guidelines
If an IP packet exceeds the MTU set for the interface, the Cisco IOS software will fragment it.
All devices on a physical medium must have the same protocol MTU in order to operate.
Note
Changing the MTU value (with the mtu interface configuration command) can affect the IP MTU value. If the current IP MTU value is the same as the MTU value, and you change the MTU value, the IP MTU value will be modified automatically to match the new MTU. However, the reverse is not true; changing the IP MTU value has no effect on the value for the mtu command.
Examples
The following example sets the maximum IP packet size for the first serial interface to 300 bytes:
interface serial 0ip mtu 300Related Commands
ip redirects
To enable the sending of Internet Control Message Protocol (ICMP) redirect messages if the Cisco IOS software is forced to resend a packet through the same interface on which it was received, use the ip redirects interface configuration command. To disable the sending of redirect messages, use the no form of this command.
ip redirects
no ip redirects
Syntax Description
This command has no arguments or keywords.
Defaults
Enabled
Command Modes
Interface configuration
Command History
Usage Guidelines
Previously, if the Hot Standby Router Protocol (HSRP) was configured on an interface, ICMP redirect messages were disabled by default for the interface. With Cisco IOS Release 12.1(3)T, ICMP redirect messages are enabled by default if HSRP is configured.
Examples
The following example enables the sending of ICMP redirect messages on Ethernet interface 0:
interface ethernet 0ip redirectsRelated Commands
ip source-route
To allow the Cisco IOS software to handle IP datagrams with source routing header options, use the ip source-route global configuration command. To have the software discard any IP datagram containing a source-route option, use the no form of this command.
ip source-route
no ip source-route
Syntax Description
This command has no arguments or keywords.
Defaults
Enabled
Command Modes
Global configuration
Command History
Examples
The following example enables the handling of IP datagrams with source routing header options:
ip source-routeRelated Commands
ip tcp chunk-size
To alter the TCP maximum read size for Telnet or rlogin, use the ip tcp chunk-size global configuration command. To restore the default value, use the no form of this command.
ip tcp chunk-size characters
no ip tcp chunk-size
Syntax Description
Defaults
0, which Telnet and rlogin interpret as the largest possible 32-bit positive number.
Command Modes
Global configuration
Command History
Usage Guidelines
It is unlikely you will need to change the default value.
Examples
The following example sets the maximum TCP read size to 64,000 bytes:
ip tcp chunk-size 64000ip tcp compression-connections
To specify the total number of TCP header compression connections that can exist on an interface, use the ip tcp compression-connections interface configuration command. To restore the default, use the no form of this command.
ip tcp compression-connections number
no ip tcp compression-connections number
Syntax Description
number
Number of TCP header compression connections the cache supports, in the range from 3 to 1000. The default is 32 connections (16 calls).
Defaults
The default number is 32 connections.
Command Modes
Interface configuration
Command History
Usage Guidelines
You should configure one connection for each TCP connection through the specified interface.
Each connection sets up a compression cache entry, so you are in effect specifying the maximum number of cache entries and the size of the cache. Too few cache entries for the specified interface can lead to degraded performance, and too many cache entries can lead to wasted memory.
Note
Examples
The following example sets the first serial interface for header compression with a maximum of ten cache entries:
interface serial 0ip tcp header-compressionip tcp compression-connections 10Related Commands
ip rtp header-compression
Enables RTP header compression.
Enables TCP header compression.
show ip rtp header-compression
Displays RTP header compression statistics.
ip tcp header-compression
To enable TCP header compression, use the ip tcp header-compression interface configuration command. To disable compression, use the no form of this command.
ip tcp header-compression [passive]
no ip tcp header-compression [passive]
Syntax Description
Defaults
Disabled
Command Modes
Interface configuration
Command History
Usage Guidelines
You can compress the headers of your TCP/IP packets in order to reduce the size of your packets. TCP header compression is supported on serial lines using Frame Relay, HDLC, or PPP encapsulation. You must enable compression on both ends of a serial connection. RFC 1144 specifies the compression process. Compressing the TCP header can speed up Telnet connections dramatically. In general, TCP header compression is advantageous when your traffic consists of many small packets, not for traffic that consists of large packets. Transaction processing (usually using terminals) tends to use small packets and file transfers use large packets. This feature only compresses the TCP header, so it has no effect on UDP packets or other protocol headers.
When compression is enabled, fast switching is disabled. This condition means that fast interfaces like T1 can overload the router. Consider the traffic characteristics of your network before using this command.
Examples
The following example sets the first serial interface for header compression with a maximum of ten cache entries:
interface serial 0ip tcp header-compressionip tcp compression-connections 10Related Commands
Specifies the total number of header compression connections that can exist on an interface.
ip tcp mss
To enable a maximum segment size (MSS) for TCP connections originating or terminating on a router, use the ip tcp mss command in global configuration mode. To disable the configuration of the MSS, use the no form of this command.
ip tcp mss mss-value
no ip tcp mss mss-value
Syntax Description
Defaults
This command is disabled.
Command Modes
Global configuration
Command History
12.0(05)S
This command was introduced.
12.1
This command was integrated into Cisco IOS Release 12.1.
Usage Guidelines
If this command is not enabled, the MSS value of 536 bytes is used if the destination is not on a LAN, otherwise the MSS value is 1460 for a local destination.
For connections originating from a router, the specified value is used directly as an MSS option in the synchronize (SYN) segment. For connections terminating on a router, the value is used only if the incoming SYN segment has an MSS option value higher than the configured value. Otherwise the incoming value is used as the MSS option in the SYN/acknowledge (ACK) segment.
Note
Examples
The following example sets the MSS value at 250:
ip tcp mss 250Related Commands
ip tcp header-compression
Specifies the total number of header compression connections that can exist on an interface.
ip tcp path-mtu-discovery
To enable the Path MTU Discovery feature for all new TCP connections from the router, use the ip tcp path-mtu-discovery global configuration command. To disable the function, use the no form of this command.
ip tcp path-mtu-discovery [age-timer {minutes | infinite}]
no ip tcp path-mtu-discovery [age-timer {minutes | infinite}]
Syntax Description
Defaults
Disabled. If enabled, the default minutes value is 10 minutes.
Command Modes
Global configuration
Command History
10.3
This command was introduced.
11.2
The age-timer and infinite keywords were added.
Usage Guidelines
Path MTU Discovery is a method for maximizing the use of available bandwidth in the network between the endpoints of a TCP connection. It is described in RFC 1191. Existing connections are not affected when this feature is turned on or off.
Customers using TCP connections to move bulk data between systems on distinct subnets would benefit most by enabling this feature.
The age timer is a time interval for how often TCP re-estimates the path MTU with a larger MSS. When the age timer is used, TCP path MTU becomes a dynamic process. If the MSS used for the connection is smaller than what the peer connection can handle, a larger MSS is tried every time the age timer expires. The discovery process is stopped when either the send MSS is as large as the peer negotiated, or the user has disabled the timer on the router. You can turn off the age timer by setting it to infinite.
Examples
The following example enables Path MTU Discovery:
ip tcp path-mtu-discoveryip tcp queuemax
To alter the maximum TCP outgoing queue per connection, use the ip tcp queuemax global configuration command. To restore the default value, use the no form of this command.
ip tcp queuemax packets
no ip tcp queuemax
Syntax Description
packets
Outgoing queue size of TCP packets. The default value is 5 segments if the connection has a TTY associated with it. If no TTY is associated with it, the default value is 20 segments.
Defaults
The default value is 5 segments if the connection has a TTY associated with it. If no TTY is associated with it, the default value is 20 segments.
Command Modes
Global configuration
Command History
Usage Guidelines
Changing the default value changes the 5 segments, not the 20 segments.
Examples
The following example sets the maximum TCP outgoing queue to 10 packets:
ip tcp queuemax 10ip tcp selective-ack
To enable TCP selective acknowledgment, use the ip tcp selective-ack global configuration command. To disable TCP selective acknowledgment, use the no form of this command.
ip tcp selective-ack
no ip tcp selective-ack
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
TCP might not experience optimal performance if multiple packets are lost from one window of data. With the limited information available from cumulative acknowledgments, a TCP sender can learn about only one lost packet per round-trip time. An aggressive sender could resend packets early, but such re-sent segments might have already been received.
The TCP selective acknowledgment mechanism helps overcome these limitations. The receiving TCP returns selective acknowledgment packets to the sender, informing the sender about data that has been received. The sender can then resend only the missing data segments.
TCP selective acknowledgment improves overall performance. The feature is used only when a multiple number of packets drop from a TCP window. There is no performance impact when the feature is enabled but not used.
This command becomes effective only on new TCP connections opened after the feature is enabled.
This feature must be disabled if you want TCP header compression. You might disable this feature if you have severe TCP problems.
Refer to RFC 2018 for more detailed information on TCP selective acknowledgment.
Examples
The following example enables the router to send and receive TCP selective acknowledgments:
ip tcp selective-ackRelated Commands
ip tcp synwait-time
To set a period of time the Cisco IOS software waits while attempting to establish a TCP connection before it times out, use the ip tcp synwait-time global configuration command. To restore the default time, use the no form of this command.
ip tcp synwait-time seconds
no ip tcp synwait-time seconds
Syntax Description
seconds
Time (in seconds) the software waits while attempting to establish a TCP connection. It can be an integer from 5 to 300 seconds. The default is 30 seconds.
Defaults
The default time is 30 seconds.
Command Modes
Global configuration
Command History
Usage Guidelines
In versions previous to Cisco IOS software Release 10.0, the system would wait a fixed 30 seconds when attempting to establish a TCP connection. If your network contains Public Switched Telephone Network (PSTN) dial-on-demand routing (DDR), the call setup time may exceed 30 seconds. This amount of time is not sufficient in networks that have dialup asynchronous connections because it will affect your ability to Telnet over the link (from the router) if the link must be brought up. If you have this type of network, you might want to set this value to the UNIX value of 75.
Because this is a host parameter, it does not pertain to traffic going through the router, just for traffic originated at this device. Because UNIX has a fixed 75-second timeout, hosts are unlikely to experience this problem.
Examples
The following example configures the Cisco IOS software to continue attempting to establish a TCP connection for 180 seconds:
ip tcp synwait-time 180ip tcp timestamp
To enable TCP time stamp, use the ip tcp timestamp global configuration command. To disable TCP time stamp, use the no form of this command.
ip tcp timestamp
no ip tcp timestamp
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
TCP time stamp improves round-trip time estimates. Refer to RFC 1323 for more detailed information on TCP time stamp.
This feature must be disabled if you want to use TCP header compression.
Examples
The following example enables the router to send TCP time stamps:
ip tcp timestampRelated Commands
ip tcp window-size
To alter the TCP window size, use the ip tcp window-size global configuration command. To restore the default value, use the no form of this command.
ip tcp window-size bytes
no ip tcp window-size
Syntax Description
Defaults
The default size is 2144 bytes.
Command Modes
Global configuration
Command History
Usage Guidelines
Do not use this command unless you clearly understand why you want to change the default value.
If your TCP window size is set to 1000 bytes, for example, you could have 1 packet of 1000 bytes or 2 packets of 500 bytes, and so on. However, there is also a limit on the number of packets allowed in the window. There can be a maximum of 5 packets if the connection has TTY; otherwise there can be 20 packets.
Examples
The following example sets the TCP window size to 1000 bytes:
ip tcp window-size 1000ip unreachables
To enable the generation of Internet Control Message Protocol (ICMP) unreachable messages, use the ip unreachables interface configuration command. To disable this function, use the no form of this command.
ip unreachables
no ip unreachables
Syntax Description
This command has no arguments or keywords.
Defaults
Enabled
Command Modes
Interface configuration
Command History
Usage Guidelines
If the Cisco IOS software receives a nonbroadcast packet destined for itself that uses a protocol it does not recognize, it sends an ICMP unreachable message to the source.
If the software receives a datagram that it cannot deliver to its ultimate destination because it knows of no route to the destination address, it replies to the originator of that datagram with an ICMP host unreachable message.
This command affects all types of ICMP unreachable messages.
Examples
The following example enables the generation of ICMP unreachable messages, as appropriate, on an interface:
interface ethernet 0ip unreachablespermit (IP)
To set conditions for a named IP access list, use the permit access-list configuration command. To remove a condition from an access list, use the no form of this command.
permit source [source-wildcard]
no permit source [source-wildcard]
permit protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]
no permit protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]
Internet Control Message Protocol (ICMP)
For ICMP, you can also use the following syntax:
permit icmp source source-wildcard destination destination-wildcard [icmp-type [icmp-code] | icmp-message] [precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]
Internet Group Management Protocol (IGMP)
For IGMP, you can also use the following syntax:
permit igmp source source-wildcard destination destination-wildcard [igmp-type] [precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]
Transmission Control Protocol (TCP)
For TCP, you can also use the following syntax:
permit tcp source source-wildcard [operator [port]] destination destination-wildcard [operator [port]] [established] [precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]
User Datagram Protocol UDP)
For UDP, you can also use the following syntax:
permit udp source source-wildcard [operator [port]] destination destination-wildcard [operator [port]] [precedence precedence] [tos tos] [log] [time-range time-range-name] [fragments]
Syntax Description
source
Number of the network or host from which the packet is being sent. There are three alternative ways to specify the source:
•
•
•
source-wildcard
Wildcard bits to be applied to source. There are three alternative ways to specify the source wildcard:
•
•
•
protocol
Name or number of an Internet protocol. It can be one of the keywords eigrp, gre, icmp, igmp, igrp, ip, ipinip, nos, ospf, tcp, or udp, or an integer in the range from 0 to 255 representing an Internet protocol number. To match any Internet protocol (including ICMP, TCP, and UDP), use the ip keyword. Some protocols allow further qualifiers described later.
destination
Number of the network or host to which the packet is being sent. There are three alternative ways to specify the destination:
•
•
•
destination-wildcard
Wildcard bits to be applied to the destination. There are three alternative ways to specify the destination wildcard:
•
•
•
precedence precedence
(Optional) Packets can be filtered by precedence level, as specified by a number from 0 to 7 or by name as listed in the section "Usage Guidelines."
tos tos
(Optional) Packets can be filtered by type of service (ToS) level, as specified by a number from 0 to 15, or by name as listed in the section "Usage Guidelines" of the access-list (IP extended) command.
log
(Optional) Causes an informational logging message about the packet that matches the entry to be sent to the console. (The level of messages logged to the console is controlled by the logging console command.)
The message includes the access list number, whether the packet was permitted or denied; the protocol, whether it was TCP, UDP, ICMP or a number; and, if appropriate, the source and destination addresses and source and destination port numbers. The message is generated for the first packet that matches, and then at 5-minute intervals, including the number of packets permitted or denied in the prior 5-minute interval.
Use the ip access-list log-update command to generate logging messages when the number of matches reaches a configurable threshold (rather than waiting for a 5-minute interval). See the ip access-list log-update command for more information.
The logging facility might drop some logging message packets if there are too many to be handled or if there is more than one logging message to be handled in 1 second. This behavior prevents the router from crashing due to too many logging packets. Therefore, the logging facility should not be used as a billing tool or an accurate source of the number of matches to an access list.
If you enable CEF and then create an access list that uses the log keyword, the packets that match the access list are not CEF switched. They are fast switched. Logging disables CEF.
time-range time-range-name
(Optional) Name of the time range that applies to this permit statement. The name of the time range and its restrictions are specified by the time-range and absolute or periodic commands, respectively.
icmp-type
(Optional) ICMP packets can be filtered by ICMP message type. The type is a number from 0 to 255.
icmp-code
(Optional) ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code. The code is a number from 0 to 255.
icmp-message
(Optional) ICMP packets can be filtered by an ICMP message type name or ICMP message type and code name. The possible names are found in the section "Usage Guidelines" of the access-list (IP extended) command.
igmp-type
(Optional) IGMP packets can be filtered by IGMP message type or message name. A message type is a number from 0 to 15. IGMP message names are listed in the section "Usage Guidelines" of the access-list (IP extended) command.
operator
(Optional) Compares source or destination ports. Possible operands include lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range).
If the operator is positioned after the source and source-wildcard, it must match the source port.
If the operator is positioned after the destination and destination-wildcard, it must match the destination port.
The range operator requires two port numbers. All other operators require one port number.
port
(Optional) The decimal number or name of a TCP or UDP port. A port number is a number from 0 to 65535. TCP and UDP port names are listed in the section "Usage Guidelines" of the access-list (IP extended) command.
TCP port names can only be used when filtering TCP. UDP port names can only be used when filtering UDP.
established
(Optional) For the TCP protocol only: Indicates an established connection. A match occurs if the TCP datagram has the ACK or RST bits set. The nonmatching case is that of the initial TCP datagram to form a connection.
fragments
(Optional) The access list entry applies to noninitial fragments of packets; the fragment is either permitted or denied accordingly. For more details about the fragments keyword, see the "Access List Processing of Fragments" and "Fragments and Policy Routing" sections in the "Usage Guidelines" section.
Defaults
There are no specific conditions under which a packet passes the named access list.
Command Modes
Access-list configuration
Command History
11.2
This command was introduced.
12.0(1)T
The time-range time-range-name keyword and argument were added.
12.0(11) and 12.1(2)
The fragments keyword was added.
Usage Guidelines
Use this command following the ip access-list command to define the conditions under which a packet passes the access list.
The time-range option allows you to identify a time range by name. The time-range, absolute, and periodic commands specify when this permit statement is in effect.
Access List Processing of Fragments
The behavior of access-list entries regarding the use or lack of the fragments keyword can be summarized as follows:
Be aware that you should not simply add the fragments keyword to every access list entry because the first fragment of the IP packet is considered a nonfragment and is treated independently of the subsequent fragments. An initial fragment will not match an access list permit or deny entry that contains the fragments keyword, the packet is compared to the next access list entry, and so on, until it is either permitted or denied by an access list entry that does not contain the fragments keyword. Therefore, you may need two access list entries for every deny entry. The first deny entry of the pair will not include the fragments keyword, and applies to the initial fragment. The second deny entry of the pair will include the fragments keyword and applies to the subsequent fragments. In the cases where there are multiple deny access list entries for the same host but with different Layer 4 ports, a single deny access-list entry with the fragments keyword for that host is all that needs to be added. Thus all the fragments of a packet are handled in the same manner by the access list.
Packet fragments of IP datagrams are considered individual packets and each counts individually as a packet in access list accounting and access list violation counts.
Note
Fragments and Policy Routing
Fragmentation and the fragment control feature affect policy routing if the policy routing is based on the match ip address command and the access list had entries that match on Layer 4 through 7 information. It is possible that noninitial fragments pass the access list and are policy routed, even if the first fragment was not policy routed or the reverse.
By using the fragments keyword in access list entries as described earlier, a better match between the action taken for initial and noninitial fragments can be made and it is more likely policy routing will occur as intended.
Examples
The following example sets conditions for a standard access list named Internetfilter:
ip access-list standard Internetfilterdeny 192.5.34.0 0.0.0.255permit 128.88.0.0 0.0.255.255permit 36.0.0.0 0.255.255.255! (Note: all other access implicitly denied)The following example permits Telnet traffic on Mondays, Tuesdays, and Fridays from 9:00 a.m. to 5:00 p.m.:
time-range testingperiodic Monday Tuesday Friday 9:00 to 17:00!ip access-list extended legalpermit tcp any any eq telnet time-range testing!interface ethernet 0ip access-group legal inRelated Commands
remark
To write a helpful comment (remark) for an entry in a named IP access list, use the remark access-list configuration command. To remove the remark, use the no form of this command.
remark remark
no remark remark
Syntax Description
Defaults
The access list entries have no remarks.
Command Modes
Standard named or extended named access-list configuration
Command History
Usage Guidelines
The remark can be up to 100 characters long; anything longer is truncated.
If you want to write a comment about an entry in a numbered IP access list, use the access-list remark command.
Examples
In the following example, the Jones subnet is not allowed to use outbound Telnet:
ip access-list extended telnettingremark Do not allow Jones subnet to telnet outdeny tcp host 171.69.2.88 any eq telnetRelated Commands
show access-lists
To display the contents of current access lists, use the show access-lists privileged EXEC command.
show access-lists [access-list-number | access-list-name]
Syntax Description
access-list-number
(Optional) Number of the access list to display. The system displays all access lists by default.
access-list-name
(Optional) Name of the IP access list to display.
Defaults
The system displays all access lists.
Command Modes
Privileged EXEC
Command History
10.0
This command was introduced.
12.1(5)T
The command output was modified to identify compiled access lists.
Examples
The following is sample output from the show access-lists command when access list 101 is specified:
Router# show access-lists 101Extended IP access list 101permit tcp host 198.92.32.130 any established (4304 matches) check=5permit udp host 198.92.32.130 any eq domain (129 matches)permit icmp host 198.92.32.130 anypermit tcp host 198.92.32.130 host 171.69.2.141 gt 1023permit tcp host 198.92.32.130 host 171.69.2.135 eq smtp (2 matches)permit tcp host 198.92.32.130 host 198.92.30.32 eq smtppermit tcp host 198.92.32.130 host 171.69.108.33 eq smtppermit udp host 198.92.32.130 host 171.68.225.190 eq syslogpermit udp host 198.92.32.130 host 171.68.225.126 eq syslogdeny ip 150.136.0.0 0.0.255.255 224.0.0.0 15.255.255.255deny ip 171.68.0.0 0.1.255.255 224.0.0.0 15.255.255.255 (2 matches) check=1deny ip 172.24.24.0 0.0.1.255 224.0.0.0 15.255.255.255deny ip 192.82.152.0 0.0.0.255 224.0.0.0 15.255.255.255deny ip 192.122.173.0 0.0.0.255 224.0.0.0 15.255.255.255deny ip 192.122.174.0 0.0.0.255 224.0.0.0 15.255.255.255deny ip 192.135.239.0 0.0.0.255 224.0.0.0 15.255.255.255deny ip 192.135.240.0 0.0.7.255 224.0.0.0 15.255.255.255deny ip 192.135.248.0 0.0.3.255 224.0.0.0 15.255.255.255An access list counter counts how many packets are allowed by each line of the access list. This number is displayed as the number of matches. Check denotes how many times a packet was compared to the access list but did not match.
The following is sample output from the show access-lists command when the Turbo Access Control List (ACL) feature is configured on all of the following access lists.
Note
Router# show access-listsStandard IP access list 1 (Compiled)deny anyStandard IP access list 2 (Compiled)deny 192.168.0.0, wildcard bits 0.0.0.255permit anyStandard IP access list 3 (Compiled)deny 0.0.0.0deny 192.168.0.1, wildcard bits 0.0.0.255permit anyStandard IP access list 4 (Compiled)permit 0.0.0.0permit 192.168.0.2, wildcard bits 0.0.0.255For information on how to configure access lists, refer to the "Configuring IP Services" chapter of the Cisco IOS IP Configuration Guide.
For information on how to configure dynamic access lists, refer to the "Traffic Filtering and Firewalls" chapter of the Cisco IOS Security Configuration Guide.
Related Commands
show access-list compiled
To display a table showing Turbo Access Control Lists (ACLs), use the show access-list compiled EXEC command.
show access-list compiled
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Command History
12.0(6)S
This command was introduced.
12.1(1)E
This command was introduced for Cisco 7200 series routers.
12.1(5)T
This command was integrated into Cisco IOS
Release 12.1(5)T.
Usage Guidelines
This command is used to display the status and condition of the Turbo ACL tables associated with each access list. The memory usage is displayed for each table; large and complex access lists may require substantial amounts of memory. If the memory usage is greater than the memory available, you can disable the Turbo ACL feature so that memory exhaustion does not occur, but the acceleration of the access lists is not then enabled.
Examples
The following is a partial sample output of the show access-list compiled command:
Router# show access-list compiledCompiled ACL statistics:12 ACLs loaded, 12 compiled tablesACL State Tables Entries Config Fragment Redundant Memory1 Operational 1 2 1 0 0 1Kb2 Operational 1 3 2 0 0 1Kb3 Operational 1 4 3 0 0 1Kb4 Operational 1 3 2 0 0 1Kb5 Operational 1 5 4 0 0 1Kb9 Operational 1 3 2 0 0 1Kb20 Operational 1 9 8 0 0 1Kb21 Operational 1 5 4 0 0 1Kb101 Operational 1 15 9 7 2 1Kb102 Operational 1 13 6 6 0 1Kb120 Operational 1 2 1 0 0 1Kb199 Operational 1 4 3 0 0 1KbFirst level lookup tables:Block Use Rows Columns Memory used0 TOS/Protocol 6/16 12/16 660481 IP Source (MS) 10/16 12/16 660482 IP Source (LS) 27/32 12/16 1320963 IP Dest (MS) 3/16 12/16 660484 IP Dest (LS) 9/16 12/16 660485 TCP/UDP Src Port 1/16 12/16 660486 TCP/UDP Dest Port 3/16 12/16 660487 TCP Flags/Fragment 3/16 12/16 66048Related Commands
show interface mac
To display MAC accounting information for interfaces configured for MAC accounting, use the show interface mac EXEC command.
show interface [type number] mac
Syntax Description
Command Modes
EXEC
Command History
Usage Guidelines
The show interface mac command displays information for all interfaces configured for MAC accounting. To display information for a single interface, use the show interface type number mac command.
For incoming packets on the interface, the accounting statistics are gathered before the CAR/DCAR feature is performed on the packet. For outgoing packets on the interface, the accounting statistics are gathered after output CAR, before output DCAR or DWRED or DWFQ feature is performed on the packet. Therefore, if a you are using DCAR or DWRED on the interface and packets are dropped, the dropped packets are still counted in the show interface mac command because the calculations are done prior to the features.
The maximum number of MAC addresses that can be stored for the input address is 512 and the maximum number of MAC address that can be stored for the output address is 512. After the maximum is reached, subsequent MAC addresses are ignored.
To clear the accounting statistics, use the clear counter EXEC command. To configure an interface for IP accounting based on the MAC address, use the ip accounting mac-address interface configuration command.
Examples
The following is sample output from the show interface mac command. This feature calculates the total packet and byte counts for the interface that receives (input) or sends (output) IP packets to or from a unique MAC address. It also records a timestamp for the last packet received or sent.
Router# show interface ethernet 0/1/1 macEthernet0/1/1Input (511 free)0007.f618.4449(228): 4 packets, 456 bytes, last: 2684ms agoTotal: 4 packets, 456 bytesOutput (511 free)0007.f618.4449(228): 4 packets, 456 bytes, last: 2692ms agoTotal: 4 packets, 456 bytesRelated Commands
ip accounting mac-address
Enables IP accounting on any interface based on the source and destination MAC address.
show interface precedence
To display precedence accounting information for interfaces configured for precedence accounting, use the show interface precedence EXEC command.
show interface [type number] precedence
Syntax Description
Command Modes
EXEC
Command History
Usage Guidelines
The show interface precedence command displays information for all interfaces configured for IP precedence accounting. To display information for a single interface, use the show interface type number precedence command.
For incoming packets on the interface, the accounting statistics are gathered before input CAR/DCAR is performed on the packet. Therefore, if CAR/DCAR changes the precedence on the packet, it is counted based on the old precedence setting with the show interface precedence command.
For outgoing packets on the interface, the accounting statistics are gathered after output DCAR or DWRED or DWFQ feature is performed on the packet.
To clear the accounting statistics, use the clear counter EXEC command.
To configure an interface for IP accounting based on IP precedence, use the ip accounting precedence interface configuration command.
Examples
The following is sample output from the show interface precedence command. This feature calculates the total packet and byte counts for the interface that receives (input) or sends (output) IP packets and sorts the results based on IP precedence.
Router# show interface ethernet 0/1/1 precedenceEthernet0/1/1InputPrecedence 0: 4 packets, 456 bytesOutputPrecedence 0: 4 packets, 456 bytesRelated Commands
ip accounting precedence
Enables IP accounting on any interface based on IP precedence.
show ip access-list
To display the contents of all current IP access lists, use the show ip access-list EXEC command.
show ip access-list [access-list-number | access-list-name]
Syntax Description
access-list-number
(Optional) Number of the IP access list to display.
access-list-name
(Optional) Name of the IP access list to display.
Defaults
Displays all standard and extended IP access lists.
Command Modes
EXEC
Command History
Usage Guidelines
The show ip access-list command provides output identical to the show access-lists command, except that it is IP-specific and allows you to specify a particular access list.
Examples
The following is sample output from the show ip access-list command when all access lists are requested:
Router# show ip access-listExtended IP access list 101deny udp any any eq ntppermit tcp any anypermit udp any any eq tftppermit icmp any anypermit udp any any eq domainThe following is sample output from the show ip access-list command when the name of a specific access list is requested:
Router# show ip access-list InternetfilterExtended IP access list Internetfilterpermit tcp any 171.69.0.0 0.0.255.255 eq telnetdeny tcp any anydeny udp any 171.69.0.0 0.0.255.255 lt 1024deny ip any any logshow ip accounting
To display the active accounting or checkpointed database or to display access list violations, use the show ip accounting EXEC command.
show ip accounting [checkpoint] [output-packets | access-violations]
Syntax Description
Defaults
If neither the output-packets nor access-violations keyword is specified, the show ip accounting command displays information pertaining to packets that passed access control and were routed.
Command Modes
EXEC
Command History
10.0
This command was introduced.
10.3
The access-violations and output-packet keywords were added.
Usage Guidelines
If you do not specify any keywords, the show ip accounting command displays information about the active accounting database, and traffic coming from a remote site and transiting through a router.
To display IP access violations, you must use the access-violations keyword. If you do not specify the keyword, the command defaults to displaying the number of packets that have passed access lists and were routed.
To use this command, you must first enable IP accounting on a per-interface basis.
Examples
The following is sample output from the show ip accounting command:
Router# show ip accountingSource Destination Packets Bytes131.108.19.40 192.67.67.20 7 306131.108.13.55 192.67.67.20 67 2749131.108.2.50 192.12.33.51 17 1111131.108.2.50 130.93.2.1 5 319131.108.2.50 130.93.1.2 463 30991131.108.19.40 130.93.2.1 4 262131.108.19.40 130.93.1.2 28 2552131.108.20.2 128.18.6.100 39 2184131.108.13.55 130.93.1.2 35 3020131.108.19.40 192.12.33.51 1986 95091131.108.2.50 192.67.67.20 233 14908131.108.13.28 192.67.67.53 390 24817131.108.13.55 192.12.33.51 214669 9806659131.108.13.111 128.18.6.23 27739 1126607131.108.13.44 192.12.33.51 35412 1523980192.31.7.21 130.93.1.2 11 824131.108.13.28 192.12.33.2 21 1762131.108.2.166 192.31.7.130 797 141054131.108.3.11 192.67.67.53 4 246192.31.7.21 192.12.33.51 15696 695635192.31.7.24 192.67.67.20 21 916131.108.13.111 128.18.10.1 16 1137accounting threshold exceeded for 7 packets and 433 bytesThe following is sample output from the show ip accounting access-violations command. The output pertains to packets that failed access lists and were not routed:
Router# show ip accounting access-violationsSource Destination Packets Bytes ACL131.108.19.40 192.67.67.20 7 306 77131.108.13.55 192.67.67.20 67 2749 185131.108.2.50 192.12.33.51 17 1111 140131.108.2.50 130.93.2.1 5 319 140131.108.19.40 130.93.2.1 4 262 77Accounting data age is 41The following is sample output from the show ip accounting command. The output shows the original source and destination addresses that are separated by three routers:
Router3# show ip accountingSource Destination Packets Bytes10.225.231.154 172.16.10.2 44 2816010.76.97.34 172.16.10.2 44 2816010.10.11.1 172.16.10.2 507 32448010.10.10.1 172.16.10.2 507 31839610.100.45.1 172.16.10.2 508 32512010.98.32.5 172.16.10.2 44 28160Accounting data age is 2Table 17 describes the significant fields shown in the displays.
Related Commands
show ip casa affinities
To display statistics about affinities, use the show ip casa affinities EXEC command.
show ip casa affinities [stats] | [saddr ip-address [detail]] | [daddr ip-address [detail]] | sport source-port [detail]] | dport destination-port [detail]] | protocol protocol [detail]]
Syntax Description
Command Modes
EXEC
Command History
Examples
The following is sample output of the show ip casa affinities command:
Router# show ip casa affinitiesAffinity TableSource Address Port Dest Address Port Prot161.44.36.118 1118 172.26.56.13 19 TCP172.26.56.13 19 161.44.36.118 1118 TCPThe following is sample output of the show ip casa affinities detail command:
Router# show ip casa affinities detailAffinity TableSource Address Port Dest Address Port Prot161.44.36.118 1118 172.26.56.13 19 TCPAction Details:Interest Addr: 172.26.56.19 Interest Port: 1638Interest Packet: 0x0102 SYN FRAGInterest Tickle: 0x0005 FIN RSTDispatch (Layer 2): YES Dispatch Address: 172.26.56.33Source Address Port Dest Address Port Prot172.26.56.13 19 161.44.36.118 1118 TCPAction Details:Interest Addr: 172.26.56.19 Interest Port: 1638Interest Packet: 0x0104 RST FRAGInterest Tickle: 0x0003 FIN SYNDispatch (Layer 2): NO Dispatch Address: 0.0.0.0Table 18 describes the significant fields shown in the display.
Related Commands
forwarding-agent
Specifies the port on which the Forwarding Agent will listen for wildcard and fixed affinities.
Displays operational information about the Forwarding Agent.
show ip casa oper
To display operational information about the Forwarding Agent, use the show ip casa oper EXEC command.
show ip casa oper
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Command History
Examples
The following is sample output of the show ip casa oper command:
Router# show ip casa operCasa is ActiveCasa control address is 206.10.20.34/32Casa multicast address is 224.0.1.2Listening for wildcards on:Port:1637Current passwd:NONE Pending passwd:NONEPasswd timeout:180 sec (Default)Table 19 describes the significant fields shown in the display.
Related Commands
show ip casa stats
To display statistical information about the Forwarding Agent, use the show ip casa stats EXEC command.
show ip casa stats
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Command History
Examples
The following is sample output of the show ip casa stats command:
Router# show ip casa statsCasa is active:Wildcard Stats:Wildcards: 6 Max Wildcards: 6Wildcard Denies: 0 Wildcard Drops: 0Pkts Throughput: 441 Bytes Throughput: 39120Affinity Stats:Affinities: 2 Max Affinities: 2Cache Hits: 444 Cache Misses: 0Affinity Drops: 0Casa Stats:Int Packet: 4 Int Tickle: 0Casa Denies: 0 Drop Count: 0Table 20 describes the significant fields shown in the display.
.
Related Commands
show ip casa wildcard
To display information about wildcard blocks, use the show ip casa wildcard EXEC command.
show ip casa wildcard [detail]
Syntax Description
Command Modes
EXEC
Command History
Examples
The following is sample output of the show ip casa wildcard command:
Router# show ip casa wildcardSource Address Source Mask Port Dest Address Dest Mask Port Prot0.0.0.0 0.0.0.0 0 172.26.56.2 255.255.255.255 0 ICMP0.0.0.0 0.0.0.0 0 172.26.56.2 255.255.255.255 0 TCP0.0.0.0 0.0.0.0 0 172.26.56.13 255.255.255.255 0 ICMP0.0.0.0 0.0.0.0 0 172.26.56.13 255.255.255.255 0 TCP172.26.56.2 255.255.255.255 0 0.0.0.0 0.0.0.0 0 TCP172.26.56.13 255.255.255.255 0 0.0.0.0 0.0.0.0 0 TCPThe following is sample output of the show ip casa wildcard detail command:
router# show ip casa wildcard detailSource Address Source Mask Port Dest Address Dest Mask Port Prot0.0.0.0 0.0.0.0 0 172.26.56.2 255.255.255.255 0 ICMPService Manager Details:Manager Addr: 172.26.56.19 Insert Time: 08:21:27 UTC 04/18/96Affinity Statistics:Affinity Count: 0 Interest Packet Timeouts: 0Packet Statistics:Packets: 0 Bytes: 0Action Details:Interest Addr: 172.26.56.19 Interest Port: 1638Interest Packet: 0x8000 ALLPKTSInterest Tickle: 0x0107 FIN SYN RST FRAGDispatch (Layer 2): NO Dispatch Address: 0.0.0.0Advertise Dest Address: YES Match Fragments: NOSource Address Source Mask Port Dest Address Dest Mask Port Prot0.0.0.0 0.0.0.0 0 172.26.56.2 255.255.255.255 0 TCPService Manager Details:Manager Addr: 172.26.56.19 Insert Time: 08:21:27 UTC 04/18/96Affinity Statistics:Affinity Count: 0 Interest Packet Timeouts: 0Packet Statistics:Packets: 0 Bytes: 0Action Details:Interest Addr: 172.26.56.19 Interest Port: 1638Interest Packet: 0x8102 SYN FRAG ALLPKTSInterest Tickle: 0x0005 FIN RSTDispatch (Layer 2): NO Dispatch Address: 0.0.0.0Advertise Dest Address: YES Match Fragments: NO
Note
Table 21 describes significant fields shown in the display.
Related Commands
show ip drp
To display information about the Director Response Protocol (DRP) Server Agent for DistributedDirector, use the show ip drp EXEC command.
show ip drp
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Command History
Examples
The following is sample output from the show ip drp command:
Router# show ip drpDirector Responder Protocol Agent is enabled717 director requests, 712 successful lookups, 5 failures, 0 no routeAuthentication is enabled, using "test" key-chainTable 22 describes the significant fields shown in the display.
Related Commands
show ip redirects
To display the address of a default gateway (router) and the address of hosts for which an Internet Control Message Protocol (ICMP) redirect message has been received, use the show ip redirects EXEC command.
show ip redirects
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Command History
Usage Guidelines
This command displays the default router (gateway) as configured by the ip default-gateway command.
The ip mtu command enables the router to send ICMP redirect messages.
Examples
The following is sample output from the show ip redirects command:
Router# show ip redirectsDefault gateway is 160.89.80.29Host Gateway Last Use Total Uses Interface131.108.1.111 160.89.80.240 0:00 9 Ethernet0128.95.1.4 160.89.80.240 0:00 4 Ethernet0Router#Related Commands
show ip sockets
To display IP socket information, use the show ip sockets command in privileged EXEC mode or user EXEC mode.
show ip sockets
Syntax Description
This command has no keywords or arguments.
Defaults
No default behavior or values.
Command Modes
Privileged EXEC
User EXECCommand History
Usage Guidelines
Use this command to verify that the socket being used is opening correctly. If there is a local and remote endpoint, a connection is established with the ports indicated.
Examples
The following is sample output from the show ip sockets command:
Router# show ip socketsProto Remote Port Local Port In Out Stat TTY OutputIF17 0.0.0.0 0 171.68.186.193 67 0 0 1 017 171.68.191.135 514 171.68.191.129 1811 0 0 0 017 172.16.135.20 514 171.68.191.1 4125 0 0 0 017 171.68.207.163 49 171.68.186.193 49 0 0 9 017 0.0.0.0 123 171.68.186.193 123 0 0 1 088 0.0.0.0 0 171.68.186.193 202 0 0 0 017 172.16.96.59 32856 171.68.191.1 161 0 0 1 017 --listen-- --any-- 496 0 0 1 0Table 23 describes the significant fields shown in the display.
show ip tcp header-compression
To display statistics about TCP header compression, use the show ip tcp header-compression EXEC command.
show ip tcp header-compression
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Command History
Examples
The following is sample output from the show ip tcp header-compression command:
Router# show ip tcp header-compressionTCP/IP header compression statistics:Interface Serial1: (passive, compressing)Rcvd: 4060 total, 2891 compressed, 0 errors0 dropped, 1 buffer copies, 0 buffer failuresSent: 4284 total, 3224 compressed,105295 bytes saved, 661973 bytes sent1.15 efficiency improvement factorConnect: 16 slots, 1543 long searches, 2 misses, 99% hit ratioFive minute miss rate 0 misses/sec, 0 max misses/secTable 24 describes significant fields shown in the display.
Related Commands
show ip traffic
To display statistics about IP traffic, use the show ip traffic command in user EXEC or privileged EXEC mode.
show ip traffic
Syntax Description
This command has no arguments or keywords.
Command Modes
User EXEC
Privileged EXECCommand History
Examples
The following is sample output from the show ip traffic command:
Router# show ip trafficIP statistics:Rcvd: 2961 total, 2952 local destination0 format errors, 0 checksum errors, 0 bad hop count0 unknown protocol, 9 not a gateway0 security failures, 0 bad options, 0 with optionsOpts: 0 end, 0 nop, 0 basic security, 0 loose source route0 timestamp, 0 extended security, 0 record route0 stream ID, 0 strict source route, 0 alert, 0 cipso, 0 ump0 otherFrags: 0 reassembled, 0 timeouts, 0 couldn't reassemble0 fragmented, 0 fragments, 0 couldn't fragmentBcast: 9 received, 36 sentMcast: 2294 received, 2293 sentSent: 2935 generated, 0 forwardedDrop: 1 encapsulation failed, 0 unresolved, 0 no adjacency0 no route, 0 unicast RPF, 0 forced drop0 options deniedDrop: 0 packets with source IP address zeroDrop: 0 packets with internal loop back IP addressICMP statistics:Rcvd: 0 format errors, 0 checksum errors, 0 redirects, 0 unreachable0 echo, 0 echo reply, 0 mask requests, 0 mask replies, 0 quench0 parameter, 0 timestamp, 0 info request, 0 other0 irdp solicitations, 0 irdp advertisementsSent: 0 redirects, 0 unreachable, 0 echo, 0 echo reply0 mask requests, 0 mask replies, 0 quench, 0 timestamp0 info reply, 0 time exceeded, 0 parameter problem0 irdp solicitations, 0 irdp advertisementsUDP statistics:Rcvd: 0 total, 0 checksum errors, 0 no portSent: 36 total, 0 forwarded broadcastsTCP statistics:Rcvd: 654 total, 0 checksum errors, 0 no portSent: 603 totalBGP statistics:Rcvd: 288 total, 8 opens, 0 notifications, 0 updates280 keepalives, 0 route-refresh, 0 unrecognizedSent: 288 total, 8 opens, 0 notifications, 0 updates280 keepalives, 0 route-refreshOSPF statistics:Rcvd: 0 total, 0 checksum errors0 hello, 0 database desc, 0 link state req0 link state updates, 0 link state acksSent: 0 total0 hello, 0 database desc, 0 link state req0 link state updates, 0 link state acksIP-EIGRP statistics:Rcvd: 2303 totalSent: 2301 totalPIMv2 statistics: Sent/ReceivedTotal: 0/0, 0 checksum errors, 0 format errorsRegisters: 0/0 (0 non-rp, 0 non-sm-group), Register Stops: 0/0, Hellos: 0/0Join/Prunes: 0/0, Asserts: 0/0, grafts: 0/0Bootstraps: 0/0, Candidate_RP_Advertisements: 0/0Queue drops: 0State-Refresh: 0/0IGMP statistics: Sent/ReceivedTotal: 0/0, Format errors: 0/0, Checksum errors: 0/0Host Queries: 0/0, Host Reports: 0/0, Host Leaves: 0/0DVMRP: 0/0, PIM: 0/0Queue drops: 0ARP statistics:Rcvd: 2 requests, 5 replies, 0 reverse, 0 otherSent: 1 requests, 3 replies (0 proxy), 0 reverseTable 25 describes the significant fields shown in the display.
show standby
To display Hot Standby Router Protocol (HSRP) information, use the show standby command in user EXEC or privileged EXEC mode.
show standby [type number [group]] [all | brief]
Syntax Description
Command Modes
User EXEC
Privileged EXECCommand History
10.0
This command was introduced.
12.2(8)T
The output for the command was made clearer and easier to understand.
Usage Guidelines
To specify a group, you must specify an interface type and number.
Examples
The following is sample output from the show standby command:
Router# show standbyEthernet0/1 - Group 1State is Active2 state changes, last state change 00:30:59Virtual IP address is 10.1.0.20Secondary virtual IP address 10.1.0.21Active virtual MAC address is 0004.4d82.7981Local virtual MAC address is 0004.4d82.7981 (bia)Hello time 4 sec, hold time 12 secNext hello sent in 1.412 secsPreemption enabled, min delay 50 sec, sync delay 40 secActive router is localStandby router is 10.1.0.6, priority 75 (expires in 9.184 sec)Priority 95 (configured 120)Tracking 2 objects, 0 upDown Interface Ethernet0/2, pri 15Down Interface Ethernet0/3IP redundancy name is "HSRP1", advertisement interval is 34 secThe following is sample output from the show standby command with the brief keyword specified:
Router# show standby briefInterface Grp Prio P State Active addr Standby addr Group addrEt0 0 120 Init 10.0.0.1 unknown 10.0.0.12Table 26 describes the significant fields shown in the displays.
Related Commands
show standby capability
To display the limitation on how many virtual MAC addresses that some interfaces can listen to, use the show standby capability command in user EXEC or privileged EXEC mode.
show standby capability [type number]
Syntax Description
Command Modes
User EXEC
Privileged EXECCommand History
Usage Guidelines
HSRP allows up to 256 groups to be configured on each interface, but it is possible that the MAC address filter of the interface does not support that many entries. For example, Versatile Interface Processor (VIP) interfaces only support 32 MAC addresses in their MAC address filter. If more HSRP groups are created than there are address filter entries, then it is likely that the router will stop listening to packets sent to the MAC address of an active HSRP group.
Examples
The following is sample output from the show standby capability command:
Router# show standby capability7206VXR * indicates hardware may support HSRP|Interface Type H Potential Max GroupsFastEthernet0/0 18 DEC21140A * 256 (0x60194B00,0x60194BE8)FastEthernet1/0 18 DEC21140A * 256 (0x60194B00,0x60194BE8)Ethernet2/0 61 AmdP2 * 256 (0x601A252C,0x601A25E4)Ethernet2/1 61 AmdP2 * 256 (0x601A252C,0x601A25E4)Ethernet2/2 61 AmdP2 * 256 (0x601A252C,0x601A25E4)Ethernet2/3 61 AmdP2 * 256 (0x601A252C,0x601A25E4)Ethernet2/4 61 AmdP2 * 256 (0x601A252C,0x601A25E4)Ethernet2/5 61 AmdP2 * 256 (0x601A252C,0x601A25E4)Ethernet2/6 61 AmdP2 * 256 (0x601A252C,0x601A25E4)Ethernet2/7 61 AmdP2 * 256 (0x601A252C,0x601A25E4)ATM3/0 74 ENHANCED ATM PA * 256 LAN emulationTokenRing4/0 66 HAWKEYE * 3 HSRP TR functionaladdresses (0x6076A590)TokenRing4/1 66 HAWKEYE * 3 HSRP TR functionaladdresses (0x6076A590)TokenRing4/2 66 HAWKEYE * 3 HSRP TR functionaladdresses (0x6076A590)TokenRing4/3 66 HAWKEYE * 3 HSRP TR functionaladdresses (0x6076A590)Serial5/0 67 M4T -Serial5/1 67 M4T -Serial5/2 67 M4T -Serial5/3 67 M4T -FastEthernet6/0 18 DEC21140A * 256 (0x60194B00,0x60194BE8)VoIP-Null0 102 VoIP-Null -Table 27 describes the significant fields in the display.
show standby delay
To display Hot Standby Router Protocol (HSRP) information about delay periods, use the show standby delay command in user EXEC or privileged EXEC mode.
show standby delay [type number]
Syntax Description
Command Modes
User EXEC
Privileged EXECCommand History
Examples
The following is sample output from the show standby delay command:
Router# show standby delayInterface Minimum ReloadEthernet0/3 1 5Related Commands
show standby internal
To display internal flags and conditions, use the show standby internal command in user EXEC or privileged EXEC mode.
show standby internal [type number]
Syntax Description
Command Modes
User EXEC
Privileged EXECCommand History
Examples
This example shows a configuration example and the output from the show standby internal command for the configuration:
interface Ethernet2/0ip address 10.0.0.254 255.255.0.0standby use-biastandby version 2standby 1 ip 10.0.0.1standby 1 timers 2 6standby 1 priority 110standby 1 preemptRouter# show standby internalGlobal Confg: 0000Et2/0 If hw AmdP2, State 0x210040Et2/0 If hw Confg: 0001, USEBIAEt2/0 If hw Flags: 0000Et2/0 If sw Confg: 0040, VERSIONEt2/0 If sw Flags: 0001, USEBIAEt2/0 Grp 1 Confg: 0072, IP_PRI, PRIORITY, PREEMPT, TIMERSEt2/0 Grp 1 Flags: 0000The above output shows internal flags and hardware and software information for Ethernet interface 2/0. The output shows that HSRP group 1 is configured for priority, preemption, and the standby timers and standby-use bia commands have been configured.
Related Commands
show standby redirect
To display Internet Control Message Protocol (ICMP) redirect information on interfaces configured with the Hot Standby Router Protocol (HSRP), use the show standby redirect command in user EXEC or privileged EXEC mode.
show standby redirect [ip-address | interface-type interface-number [active | passive | timers]]
Syntax Description
Command Modes
User EXEC
Privileged EXECCommand History
Examples
The following is sample output from the show standby redirect command with no optional keywords:
Router# show standby redirectInterface Redirects Unknown Adv HolddownEthernet0/2 enabled enabled 30 180Ethernet0/3 enabled disabled 30 180Active Hits Interface Group Virtual IP Virtual MAC10.19.0.7 0 Ethernet0/2 3 10.19.0.13 0000.0c07.ac03local 0 Ethernet0/3 1 10.20.0.11 0000.0c07.ac01local 0 Ethernet0/3 2 10.20.0.12 0000.0c07.ac02Passive Hits Interface Expires in10.19.0.6 0 Ethernet0/2 151.800Table 28 describes the significant fields in the display.
The following is sample output from the show standby redirect command with a specific interface Ethernet 0/3:
Router# show standby redirect e0/3Interface Redirects Unknown Adv HolddownEthernet0/3 enabled disabled 30 180Active Hits Interface Group Virtual IP Virtual MAClocal 0 Ethernet0/3 1 10.20.0.11 0000.0c07.ac01local 0 Ethernet0/3 2 10.20.0.12 0000.0c07.ac02The following is sample output from the show standby redirect command showing all active routers on interface Ethernet 0/3:
Router# show standby redirect e0/3 activeActive Hits Interface Group Virtual IP Virtual MAClocal 0 Ethernet0/3 1 10.20.0.11 0000.0c07.ac01local 0 Ethernet0/3 2 10.20.0.12 0000.0c07.ac02The following is sample output from the show standby redirect ip-address command, where the IP address is the real IP address of the router:
Router# show standby redirect 10.19.0.7Active Hits Interface Group Virtual IP Virtual MAC10.19.0.7 0 Ethernet0/2 3 10.19.0.13 0000.0c07.ac03Related Commands
show standby
Displays the HSRP information.
standby redirect
Enables ICMP redirect messages to be sent when HSRP is configured on an interface.
show tcp statistics
To display TCP statistics, use the show tcp statistics EXEC command.
show tcp statistics
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Command History
Examples
The following is sample output from the show tcp statistics command:
Router# show tcp statisticsRcvd: 210 Total, 0 no port0 checksum error, 0 bad offset, 0 too short132 packets (26640 bytes) in sequence5 dup packets (502 bytes)0 partially dup packets (0 bytes)0 out-of-order packets (0 bytes)0 packets (0 bytes) with data after window0 packets after close0 window probe packets, 0 window update packets0 dup ack packets, 0 ack packets with unsend data69 ack packets (3044 bytes)Sent: 175 Total, 0 urgent packets16 control packets (including 1 retransmitted)69 data packets (3029 bytes)0 data packets (0 bytes) retransmitted73 ack only packets (49 delayed)0 window probe packets, 17 window update packets7 Connections initiated, 1 connections accepted, 8 connections established8 Connections closed (including 0 dropped, 0 embryonic dropped)1 Total rxmt timeout, 0 connections dropped in rxmt timeout0 Keepalive timeout, 0 keepalive probe, 0 Connections dropped in keepaliveTable 29 describes the significant fields shown in the display.
Related Commands
standby authentication
To configure an authentication string for the Hot Standby Router Protocol (HSRP), use the standby authentication interface configuration command. To delete an authentication string, use the no form of this command.
standby [group-number] authentication [mode text] string
no standby [group-number] authentication [mode text] string
Syntax Description
Defaults
The default group number is 0. The default string is cisco.
Command Modes
Interface configuration
Command History
Usage Guidelines
HSRP ignores unauthenticated HSRP messages.
The authentication string is sent unencrypted in all HSRP messages. The same authentication string must be configured on all routers and access servers on a cable to ensure interoperation. Authentication mismatch prevents a device from learning the designated Hot Standby IP address and the Hot Standby timer values from other routers configured with HSRP.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
Examples
The following example configures "company1" as the authentication string required to allow Hot Standby routers in group 1 to interoperate:
interface ethernet 0standby 1 authentication mode text company1standby delay minimum reload
To configure the delay period before the initialization of Hot Standby Router Protocol (HSRP) groups, use the standby delay minimum reload interface configuration command. To disable the delay period, use the no form of this command.
standby delay minimum min-delay reload reload-delay
no standby delay minimum min-delay reload reload-delay
Syntax Description
Defaults
The default minimum delay is 1 second.
The default reload delay is 5 seconds.
Command Modes
Interface configuration
Command History
Usage Guidelines
If the active router fails or is removed from the network, then the standby router will automatically become the new active router. If the former active router comes back online, you can control whether it takes over as the active router by using the standby preempt command.
However, in some cases, even if the standby preempt command is not configured, the former active router will resume the active role after it reloads and comes back online. Use the standby delay minimum reload command to set a delay period for HSRP group initialization. This command allows time for the packets to get through before the router resumes the active role.
We recommend that you use the standby delay minimum reload command if the standby timers command is configured in milliseconds or if HSRP is configured on a VLAN interface of a switch.
In most configurations, the default values provide sufficient time for the packets to get through and it is not necessary to configure longer delay values.
The delay will be cancelled if an HSRP packet is received on an interface.
You can view the delays with the show standby delay command.
Examples
The following example sets the minimum delay period to 30 seconds and the delay period after the first reload to 120 seconds:
interface ethernet 0ip address 10.20.0.7 255.255.0.0standby delay minimum 30 reload 120standby 3 ip 10.20.0.21standby 3 timers msec 300 msec 700standby 3 priority 100Related Commands
standby ip
To activate the Hot Standby Router Protocol (HSRP), use the standby ip interface configuration command. To disable HSRP, use the no form of this command.
standby [group-number] ip [ip-address [secondary]]
no standby [group-number] ip [ip-address]
Syntax Description
Defaults
The default group number is 0.
HSRP is disabled by default.
Command Modes
Interface configuration
Command History
10.0
This command was introduced.
10.3
The group-number argument was added.
11.1
The secondary keyword was added.
Usage Guidelines
The standby ip command activates HSRP on the configured interface. If an IP address is specified, that address is used as the designated address for the Hot Standby group. If no IP address is specified, the designated address is learned through the standby function. For HSRP to elect a designated router, at least one router on the cable must have been configured with, or have learned, the designated address. Configuring the designated address on the active router always overrides a designated address that is currently in use.
When the standby ip command is enabled on an interface, the handling of proxy ARP requests is changed (unless proxy ARP was disabled). If the Hot Standby state of the interface is active, proxy ARP requests are answered using the MAC address of the Hot Standby group. If the interface is in a different state, proxy ARP responses are suppressed.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
Examples
The following example activates HSRP for group 1 on Ethernet interface 0. The IP address used by the Hot Standby group will be learned using HSRP.
interface ethernet 0standby 1 ipIn the following example, all three virtual IP addresses appear in the ARP table using the same (single) virtual MAC address. All three virtual IP addresses are using the same HSRP group (group 0).
ip address 1.1.1.1. 255.255.255.0ip address 1.2.2.2. 255.255.255.0 secondaryip address 1.3.3.3. 255.255.255.0 secondaryip address 1.4.4.4. 255.255.255.0 secondarystandby ip 1.1.1.254standby ip 1.2.2.254 secondarystandby ip 1.3.3.254 secondarystandby mac-address
To specify a virtual MAC address for the Hot Standby Router Protocol (HSRP), use the standby mac-address interface configuration command. To revert to the standard virtual MAC address (0000.0C07.ACxy), use the no form of this command.
standby [group-number] mac-address mac-address
no standby [group-number] mac-address
Syntax Description
group-number
(Optional) Group number on the interface for which HSRP is being activated. The default is 0.
mac-address
MAC address.
Defaults
If this command is not configured, and the standby use-bia command is not configured, the standard virtual MAC address is used: 0000.0C07.ACxy, where xy is the group number in hexadecimal. This address is specified in RFC 2281, Cisco Hot Standby Router Protocol (HSRP).
Command Modes
Interface configuration
Command History
Usage Guidelines
This command cannot be used on a Token Ring interface.
HSRP is used to help end stations locate the first hop gateway for IP routing. The end stations are configured with a default gateway. However, HSRP can provide first-hop redundancy for other protocols. Some protocols, such as Advanced Peer-to-Peer Networking (APPN), use the MAC address to identify the first hop for routing purposes. In this case, it is often necessary to be able to specify the virtual MAC address; the virtual IP address is unimportant for these protocols. Use the standby mac-address command to specify the virtual MAC address.
The MAC address specified is used as the virtual MAC address when the router is active.
This command is intended for certain APPN configurations. The parallel terms are shown in Table 30.
In an APPN network, an end node is typically configured with the MAC address of the adjacent network node. Use the standby mac-address command in the routers to set the virtual MAC address to the value used in the end nodes.
Examples
If the end nodes are configured to use 4000.1000.1060 as the MAC address of the network node, the following example shows the command used to configure HSRP group 1 with the virtual MAC address:
standby 1 mac-address 4000.1000.1060Related Commands
Displays HSRP information.
Configures HSRP to use the burned-in address of the interface as its virtual MAC address.
standby mac-refresh
To change the interval at which packets are sent to refresh the MAC cache when the Hot Standby Router Protocol (HSRP) is running over FDDI, use the standby mac-refresh interface configuration command. To restore the default value, use the no form of this command.
standby mac-refresh seconds
no standby mac-refresh
Syntax Description
seconds
Number of seconds in the interval at which a packet is sent to refresh the MAC cache. The maximum value is 255 seconds. The default is 10 seconds.
Defaults
The default interval is 10 seconds.
Command Modes
Interface configuration
Command History
Usage Guidelines
This command applies to HSRP running over FDDI only. Packets are sent every 10 seconds to refresh the MAC cache on learning bridges or switches. By default, the MAC cache entries age out in 300 seconds (5 minutes).
All other routers participating in HSRP on the FDDI ring receive the refresh packets, although the packets are intended only for the learning bridge or switch. Use this command to change the interval. Set the interval to 0 if you want to prevent refresh packets (if you have FDDI but do not have a learning bridge or switch).
Examples
The following example changes the MAC refresh interval to 100 seconds. Therefore, a learning bridge would need to miss three packets before the entry ages out.
standby mac-refresh 100standby name
To configure the name of the standby group, use the standby name command in interface configuration mode. To disable the name, use the no form of this command.
standby name group-name
no standby name group-name
Syntax Description
Defaults
The Hot Standby Router Protocol (HSRP) is disabled.
Command Modes
Interface configuration
Command History
12.0(2)T
This command was introduced.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Usage Guidelines
The name specifies the HSRP group used. The HSRP group name must be unique on the router.
Examples
The following example specifies the standby name as SanJoseHA:
interface ethernet0ip address 10.0.0.1 255.0.0.0standby ip 10.0.0.10standby name SanJoseHAstandby preempt delay sync 100standby priority 110Related Commands
standby preempt
To configure Hot Standby Router Protocol (HSRP) preemption and preemption delay, use the standby preempt command in interface configuration mode. To restore the default values, use the no form of this command.
standby [group-number] preempt [delay{minimum seconds | reload seconds | sync seconds}]
no standby [group-number] preempt [delay{minimum seconds | reload seconds | sync seconds}]
Syntax Description
Defaults
The default group number is 0.
The default delay is 0 seconds; if the router wants to preempt, it will do so immediately.
By default, the router that comes up later becomes the standby.Command Modes
Interface configuration
Command History
Usage Guidelines
When this command is configured, the router is configured to preempt, which means that when the local router has a Hot Standby priority higher than the current active router, the local router should attempt to assume control as the active router. If preemption is not configured, the local router assumes control as the active router only if it receives information indicating no router is in the active state (acting as the designated router).
When a router first comes up, it does not have a complete routing table. If it is configured to preempt, it will become the active router, yet it is unable to provide adequate routing services. Solve this problem by configuring a delay before the preempting router actually preempts the currently active router.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
IP redundancy clients can prevent preemption from taking place. The standby preempt delay sync seconds command specifies a maximum number of seconds to allow IP redundancy clients to prevent preemption. When this expires, then preemption takes place regardless of the state of the IP redundancy clients.
The standby preempt delay reload seconds command allows preemption to occur only after a router reloads. This provides stabilization of the router at startup. After this initial delay at startup, the operation returns to the default behavior.
The no standby preempt delay command will disable the preemption delay but preemption will remain enabled. The no standby preempt delay minimum seconds command will disable the minimum delay but leave any synchronization delay if it was configured.
When the standby follow command is used to configure an HSRP group to become an IP redundancy client of another HSRP group, the client group takes its state from the master group it is following. Therefore, the client group does not use its timer, priority, or preemption settings. A warning is displayed if these settings are configured on a client group:
Router(config-if)# standby 1 preempt delay minimum 300% Warning: This setting has no effect while following another group.Examples
In the following example, the router will wait for 300 seconds (5 minutes) before attempting to become the active router:
interface ethernet 0standby ip 172.19.108.254standby preempt delay minimum 300standby priority
To configure Hot Standby Router Protocol (HSRP) priority, use the standby priority command in interface configuration mode. To restore the default values, use the no form of this command.
standby [group-number] priority priority
no standby [group-number] priority priority
Syntax Description
Defaults
The default group number is 0.
The default priority is 100.Command Modes
Interface configuration
Command History
Usage Guidelines
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
The assigned priority is used to help select the active and standby routers. Assuming that preemption is enabled, the router with the highest priority becomes the designated active router. In case of ties, the primary IP addresses are compared, and the higher IP address has priority.
Note that the priority of the device can change dynamically if an interface is configured with the standby track command and another interface on the router goes down.
When the standby follow command is used to configure an HSRP group to become an IP redundancy client of another HSRP group, the client group takes its state from the master group it is following. Therefore, the client group does not use its timer, priority, or preemption settings. A warning is displayed if these settings are configured on a client group:
Router(config-if)# standby 1 priority 110%Warning: This setting has no effect while following another group.Examples
In the following example, the router has a priority of 120 (higher than the default value):
interface ethernet 0standby ip 172.19.108.254standby priority 120standby preempt delay 300Related Commands
standby track
Configures an interface so that the Hot Standby priority changes based on the availability of other interfaces.
standby redirect
To enable Hot Standby Router Protocol (HSRP) filtering of Internet Control Message Protocol (ICMP) redirect messages, use the standby redirects command in interface configuration mode. To disable the HSRP filtering of ICMP redirect messages, use the no form of this command.
standby redirect [enable | disable] [timers advertisement holddown] [unknown]
no standby redirects [unknown]
Syntax Description
Defaults
HSRP filtering of ICMP redirect messages is enabled if HSRP is configured on an interface.
Command Modes
Interface configuration
Command History
12.1(3)T
This command was introduced.
12.2
The following keywords and arguments were added to the command:
•
•
Usage Guidelines
The standby redirect command can be configured globally or on a per-interface basis. When HSRP is first configured on an interface, the setting for that interface will inherit the global value. If the filtering of ICMP redirects is explicitly disabled on an interface, then the global command cannot reenable this functionality.
The no standby redirect command is the same as the standby redirect disable command. However, it is not desirable to save the no form of this command to NVRAM. Because the command is enabled by default, it is preferable to use the standby redirect disable command to disable the functionality.
With the standby redirect command enabled, the real IP address of a router can be replaced with a virtual IP address in the next hop address or gateway field of the redirect packet. HSRP looks up the next hop IP address in its table of real IP addresses versus virtual IP addresses. If HSRP does not find a match, the HSRP router allows the redirect packet to go out unchanged. The host HSRP router is redirected to a router that is unknown, that is, a router with no active HSRP groups. You can specify the no standby redirect unknown command to stop these redirects from being sent.
Examples
The following example allows HSRP to filter ICMP redirect messages on interface Ethernet 0:
Router(config)# interface ethernet 0Router(config-if)# ip address 10.0.0.1 255.0.0.0Router(config-if)# standby redirectRouter(config-if)# standby 1 ip 10.0.0.11The following example shows how to change the HSRP router advertisement interval to 90 seconds and the holddown timer to 270 seconds on interface Ethernet 0:
Router(config)# interface ethernet 0Router(config-if)# ip address 10.0.0.1 255.0.0.0Router(config-if)# standby redirect timers 90 270Router(config-if)# standby 1 ip 10.0.0.11Related Commands
Displays the HSRP information.
Displays ICMP redirect information on interfaces configured with the HSRP.
standby timers
To configure the time between hello packets and the time before other routers declare the active Hot Standby or standby router to be down, use the standby timers command in interface configuration mode. To restore the timers to their default values, use the no form of this command.
standby [group-number] timers [msec] hellotime [msec] holdtime
no standby [group-number] timers [msec] hellotime [msec] holdtime
Syntax Description
Defaults
The default group number is 0.
The default hello interval is 3 seconds.
The default hold time is 10 seconds.Command Modes
Interface configuration
Command History
Usage Guidelines
The standby timers command configures the time between standby hello packets and the time before other routers declare the active or standby router to be down. Routers or access servers on which timer values are not configured can learn timer values from the active or standby router. The timers configured on the active router always override any other timer settings. All routers in a Hot Standby group should use the same timer values. Normally, holdtime is greater than or equal to 3 times the value of hellotime. The range of values for holdtime force the holdtime to be greater than the hellotime. If the timer values are specified in milliseconds, the holdtime is required to be at least three times the hellotime value and not less than 50 milliseconds.
Some HSRP state flapping can occasionally occur if the holdtime is set to less than 250 milliseconds, and the processor is busy. It is recommended that holdtime values less than 250 milliseconds be used on Cisco 7200 platforms or better, and on Fast-Ethernet or FDDI interfaces or better. Setting the process-max-time command to a suitable value may also help with flapping.
The value of the standby timer will not be learned through HSRP hellos if it is less than 1 second.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
When the standby follow command is used to configure an HSRP group to become an IP redundancy client of another HSRP group, the client group takes its state from the master group it is following. Therefore, the client group does not use its timer, priority, or preemption settings. A warning is displayed if these settings are configured on a client group:
Router(config-if)# standby 1 timers 5 15% Warning: This setting has no effect while following another group.Examples
The following example sets, for group number 1 on Ethernet interface 0, the time between hello packets to 5 seconds, and the time after which a router is considered to be down to 15 seconds:
interface ethernet 0standby 1 ipstandby 1 timers 5 15The following example sets, for the Hot Router interface located at 172.19.10.1 on Ethernet interface 0, the time between hello packets to 300 milliseconds, and the time after which a router is considered to be down to 900 milliseconds:
interface ethernet 0standby ip 172.19.10.1standby timers msec 300 msec 900The following example sets, for the Hot Router interface located at 172.18.10.1 on Ethernet interface 0, the time between hello packets to 15 milliseconds, and the time after which a router is considered to be down to 50 milliseconds. Note that the holdtime is larger than three times the hellotime because the minimum holdtime value in milliseconds is 50.
interface ethernet 0standby ip 172.18.10.1standby timers msec 15 msec 50standby track
To configure an interface so that the Hot Standby priority changes based on the availability of other interfaces, use the standby track interface configuration command. To remove the tracking, use the no form of this command.
standby [group-number] track interface-type interface-number [interface-priority]
no standby [group-number] track interface-type interface-number [interface-priority]
Syntax Description
Defaults
The default group number is 0.
The default interface priority is 10.
Command Modes
Interface configuration
Command History
Usage Guidelines
This command ties the Hot Standby priority of the router to the availability of its interfaces. It is useful for tracking interfaces that are not configured for the Hot Standby Router Protocol (HSRP).
When a tracked interface goes down, the Hot Standby priority decreases by 10. If an interface is not tracked, its state changes do not affect the Hot Standby priority. For each interface configured for Hot Standby, you can configure a separate list of interfaces to be tracked.
The optional interface-priority argument specifies by how much to decrement the Hot Standby priority when a tracked interface goes down. When the tracked interface comes back up, the priority is incremented by the same amount.
When multiple tracked interfaces are down, the decrements are cumulative whether configured with interface-priority values or not.
A tracked interface is considered down if the IP address is disabled on that interface.
If HSRP is configured to track an interface, and that interface is physically removed as in the case of an online insertion and removal (OIR) operation, then HSRP will regard the interface as always down. Further, it will not be possible to remove the HSRP interface tracking configuration. To prevent this problem, use the no standby track interface-type interface-number command before you physically remove the interface.
Use the no standby group-number track command to delete all tracking configuration for a group.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
Examples
In the following example, Ethernet interface 1 tracks Ethernet interface 0 and serial interface 0. If one or both of these two interfaces go down, the Hot Standby priority of the router decreases by 10. Because the default Hot Standby priority is 100, the priority becomes 90 when one or both of the tracked interfaces go down.
interface ethernet 1ip address 198.92.72.37 255.255.255.240no ip redirectsstandby track ethernet 0standby track serial 0standby preemptstandby ip 198.92.72.46Related Commands
Displays HSRP information.
Configures HSRP preemption and preemption delay.
Configures Hot Standby priority of potential standby routers.
standby use-bia
To configure the Hot Standby Router Protocol (HSRP) to use the burned-in address of the interface as its virtual MAC address, instead of the preassigned MAC address (on Ethernet and FDDI) or the functional address (on Token Ring), use the standby use-bia interface configuration command. To restore the default virtual MAC address, use the no form of this command.
standby use-bia [scope interface]
no standby use-bia
Syntax Description
scope interface
(Optional) Specifies that this command is configured just for the subinterface on which it was entered, instead of the major interface.
Defaults
HSRP uses the preassigned MAC address on Ethernet and FDDI, or the functional address on Token Ring.
Command Modes
Interface configuration
Command History
11.2
This command was introduced.
12.1
The behavior was modified to allow multiple standby groups to be configured for an interface configured with this command
Usage Guidelines
For an interface with this command configured, multiple standby group can be configured. Hosts on the interface must have a default gateway configured. We recommend that you set the no ip proxy-arp command on the interface. It is desirable to configure the standby use-bia command on a Token Ring interface if there are devices that reject ARP replies with source hardware addresses set to a functional address.
When HSRP runs on a multiple-ring, source-routed bridging environment and the HRSP routers reside on different rings, configuring the standby use-bia command can prevent confusion about the routing information field (RFI).
Without the scope interface keywords, the standby use-bia command applies to all subinterfaces on the major interface. The standby use-bia command may not be configured both with and without the scope interface keywords at the same time.
Examples
In the following example, the burned-in address of Token Ring interface 4/0 will be the virtual MAC address mapped to the virtual IP address:
interface token4/0standby use-biastart-forwarding-agent
To start the Forwarding Agent, use the start-forwarding-agent CASA-port configuration command.
start-forwarding-agent port-number [password [timeout]]
Syntax Description
Defaults
The default initial number of affinities is 5000.
The default maximum number of affinities is 30,000.
Command Modes
CASA-port configuration
Command History
Usage Guidelines
The Forwarding Agent must be started before you can configure any port information for the forwarding agent.
Examples
The following example specifies that the forwarding agent will listen for wildcard and fixed affinities on port 1637:
start-forwarding-agent 1637Related Commands
forwarding-agent
Specifies the port on which the Forwarding Agent will listen for wildcard and fixed affinities.
transmit-interface
To assign a transmit interface to a receive-only interface, use the transmit-interface interface configuration command. To return to normal duplex Ethernet interfaces, use the no form of this command.
transmit-interface type number
no transmit-interface
Syntax Description
type
Transmit interface type to be linked with the (current) receive-only interface.
number
Transmit interface number to be linked with the (current) receive-only interface.
Defaults
Disabled
Command Modes
Interface configuration
Command History
Usage Guidelines
Receive-only interfaces are used commonly with microwave Ethernet links.
Examples
The following example specifies Ethernet interface 0 as a simplex Ethernet interface:
interface ethernet 1ip address 128.9.1.2transmit-interface ethernet 0
