Transcription
Cisco IOS IP Command Reference,Volume 1 of 4: Addressing and ServicesRelease 12.3 TCorporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000800 553-NETS (6387)Fax: 408 526-4100Text Part Number: OL-4707-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALLSTATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUTWARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THATSHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSEOR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s publicdomain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITHALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUTLIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OFDEALING, USAGE, OR TRADE PRACTICE.IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCOOR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.CCSP, the Cisco Square Bridge logo, Cisco Unity, Follow Me Browsing, FormShare, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work,Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco,the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation,Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ NetReadiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing,ProConnect, RateMUX, Registrar, ScriptShare, SlideCast, SMARTnet, StrataView Plus, SwitchProbe, TeleRouter, The Fastest Way to Increase Your Internet Quotient,TransPath, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationshipbetween Cisco and any other company. (0406R)Cisco IOS IP Command Reference, Volume 1of 4: Addressing and ServicesCopyright 2003-2004 Cisco Systems, Inc. All rights reserved.
C O N T E N T SIntroductionIP1R-1IP Addressing and Services CommandsIP1R-11Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Servicesiii
ContentsCisco IOS IP Command Reference, Volume 1 of 4: Addressing and Servicesiv
IntroductionThis book describes the commands used to configure and monitor the following IP addressing andservices capabilities and features: IP Addressing Dynamic Host Configuration Protocol (DHCP) IP Services IP Access Lists Server Load Balancing Web Cache Communications Protocol (WCCP)For IP addressing and services tasks and examples, refer to the “IP Addressing and Services” part in theCisco IOS IP Configuration Guide, Release 12.3.IP AddressingUse the following commands to configure and monitor IP addressing: arp authorized arp (global) arp (interface) arp timeout clear arp-cache clear arp interface clear host clear ip nat translation clear ip nhrp clear ip route clear ip snat sessions clear ip snat translation distributed clear ip snat translation peer crypto ipsecCisco IOS IP Command Reference, Volume 1 of 4: Addressing and ServicesIP1R-1
IntroductionIP Addressing ip address ip broadcast-address ip cef traffic-statistics ip classless ip default-gateway ip directed-broadcast ip dns spoofing ip domain list ip domain lookup ip domain name ip domain retry ip domain timeout ip domain round-robin ip forward-protocol ip forward-protocol spanning-tree ip forward-protocol turbo-flood ip helper address ip host ip irdp ip name-server ip nat ip nat inside destination ip nat inside source ip nat outside source ip nat pool ip nat service ip nat stateful id ip nat translation max-entries ip nat translation (timeout) ip netmask-format ip nhrp authentication ip nhrp holdtime ip nhrp interest ip nhrp map ip nhrp map multicast ip nhrp map multicast dynamic ip nhrp max-send ip nhrp network-idCisco IOS IP Command Reference, Volume 1 of 4: Addressing and ServicesIP1R-2
IntroductionDHCP ip nhrp nhs ip nhrp record ip nhrp responder ip nhrp server-only ip nhrp trigger-svc ip nhrp use ip proxy-arp ip routing ip routing ip subnet zero ip unnumbered no ip gratuitous-arps show arp show hosts show ip aliases show ip arp show ip interface show ip irdp show ip masks show ip nat statistics show ip nat translations show ip nhrp show ip nhrp traffic show ip snat term ip netmask-formatDHCPUse the following commands to configure and monitor DHCP: address range accounting (DHCP) bootfile class clear ip dhcp binding clear ip dhcp server statistics clear ip dhcp subnet clear ip route dhcp client-identifierCisco IOS IP Command Reference, Volume 1 of 4: Addressing and ServicesIP1R-3
IntroductionDHCP client-name default-router dns-server domain-name (DHCP) hardware-address host import all ip address dhcp ip address pool (DHCP) ip dhcp aaa default username ip dhcp bootp ignore ip dhcp class ip dhcp-client broadcast-flag ip dhcp-client default-router distance ip dhcp client class-id ip dhcp client client-id ip dhcp client hostname ip dhcp client lease ip dhcp client request ip dhcp conflict logging ip dhcp database ip dhcp excluded-address ip dhcp limit lease per interface ip dhcp limited-broadcast-address ip dhcp ping packets ip dhcp ping timeout ip dhcp pool ip dhcp relay forward spanning-tree ip dhcp relay information check ip dhcp relay information option ip dhcp relay information policy ip dhcp relay information trusted ip dhcp relay information trust-all ip dhcp smart-relay lease netbios-name-server netbios-node-type network (DHCP)Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and ServicesIP1R-4
IntroductionIP Access Lists next-server option origin relay agent information relay-information hex release dhcp renew dhcp service dhcp show ip dhcp binding show ip dhcp conflict show ip dhcp database show ip dhcp import show ip dhcp pool show ip dhcp server statistics show ip route dhcp subnet prefix-length update arp utilization mark high utilization mark low vrfIP Access ListsUse the following commands to configure and monitor access lists: access-class access-list (IP extended) access-list (IP standard) access-list compiled access-list remark clear access-list counters deny (IP) dynamic ip access-group ip access-list resequence ip access-list ip options permit remarkCisco IOS IP Command Reference, Volume 1 of 4: Addressing and ServicesIP1R-5
IntroductionIP Services show access-lists show access-list compiled show ip access-listIP ServicesUse the following commands to configure and monitor IP services: clear ip accounting clear ip drp clear tcp statistics clear time-range ipc delay (tracking) dynamic forwarding-agent glbp authentication glbp forwarder preempt glbp ip glbp load-balancing glbp name glbp preempt glbp priority glbp timers glbp timers redirect glbp weighting track ip access-group ip accounting ip accounting-list ip accounting-threshold ip accounting-transits ip accounting mac-address ip accounting precedence ip casa ip drp access-group ip drp authentication key-chain ip drp server ip icmp rate-limit unreachable ip icmp redirect ip information-replyCisco IOS IP Command Reference, Volume 1 of 4: Addressing and ServicesIP1R-6
IntroductionIP Services ip mask-reply ip vrf ip mtu ip redirects ip source-route ip tcp chunk-size ip tcp compression-connections ip tcp ecn ip tcp header-compression ip tcp path-mtu-discovery ip tcp queuemax ip tcp selective-ack ip tcp synwait-time ip tcp timestamp ip tcp window-size ip unreachables object (tracking) threshold metric threshold percentage threshold weight track list track resolution show access-list compiled show glbp show interface mac show interface precedence show ip access-list show ip accounting show ip casa affinities show ip casa oper show ip casa stats show ip casa wildcard show ip drp show ip redirects show ip sockets show ip tcp header-compression show ip traffic show standbyCisco IOS IP Command Reference, Volume 1 of 4: Addressing and ServicesIP1R-7
IntroductionIP Services show standby delay show tcp statistics show time-range ipc show track show vrrp show vrrp interface standby authentication standby delay minimum reload standby ip standby mac-address standby mac-refresh standby name standby preempt standby priority standby redirects standby timers standby track standby use-bia standby version start-forwarding-agent threshold metric threshold percentage threshold weight track interface track ip route track list track resolution track rtr track timer transmit-interface vrrp authentication vrrp description vrrp ip vrrp preempt vrrp priority vrrp timers advertise vrrp timers learn vrrp trackCisco IOS IP Command Reference, Volume 1 of 4: Addressing and ServicesIP1R-8
IntroductionServer Load BalancingServer Load BalancingUse the following commands to configure and monitor server load balancing: advertise agent bindid clear ip slb client delay (virtual server) faildetect idle inservice (DFP agent) inservice (real server) inservice (virtual server) interval (DFP agent) ip dfp agent ip slb dfp ip slb serverfarm ip slb vserver maxconns nat password (DFP agent) port (DFP agent) predictor real reassign retry (real server) serverfarm show ip dfp show ip slb dfp show ip slb reals show ip slb serverfarms show ip slb stats show ip slb sticky show ip slb vserversCisco IOS IP Command Reference, Volume 1 of 4: Addressing and ServicesIP1R-9
IntroductionWCCP sticky synguard virtual weightWCCPUse the following commands to configure and monitor WCCP: clear ip wccp ip wccp ip wccp enable ip wccp group-listen ip wccp redirect exclude in ip wccp redirect exclude in ip wccp redirect-list ip wccp redirect ip wccp version ip web-cache redirect’ show ip wccp show ip wccp web-cachesCisco IOS IP Command Reference, Volume 1 of 4: Addressing and ServicesIP1R-10
IP Addressing and Services CommandsCisco IOS IP Command Reference, Volume 1 of 4: Addressing and ServicesIP1R-11
IP Addressing and Services Commandsaccess-classaccess-classTo restrict incoming and outgoing connections between a particular vty (into a Cisco device) and theaddresses in an access list, use the access-class command in line configuration mode. To remove accessrestrictions, use the no form of this command.access-class access-list-number {in [vrf-also] out}no access-class access-list-number {in out}Syntax Descriptionaccess-list-numberNumber of an IP access list. This is a decimal number from 1 to 199 or from1300 to 2699.inRestricts incoming connections between a particular Cisco device and theaddresses in the access list.vrf-alsoAccepts incoming connections from interfaces that belong to a VRF.outRestricts outgoing connections between a particular Cisco device and theaddresses in the access list.DefaultsNo access lists are defined.Command ModesLine configurationCommand HistoryReleaseModification10.0This command was introduced.12.2The vrf-also keyword was added.Usage GuidelinesRemember to set identical restrictions on all the virtual terminal lines because a user can connect to anyof them.To display the access lists for a particular terminal line, use the show line EXEC command and specifythe line number.If you do not specify the vrf-also keyword, incoming Telnet connections from interfaces that are part ofa VRF are rejected.ExamplesThe following example defines an access list that permits only hosts on network 192.89.55.0 to connectto the virtual terminal ports on the router:access-list 12 permit 192.89.55.0 0.0.0.255line 1 5access-class 12 inThe following example defines an access list that denies connections to networks other than network36.0.0.0 on terminal lines 1 through 5:Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and ServicesIP1R-12
IP Addressing and Services Commandsaccess-classaccess-list 10 permit 36.0.0.0 0.255.255.255line 1 5access-class 10 outRelated CommandsCommandDescriptionshow lineDisplays the parameters of a terminal line.Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and ServicesIP1R-13
IP Addressing and Services Commandsaccess-list (IP extended)access-list (IP extended)To define an extended IP access list, use the extended version of the access-list command in globalconfiguration mode. To remove the access lists, use the no form of this command.access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny permit}protocol source source-wildcard destination destination-wildcard [precedence precedence][tos tos] [log log-input] [time-range time-range-name] [fragments]no access-list access-list-numberInternet Control Message Protocol (ICMP)access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny permit}icmp source source-wildcard destination destination-wildcard [icmp-type [icmp-code] icmp-message] [precedence precedence] [tos tos] [log log-input] [time-rangetime-range-name] [fragments]Internet Group Management Protocol (IGMP)access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny permit}igmp source source-wildcard destination destination-wildcard [igmp-type][precedence precedence] [tos tos] [log log-input] [time-range time-range-name][fragments]Transmission Control Protocol (TCP)access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny permit}tcp source source-wildcard [operator [port]] destination destination-wildcard[operator [port]] [established] [precedence precedence] [tos tos] [log log-input][time-range time-range-name] [fragments]User Datagram Protocol (UDP)access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny permit}udp source source-wildcard [operator [port]] destination destination-wildcard[operator [port]] [precedence precedence] [tos tos] [log log-input] [time-rangetime-range-name] [fragments]Syntax Descriptionaccess-list-numberNumber of an access list. This is a decimal number from 100 to 199 orfrom 2000 to 2699.dynamic dynamic-name(Optional) Identifies this access list as a dynamic access list. Refer tolock-and-key access documented in the “Configuring Lock-and-KeySecurity (Dynamic Access Lists)” chapter in the Cisco IOS SecurityConfiguration Guide.timeout minutes(Optional) Specifies the absolute length of time, in minutes, that atemporary access list entry can remain in a dynamic access list. Thedefault is an infinite length of time and allows an entry to remainpermanently. Refer to lock-and-key access documented in the“Configuring Lock-and-Key Security (Dynamic Access Lists)” chapter inthe Cisco IOS Security Configuration Guide.Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and ServicesIP1R-14
IP Addressing and Services Commandsaccess-list (IP extended)denyDenies access if the conditions are matched.permitPermits access if the conditions are matched.protocolName or number of an Internet protocol. It can be one of the keywordseigrp, gre, icmp, igmp, ip, ipinip, nos, ospf, pim, tcp, or udp, or aninteger in the range from 0 to 255 representing an Internet protocolnumber. To match any Internet protocol (including ICMP, TCP, and UDP)use the ip keyword. Some protocols allow further qualifiers describedbelow.sourceNumber of the network or host from which the packet is being sent. Thereare three alternative ways to specify the source:source-wildcard Use a 32-bit quantity in four-part dotted decimal format. Use the any keyword as an abbreviation for a source andsource-wildcard of 0.0.0.0 255.255.255.255. Use host source as an abbreviation for a source and source-wildcardof source 0.0.0.0.Wildcard bits to be applied to source. Each wildcard bit 0 indicates thecorresponding bit position in the source. Each wildcard bit set to 1indicates that both a 0 bit and a 1 bit in the corresponding position of theIP address of the packet will be considered a match to this access listentry.There are three alternative ways to specify the source wildcard: Use a 32-bit quantity in four-part dotted decimal format. Place 1s inthe bit positions you want to ignore. Use the any keyword as an abbreviation for a source andsource-wildcard of 0.0.0.0 255.255.255.255. Use host source as an abbreviation for a source and source-wildcardof source 0.0.0.0.Wildcard bits set to 1 need not be contiguous in the source wildcard. Forexample, a source wildcard of 0.255.0.64 would be valid.destinationdestination-wildcardNumber of the network or host to which the packet is being sent. Thereare three alternative ways to specify the destination: Use a 32-bit quantity in four-part dotted decimal format. Use the any keyword as an abbreviation for the destination anddestination-wildcard of 0.0.0.0 255.255.255.255. Use host destination as an abbreviation for a destination anddestination-wildcard of destination 0.0.0.0.Wildcard bits to be applied to the destination. There are three alternativeways to specify the destination wildcard: Use a 32-bit quantity in four-part dotted decimal format. Place 1s inthe bit positions you want to ignore. Use the any keyword as an abbreviation for a destination anddestination-wildcard of 0.0.0.0 255.255.255.255. Use host destination as an abbreviation for a destination anddestination-wildcard of destination 0.0.0.0.Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and ServicesIP1R-15
IP Addressing and Services Commandsaccess-list (IP extended)precedence precedence(Optional) Packets can be filtered by precedence level, as specified by anumber from 0 to 7, or by name as listed in the section “UsageGuidelines.”tos tos(Optional) Packets can be filtered by type of service level, as specified bya number from 0 to 15, or by name as listed in the section “UsageGuidelines.”log(Optional) Causes an informational logging message about the packet thatmatches the entry to be sent to the console. (The level of messages loggedto the console is controlled by the logging console command.)The message includes the access list number, whether the packet waspermitted or denied; the protocol, whether it was TCP, UDP, ICMP, or anumber; and, if appropriate, the source and destination addresses andsource and destination port numbers. The message is generated for thefirst packet that matches, and then at 5-minute intervals, including thenumber of packets permitted or denied in the prior 5-minute interval.The logging facility may drop some logging message packets if there aretoo many to be handled or if there is more than one logging message to behandled in 1 second. This behavior prevents the router from crashing dueto too many logging packets. Therefore, the logging facility should not beused as a billing tool or an accurate source of the number of matches toan access list
Server Load Balancing Web Cache Communications Protocol (WCCP) For IP addressing and services tasks and examples, refer to the “IP Addressing and Services” part in the Cisco IOS IP Configuration Guide, Release 12.3. IP Addressing Use the following commands to configure a
