Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
Click the links on the left to view the individual chapters in HTML format.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses
and Services Configuration Guide, Release 4.2.x
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-26068-02THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version
of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown
for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2012 Cisco Systems, Inc. All rights reserved.C O N T E N T S
P r e f a c e Preface xiii
Changes to This Document xiii
Obtaining Documentation and Submitting a Service Request xiii
C H A P T E R 1 Implementing Access Lists and Prefix Lists 1
Prerequisites for Implementing Access Lists and Prefix Lists 2
Restrictions for Implementing Access Lists and Prefix Lists 2
Hardware Limitations 3
Information About Implementing Access Lists and Prefix Lists 3
Access Lists and Prefix Lists Feature Highlights 3
Purpose of IP Access Lists 3
How an IP Access List Works 4
IP Access List Process and Rules 4
Helpful Hints for Creating IP Access Lists 5
Source and Destination Addresses 5
Wildcard Mask and Implicit Wildcard Mask 5
Transport Layer Information 5
IP Access List Entry Sequence Numbering 6
Sequence Numbering Behavior 6
IP Access List Logging Messages 6
Extended Access Lists with Fragment Control 7
Policy Routing 9
Comments About Entries in Access Lists 9
Access Control List Counters 9
BGP Filtering Using Prefix Lists 10
How the System Filters Traffic by Prefix List 10
Information About Implementing ACL-based Forwarding 11
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 iiiACL-based Forwarding Overview 11
ABF-OT 11
IPSLA support for Object tracking 11
How to Implement Access Lists and Prefix Lists 11
Configuring Extended Access Lists 12
Applying Access Lists 15
Controlling Access to an Interface 15
Controlling Access to a Line 17
Configuring Prefix Lists 18
Configuring Standard Access Lists 21
Copying Access Lists 23
Sequencing Access-List Entries and Revising the Access List 24
Copying Prefix Lists 27
Sequencing Prefix List Entries and Revising the Prefix List 28
How to Implement ACL-based Forwarding 30
Configuring ACL-based Forwarding with Security ACL 31
Implementing IPSLA-OT 32
Enabling track mode 33
Configuring track type 34
Configuring tracking type (line protocol) 34
Configuring track type (list) 35
Configuring tracking type (route) 37
Configuring tracking type (rtr) 38
Configuring Pure ACL-Based Forwarding for IPv6 ACL 40
Configuration Examples for Implementing Access Lists and Prefix Lists 41
Resequencing Entries in an Access List: Example 41
Adding Entries with Sequence Numbers: Example 42
Adding Entries Without Sequence Numbers: Example 43
IPv6 ACL in Class Map 43
Configuring IPv6 ACL QoS - An Example 44
IPv4/IPv6 ACL over BVI interface 46
Configuring IPv4 ACL over BVI interface - An Example 47
Additional References 47
C H A P T E R 2 Configuring ARP 49
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
iv OL-26068-02
ContentsPrerequisites for Configuring ARP 49
Restrictions for Configuring ARP 50
Information About Configuring ARP 50
IP Addressing Overview 50
Address Resolution on a Single LAN 50
Address Resolution When Interconnected by a Router 51
ARP and Proxy ARP 51
ARP Cache Entries 52
Direct Attached Gateway Redundancy 52
Additional Guidelines 52
How to Configure ARP 53
Defining a Static ARP Cache Entry 53
Enabling Proxy ARP 54
Configuring DAGR 56
C H A P T E R 3 Implementing Cisco Express Forwarding 59
Prerequisites for Implementing Cisco Express Forwarding 59
Information About Implementing Cisco Express Forwarding Software 60
Key Features Supported in the Cisco Express Forwarding Implementation 60
Benefits of CEF 60
CEF Components 61
Border Gateway Protocol Policy Accounting 61
Reverse Path Forwarding (Strict and Loose) 62
BGP Attributes Download 63
How to Implement CEF 63
Verifying CEF 63
Configuring BGP Policy Accounting 64
Verifying BGP Policy Accounting 69
Configuring a Route Purge Delay 71
Configuring Unicast RPF Checking 72
Configuring Modular Services Card-to-Route Processor Management Ethernet Interface
Switching 73
Configuring BGP Attributes Download 75
Configuring BGP Attributes Download 75
Configuration Examples for Implementing CEF on Routers Software 76
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 v
ContentsConfiguring BGP Policy Accounting: Example 76
Verifying BGP Policy Statistics: Example 79
Configuring Unicast RPF Checking: Example 90
Configuring the Switching of Modular Services Card to Management Ethernet Interfaces
on the Route Processor: Example 90
Configuring BGP Attributes Download: Example 90
Additional References 90
C H A P T E R 4 Implementing the Dynamic Host Configuration Protocol 93
Prerequisites for Configuring DHCP Relay Agent 93
Information About DHCP Relay Agent 94
How to Configure and Enable DHCP Relay Agent 94
Configuring and Enabling the DHCP Relay Agent 95
Configuring a DHCP Relay Profile 96
Configuring the DHCPv6 (Stateless) Relay Agent 97
Enabling DHCP Relay Agent on an Interface 99
Disabling DHCP Relay on an Interface 100
Enabling DHCP Relay on a VRF 102
Configuring the Relay Agent Information Feature 103
Configuring Relay Agent Giaddr Policy 106
DHCPv6 Relay Agent Notification for Prefix Delegation 108
Configuring DHCPv6 Stateful Relay Agent for Prefix Delegation 108
Configuration Examples for the DHCP Relay Agent 111
DHCP Relay Profile: Example 111
DHCP Relay on an Interface: Example 111
DHCP Relay on a VRF: Example 111
Relay Agent Information Option Support: Example 111
Relay Agent Giaddr Policy: Example 112
Implementing DHCP Snooping 112
Prerequisites for Configuring DHCP Snooping 112
Information about DHCP Snooping 112
Trusted and Untrusted Ports 113
DHCP Snooping in a Bridge Domain 113
Assigning Profiles to a Bridge Domain 113
Relay Information Options 114
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
vi OL-26068-02
ContentsHow to Configure DHCP Snooping 114
Enabling DHCP Snooping in a Bridge Domain 114
Disabling DHCP Snooping on a Specific Bridge Port 117
Using the Relay Information Option 120
Configuration Examples for DHCP Snooping 122
Assigning a DHCP Profile to a Bridge Domain: Example 122
Disabling DHCP Snooping on a Specific Bridge Port: Example 122
Configuring a DHCP Profile for Trusted Bridge Ports: Example 122
Configuring an Untrusted Profile on a Bridge Domain: Example 122
Configuring a Trusted Bridge Port: Example 122
Additional References 123
C H A P T E R 5 Implementing Host Services and Applications 125
Prerequisites for Implementing Host Services and Applications 125
Information About Implementing Host Services and Applications 126
Network Connectivity Tools 126
Ping 126
Traceroute 126
Domain Services 127
TFTP Server 127
File Transfer Services 127
RCP 128
FTP 128
TFTP 128
Cisco inetd 128
Telnet 128
How to Implement Host Services and Applications 128
Checking Network Connectivity 129
Checking Network Connectivity for Multiple Destinations 129
Checking Packet Routes 130
Configuring Domain Services 131
Configuring a Router as a TFTP Server 132
Configuring a Router to Use rcp Connections 134
Configuring a Router to Use FTP Connections 136
Configuring a Router to Use TFTP Connections 138
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 vii
ContentsConfiguring Telnet Services 140
Configuration Examples for Implementing Host Services and Applications 141
Checking Network Connectivity: Example 141
Configuring Domain Services: Example 143
Configuring a Router to Use rcp, FTP, or TFTP Connections: Example 143
Additional References 144
C H A P T E R 6 Implementing HSRP 147
Prerequisites for Implementing HSRP 148
Restrictions for Implementing HSRP 148
Information About Implementing HSRP 148
HSRP Overview 148
HSRP Groups 148
HSRP and ARP 150
Preemption 151
ICMP Redirect Messages 151
How to Implement HSRP 151
Enabling HSRP 151
Configuring HSRP Group Attributes 153
Configuring the HSRP Activation Delay 157
Enabling HSRP Support for ICMP Redirect Messages 159
Multiple Group Optimization (MGO) for HSRP 161
Customizing HSRP 161
Configuring a Primary Virtual IPv4 Address 164
Configuring a Secondary Virtual IPv4 Address 166
Configuring a slave follow 168
Configuring a slave primary virtual IPv4 address 170
Configuring a slave secondary virtual IPv4 address 171
Configuring a slave virtual mac address 173
Configuring an HSRP Session Name 175
BFD for HSRP 177
Advantages of BFD 177
BFD Process 178
Configuring BFD 178
Enabling BFD 178
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
viii OL-26068-02
ContentsModifying BFD timers (minimum interval) 180
Modifying BFD timers (multiplier) 181
Enhanced Object Tracking for HSRP and IP Static 183
Configuring object tracking for HSRP 183
Hot Restartability for HSRP 185
Configuration Examples for HSRP Implementation on Software 185
Configuring an HSRP Group: Example 185
Configuring a Router for Multiple HSRP Groups: Example 185
Additional References 186
C H A P T E R 7 Implementing LPTS 189
Prerequisites for Implementing LPTS 189
Information About Implementing LPTS 189
LPTS Overview 190
LPTS Policers 190
How to Implement LPTS 190
Configuring LPTS Policers 190
Configuration Examples for Implementing LPTS Policers 192
Configuring LPTS Policers: Example 192
Additional References 196
C H A P T E R 8 Implementing Network Stack IPv4 and IPv6 199
Prerequisites for Implementing Network Stack IPv4 and IPv6 200
Restrictions for Implementing Network Stack IPv4 and IPv6 200
Information About Implementing Network Stack IPv4 and IPv6 200
Network Stack IPv4 and IPv6 Exceptions 200
IPv4 and IPv6 Functionality 200
IPv6 for Cisco IOS XR Software 201
Larger IPv6 Address Space 201
IPv6 Address Formats 201
IPv6 Address Type: Unicast 202
Aggregatable Global Address 203
Link-Local Address 204
IPv4-Compatible IPv6 Address 205
Simplified IPv6 Packet Header 205
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 ix
ContentsPath MTU Discovery for IPv6 210
IPv6 Neighbor Discovery 210
IPv6 Neighbor Solicitation Message 210
IPv6 Router Advertisement Message 212
IPv6 Neighbor Redirect Message 214
ICMP for IPv6 215
Address Repository Manager 215
Address Conflict Resolution 215
Conflict Database 215
Multiple IP Addresses 216
Recursive Resolution of Conflict Sets 216
Route-Tag Support for Connected Routes 216
How to Implement Network Stack IPv4 and IPv6 218
Assigning IPv4 Addresses to Network Interfaces 218
IPv4 Addresses 218
IPv4 Virtual Addresses 220
Configuring IPv6 Addressing 221
Assigning Multiple IP Addresses to Network Interfaces 221
Secondary IPv4 Addresses 221
Configuring IPv4 and IPv6 Protocol Stacks 223
Enabling IPv4 Processing on an Unnumbered Interface 225
IPv4 Processing on an Unnumbered Interface 225
Configuring ICMP Rate Limiting 226
IPv4 ICMP Rate Limiting 226
IPv6 ICMP Rate Limiting 227
Configuring IPARM Conflict Resolution 229
Static Policy Resolution 229
Longest Prefix Address Conflict Resolution 230
Highest IP Address Conflict Resolution 231
Generic Routing Encapsulation 232
IPv4/IPv6 Forwarding over GRE Tunnels 233
IPv6 forwarding over GRE tunnels 233
Configuration Examples for Implementing Network Stack IPv4 and IPv6 234
Creating a Network from Separated Subnets: Example 234
Assigning an Unnumbered Interface: Example 235
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
x OL-26068-02
ContentsConfiguring Helper Addresses: Example 235
Configuring VRF mode big 235
Additional References 237
C H A P T E R 9 Configuring Transports 239
Prerequisites for Configuring NSR, TCP, UDP Transports 239
Information About Configuring NSR, TCP, UDP Transports 240
NSR Overview 240
TCP Overview 240
UDP Overview 240
How to Configure Failover as a Recovery Action for NSR 241
Configuring Failover as a Recovery Action for NSR 241
Additional References 242
C H A P T E R 1 0 Implementing VRRP 245
Prerequisites for Implementing VRRP on Cisco IOS XR Software 246
Restrictions for Implementing VRRP on Cisco IOS XR Software 246
Information About Implementing VRRP 246
VRRP Overview 246
Multiple Virtual Router Support 247
VRRP Router Priority 247
VRRP Advertisements 248
Benefits of VRRP 248
How to Implement VRRP on Cisco IOS XR Software 249
Customizing VRRP 249
Enabling VRRP 253
Verifying VRRP 255
Clearing VRRP Statistics 255
Configuring accept-mode 256
Configuring a Global Virtual IPv6 Address 258
Configuring a Primary Virtual IPv4 Address 260
Configuring a Secondary Virtual IPv4 Address 262
Configuring a Virtual Link-Local IPv6 Address 264
Disabling State Change Logging 266
BFD for VRRP 267
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 xi
ContentsAdvantages of BFD 267
BFD Process 268
Configuring BFD 268
Enabling Bidirectional Forward Detection 268
Modifying BFD timers (minimum interval) 270
Modifying BFD timers (multiplier) 271
MIB support for VRRP 273
Configuring SNMP server notifications for VRRP events 274
Hot Restartability for VRRP 275
Configuration Examples for VRRP Implementation on Cisco IOS XR Software 275
Configuring a VRRP Group: Example 275
Clearing VRRP Statistics: Example 276
Additional References 277
C H A P T E R 1 1 Implementing Video Monitoring 281
Prerequisites for Implementing Video Monitoring 281
Information About Implementing Video Monitoring 281
Introduction to Video Monitoring 281
Key Features Supported on Video Monitoring 282
Video Monitoring Terminology 285
Implementing Video Monitoring 286
Creating IPv4 Access Lists 286
Configuring class-map 288
Configuring policy-map 290
Configuring policy-map with metric parameters 290
Media bit-rate 292
Configuring policy-map with flow parameters 294
Configuring policy-map with react parameters 296
Configuring service policy on an interface 299
Configuring Trap and Clone on an interface 301
Configuration Examples for Implementing Video Monitoring 303
Additional References 308
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
xii OL-26068-02
ContentsPreface
The Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration
Guidepreface contains these sections:
Changes to This Document, page xiii
Obtaining Documentation and Submitting a Service Request, page xiii
Changes to This Document
This table lists the technical changes made to this document since it was first printed.
Table 1: Changes to This Document
Revision Date Change Summary
Republished with documentation
updates for Cisco IOS XR Release
4.2.1.
OL-26068-02 June 2012
OL-26068-01 December 2011 Initial release of this document.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation,submitting a service request, and gathering additional information,
see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco
technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS version 2.0.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 xiii Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
xiv OL-26068-02
Preface
Obtaining Documentation and Submitting a Service RequestC H A P T E R 1
Implementing Access Lists and Prefix Lists
An access control list (ACL) consists of one or more access control entries (ACE) that collectively define
the network traffic profile. This profile can then be referenced by Cisco IOS XR softwarefeatures such as
traffic filtering, route filtering, QoS classification, and access control. Each ACL includes an action element
(permit or deny) and a filter element based on criteria such as source address, destination address, protocol,
and protocol-specific parameters.
Prefix lists are used in route maps and route filtering operations and can be used as an alternative to access
listsin many Border Gateway Protocol (BGP) route filtering commands. A prefix is a portion of an IP address,
starting from the far left bit of the far left octet. By specifying exactly how many bits of an address belong
to a prefix, you can then use prefixes to aggregate addresses and perform some function on them, such as
redistribution (filter routing updates).
This module describes the new and revised tasks required to implement access lists and prefix lists on the
Cisco ASR 9000 Series Router
For a complete description of the access list and prefix list commands listed in this module, refer to the
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command ReferenceTo
locate documentation of other commands that appear in this chapter, use the command reference master
index, or search online.
Note
Feature History for Implementing Access Lists and Prefix Lists
Release Modification
Release 3.7.2 This feature was introduced.
Release 4.2.1 IPv6 ACL over BVI interface feature was added.
Release 4.2.1 ACL in Class map feature was added.
Prerequisites for Implementing Access Lists and Prefix Lists , page 2
Restrictions for Implementing Access Lists and Prefix Lists, page 2
Hardware Limitations, page 3
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 1 Information About Implementing Access Lists and Prefix Lists , page 3
Information About Implementing ACL-based Forwarding, page 11
How to Implement Access Lists and Prefix Lists , page 11
How to Implement ACL-based Forwarding, page 30
Configuring Pure ACL-Based Forwarding for IPv6 ACL, page 40
Configuration Examples for Implementing Access Lists and Prefix Lists , page 41
IPv6 ACL in Class Map, page 43
IPv4/IPv6 ACL over BVI interface, page 46
Additional References, page 47
Prerequisites for Implementing Access Lists and Prefix Lists
The following prerequisite applies to implementing access lists and prefix lists:
All command task IDs are listed in individual command references and in the Cisco IOS XR Task ID Reference
Guide.If you need assistance with your task group assignment, contact your system administrator.
Restrictions for Implementing Access Lists and Prefix Lists
The following restrictions apply to implementing access lists and prefix lists:
IPv4 ACLs are not supported for loopback and interflex interfaces.
IPv6 ACLs are not supported for loopback, interflex and L2 Ethernet Flow Point (EFP) main or
subinterfaces.
The following restrictions apply to implementing ACL-based forwarding (ABF):
The following nexthop configurations are not supported: attaching ACL having a nexthop option in the
egress direction, modifying an ACL attached in the egress direction having nexthop, deny ACE with
nexthop.
The A9K-SIP-700 LC and ASR 9000 Enhanced Ethernet LC support ABFv4 and ABFv6 in Release
4.2.0. ASR 9000 Ethernet LC does not support ABFv6 in Release 4.2.0, it only supports ABFv4.
There is one exception to this. In case of IP to TAG, the label is imposed by the ingress LC (based on
ABF nexthop), and the packet crossesthe fabric as a tag packet. These packets are handled by A9K-SIP-700
without any issue.
Note
Packets punted in the ingress direction from the NPU to the LC CPU are not subjected to ABF treatment
due to lack of ABF support in the slow path.
IP packet(s) needing fragmentation are not subjected to ABF. The packet is forwarded in the traditional
way. Fragmented packets received are handled by ABF.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
2 OL-26068-02
Implementing Access Lists and Prefix Lists
Prerequisites for Implementing Access Lists and Prefix ListsHardware Limitations
Support for ABF is only for IPv4 and Ethernet line cards. IPv6 and other interfaces are not supported.
ABF is an ingress line card feature and the egress line card must be ABF aware.
Information About Implementing Access Lists and Prefix Lists
To implement access lists and prefix lists, you must understand the following concepts:
Access Lists and Prefix Lists Feature Highlights
This section lists the feature highlights for access lists and prefix lists.
Cisco IOS XR software provides the ability to clear counters for an access list or prefix list using a
specific sequence number.
Cisco IOS XR software provides the ability to copy the contents of an existing access list or prefix list
to another access list or prefix list.
Cisco IOS XR software allows users to apply sequence numbers to permit or deny statements and to
resequence, add, or remove such statements from a named access list or prefix list.
Note Resequencing is only for IPv4 prefix lists.
Cisco IOS XR software does not differentiate between standard and extended access lists. Standard
access list support is provided for backward compatibility.
Purpose of IP Access Lists
Access lists perform packet filtering to control which packets move through the network and where. Such
controls help to limit network traffic and restrict the access of users and devices to the network. Access lists
have many uses, and therefore many commands accept a reference to an access list in their command syntax.
Access lists can be used to do the following:
Filter incoming packets on an interface.
Filter outgoing packets on an interface.
Restrict the contents of routing updates.
Limit debug output based on an address or protocol.
Control vty access.
Identify or classify traffic for advanced features, such as congestion avoidance, congestion management,
and priority and custom queueing.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 3
Implementing Access Lists and Prefix Lists
Hardware LimitationsHow an IP Access List Works
An access list is a sequential list consisting of permit and deny statements that apply to IP addresses and
possibly upper-layer IP protocols. The access list has a name by which it is referenced. Many software
commands accept an access list as part of their syntax.
An access list can be configured and named, but it is not in effect until the access list is referenced by a
command that accepts an access list. Multiple commands can reference the same access list. An access list
can control traffic arriving at the router or leaving the router, but not traffic originating at the router.
IP Access List Process and Rules
Use the following process and rules when configuring an IP access list:
The software tests the source or destination address or the protocol of each packet being filtered against
the conditions in the access list, one condition (permit or deny statement) at a time.
If a packet does not match an access list statement, the packet is then tested against the next statement
in the list.
If a packet and an access list statement match, the remaining statements in the list are skipped and the
packet is permitted or denied asspecified in the matched statement. The first entry that the packet matches
determines whether the software permits or deniesthe packet. That is, after the first match, no subsequent
entries are considered.
If the access list denies the address or protocol, the software discards the packet and returns an Internet
Control Message Protocol (ICMP) Host Unreachable message. ICMP is configurable in the Cisco IOS XR
software.
If no conditions match, the software drops the packet because each access list ends with an unwritten
or implicit deny statement. That is, if the packet has not been permitted or denied by the time it was
tested against each statement, it is denied.
The access list should contain at least one permit statement or else all packets are denied.
Because the software stops testing conditions after the first match, the order of the conditions is critical.
The same permit or deny statements specified in a different order could result in a packet being passed
under one circumstance and denied in another circumstance.
Only one access list per interface, per protocol, per direction is allowed.
Inbound access lists process packets arriving at the router. Incoming packets are processed before being
routed to an outbound interface. An inbound access list is efficient because it saves the overhead of
routing lookups if the packet is to be discarded because it is denied by the filtering tests. If the packet
is permitted by the tests, it is then processed for routing. For inbound lists, permit means continue to
process the packet after receiving it on an inbound interface; deny means discard the packet.
Outbound access lists process packets before they leave the router. Incoming packets are routed to the
outbound interface and then processed through the outbound accesslist. For outbound lists, permit means
send it to the output buffer; deny means discard the packet.
An accesslist can not be removed if that accesslist is being applied by an access group in use. To remove
an access list, remove the access group that is referencing the access list and then remove the access list.
An access list must exist before you can use the ipv4 access group command.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
4 OL-26068-02
Implementing Access Lists and Prefix Lists
How an IP Access List WorksHelpful Hints for Creating IP Access Lists
Consider the following when creating an IP access list:
Create the access list before applying it to an interface.
Organize your access list so that more specific references in a network or subnet appear before more
general ones.
To make the purpose of individualstatements more easily understood at a glance, you can write a helpful
remark before or after any statement.
Source and Destination Addresses
Source address and destination addresses are two of the most typical fields in an IP packet on which to base
an access list. Specify source addresses to control packets from certain networking devices or hosts. Specify
destination addresses to control packets being sent to certain networking devices or hosts.
Wildcard Mask and Implicit Wildcard Mask
Address filtering uses wildcard masking to indicate whether the software checks or ignores corresponding IP
address bits when comparing the address bits in an access-list entry to a packet being submitted to the access
list. By carefully setting wildcard masks, an administrator can select a single orseveral IP addressesfor permit
or deny tests.
Wildcard masking for IP address bits uses the number 1 and the number 0 to specify how the software treats
the corresponding IP address bits. A wildcard mask is sometimes referred to as an inverted mask, because a
1 and 0 mean the opposite of what they mean in a subnet (network) mask.
A wildcard mask bit 0 means check the corresponding bit value.
A wildcard mask bit 1 means ignore that corresponding bit value.
You do not have to supply a wildcard mask with a source or destination address in an access list statement.
If you use the host keyword, the software assumes a wildcard mask of 0.0.0.0.
Unlike subnet masks, which require contiguous bitsindicating network and subnet to be ones, wildcard masks
allow noncontiguous bits in the mask. For IPv6 access lists, only contiguous bits are supported.
You can also use CIDR format (/x) in place of wildcard bits. For example, the address 1.2.3.4 0.255.255.255
corresponds to 1.2.3.4/8.
Transport Layer Information
You can filter packets on the basis of transport layer information, such as whether the packet is a TCP, UDP,
ICMP, or IGMP packet.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 5
Implementing Access Lists and Prefix Lists
How an IP Access List WorksIP Access List Entry Sequence Numbering
The ability to apply sequence numbers to IP access-list entries simplifies access list changes. Prior to this
feature, there was no way to specify the position of an entry within an access list. If a user wanted to insert
an entry (statement) in the middle of an existing list, all the entries after the desired position had to be removed,
then the new entry was added, and then all the removed entries had to be reentered. This method was
cumbersome and error prone.
The IP Access List Entry Sequence Numbering feature allows users to add sequence numbers to access-list
entries and resequence them. When you add a new entry, you choose the sequence number so that it is in a
desired position in the access list. If necessary, entries currently in the access list can be resequenced to create
room to insert the new entry.
Sequence Numbering Behavior
The following details the sequence numbering behavior:
If entries with no sequence numbers are applied, the first entry is assigned a sequence number of 10,
and successive entries are incremented by 10. The maximum sequence number is 2147483646. If the
generated sequence number exceeds this maximum number, the following message displays:
Exceeded maximum sequence number.
If you provide an entry without a sequence number, it is assigned a sequence number that is 10 greater
than the last sequence number in that access list and is placed at the end of the list.
ACL entries can be added without affecting traffic flow and hardware performance.
If a new access list is entered from global configuration mode, then sequence numbers for that access
list are generated automatically.
Distributed support is provided so that the sequence numbers of entries in the route processor (RP) and
line card (LC) are synchronized at all times.
This feature works with named standard and extended IP access lists. Because the name of an access
list can be designated as a number, numbers are acceptable.
IP Access List Logging Messages
Cisco IOS XR software can provide logging messages about packets permitted or denied by a standard IP
access list. That is, any packet that matches the access list causes an informational logging message about the
packet to be sent to the console. The level of messages logged to the console is controlled by the logging
console command in global configuration mode.
The first packet that triggers the access list causes an immediate logging message, and subsequent packets
are collected over 5-minute intervals before they are displayed or logged. The logging message includes the
access list number, whether the packet was permitted or denied, the source IP address of the packet, and the
number of packets from that source permitted or denied in the prior 5-minute interval.
However, you can use the { ipv4 | ipv6 } access-list log-update threshold command to set the number of
packets that, when they match an access list (and are permitted or denied), cause the system to generate a log
message. You might do this to receive log messages more frequently than at 5-minute intervals.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
6 OL-26068-02
Implementing Access Lists and Prefix Lists
IP Access List Entry Sequence NumberingIf you set the update-number argument to 1, a log message is sent right away, rather than caching it; every
packet that matches an access list causes a log message. A setting of 1 is not recommended because the
volume of log messages could overwhelm the system.
Caution
Even if you use the { ipv4 | ipv6} access-list log-update threshold command, the 5-minute timer remains
in effect,so each cache is emptied at the end of 5 minutes, regardless of the number of messagesin each cache.
Regardless of when the log message is sent, the cache is flushed and the count reset to 0 for that message the
same way it is when a threshold is not specified.
The logging facility might drop some logging message packets if there are too many to be handled or if
more than one logging message is handled in 1 second. This behavior prevents the router from using
excessive CPU cycles because of too many logging packets. Therefore, the logging facility should not be
used as a billing tool or as an accurate source of the number of matches to an access list.
Note
Extended Access Lists with Fragment Control
In earlier releases, the non-fragmented packets and the initial fragments of a packet were processed by IP
extended access lists (if you apply this access list), but non-initial fragments were permitted, by default.
However, now, the IP Extended Access Lists with Fragment Control feature allows more granularity of control
over non-initial fragments of a packet. Using this feature, you can specify whether the system examines
non-initial IP fragments of packets when applying an IP extended access list.
As non-initial fragments contain only Layer 3 information, these access-list entries containing only Layer 3
information, can now be applied to non-initial fragments also. The fragment has all the information the system
requires to filter, so the access-list entry is applied to the fragments of a packet.
This feature adds the optional fragments keyword to the following IP access list commands: deny (IPv4),
permit (IPv4) , deny (IPv6) , permit (IPv6). By specifying the fragments keyword in an access-list entry,
that particular access-list entry applies only to non-initial fragments of packets; the fragment is either permitted
or denied accordingly.
The behavior of access-list entries regarding the presence or absence of the fragments keyword can be
summarized as follows:
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 7
Implementing Access Lists and Prefix Lists
Extended Access Lists with Fragment ControlIf the Access-List Entry has... Then...
For an access-list entry containing only Layer 3
information:
The entry is applied to non-fragmented packets,
initial fragments, and non-initial fragments.
For an access-list entry containing Layer 3 and Layer
4 information:
The entry is applied to non-fragmented packets
and initial fragments.
? If the entry matches and is a permit
statement, the packet or fragment is
permitted.
? If the entry matches and is a deny
statement, the packet or fragment is
denied.
The entry is also applied to non-initial fragments
in the following manner. Because non-initial
fragments contain only Layer 3 information,
only the Layer 3 portion of an access-list entry
can be applied. If the Layer 3 portion of the
access-list entry matches, and
? If the entry is a permit statement, the
non-initial fragment is permitted.
? If the entry is a deny statement, the next
access-list entry is processed.
Note that the deny statements are
handled differently for non-initial
fragments versus non-fragmented or
initial fragments.
Note
...no fragments keyword and all of the access-list
entry information matches
The access-list entry is applied only to non-initial
fragments.
The fragments keyword cannot be
configured for an access-list entry that
contains any Layer 4 information.
Note
...the fragments keyword and all of the access-list
entry information matches
You should not add the fragments keyword to every access-list entry, because the first fragment of the IP
packet is considered a non-fragment and is treated independently of the subsequent fragments. Because an
initial fragment will not match an access list permit or deny entry that contains the fragments keyword, the
packet is compared to the next access list entry until it is either permitted or denied by an access list entry that
does not contain the fragments keyword. Therefore, you may need two access list entries for every deny
entry. The first deny entry of the pair will not include the fragments keyword, and applies to the initial
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
8 OL-26068-02
Implementing Access Lists and Prefix Lists
Extended Access Lists with Fragment Controlfragment. The second deny entry of the pair will include the fragments keyword and appliesto the subsequent
fragments. In the cases where there are multiple deny access list entries for the same host but with different
Layer 4 ports, a single deny access-list entry with the fragments keyword for that host is all that has to be
added. Thus all the fragments of a packet are handled in the same manner by the access list.
Packet fragments of IP datagrams are considered individual packets and each fragment counts individually
as a packet in access-list accounting and access-list violation counts.
Note The fragments keyword cannot solve all cases involving access lists and IP fragments.
Within the scope of ACL processing, Layer 3 information refers to fields located within the IPv4 header;
for example, source, destination, protocol. Layer 4 information refers to other data contained beyond the
IPv4 header; for example, source and destination ports for TCP or UDP, flags for TCP, type and code for
ICMP.
Note
Policy Routing
Fragmentation and the fragment control feature affect policy routing if the policy routing is based on the
match ip address command and the accesslist had entriesthat match on Layer 4 through Layer 7 information.
It is possible that noninitial fragments pass the access list and are policy routed, even if the first fragment was
not policy routed or the reverse.
By using the fragments keyword in access-list entries as described earlier, a better match between the action
taken for initial and noninitial fragments can be made and it is more likely policy routing will occur asintended.
Comments About Entries in Access Lists
You can include comments (remarks) about entries in any named IP access list using the remark access list
configuration command. The remarks make the access list easier for the network administrator to understand
and scan. Each remark line is limited to 255 characters.
The remark can go before or after a permit or deny statement. You should be consistent about where you put
the remark so it is clear which remark describes which permit or deny statement. For example, it would be
confusing to have some remarks before the associated permit or deny statements and some remarks after the
associated statements. Remarks can be sequenced.
Remember to apply the access list to an interface or terminal line after the access list is created. See
theApplying Access Lists, on page 15 section for more information.
Access Control List Counters
In Cisco IOS XR software, ACL counters are maintained both in hardware and software. Hardware counters
are used for packet filtering applications such as when an access group is applied on an interface. Software
counters are used by all the applications mainly involving software packet processing.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 9
Implementing Access Lists and Prefix Lists
Comments About Entries in Access ListsPacket filtering makes use of 64-bit hardware counters per ACE. If the same access group is applied on
interfaces that are on the same line card in a given direction, the hardware counters for the ACL are shared
between two interfaces.
To display the hardware counters for a given access group, use the show access-lists ipv4 [access-list-name
hardware {ingress| egress} [interface type interface-path-id] {location node-id}] command in EXEC mode.
To clear the hardware counters, use the clear access-list ipv4 access-list-name [hardware {ingress | egress}
[interface type interface-path-id] {location node-id}] command in EXEC mode.
Hardware counting is not enabled by default for IPv4 ACLs because of a small performance penalty. To
enable hardware counting, use the ipv4 access-group access-list-name {ingress | egress} [hardware-count]
command in interface configuration mode. This command can be used as desired, and counting is enabled
only on the specified interface.
Software counters are updated for the packets processed in software, for example, exception packets punted
to the LC CPU for processing, or ACL used by routing protocols, and so on. The counters that are maintained
are an aggregate of all the software applications using that ACL. To display software-only ACL counters, use
the show access-lists ipv4 access-list-name [sequence number] command in EXEC mode.
All the above information is true for IPv6, except that hardware counting is always enabled; there is no
hardware-count option in the IPv6 access-group command-line interface (CLI).
BGP Filtering Using Prefix Lists
Prefix lists can be used as an alternative to access lists in many BGP route filtering commands. The advantages
of using prefix lists are as follows:
Significant performance improvement in loading and route lookup of large lists.
Incremental updates are supported.
More user friendly CLI. The CLI for using access lists to filter BGP updates is difficult to understand
and use because it uses the packet filtering format.
Greater flexibility.
Before using a prefix list in a command, you must set up a prefix list, and you may want to assign sequence
numbers to the entries in the prefix list.
How the System Filters Traffic by Prefix List
Filtering by prefix list involves matching the prefixes of routes with those listed in the prefix list. When there
is a match, the route is used. More specifically, whether a prefix is permitted or denied is based upon the
following rules:
An empty prefix list permits all prefixes.
An implicit deny is assumed if a given prefix does not match any entries of a prefix list.
When multiple entries of a prefix list match a given prefix, the longest, most specific match is chosen.
Sequence numbers are generated automatically unless you disable this automatic generation. If you disable
the automatic generation of sequence numbers, you must specify the sequence number for each entry using
the sequence-number argument of the permit and deny commands in either IPv4 or IPv6 prefix list
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
10 OL-26068-02
Implementing Access Lists and Prefix Lists
BGP Filtering Using Prefix Listsconfiguration command. Use the no form of the permit or deny command with the sequence-number
argument to remove a prefix-list entry.
The show commands include the sequence numbers in their output.
Information About Implementing ACL-based Forwarding
To implement access lists and prefix lists, you must understand the following concepts:
ACL-based Forwarding Overview
Converged networks carry voice, video and data. Users may need to route certain traffic through specific
paths instead of using the paths computed by routing protocols. A simple solution to achieve this, is by
specifying the next-hop address in ACL configurations, so that the configured next-hop address from ACL
is used for fowarding packet towardsits destination instead of routing packet-based destination addresslookup.
This feature of using next-hop in ACL configurations for forwarding is called ACL Based Forwarding (ABF).
ACL-based forwarding enables you to choose service from multiple providers for broadcast TV over IP, IP
telephony, data, and so on, which provides a cafeteria-like access to the Internet. Service providers can divert
user traffic to various content providers.
ABF-OT
To provide flexibility to the user to select the suitable nexthop, the ABF functionality is enhanced to interact
with object-tracking (OT), which impacts:
Tracking prefix in CEF
Tracking the line-state protocol
IPSLA (IP Service Level Agreement)
IPSLA support for Object tracking
The OT-module interacts with the IPSLA-module to get reachability information. With IPSLA, the routers
perform periodic measurements
How to Implement Access Lists and Prefix Lists
IPv6 ACL support is available on the Cisco ASR 9000 SIP 700 linecard and the ASR 9000 Ethernet linecards.
The relevant scale is:
ACL enabled interfaces - 1000 (500 in each direction); for ASR 9000 Ethernet linecards- 4000
Unique ACLs - 512 (with 5 ACEs each); for ASR 9000 Ethernet linecards- 2000
Maximum ACEs per ACL - 8000 (for ASR 9000 Ethernet lincards, ACEs could be 16000, 8000, 4000-
based on the LC model)
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 11
Implementing Access Lists and Prefix Lists
Information About Implementing ACL-based Forwarding IPv6 ACL log will also be supported.
This section contains the following procedures:
Configuring Extended Access Lists
This task configures an extended IPv4 or IPv6 access list.
SUMMARY STEPS
1. configure
2. {ipv4 | ipv6} access-list name
3. [ sequence-number ] remark remark
4. Do one of the following:
[ sequence-number]{permit | deny} source source-wildcard destination destination-wildcard
[precedence precedence] [dscp dscp] [fragments] [packet-length operator packet-length value]
[log | log-input]
[ sequence-number ] {permit | deny} protocol {source-ipv6-prefix/prefix-length | any | host
source-ipv6-address} [operator {port | protocol-port}] {destination-ipv6-prefix/prefix-length | any
| host destination-ipv6-address} [operator {port | protocol-port}] [dscp value] [routing] [authen]
[destopts] [fragments] [packet-length operator packet-length value] [log | log-input]
5. Repeat Step 4 as necessary, adding statements by sequence number where you planned. Use the no
sequence-number command to delete an entry.
6. Use one of these commands:
end
commit
7. show access-lists {ipv4 | ipv6} [access-list-name hardware {ingress | egress} [interface type
interface-path-id] {sequence number | location node-id} | summary [access-list-name] | access-list-name
[sequence-number] | maximum [detail] [usage {pfilter location node-id}]]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
12 OL-26068-02
Implementing Access Lists and Prefix Lists
Configuring Extended Access ListsCommand or Action Purpose
Enters either IPv4 or IPv6 access list configuration mode and
configures the named access list.
{ipv4 | ipv6} access-list name
Example:
RP/0/RSP0/CPU0:router(config)# ipv4
access-list acl_1
Step 2
or
RP/0/RSP0/CPU0:router(config)# ipv6
access-list acl_2
(Optional) Allows you to comment about a permit or deny
statement in a named access list.
[ sequence-number ] remark remark
Example:
RP/0/RSP0/CPU0:router(config-ipv4-acl)# 10
remark Do not allow user1 to telnet out
Step 3
The remark can be up to 255 characters; anything longer is
truncated.
Remarks can be configured before or after permit or deny
statements, but their location should be consistent.
Specifies one or more conditions allowed or denied in IPv4 access
list acl_1.
Step 4 Do one of the following:
[ sequence-number]{permit | deny} source
source-wildcard destination The optional log keyword causes an information logging
message about the packet that matches the entry to be sent to
the console.
destination-wildcard [precedence precedence]
[dscp dscp] [fragments] [packet-length
operator packet-length value] [log | log-input]
The optional log-input keyword provides the same function
as the log keyword, except that the logging message also
includes the input interface.
[ sequence-number ] {permit | deny} protocol
{source-ipv6-prefix/prefix-length | any | host
source-ipv6-address} [operator {port |
protocol-port}] or
{destination-ipv6-prefix/prefix-length | any |
Specifies one or more conditions allowed or denied in IPv6 access
list acl_2.
host destination-ipv6-address} [operator {port
| protocol-port}] [dscp value] [routing] [authen]
Refer to the deny (IPv6) and permit (IPv6) commands for
more information on filtering IPv6 traffic based on based on
[destopts] [fragments] [packet-length operator
packet-length value] [log | log-input]
IPv6 option headers and optional, upper-layer protocol type
information.
Example:
RP/0/RSP0/CPU0:router(config-ipv4-acl)# 10
Every IPv6 address list has two implicit permits used for
neighbor advertisement and solicitation: Implicit Neighbor
DiscoveryNeighbor Advertisement (NDNA) permit, and
Implicit Neighbor DiscoveryNeighbor Solicitation (NDNS)
permit.
Note
Every IPv6 access list has an implicit deny ipv6 any any
statement as its last match condition. An IPv6 access list
must contain at least one entry for the implicit deny ipv6
any any statement to take effect.
Note
permit 172.16.0.0 0.0.255.255
RP/0/RSP0/CPU0:router(config-ipv4-acl)# 20
deny 192.168.34.0 0.0.0.255
or
RP/0/RSP0/CPU0:router(config-ipv6-acl)# 20
permit icmp any any
RP/0/RSP0/CPU0:router(config-ipv6-acl)# 30
deny tcp any any gt 5000
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 13
Implementing Access Lists and Prefix Lists
Configuring Extended Access ListsCommand or Action Purpose
Repeat Step 4 as necessary, adding statements by Allows you to revise an access list.
sequence number where you planned. Use the no
sequence-number command to delete an entry.
Step 5
Step 6 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
show access-lists {ipv4 | ipv6} [access-list-name (Optional) Displays the contents of current IPv4 or IPv6 access lists.
hardware {ingress | egress} [interface type
Step 7
Use the access-list-name argument to display the contents of
a specific access list.
interface-path-id] {sequence number | location
node-id} | summary [access-list-name] |
access-list-name [sequence-number] | maximum
[detail] [usage {pfilter location node-id}]]
Use the hardware , ingress or egress , and location or
sequence keywordsto display the access-list hardware contents
Example:
RP/0/RSP0/CPU0:router# show access-lists ipv4
acl_1
and counters for all interfaces that use the specified access list
in a given direction (ingress or egress). The access group for an
interface must be configured using the ipv4 access-group
command for access-list hardware counters to be enabled.
Use the summary keyword to display a summary of all current
IPv4 or IPv6 access-lists.
Use the interface keyword to display interface statistics.
What to Do Next
After creating an access list, you must apply it to a line or interface. See the Applying Access Lists, on page
15 section for information about how to apply an access list.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
14 OL-26068-02
Implementing Access Lists and Prefix Lists
Configuring Extended Access ListsACL commit fails while adding and removing unique Access List Entries (ACE). This happens due to the
absence of an assigned manager process. The user has to exit the config-ipv4-acl mode to configuration mode
and re-enter the config-ipv4-acl mode before adding the first ACE.
Applying Access Lists
After you create an access list, you must reference the access list to make it work. Access lists can be applied
on either outbound or inbound interfaces. This section describes guidelines on how to accomplish this task
for both terminal lines and network interfaces.
Set identical restrictions on all the virtual terminal lines, because a user can attempt to connect to any of them.
For inbound access lists, after receiving a packet, Cisco IOS XR software checks the source address of the
packet against the access list. If the access list permits the address, the software continues to process the
packet. If the access list rejects the address, the software discards the packet and returns an ICMP host
unreachable message. The ICMP message is configurable.
For outbound access lists, after receiving and routing a packet to a controlled interface, the software checks
the source address of the packet against the accesslist. If the accesslist permitsthe address, the software sends
the packet. If the access list rejects the address, the software discards the packet and returns an ICMP host
unreachable message.
When you apply an access list that has not yet been defined to an interface, the software acts as if the access
list has not been applied to the interface and accepts all packets. Note this behavior if you use undefined access
lists as a means of security in your network.
Controlling Access to an Interface
This task applies an access list to an interface to restrict access to that interface.
Access lists can be applied on either outbound or inbound interfaces.
SUMMARY STEPS
1. configure
2. interface type interface-path-id
3. Do one of the following:
ipv4 access-group access-list-name {ingress | egress} [hardware-count] [interface-statistics]
ipv6 access-group access-list-name {ingress | egress} [interface-statistics]
4. Do one of the following:
end
commit
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 15
Implementing Access Lists and Prefix Lists
Applying Access ListsDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Step 2 interface type interface-path-id Configures an interface and enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)#
interface gigabitethernet 0/2/0/2
The type argument specifies an interface type. For more information
on interface types, use the question mark (?) online help function.
The instance argument specifies either a physical interface instance or
a virtual instance.
? The naming notation for a physical interface instance is
rack/slot/module/port. The slash (/) between values is required as
part of the notation.
? The number range for a virtual interface instance varies depending
on the interface type.
Step 3 Do one of the following: Controls access to an interface.
ipv4 access-group access-list-name
{ingress | egress} [hardware-count]
[interface-statistics]
Use the access-list-name argument to specify a particular IPv4 or IPv6
access list.
Use the in keyword to filter on inbound packets or the out keyword to
ipv6 access-group access-list-name filter on outbound packets.
{ingress | egress}
[interface-statistics]
Use the hardware-count keyword to enable hardware counters for the
IPv4 access group.
Example:
RP/0/RSP0/CPU0:router(config-if)#
? Hardware counters are automatically enabled for IPv6 access
groups.
Use the interface-statistics keyword to specify per-interface statistics
in the hardware.
ipv4 access-group p-in-filter in
RP/0/RSP0/CPU0:router(config-if)#
ipv4 access-group p-out-filter out
This example applies filters on packets inbound and outbound from
GigabitEthernet interface 0/2/0/2.
Step 4 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
exiting(yes/no/cancel)?[cancel]:
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
16 OL-26068-02
Implementing Access Lists and Prefix Lists
Applying Access ListsCommand or Action Purpose
or
RP/0/RSP0/CPU0:router(config-if)#
commit
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the
router to EXEC mode.
? Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
? Entering cancel leavesthe router in the current configuration session
without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Controlling Access to a Line
This task applies an access list to a line to control access to that line.
SUMMARY STEPS
1. configure
2. line {aux | console | default | template template-name}
3. access-class list-name{ingress | egress}
4. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies either the auxiliary, console, default, or a user-defined line template
and enters line template configuration mode.
line {aux | console | default | template
template-name}
Step 2
Example:
RP/0/RSP0/CPU0:router(config)# line
default
Line templates are a collection of attributes used to configure and manage
physical terminal line connections (the console and auxiliary ports) and
vty connections. The following templates are available in Cisco IOS XR
software:
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 17
Implementing Access Lists and Prefix Lists
Applying Access ListsCommand or Action Purpose
? Aux line templateThe line template that applies to the auxiliary
line.
? Console line templateThe line template that appliesto the console
line.
? Default line templateThe default line template that applies to a
physical and virtual terminal lines.
? User-defined line templatesUser-defined line templates that can
be applied to a range of virtual terminal lines.
Step 3 access-class list-name{ingress | egress} Restricts incoming and outgoing connections using an IPv4 or IPv6 access list.
Example:
RP/0/RSP0/CPU0:router(config-line)#
access-class acl_2 out
In the example, outgoing connections for the default line template are
filtered using the IPv6 access list acl_2.
Step 4 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yessaves configuration changesto the running configuration
file, exits the configuration session, and returns the router to EXEC
mode.
or
RP/0/RSP0/CPU0:router(config)#
commit
? Entering no exits the configuration session and returns the router to
EXEC mode without committing the configuration changes.
? Entering cancel leavesthe router in the current configuration session
without exiting or committing the configuration changes.
Use the commit command to save the configuration changesto the running
configuration file and remain within the configuration session.
Configuring Prefix Lists
This task configures an IPv4 or IPv6 prefix list.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
18 OL-26068-02
Implementing Access Lists and Prefix Lists
Configuring Prefix ListsSUMMARY STEPS
1. configure
2. {ipv4 | ipv6} prefix-list name
3. [ sequence-number ] remark remark
4. [ sequence-number] {permit | deny} network/length [ge value] [le value] [eq value]
5. Repeat Step 4 as necessary. Use the no sequence-number command to delete an entry.
6. Do one of the following:
end
commit
7. Do one of the following:
show prefix-list ipv4 [name] [sequence-number]
show prefix-list ipv6 [name] [sequence-number] [summary]
8. clear {ipv4 | ipv6} prefix-list name [sequence-number]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters either IPv4 or IPv6 prefix list configuration mode and
configures the named prefix list.
{ipv4 | ipv6} prefix-list name
Example:
RP/0/RSP0/CPU0:router(config)# ipv4
prefix-list pfx_1
Step 2
To create a prefix list, you must enter at least one permit or
deny clause.
Use the no {ipv4 | ipv6} prefix-list name command to remove
all entries in a prefix list.
or
RP/0/RSP0/CPU0:router(config)# ipv6
prefix-list pfx_2
(Optional) Allows you to comment about the following permit or
deny statement in a named prefix list.
[ sequence-number ] remark remark
Example:
RP/0/RSP0/CPU0:router(config-ipv4_pfx)# 10
Step 3
The remark can be up to 255 characters; anything longer is
truncated.
remark Deny all routes with a prefix of
Remarks can be configured before or after permit or deny
statements, but their location should be consistent.
10/8
RP/0/RSP0/CPU0:router(config-ipv4_pfx)# 20
deny 10.0.0.0/8 le 32
Specifies one or more conditions allowed or denied in the named
prefix list.
[sequence-number] {permit | deny} network/length
[ge value] [le value] [eq value]
Step 4
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 19
Implementing Access Lists and Prefix Lists
Configuring Prefix ListsCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-ipv6_pfx)# 20
deny 128.0.0.0/8 eq 24
This example denies all prefixes matching /24 in 128.0.0.0/8
in prefix list pfx_2.
Repeat Step 4 as necessary. Use the no Allows you to revise a prefix list.
sequence-number command to delete an entry.
Step 5
Step 6 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-ipv6_pfx)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-ipv6_pfx)#
commit
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Step 7 Do one of the following: (Optional) Displays the contents of current IPv4 or IPv6 prefix lists.
show prefix-list ipv4 [name]
[sequence-number]
Use the name argument to display the contents of a specific
prefix list.
Use the sequence-number argument to specify the sequence
number of the prefix-list entry.
show prefix-list ipv6 [name]
[sequence-number] [summary]
Use the summary keyword to display summary output of
prefix-list contents.
Example:
RP/0/RSP0/CPU0:router# show prefix-list ipv4
pfx_1
or
RP/0/RSP0/CPU0:router# show prefix-list ipv6
pfx_2 summary
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
20 OL-26068-02
Implementing Access Lists and Prefix Lists
Configuring Prefix ListsCommand or Action Purpose
clear {ipv4 | ipv6} prefix-list name (Optional) Clears the hit count on an IPv4 or IPv6 prefix list.
[sequence-number]
Step 8
The hit count is a value indicating the number of matches
to a specific prefix-list entry.
Note
Example:
RP/0/RSP0/CPU0:router# clear prefix-list
ipv4 pfx_1 30
Configuring Standard Access Lists
This task configures a standard IPv4 access list.
Standard access lists use source addresses for matching operations.
SUMMARY STEPS
1. configure
2. ipv4 access-list name
3. [ sequence-number ] remark remark
4. [ sequence-number ] {permit | deny} source [source-wildcard] [log | log-input]
5. Repeat Step 4 as necessary, adding statements by sequence number where you planned. Use the no
sequence-number command to delete an entry.
6. Do one of the following:
end
commit
7. show access-lists [ipv4 | ipv6] [access-list-name hardware {ingress | egress} [interface type
interface-path-id] {sequence number | location node-id} | summary [access-list-name] | access-list-name
[sequence-number] | maximum [detail] [usage {pfilter location node-id}]]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 21
Implementing Access Lists and Prefix Lists
Configuring Standard Access ListsCommand or Action Purpose
Enters IPv4 access list configuration mode and configures access
list acl_1.
ipv4 access-list name
Example:
RP/0/RSP0/CPU0:router# ipv4 access-list acl_1
Step 2
(Optional) Allows you to comment about the following permit
or deny statement in a named access list.
[ sequence-number ] remark remark
Example:
RP/0/RSP0/CPU0:router(config-ipv4-acl)# 10
remark Do not allow user1 to telnet out
Step 3
The remark can be up to 255 characters; anything longer is
truncated.
Remarks can be configured before or after permit or deny
statements, but their location should be consistent.
Specifies one or more conditions allowed or denied, which
determines whether the packet is passed or dropped.
[ sequence-number ] {permit | deny} source
[source-wildcard] [log | log-input]
Step 4
Example:
RP/0/RSP0/CPU0:router(config-ipv4-acl)# 20
permit 172.16.0.0 0.0.255.255
Use the source argument to specify the number of network
or host from which the packet is being sent.
Use the optional source-wildcard argument to specify the
wildcard bits to be applied to the source.
or
RRP/0/RSP0/CPU0:routerrouter(config-ipv4-acl)#
30 deny 192.168.34.0 0.0.0.255
The optional log keyword causes an information logging
message about the packet that matches the entry to be sent
to the console.
The optional log-input keyword providesthe same function
as the log keyword, except that the logging message also
includes the input interface.
Repeat Step 4 as necessary, adding statements by Allows you to revise an access list.
sequence number where you planned. Use the no
sequence-number command to delete an entry.
Step 5
Step 6 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-ipv4-acl)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-ipv4-acl)# commit ? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
22 OL-26068-02
Implementing Access Lists and Prefix Lists
Configuring Standard Access ListsCommand or Action Purpose
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
show access-lists [ipv4 | ipv6] [access-list-name (Optional) Displays the contents of the named IPv4 access list.
hardware {ingress | egress} [interface type
Step 7
The contents of an IPv4 standard access list are displayed in
extended access-list format.
interface-path-id] {sequence number | location
node-id} | summary [access-list-name] |
access-list-name [sequence-number] | maximum
[detail] [usage {pfilter location node-id}]]
Example:
RP/0/RSP0/CPU0:router# show access-lists ipv4
acl_1
What to Do Next
After creating a standard access list, you must apply it to a line or interface. See the Applying Access Lists,
on page 15 section for information about how to apply an access list.
Copying Access Lists
This task copies an IPv4 or IPv6 access list.
SUMMARY STEPS
1. copy access-list {ipv4 | ipv6}source-acl destination-acl
2. show access-lists {ipv4 | ipv6}[access-list-name hardware {ingress | egress} [interface type
interface-path-id] {sequence number | location node-id} | summary [access-list-name] | access-list-name
[sequence-number] | maximum [detail] [usage {pfilter location node-id}]]
DETAILED STEPS
Command or Action Purpose
Step 1 copy access-list {ipv4 | ipv6}source-acl destination-acl Creates a copy of an existing IPv4 or IPv6 access list.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 23
Implementing Access Lists and Prefix Lists
Copying Access ListsCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router# copy ipv6 access-list
list-1 list-2
Use the source-acl argument to specify the name of the
access list to be copied.
Use the destination-acl argument to specify where to copy
the contents of the source access list.
? The destination-acl argument must be a unique name;
if the destination-acl argument name exists for an
access list, the access list is not copied.
(Optional) Displays the contents of a named IPv4 or IPv6 access
list. For example, you can verify the output to see that the
show access-lists {ipv4 | ipv6}[access-list-name
hardware {ingress | egress} [interface type
Step 2
destination access list list-2 contains all the information from the
source access list list-1.
interface-path-id] {sequence number| location node-id}
| summary [access-list-name] | access-list-name
[sequence-number] | maximum [detail] [usage {pfilter
location node-id}]]
Example:
RP/0/RSP0/CPU0:router# show access-lists ipv4
list-2
Sequencing Access-List Entries and Revising the Access List
This task shows how to assign sequence numbers to entries in a named access list and how to add or delete
an entry to or from an access list. It is assumed that a user wants to revise an access list. Resequencing an
access list is optional.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
24 OL-26068-02
Implementing Access Lists and Prefix Lists
Sequencing Access-List Entries and Revising the Access ListSUMMARY STEPS
1. resequence access-list {ipv4 | ipv6} name [base [increment]]
2. configure
3. {ipv4 | ipv6} access-list name
4. Do one of the following:
[ sequence-number ] {permit | deny} source source-wildcard destination destination-wildcard
[precedence precedence] [dscp dscp] [fragments] [packet-length operator packet-length value]
[log | log-input]
[ sequence-number ] {permit | deny} protocol {source-ipv6-prefix/prefix-length | any | host
source-ipv6-address} [operator {port | protocol-port}] {destination-ipv6-prefix/prefix-length | any
| host destination-ipv6-address} [operator {port | protocol-port}] [dscp value] [routing] [authen]
[destopts] [fragments] [packet-length operator packet-length value] [log | log-input]
5. Repeat Step 4 as necessary, adding statements by sequence number where you planned. Use the no
sequence-number command to delete an entry.
6. Do one of the following:
end
commit
7. show access-lists [ipv4 | ipv6] [access-list-name hardware {ingress | egress} [interface type
interface-path-id] {sequence number | location node-id} | summary [access-list-name] | access-list-name
[sequence-number] | maximum [detail] [usage {pfilter location node-id}]]
DETAILED STEPS
Command or Action Purpose
(Optional) Resequences the specified IPv4 or IPv6 access list
using the starting sequence number and the increment ofsequence
numbers.
resequence access-list {ipv4 | ipv6} name [base
[increment]]
Example:
RP/0/RSP0/CPU0:router# resequence access-list
ipv4 acl_3 20 15
Step 1
This example resequences an IPv4 access list named acl_3.
The starting sequence number is 20 and the increment is 15.
If you do not select an increment, the default increment 10
is used.
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 25
Implementing Access Lists and Prefix Lists
Sequencing Access-List Entries and Revising the Access ListCommand or Action Purpose
Enters either IPv4 or IPv6 access list configuration mode and
configures the named access list.
{ipv4 | ipv6} access-list name
Example:
RP/0/RSP0/CPU0:router(config)# ipv4 access-list
acl_1
Step 3
or
RP/0/RSP0/CPU0:router(config)# ipv6 access-list
acl_2
Specifies one or more conditions allowed or denied in IPv4 access
list acl_1.
Step 4 Do one of the following:
[ sequence-number ] {permit | deny} source
source-wildcard destination destination-wildcard The optional log keyword causes an information logging
message about the packet that matches the entry to be sent
to the console.
[precedence precedence] [dscp dscp] [fragments]
[packet-length operator packet-length value] [log
| log-input]
The optional log-input keyword providesthe same function
as the log keyword, except that the logging message also
includes the input interface.
[ sequence-number ] {permit | deny} protocol
{source-ipv6-prefix/prefix-length | any | host
source-ipv6-address} [operator {port |
This access list happens to use a permit statement first, but
a deny statement could appear first, depending on the order
of statements you need.
protocol-port}]
{destination-ipv6-prefix/prefix-length | any | host
destination-ipv6-address} [operator {port |
protocol-port}] [dscp value] [routing] [authen]
or
[destopts] [fragments] [packet-length operator
packet-length value] [log | log-input] Specifies one or more conditions allowed or denied in IPv6 access
list acl_2.
Example:
RP/0/RSP0/CPU0:router(config-ipv4-acl)# 10
Refer to the permit (IPv6) and deny (IPv6) commands
for more information on filtering IPv6 traffic based on IPv6
option headers and upper-layer protocols such as ICMP,
permit 172.16.0.0 0.0.255.255 TCP, and UDP.
RP/0/RSP0/CPU0:router(config-ipv4-acl)# 20 deny
192.168.34.0 0.0.0.255
Every IPv6 access list has an implicit deny ipv6 any
any statement asitslast match condition. An IPv6 access
list must contain at least one entry for the implicit deny
ipv6 any any statement to take effect.
Note
or
RP/0/RSP0/CPU0:router(config-ipv6-acl)# 20
permit icmp any any
RP/0/RSP0/CPU0:router(config-ipv6-acl)# 30 deny
tcp any any gt 5000
Repeat Step 4 as necessary, adding statements by Allows you to revise the access list.
sequence number where you planned. Use the no
sequence-number command to delete an entry.
Step 5
Step 6 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
commit
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
26 OL-26068-02
Implementing Access Lists and Prefix Lists
Sequencing Access-List Entries and Revising the Access ListCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-ipv4-acl)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-ipv4-acl)# commit
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
? Entering no exitsthe configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain within
the configuration session.
(Optional) Displays the contents of a named IPv4 or IPv6 access
list.
show access-lists [ipv4 | ipv6] [access-list-name
hardware {ingress | egress} [interface type
Step 7
interface-path-id] {sequence number| location node-id}
Review the output to see that the access list includes the
updated information.
| summary [access-list-name] | access-list-name
[sequence-number] | maximum [detail] [usage {pfilter
location node-id}]]
Example:
RP/0/RSP0/CPU0:router# show access-lists ipv4
acl_1
What to Do Next
If your access list is not already applied to an interface or line or otherwise referenced, apply the access list.
See the Applying Access Lists, on page 15 section for information about how to apply an access list.
Copying Prefix Lists
This task copies an IPv4 or IPv6 prefix list.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 27
Implementing Access Lists and Prefix Lists
Copying Prefix ListsSUMMARY STEPS
1. copy prefix-list {ipv4 | ipv6} source-name destination-name
2. Do one of the following:
show prefix-list ipv4 [name] [sequence-number]
show prefix-list ipv6 [name] [sequence-number] [summary]
DETAILED STEPS
Command or Action Purpose
copy prefix-list {ipv4 | ipv6} source-name Creates a copy of an existing IPv4 or IPv6 prefix list.
destination-name
Step 1
Use the source-name argument to specify the name of the
prefix list to be copied and the destination-name argument
to specify where to copy the contents of the source prefix list.
Example:
RP/0/RSP0/CPU0:router# copy prefix-list ipv6
list_1 list_2
The destination-name argument must be a unique name; if
the destination-name argument name exists for a prefix list,
the prefix list is not copied.
Step 2 Do one of the following: (Optional) Displays the contents of current IPv4 or IPv6 prefix lists.
show prefix-list ipv4 [name]
[sequence-number]
Review the output to see that prefix list list_2 includes the
entries from list_1.
show prefix-list ipv6 [name]
[sequence-number] [summary]
Example:
RP/0/RSP0/CPU0:router# show prefix-list ipv6
list_2
Sequencing Prefix List Entries and Revising the Prefix List
This task shows how to assign sequence numbers to entries in a named prefix list and how to add or delete
an entry to or from a prefix list. It is assumed a user wants to revise a prefix list. Resequencing a prefix list
is optional.
Before You Begin
Note Resequencing IPv6 prefix lists is not supported.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
28 OL-26068-02
Implementing Access Lists and Prefix Lists
Sequencing Prefix List Entries and Revising the Prefix ListSUMMARY STEPS
1. resequence prefix-list ipv4 name [base [increment]]
2. configure
3. {ipv4 | ipv6} prefix-list name
4. [ sequence-number ] {permit | deny} network/length [ge value] [le value] [eq value]
5. Repeat Step 4 as necessary, adding statements by sequence number where you planned. Use the no
sequence-number command to delete an entry.
6. Do one of the following:
end
commit
7. Do one of the following:
show prefix-list ipv4 [name] [sequence-number]
show prefix-list ipv6 [name] [sequence-number] [summary]
DETAILED STEPS
Command or Action Purpose
(Optional) Resequencesthe named IPv4 prefix list using the starting
sequence number and the increment of sequence numbers.
resequence prefix-list ipv4 name [base [increment]]
Example:
RP/0/RSP0/CPU0:router# resequence prefix-list
ipv4 pfx_1 10 15
Step 1
This example resequences a prefix list named pfx_1. The
starting sequence number is 10 and the increment is 15.
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 2
Enters either IPv4 or IPv6 prefix list configuration mode and
configures the named prefix list.
{ipv4 | ipv6} prefix-list name
Example:
RP/0/RSP0/CPU0:router(config)# ipv6
prefix-list pfx_2
Step 3
Specifies one or more conditions allowed or denied in the named
prefix list.
[sequence-number] {permit | deny} network/length
[ge value] [le value] [eq value]
Example:
RP/0/RSP0/CPU0:router(config-ipv6_pfx)# 15
deny 128.0.0.0/8 eq 24
Step 4
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 29
Implementing Access Lists and Prefix Lists
Sequencing Prefix List Entries and Revising the Prefix ListCommand or Action Purpose
Repeat Step 4 as necessary, adding statements by Allows you to revise the prefix list.
sequence number where you planned. Use the no
sequence-number command to delete an entry.
Step 5
Step 6 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-ipv6_pfx)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-ipv6_pfx)#
commit
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
(Optional) Displays the contents of current IPv4 or IPv6 prefix
lists.
Step 7 Do one of the following:
show prefix-list ipv4 [name]
[sequence-number] Review the output to see that prefix list pfx_2 includes all
new information.
show prefix-list ipv6 [name]
[sequence-number] [summary]
Example:
RP/0/RSP0/CPU0:router# show prefix-list ipv6
pfx_2
How to Implement ACL-based Forwarding
This section contains the following procedures:
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
30 OL-26068-02
Implementing Access Lists and Prefix Lists
How to Implement ACL-based ForwardingConfiguring ACL-based Forwarding with Security ACL
Perform this task to configure ACL-based forwarding with security ACL.
SUMMARY STEPS
1. configure
2. ipv4 access-list name
3. [sequence-number] permit protocolsource source-wildcard destination destination-wildcard [precedence
precedence] [[default] nexthop1 [ipv4 ipv4-address1] nexthop2[ipv4 ipv4-address2] nexthop3[ipv4
ipv4-address3]] [dscp dscp] [fragments] [packet-length operator packet-length value] [log | log-input]
[[track track-name] [ttl ttl [value1 ... value2]]
4. Do one of the following:
end
commit
5. show access-list ipv4 [[access-list-name hardware {ingress | egress} [interface type interface-path-id]
{sequence number| location node-id} |summary [access-list-name] | access-list-name [sequence-number]
| maximum [detail] [usage {pfilter location node-id}]]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters IPv4 access list configuration mode and configures the
specified access list.
ipv4 access-list name
Example:
RP/0/RSP0/CPU0:router(config)# ipv4 access-list
security-abf-acl
Step 2
Sets the conditions for an IPv4 access list. The configuration
example shows how to configure ACL-based forwarding with
security ACL.
[ sequence-number ] permit protocol source
source-wildcard destination destination-wildcard
[precedence precedence] [[default] nexthop1 [ipv4
Step 3
ipv4-address1] nexthop2[ipv4 ipv4-address2]
The nexthop1, nexthop2, nexthop3 keywordsforward
the specified next hop for this entry.
nexthop3[ipv4 ipv4-address3]] [dscp dscp] [fragments]
[packet-length operator packet-length value] [log |
log-input] [[track track-name] [ttl ttl [value1 ... value2]] If the default keyword is configured, ACL-based
forwarding action is taken only if the results of the PLU
Example:
RP/0/RSP0/CPU0:router(config-ipv4-acl)# 10 permit
lookup for the destination of the packets determine a
default route; that is, no specified route is determined to
the destination of the packet.
ipv4 10.0.0.0 0.255.255.255 any nexthop 50.1.1.2
RP/0/RSP0/CPU0:router(config-ipv4-acl)# 15 permit
ipv4 30.2.1.0 0.0.0.255 any
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 31
Implementing Access Lists and Prefix Lists
Configuring ACL-based Forwarding with Security ACLCommand or Action Purpose
RP/0/RSP0/CPU0:router(config-ipv4-acl)# 20 permit
ipv4 30.2.0.0 0.0.255.255 any nexthop 40.1.1.2
RP/0/RSP0/CPU0:router(config-ipv4-acl)# 25 permit
ipv4 any any
Step 4 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-ipv4-acl)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-ipv4-acl)# commit ? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
show access-list ipv4 [[access-list-name hardware {ingress Displays the information for ACL software.
| egress} [interface type interface-path-id] {sequence
Step 5
number | location node-id} | summary [access-list-name]
| access-list-name [sequence-number] | maximum [detail]
[usage {pfilter location node-id}]]
Example:
RP/0/RSP0/CPU0:router# show access-lists ipv4
security-abf-acl
Implementing IPSLA-OT
In this section, the following procedures are discussed:
Enabling track mode, on page 33
Configuring track type, on page 34
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
32 OL-26068-02
Implementing Access Lists and Prefix Lists
Implementing IPSLA-OT Configuring tracking type (line protocol), on page 34
Configuring track type (list), on page 35
Configuring tracking type (route), on page 37
Configuring tracking type (rtr), on page 38
Enabling track mode
SUMMARY STEPS
1. configure
2. track track-name
3. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
track track-name Enters track configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# track
t1
Step 2
Step 3 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the
router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)#
commit
? Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 33
Implementing Access Lists and Prefix Lists
Enabling track modeCommand or Action Purpose
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Configuring track type
There are different mechanisms to track the availability of the next-hop device. The tracking type can be of
four types, using:
line protocol
list
route
IPSLA
Configuring tracking type (line protocol)
Line protocol is one of the object types the object tracker component can track. This object type provides an
option for tracking state change notification from an interface. Based on the interface state change notification,
it decides whether the track state should be UP or DOWN.
SUMMARY STEPS
1. configure
2. track track-name
3. type line-protocol state interface type interface-path-id
4. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
34 OL-26068-02
Implementing Access Lists and Prefix Lists
Configuring track typeCommand or Action Purpose
track track-name Enters track configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# track t1
Step 2
type line-protocol state interface type Setsthe interface which needsto be tracked forstate change notifications.
interface-path-id
Step 3
Example:
RP/0/RSP0/CPU0:router(config-track)#
type line-protocol state interface
tengige 0/4/4/0
Step 4 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Configuring track type (list)
List is a boolen object type. Boolean refers to the capability of performing a boolean AND or boolean OR
operation on combinations of different object types supported by object tracker.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 35
Implementing Access Lists and Prefix Lists
Configuring track type (list)SUMMARY STEPS
1. configure
2. track track-name
3. type list boolean and
4. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
track track-name Enters track configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# track
t1
Step 2
Sets the list of track objects on which boolean AND or boolean OR
operations could be performed.
type list boolean and
Example:
RP/0/RSP0/CPU0:router(config-track)#
type list boolean and
Step 3
Step 4 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exitsthe configuration session and returnsthe router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
36 OL-26068-02
Implementing Access Lists and Prefix Lists
Configuring track type (list)Command or Action Purpose
Configuring tracking type (route)
Route is a route object type. The object tracker tracks the fib notification to determine the route reachability
and the track state.
SUMMARY STEPS
1. configure
2. track track-name
3. type route reachability
4. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
track track-name Enters track configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# track
t1
Step 2
type route reachability Sets the route on which reachability state needs to be learnt dynamically.
Example:
RP/0/RSP0/CPU0:router(config-track)#
type route reachability
Step 3
Step 4 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 37
Implementing Access Lists and Prefix Lists
Configuring tracking type (route)Command or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Configuring tracking type (rtr)
IPSLA is an ipsla object type. The object tracker tracks the return code of ipsla operation to determine the
track state changes.
SUMMARY STEPS
1. configure
2. track track-name
3. type rtr ipsla operation id reachability
4. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
38 OL-26068-02
Implementing Access Lists and Prefix Lists
Configuring tracking type (rtr)Command or Action Purpose
track track-name Enters track configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# track
t1
Step 2
type rtr ipsla operation id reachability Sets the ipsla operation id which needs to be tracked for reachability.
Example:
RP/0/RSP0/CPU0:routertype rtr 100
reachability
Step 3
Step 4 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 39
Implementing Access Lists and Prefix Lists
Configuring tracking type (rtr)Configuring Pure ACL-Based Forwarding for IPv6 ACL
SUMMARY STEPS
1. configure
2. {ipv6 } access-list name
3. [sequence-number] permit protocolsource source-wildcard destination destination-wildcard [precedence
precedence] [dscp dscp] [fragments] [packet-length operator packet-length value] [log | log-input]] [ttl
ttl value [value1 ... value2]][default] nexthop1 [ vrf vrf-name1 ][ipv6 ipv6-address1] [ nexthop2 [ vrf
vrf-name2 ] [ipv6 ipv6-address2 ] [nexthop3 [vrf vrf-name3 ] [ipv6ipv6-address3 ]]]
4. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters IPv6 access list configuration mode and configures the
specified access list.
{ipv6 } access-list name
Example:
RP/0/RSP0/CPU0:router(config)# ipv6 access-list
security-abf-acl
Step 2
Sets the conditions for an IPv6 access list. The configuration
example shows how to configure pure ACL-based forwarding
for ACL.
[ sequence-number ] permit protocol source
source-wildcard destination destination-wildcard
[precedence precedence] [dscp dscp] [fragments]
Step 3
[packet-length operator packet-length value] [log |
Forwards the specified next hop for this entry.
log-input]] [ttl ttl value [value1 ... value2]][default]
nexthop1 [ vrf vrf-name1 ][ipv6 ipv6-address1] [
nexthop2 [ vrf vrf-name2 ] [ipv6 ipv6-address2 ]
[nexthop3 [vrf vrf-name3 ] [ipv6ipv6-address3 ]]]
Example:
RP/0/RSP0/CPU0:router(config-ipv6-acl)# 10 permit
ipv6 any any default nexthop1 vrf vrf_A ipv6
11::1 nexthop2 vrf vrf_B ipv6 nexthop3 vrf vrf_C
ipv6 33::3
Step 4 Do one of the following: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
40 OL-26068-02
Implementing Access Lists and Prefix Lists
Configuring Pure ACL-Based Forwarding for IPv6 ACLCommand or Action Purpose
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
end
commit
Example:
RP/0/RSP0/CPU0:router(config-ipv6-acl)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-ipv6-acl)# commit ? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
? Entering no exitsthe configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration
changesto the running configuration file and remain within
the configuration session.
Configuration Examples for Implementing Access Lists and
Prefix Lists
This section provides the following configuration examples:
Resequencing Entries in an Access List: Example
The following example shows access-list resequencing. The starting value in the resequenced access list is
10, and increment value is 20. The subsequent entries are ordered based on the increment values that users
provide, and the range is from 1 to 2147483646.
When an entry with no sequence number is entered, by default it has a sequence number of 10 more than the
last entry in the access list.
ipv4 access-list acl_1
10 permit ip host 10.3.3.3 host 172.16.5.34
20 permit icmp any any
30 permit tcp any host 10.3.3.3
40 permit ip host 10.4.4.4 any
60 permit ip host 172.16.2.2 host 10.3.3.12
70 permit ip host 10.3.3.3 any log
80 permit tcp host 10.3.3.3 host 10.1.2.2
100 permit ip any any
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 41
Implementing Access Lists and Prefix Lists
Configuration Examples for Implementing Access Lists and Prefix Listsconfigure
ipv4 access-list acl_1
end
resequence ipv4 access-list acl_1 10 20
ipv4 access-list acl_1
10 permit ip host 10.3.3.3 host 172.16.5.34
30 permit icmp any any
50 permit tcp any host 10.3.3.3
70 permit ip host 10.4.4.4 any
90 permit ip host 172.16.2.2 host 10.3.3.12
110 permit ip host 10.3.3.3 any log
130 permit tcp host 10.3.3.3 host 10.1.2.2
150 permit ip any any
ipv4 access-list acl_1
10 permit ip host 10.3.3.3 host 172.16.5.34
20 permit icmp any any
30 permit tcp any host 10.3.3.3
40 permit ip host 10.4.4.4 any
60 permit ip host 172.16.2.2 host 10.3.3.12
70 permit ip host 10.3.3.3 any log
80 permit tcp host 10.3.3.3 host 10.1.2.2
100 permit ip any any
configure
ipv6 access-list acl_1
end
resequence ipv6 access-list acl_1 10 20
ipv4 access-list acl_1
10 permit ip host 10.3.3.3 host 172.16.5.34
30 permit icmp any any
50 permit tcp any host 10.3.3.3
70 permit ip host 10.4.4.4 any
90 Dynamic test permit ip any any
110 permit ip host 172.16.2.2 host 10.3.3.12
130 permit ip host 10.3.3.3 any log
150 permit tcp host 10.3.3.3 host 10.1.2.2
170 permit ip host 10.3.3.3 any
190 permit ip any any
Adding Entries with Sequence Numbers: Example
In the following example, an new entry is added to IPv4 access list acl_5.
ipv4 access-list acl_5
2 permit ipv4 host 10.4.4.2 any
5 permit ipv4 host 10.0.0.44 any
10 permit ipv4 host 10.0.0.1 any
20 permit ipv4 host 10.0.0.2 any
configure
ipv4 access-list acl_5
15 permit 10.5.5.5 0.0.0.255
end
ipv4 access-list acl_5
2 permit ipv4 host 10.4.4.2 any
5 permit ipv4 host 10.0.0.44 any
10 permit ipv4 host 10.0.0.1 any
15 permit ipv4 10.5.5.5 0.0.0.255 any
20 permit ipv4 host 10.0.0.2 any
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
42 OL-26068-02
Implementing Access Lists and Prefix Lists
Adding Entries with Sequence Numbers: ExampleAdding Entries Without Sequence Numbers: Example
The following example shows how an entry with no specified sequence number is added to the end of an
access list. When an entry is added without a sequence number, it is automatically given a sequence number
that puts it at the end of the access list. Because the default increment is 10, the entry will have a sequence
number 10 higher than the last entry in the existing access list.
configure
ipv4 access-list acl_10
permit 10
.1.1.1 0.0.0.255
permit 10
.2.2.2 0.0.0.255
permit 10
.3.3.3 0.0.0.255
end
ipv4 access-list acl_10
10 permit ip 10
.1.1.0 0.0.0.255 any
20 permit ip 10
.2.2.0 0.0.0.255 any
30 permit ip 10
.3.3.0 0.0.0.255 any
configure
ipv4 access-list acl_10
permit 10
.4.4.4 0.0.0.255
end
ipv4 access-list acl_10
10 permit ip 10
.1.1.0 0.0.0.255 any
20 permit ip 10
.2.2.0 0.0.0.255 any
30 permit ip 10
.3.3.0 0.0.0.255 any
40 permit ip 10
.4.4.0 0.0.0.255 any
IPv6 ACL in Class Map
In Release 4.2.1, Quality of Service (Qos) features on ASR 9000 Ethernet line card and ASR 9000 Enhanced
Ethernet line card are enhanced to support these:
ASR 9000 Enhanced Ethernet LC:
? Support on L2 and L3 interface and sub-interface
? Support on bundle L2 and L3 interface and sub-interface
? Support for both ingress and egress directions
? ICMP code and type for IPv4/IPv6
ASR 9000 Ethernet LC:
? Support on only L3 interface and sub-interface
? Support on L3 bundle interface and sub-interface
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 43
Implementing Access Lists and Prefix Lists
Adding Entries Without Sequence Numbers: Example? Support for both ingress and egress directions
? ICMP code and type for IPv4/IPv6
IPv6-supported match fields:
? IPv6 Source Address
? IPv6 Destination Address
? IPv6 Protocol
? Time to live (TTL) or hop limit
? Source Port
? Destination Port
? TCP Flags
? IPv6 Flags(Routing Header(RH), Authentication Header(AH) and Destination Option Header(DH))
Class map with IPv6 ACL that also supports:
? IPv4 ACL
? Discard class
? QoS Group
? Outer CoS
? Inner CoS
? Outer VLAN (ASR 9000 Enhanced Ethernet LC only)
? Inner VLAN (ASR 9000 Enhanced Ethernet LC only)
? match-not option
? type of service (TOS) support
Policy-map with IPv6 ACL supports:
? hierarchical class-map
Configuring IPv6 ACL QoS - An Example
This example shows how to configure IPv6 ACL QoS with IPv4 ACL and other fields :
ipv6 access-list aclv6
10 permit ipv6 1111:6666::2/64 1111:7777::2/64 authen
30 permit tcp host 1111:4444::2 eq 100 host 1111:5555::2 ttl eq 10
!
ipv4 access-list aclv4
10 permit ipv4 host 10.6.10.2 host 10.7.10.2
!
class-map match-any c.aclv6
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
44 OL-26068-02
Implementing Access Lists and Prefix Lists
Configuring IPv6 ACL QoS - An Examplematch access-group ipv6 aclv6
match access-group ipv4 aclv4
match cos 1
end-class-map
!
policy-map p.aclv6
class c.aclv6
set precedence 3
!
class class-default
!
end-policy-map
!
show qos-ea km policy p.aclv6 vmr interface tenGigE 0/1/0/6.10 hw
================================================================================
B : type & id E : ether type VO : vlan outer VI : vlan inner
Q : tos/exp/group X : Reserved DC : discard class Fl : flags
F2: L2 flags F4: L4 flags SP/DP: L4 ports
T : IP TTL D : DFS class# L : leaf class#
Pl: Protocol G : QoS Grp M : V6 hdr ext. C : VMR count
--------------------------------------------------------------------------------
policy name p.aclv6 and km format type 4
Total Egress TCAM entries: 5
|B F2 VO VI Q G DC T F4 Pl SP DP M IPv4/6 SA IPv4/6
DA
================================================================================
V|3019 00 0000 0000 00 00 00 00 00 00 0000 0000 80 11116666:00000000:00000000:00000000
11117777:00000000:00000000:00000000
M|0000 FF FFFF FFFF FF FF FF FF FF FF FFFF FFFF 7F 00000000:00000000:FFFFFFFF:FFFFFFFF
00000000:00000000:FFFFFFFF:FFFFFFFF
R| C=0 03080200 000000A6 F06000FF 0000FF00 0002FF00 00FF0000 FF000000 00000000
V|3019 00 0000 0000 00 00 00 0A 01 00 0064 0000 00 11114444:00000000:00000000:00000002
11115555:00000000:00000000:00000002
M|0000 FF FFFF FFFF FF FF FF 00 FE FF 0000 FFFF FF 00000000:00000000:00000000:00000000
00000000:00000000:00000000:00000000
R| C=1 03080200 000000A6 F06000FF 0000FF00 0002FF00 00FF0000 FF000000 00000000
V|3018 00 0000 0000 00 00 00 00 00 00 0000 0000 00 0A060A02 -------- -------- --------
0A070A02 -------- -------- --------
M|0000 FF FFFF FFFF FF FF FF FF FF FF FFFF FFFF FF 00000000 -------- -------- --------
00000000 -------- -------- --------
R| C=2 03080200 000000A6 F06000FF 0000FF00 0002FF00 00FF0000 FF000000 00000000
V|3018 00 2000 0000 00 00 00 00 00 00 0000 0000 00 00000000:00000000:00000000:00000000
00000000:00000000:00000000:00000000
M|0003 FF 1FFF FFFF FF FF FF FF FF FF FFFF FFFF FF FFFFFFFF:FFFFFFFF:FFFFFFFF:FFFFFFFF
FFFFFFFF:FFFFFFFF:FFFFFFFF:FFFFFFFF
R| C=3 03080200 000000A6 F06000FF 0000FF00 0002FF00 00FF0000 FF000000 00000000
V|3018 00 0000 0000 00 00 00 00 00 00 0000 0000 00 00000000:00000000:00000000:00000000
00000000:00000000:00000000:00000000
M|0003 FF FFFF FFFF FF FF FF FF FF FF FFFF FFFF FF FFFFFFFF:FFFFFFFF:FFFFFFFF:FFFFFFFF
FFFFFFFF:FFFFFFFF:FFFFFFFF:FFFFFFFF
R| C=4 03000200 00010002 FF0000FF 0000FF00 0002FF00 00FF0000 FF000000 00000000
This example shows how to configure hierarchical policy map:
ipv6 access-list aclv6.p
10 permit ipv6 1111:1111::/8 2222:2222::/8
ipv6 access-list aclv6.c
10 permit ipv6 host 1111:1111::2 host 2222:2222::3
class-map match-any c.aclv6.c
match not access-group ipv6 aclv6.c
end-class-map
!
class-map match-any c.aclv6.p
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 45
Implementing Access Lists and Prefix Lists
Configuring IPv6 ACL QoS - An Examplematch access-group ipv6 aclv6.p
end-class-map
!
policy-map child
class c.aclv6.c
set precedence 7
!
policy-map parent
class c.aclv6.p
service-policy child
set precedence 1
(config)#do show qos-ea km policy parent vmr interface tenGigE 0/1/0/6 hw
================================================================================
B : type & id E : ether type VO : vlan outer VI : vlan inner
Q : tos/exp/group X : Reserved DC : discard class Fl : flags
F2: L2 flags F4: L4 flags SP/DP: L4 ports
T : IP TTL D : DFS class# L : leaf class#
Pl: Protocol G : QoS Grp M : V6 hdr ext. C : VMR count
================================================================================
policy name parent and format type 4
Total Ingress TCAM entries: 3
|B F2 VO VI Q G DC T F4 Pl SP DP M IPv4/6 SA IPv4/6
DA
================================================================================
V|200D 00 0000 0000 00 00 00 00 00 00 0000 0000 00 11111111:00000000:00000000:00000002
22222222:00000000:00000000:00000003
M|0000 FF FFFF FFFF FF FF FF FF FF FF FFFF FFFF FF 00000000:00000000:00000000:00000000
00000000:00000000:00000000:00000000
R| C=0 11800200 00020000 29000000 80004100 00000000 00000000 00000000 00000000
V|200D 00 0000 0000 00 00 00 00 00 00 0000 0000 00 11000000:00000000:00000000:00000000
22000000:00000000:00000000:00000000
M|0000 FF FFFF FFFF FF FF FF FF FF FF FFFF FFFF FF 00FFFFFF:FFFFFFFF:FFFFFFFF:FFFFFFFF
00FFFFFF:FFFFFFFF:FFFFFFFF:FFFFFFFF
R| C=1 11800200 00010000 29000000 80004700 00000000 00000000 00000000 00000000
V|200C 00 0000 0000 00 00 00 00 00 00 0000 0000 00 00000000:00000000:00000000:00000000
00000000:00000000:00000000:00000000
M|0003 FF FFFF FFFF FF FF FF FF FF FF FFFF FFFF FF FFFFFFFF:FFFFFFFF:FFFFFFFF:FFFFFFFF
FFFFFFFF:FFFFFFFF:FFFFFFFF:FFFFFFFF
R| C=2 11000200 00030000 00000000 00000000 00000000 00000000 00000000 00000000
IPv4/IPv6 ACL over BVI interface
In Release 4.2.1, IPv4/IPv6 ACL is enabled over BVI interfaces on the ASR 9000 Enhanced Ethernet Line
Cards.
For ACL over BVI interfaces, the defined direction is:
L2 interface - ingress direction
L3 interface - egress direction
On the A9K-SIP-700 and ASR 9000 Ethernet Line Cards, ACLs on BVI interfaces are not supported.
For ASR 9000 Ethernet linecards, ACL can be applied on the EFP level (IPv4 L3 ACL can be applied on
an L2 interface).
Note
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
46 OL-26068-02
Implementing Access Lists and Prefix Lists
IPv4/IPv6 ACL over BVI interfaceConfiguring IPv4 ACL over BVI interface - An Example
This example shows how to configure IPv4 ACL over a BVI interface:
ipv4 access-list bvi-acl
10 permit ipv4 any any ttl eq 70
20 deny ipv4 any any ttl eq 60
Additional References
The following sections provide references related to implementing access lists and prefix lists.
Related Documents
Related Topic Document Title
Access List Commands module in Cisco ASR 9000
Series Aggregation Services RouterIP Addresses and
Services Command Reference
Access list commands: complete command syntax,
command modes, command history, defaults, usage
guidelines, and examples
Prefix List Commands module in Cisco ASR 9000
Series Aggregation Services RouterIP Addresses and
Services Command Reference
Prefix list commands: complete command syntax,
command modes, command history, defaults, usage
guidelines, and examples
Terminal Services Commands module in
Cisco ASR 9000 Series Aggregation Services Router
System Management Command Reference
Terminal services commands: complete command
syntax, command modes, command history, defaults,
usage guidelines, and examples
Standards
Standards Title
No new or modified standards are supported by this
feature, and support for existing standards has not
been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs, use the Cisco MIB
Locator found at the following URL and choose a
platform under the Cisco Access Products menu: http:/
/cisco.com/public/sw-center/netmgmt/cmtk/
mibs.shtml
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 47
Implementing Access Lists and Prefix Lists
Configuring IPv4 ACL over BVI interface - An ExampleRFCs
RFCs Title
No new or modified RFCs are supported by this
feature, and support for existing RFCs has not been
modified by this feature.
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
48 OL-26068-02
Implementing Access Lists and Prefix Lists
Additional ReferencesC H A P T E R 2
Configuring ARP
Address resolution is the process of mapping network addresses to Media Access Control (MAC) addresses.
This process is accomplished using the Address Resolution Protocol (ARP). This module describes how to
configure ARP processes on the Cisco ASR 9000 Series Aggregation Services Router.
For a complete description of the ARP commands listed in this module, refer to the Cisco ASR 9000
Series Aggregation Services RouterIP Addresses and Services Command ReferenceTo locate documentation
of other commands that appear in this module, use the command reference master index, or search online.
Note
Feature History for Configuring ARP
Release Modification
Release 3.7.2 This feature was introduced.
Prerequisites for Configuring ARP , page 49
Restrictions for Configuring ARP , page 50
Information About Configuring ARP , page 50
How to Configure ARP , page 53
Prerequisites for Configuring ARP
You must be in a user group associated with a task group that includesthe proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment
is preventing you from using a command, contact your AAA administrator for assistance.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 49Restrictions for Configuring ARP
The following restrictions apply to configuring ARP :
Reverse Address Resolution Protocol (RARP) is not supported.
ARP throttling is not supported.
ARP throttling is the rate limiting of ARP packets in Forwarding Information Base
(FIB).
Note
The following additional restrictions apply when configuring the Direct Attached Gateway Redundancy
(DAGR) feature on Cisco ASR 9000 Series Routers:
IPv6 is not supported.
Ethernet bundles are not supported.
Non-Ethernet interfaces are not supported.
Hitless ARP Process Restart is not supported.
Hitless RSP Failover is not supported.
Information About Configuring ARP
To configure ARP, you must understand the following concepts:
IP Addressing Overview
A device in the IP can have both a local address (which uniquely identifies the device on its local segment or
LAN) and a network address (which identifies the network to which the device belongs). The local address
is more properly known as a data link address, because it is contained in the data link layer (Layer 2 of the
OSI model) part of the packet header and is read by data-link devices (bridges and all device interfaces, for
example). The more technically inclined person will refer to local addresses as MAC addresses, because the
MAC sublayer within the data link layer processes addresses for the layer.
To communicate with a device on Ethernet, for example, Cisco IOS XR software first must determine the
48-bit MAC or local data-link address of that device. The process of determining the local data-link address
from an IP address is called address resolution.
Address Resolution on a Single LAN
The following process describes address resolution when the source and destination devices are attached to
the same LAN:
1 End System A broadcasts an ARP request onto the LAN, attempting to learn the MAC address of End
System B.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
50 OL-26068-02
Configuring ARP
Restrictions for Configuring ARP2 The broadcast is received and processed by all devices on the LAN, including End System B.
3 Only End System B replies to the ARP request. It sends an ARP reply containing its MAC address to End
System A.
4 End System A receives the reply and saves the MAC address of End System B in its ARP cache. (The
ARP cache is where network addresses are associated with MAC addresses.)
5 Whenever End System A needs to communicate with End System B, it checks the ARP cache, finds the
MAC address of System B, and sends the frame directly, without needing to first use an ARP request.
Address Resolution When Interconnected by a Router
The following process describes address resolution when the source and destination devices are attached to
different LANs that are interconnected by a router (only if proxy-arp is turned on):
1 End System Y broadcasts an ARP request onto the LAN, attempting to learn the MAC address of End
System Z.
2 The broadcast is received and processed by all devices on the LAN, including Router X.
3 Router X checks its routing table and finds that End System Z is located on a different LAN.
4 Router X therefore acts as a proxy for End System Z. It replies to the ARP request from End System Y,
sending an ARP reply containing its own MAC address as if it belonged to End System Z.
5 End System Y receives the ARP reply and saves the MAC address of Router X in its ARP cache, in the
entry for End System Z.
6 When End System Y needs to communicate with End System Z, it checks the ARP cache, finds the MAC
address of Router X, and sends the frame directly, without using ARP requests.
7 Router X receives the traffic from End System Y and forwards it to End System Z on the other LAN.
ARP and Proxy ARP
Two forms of addressresolution are supported by Cisco IOS XR software: Address Resolution Protocol (ARP)
and proxy ARP, as defined in RFC 826 and RFC 1027, respectively.
ARP is used to associate IP addresses with media or MAC addresses. Taking an IP address as input, ARP
determines the associated media address. After a media or MAC address is determined, the IP address or
media address association is stored in an ARP cache for rapid retrieval. Then the IP datagram is encapsulated
in a link-layer frame and sent over the network.
When proxy ARP is disabled, the networking device responds to ARP requests received on an interface only
if one of the following conditions is met:
The target IP address in the ARP request is the same as the interface IP address on which the request is
received.
The target IP address in the ARP request has a statically configured ARP alias.
When proxy ARP is enabled, the networking device also responds to ARP requests that meet all the following
conditions:
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 51
Configuring ARP
Address Resolution When Interconnected by a Router The target IP address is not on the same physical network (LAN) on which the request is received.
The networking device has one or more routes to the target IP address.
All of the routes to the target IP address go through interfaces other than the one on which the request
is received.
ARP Cache Entries
ARP establishes correspondences between network addresses (an IP address, for example) and Ethernet
hardware addresses. A record of each correspondence is kept in a cache for a predetermined amount of time
and then discarded.
You can also add a static (permanent) entry to the ARP cache that persists until expressly removed.
Direct Attached Gateway Redundancy
Direct Attached Gateway Redundancy (DAGR) allowsthird-party redundancy schemes on connected devices
to use gratuitous ARP as a failover signal, enabling the ARP process to advertise an new type of route in the
Routing Information Base (RIB). These routes are distributed by Open Shortest Path First (OSPF).
Sometimes part of an IP network requires redundancy without routing protocols. A prime example is in the
mobile environment, where devices such as base station controllers and multimedia gateways are deployed
in redundant pairs, with aggressive failover requirements (subsecond or less), but typically do not have the
capability to use native Layer 3 protocols such as OSPF or Intermediate System-to-Intermediate System
(IS-IS) protocol to manage this redundancy. Instead, these devices assume they are connected to adjacent IP
devices over an Ethernet switch, and manage their redundancy at Layer 2, using proprietary mechanisms
similar to Virtual Router Redundancy Protocol (VRRP). Thisrequires a resilient Ethernetswitching capability,
and depends on mechanisms such as MAC learning and MAC flooding.
DAGR is a feature that enables many of these devices to connect directly to Cisco ASR 9000 Series Routers
without an intervening Ethernet switch. DAGR enables the subsecond failover requirements to be met using
a Layer 3 solution. No MAC learning, flooding, or switching is required.
Since mobile devices' 1:1 Layer 2 redundancy mechanisms are proprietary, they do not necessarily conform
to any standard. So although most IP mobile equipment is compatible with DAGR, interoperability does
require qualification, due to the possibly proprietary nature of the Layer 2 mechanisms with which DAGR
interfaces.
Note
Additional Guidelines
The following are additional guidelines to consider when configuring DAGR:
Up to 40 DAGR peers, which may be on the same or different interfaces, are supported per system.
Failover is supported for DAGR routes within 500 ms of receipt of an ARP reply packet.
On ARP process restart, DAGR groups are reinitialized.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
52 OL-26068-02
Configuring ARP
ARP Cache EntriesHow to Configure ARP
This section contains instructions for the following tasks:
Defining a Static ARP Cache Entry
ARP and other address resolution protocols provide a dynamic mapping between IP addresses and media
addresses. Because most hosts support dynamic address resolution, generally you need not to specify static
ARP cache entries. If you must define them, you can do so globally. Performing this task installs a permanent
entry in the ARP cache. Cisco IOS XR software uses this entry to translate 32-bit IP addresses into 48-bit
hardware addresses.
Optionally, you can specify that the software responds to ARP requests as if it were the owner of the specified
IP address by making an alias entry in the ARP cache.
SUMMARY STEPS
1. configure
2. Do one of the following:
arp [vrf vrf-name] ip-address hardware-address encapsulation-type
arp [vrf vrf-name] ip-address hardware-address encapsulation-type alias
3. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Creates a static ARP cache entry associating the specified 32-bit IP address
with the specified 48-bit hardware address.
Step 2 Do one of the following:
arp [vrf vrf-name] ip-address
hardware-address encapsulation-type If an alias entry is created, then any interface to which the entry
is attached will act as if it is the owner of the specified addresses,
that is, it will respond to ARP request packets for this network
layer address with the data link layer address in the entry.
Note
arp [vrf vrf-name] ip-address
hardware-address encapsulation-type
alias
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 53
Configuring ARP
How to Configure ARPCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config)# arp
192.168.7.19 0800.0900.1834 arpa
or
RP/0/RSP0/CPU0:router(config)# arp
192.168.7.19 0800.0900.1834 arpa alias
Step 3 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config)# commit ? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Enabling Proxy ARP
Cisco IOS XR software uses proxy ARP (as defined in RFC 1027) to help hosts with no knowledge of routing
determine the media addresses of hosts on other networks or subnets. For example, if the router receives an
ARP request for a host that is not on the same interface as the ARP request sender, and if the router has all
of its routes to that host through other interfaces, then it generates a proxy ARP reply packet giving its own
local data-link address. The host that sent the ARP request then sends its packets to the router, which forwards
them to the intended host. Proxy ARP is disabled by default; this task describes how to enable proxy ARP if
it has been disabled.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
54 OL-26068-02
Configuring ARP
Enabling Proxy ARPSUMMARY STEPS
1. configure
2. interface type number
3. proxy-arp
4. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
interface type number Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)#
interface MgmtEth 0/RSP0/CPU0/0
Step 2
proxy-arp Enables proxy ARP on the interface.
Example:
RP/0/RSP0/CPU0:router(config-if)#
proxy-arp
Step 3
Step 4 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-if)#
commit
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 55
Configuring ARP
Enabling Proxy ARPCommand or Action Purpose
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Configuring DAGR
Follow these steps to create a DAGR group on the Cisco ASR 9000 Series Router.
SUMMARY STEPS
1. configure
2. interface type interface-path-id
3. arp dagr
4. peer ipv4 address
5. route distance normal normal- distance priority priority-distance
6. route metric normal normal- metric priority priority-metric
7. timers query query-time standby standby-time
8. priority-timeout time
9. Do one of the following:
end
commit
10. show arp dagr [ interface [ IP-address ]]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
56 OL-26068-02
Configuring ARP
Configuring DAGRCommand or Action Purpose
interface type interface-path-id Enters interface configuration mode and configures an interface.
Example:
RP/0/RSP0/CPU0:router(config)# interface
gigabitethernet 0/2/0/0
Step 2
arp dagr Enters DAGR configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-if)# arp dagr
Step 3
peer ipv4 address Creates a new DAGR group for the virtual IP address.
Example:
RP/0/RSP0/CPU0:router(config-if-dagr)# peer
ipv4 10.0.0.100
Step 4
route distance normal normal- distance priority (Optional) Configures route distance for the DAGR group.
priority-distance
Step 5
Example:
RP/0/RSP0/CPU0:router(config-if-dagr-peer)#
route distance normal 140 priority 3
route metric normal normal- metric priority (Optional) Configures the route metric for the DAGR group.
priority-metric
Step 6
Example:
RP/0/RSP0/CPU0:router(config-if-dagr-peer)#
route metric normal 84 priority 80
(Optional) Configures the time in seconds between successive
ARP requests being sent out for the virtual IP address.
timers query query-time standby standby-time
Example:
RP/0/RSP0/CPU0:router(config-if-dagr-peer)#
timers query 2 standby 19
Step 7
(Optional) Configures a timer for the length of time in seconds
to wait before reverting to normal priority from a high-priority
DAGR route.
priority-timeout time
Example:
RP/0/RSP0/CPU0:router(config-if-dagr-peer)#
priority-timeout 25
Step 8
Step 9 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
commit
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 57
Configuring ARP
Configuring DAGRCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-if-dagr)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-if-dagr)# commit
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
? Entering no exitsthe configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
(Optional) Displays the operational state of all DAGR groups.
Using the optional interface and IP-address argumentsrestricts
the output to a specific interface or virtual IP address.
show arp dagr [ interface [ IP-address ]]
Example:
RP/0/RSP0/CPU0:router# show arp dagr
Step 10
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
58 OL-26068-02
Configuring ARP
Configuring DAGRC H A P T E R 3
Implementing Cisco Express Forwarding
Cisco Express Forwarding (CEF) is advanced, Layer 3 IP switching technology. CEF optimizes network
performance and scalability for networks with large and dynamic traffic patterns, such as the Internet, on
networks characterized by intensive web-based applications, or interactive sessions.
This module describes the tasks required to implement CEF on your Cisco ASR 9000 Series Aggregation
Services Router.
For complete descriptions of the CEF commands listed in this module, refer to the Cisco ASR 9000 Series
Aggregation Services Router IP Addresses and Services Command Reference . To locate documentation
for other commands that might appear in the course of executing a configuration task, search online in
the master command index.
Note
Feature History for Implementing CEF
Release Modification
Release 3.7.2 This feature was introduced.
Prerequisites for Implementing Cisco Express Forwarding, page 59
Information About Implementing Cisco Express Forwarding Software, page 60
How to Implement CEF, page 63
Configuration Examples for Implementing CEF on Routers Software, page 76
Additional References, page 90
Prerequisites for Implementing Cisco Express Forwarding
The following prerequisites are required to implement Cisco Express Forwarding:
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 59 You must be in a user group associated with a task group that includesthe proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment
is preventing you from using a command, contact your AAA administrator for assistance.
Information About Implementing Cisco Express Forwarding
Software
To implement Cisco Express Forwarding featuresin this document you must understand the following concepts:
Key Features Supported in the Cisco Express Forwarding Implementation
The following features are supported for CEF on Cisco IOS XR software:
Border Gateway Protocol (BGP) policy accounting
Reverse path forwarding (RPF)
Virtual interface support
Multipath support
Route consistency
High availability features such as packaging, restartability, and Out of Resource (OOR) handling
OSPFv2 SPF prefix prioritization
BGP attributes download
Benefits of CEF
CEF offers the following benefits:
Improved performanceCEF is less CPU-intensive than fast-switching route caching. More CPU
processing power can be dedicated to Layer 3 services such as quality of service (QoS) and encryption.
ScalabilityCEF offers full switching capacity at each modular services card (MSC).
ResilienceCEF offers an unprecedented level of switching consistency and stability in large dynamic
networks. In dynamic networks, fast-switched cache entries are frequently invalidated due to routing
changes. These changes can cause traffic to be process switched using the routing table, rather than fast
switched using the route cache. Because the Forwarding Information Base (FIB) lookup table contains
all known routes that exist in the routing table, it eliminates route cache maintenance and the fast-switch
or process-switch forwarding scenario. CEF can switch traffic more efficiently than typical demand
caching schemes.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
60 OL-26068-02
Implementing Cisco Express Forwarding
Information About Implementing Cisco Express Forwarding SoftwareCEF Components
Cisco IOS XR softwareCEF always operates in CEF mode with two distinct components: a Forwarding
Information Base (FIB) database and adjacency tablea protocol-independent adjacency information base
(AIB).
CEF is a primary IP packet-forwarding database for Cisco IOS XR software. CEF is responsible for the
following functions:
Software switching path
Maintaining forwarding table and adjacency tables (which are maintained by the AIB) for software and
hardware forwarding engines
The following CEF forwarding tables are maintained in Cisco IOS XR software:
IPv4 CEF database
IPv6 CEF database
MPLS LFD database
Multicast Forwarding Table (MFD)
The protocol-dependent FIB process maintains the forwarding tables for IPv4 and IPv6 unicast in the Route
Switch Processor (RSP ) and each MSC.
The FIB on each node processes Routing Information Base (RIB) updates, performing route resolution and
maintaining FIB tables independently in the RSP and each MSC. FIB tables on each node can be slightly
different. Adjacency FIB entries are maintained only on a local node, and adjacency entries linked to FIB
entries could be different.
Border Gateway Protocol Policy Accounting
Border Gateway Protocol (BGP) policy accounting measures and classifies IP traffic that is sent to, or received
from, different peers. Policy accounting is enabled on an individual input or output interface basis, and counters
based on parameters such as community list, autonomous system number, or autonomous system path are
assigned to identify the IP traffic.
There are two types of route policies. The first type (regular BGP route policies) is used to filter the BGP
routes advertised into or out from the BGP links. This type of route policy is applied to the specific BGP
neighbor. The second type (specific route policy) is used to set up a traffic index for the BGP prefixes.
This route policy is applied to the global BGP IPv4 address family to set up the traffic index when the
BGP routes are inserted into the RIB table. BGP policy accounting uses the second type of route policy.
Note
Using BGP policy accounting, you can account for traffic according to the route it traverses. Service providers
can identify and account for all traffic by customer and bill accordingly. In Figure 1: Sample Topology for
BGP Policy Accounting, on page 62, BGP policy accounting can be implemented in Router A to measure
packet and byte volumes in autonomous system buckets. Customers are billed appropriately for traffic that is
routed from a domestic, international, or satellite source.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 61
Implementing Cisco Express Forwarding
CEF ComponentsNote BGP policy accounting measures and classifies IP traffic for BGP prefixes only.
Figure 1: Sample Topology for BGP Policy Accounting
Based on the specified routing policy, BGP policy accounting assigns each prefix a traffic index (bucket)
associated with an interface. BGP prefixes are downloaded from the RIB to the FIB along with the traffic
index.
There are a total of 63 (1 to 63) traffic indexes (bucket numbers) that can be assigned for BGP prefixes.
Internally, there is an accounting table associated with the traffic indexes to be created for each input (ingress)
and output (egress) interface. The traffic indexes allow you to account for the IP traffic, where the source IP
address, the destination IP address, or both are BGP prefixes.
Note Traffic index 0 contains the packet count using Interior Gateway Protocol (IGP) routes.
Reverse Path Forwarding (Strict and Loose)
Unicast IPv4 and IPv6 Reverse Path Forwarding (uRPF), both strict and loose modes, help mitigate problems
caused by the introduction of malformed or spoofed IP source addresses into a network by discarding IP
packets that lack a verifiable IP source address. Unicast RPF does this by doing a reverse lookup in the CEF
table. Therefore, Unicast Reverse Path Forwarding is possible only if CEF is enabled on the router.
IPv6 uRPF is supported with ASR 9000-SIP-700 LC, ASR 9000 Ethernet LC and ASR 9000 Enhanced
Ethernet LC.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
62 OL-26068-02
Implementing Cisco Express Forwarding
Reverse Path Forwarding (Strict and Loose)Unicast RPF allows packets with 0.0.0.0 source addresses and 255.255.255.255 destination addresses to
pass so that Bootstrap Protocol and Dynamic Host Configuration Protocol (DHCP) will function properly.
Note
When strict uRPF is enabled, the source address of the packet is checked in the FIB. If the packet is received
on the same interface that would be used to forward the traffic to the source of the packet, the packet passes
the check and is further processed; otherwise, it is dropped. Strict uRPF should only be applied where there
is natural or configured symmetry. Because internal interfaces are likely to have routing asymmetry, that is,
multiple routes to the source of a packet, strict uRPF should not be implemented on interfaces that are internal
to the network.
The behavior of strict RPF varies slightly by platform, number of recursion levels, and number of paths
in Equal-Cost Multipath (ECMP) scenarios. A platform may switch to loose RPF check for some or all
prefixes, even though strict RPF is configured.
Note
When loose uRPF is enabled, the source address of the packet is checked in the FIB. If it exists and matches
a valid forwarding entry, the packet passes the check and is further processed; otherwise, it is dropped.
Strict mode uRPF requires maintenance of uRPF interfaces list for the prefixes. The list contains only strict
mode uRPF configured interfaces pointed by the prefix path. uRPF interface list is shared among the prefixes
wherever possible. Size of this list is 12 for ASR 9000 Ethernet Line Cards and 64 for integrated 20G SIP
cards. Strict to loose mode uRPF fallback happens when the list goes beyond the maximum supported value.
Loose and strict uRPF supports two options: allow self-ping and allow default. The self-ping option allows
the source of the packet to ping itself. The allow default option allows the lookup result to match a default
routing entry. When the allow default option is enabled with the strict mode of the uRPF, the packet is
processed further only if it arrived through the default interface.
BGP Attributes Download
The BGP Attributes Download feature enables you to display the installed BGP attributes in CEF. Configure
the show cef bgp-attribute command to display the installed BGP attributes in CEF. You can use the show
cef bgp-attribute attribute-id command and the show cef bgp-attribute local-attribute-id command to
look at specific BGP attributes by attribute ID and local attribute ID.
How to Implement CEF
This section contains instructions for the following tasks:
Verifying CEF
This task allows you to verify CEF.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 63
Implementing Cisco Express Forwarding
BGP Attributes DownloadSUMMARY STEPS
1. show cef {ipv4 | ipv6}
2. show cef {ipv4 | ipv6} summary
3. show cef {ipv4 | ipv6} detail
4. show adjacency detail
DETAILED STEPS
Command or Action Purpose
Displays the IPv4 or IPv6 CEF table. The next hop and
forwarding interface are displayed for each prefix.
show cef {ipv4 | ipv6}
Example:
RP/0/RSP0/CPU0:router# show cef ipv4
Step 1
The output of the show cef command varies by
location.
Note
show cef {ipv4 | ipv6} summary Displays a summary of the IPv4 or IPv6 CEF table.
Example:
RP/0/RSP0/CPU0:router# show cef ipv4 summary
Step 2
show cef {ipv4 | ipv6} detail Displays detailed IPv4 or IPv6 CEF table information.
Example:
RP/0/RSP0/CPU0:router# show cef ipv4 detail
Step 3
Displays detailed adjacency information, including Layer 2
information for each interface.
show adjacency detail
Example:
RP/0/RSP0/CPU0:router# show adjacency detail
Step 4
The output of the show adjacency command varies
by location.
Note
Configuring BGP Policy Accounting
This task allows you to configure BGP policy accounting.
There are two types of route policies. BGP policy accounting uses the type that is used to set up a traffic
index for the BGP prefixes. The route policy is applied to the global BGP IPv4 address family to set up
the traffic index when the BGP routes are inserted into the RIB table.
Note
BGP policy accounting enables per interface accounting for ingress and egress IP traffic based on the traffic
index assigned to the source IP address (BGP prefix) and destination IP address (BGP prefix). The traffic
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
64 OL-26068-02
Implementing Cisco Express Forwarding
Configuring BGP Policy Accountingindex of BGP prefixes can be assigned according to the following parameters using Routing Policy Language
(RPL):
prefix-set
AS-path-set
community-set
Note BGP policy accounting is supported on IPv4 prefixes only.
Two configuration tasks provide the ability to classify BGP prefixes that are in the RIB according to the
prefix-set, AS-path-set, or the community-set parameters:
1 Use the route-policy command to define the policy for traffic index setup based on the prefix-set,
AS-path-set, or community-set.
2 Use the BGP table-policy command to apply the defined route policy to the global BGP IPv4 unicast
address family.
See the Cisco ASR 9000 Series Aggregation Services Router Routing Command Reference for information
on the route-policy and table-policy commands.
BGP policy accounting can be enabled on each interface with the following options:
Use the ipv4 bgp policy accounting command with one of the following keyword options:
? input source-accounting
? input destination-accounting
? input source-accounting destination-accounting
Use the ipv4 bgp policy accounting command with one of the following keyword options:
? output source-accounting
? output destination-accounting
? output source-accounting destination-accounting
Use any combination of the keywords provided for the ipv4 bgp policy accounting command.
Before You Begin
Before using the BGP policy accounting feature, you must enable BGP on the router (CEF is enabled by
default). See the Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide for
information on enabling BGP.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 65
Implementing Cisco Express Forwarding
Configuring BGP Policy AccountingSUMMARY STEPS
1. configure
2. as-path-set
3. exit
4. prefix-set name
5. exit
6. route-policy policy-name
7. end
8. configure
9. router bgp autonomous-system-number
10. address-family ipv4 {unicast | multicast }
11. table policy policy-name
12. end
13. configure
14. interface type interface-path-id
15. ipv4 bgp policy accounting {input | output {destination-accounting [source-accounting] |
source-accounting [destination-accounting]}}
16. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
as-path-set Enters policy configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# as-path-set
Step 2
as107
RP/0/RSP0/CPU0:router(config-as)# ios-regex
'107$'
RP/0/RSP0/CPU0:router(config-as)# end-set
RP/0/RSP0/CPU0:router(config)# as-path-set
as108
RP/0/RSP0/CPU0:router(config-as)# ios-regex
'108$'
RP/0/RSP0/CPU0:router(config-as)# end-set
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
66 OL-26068-02
Implementing Cisco Express Forwarding
Configuring BGP Policy AccountingCommand or Action Purpose
exit Returns to global configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-as)# exit
Step 3
prefix-set name Defines the prefix list.
Example:
RP/0/RSP0/CPU0:router(config)# prefix-set
RT-65
Step 4
exit Returns to global configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pfx)# exit
Step 5
route-policy policy-name Specifies the route-policy name.
Example:
RP/0/RSP0/CPU0:router(config)# route-policy
rp501b
Step 6
Step 7 end Saves configuration changes.
Example:
RP/0/RSP0/CPU0:router(config-rpl)# end
When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 8
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 67
Implementing Cisco Express Forwarding
Configuring BGP Policy AccountingCommand or Action Purpose
router bgp autonomous-system-number Allows you to configure the BGP routing process.
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
1
Step 9
Allows you to enter the address family configuration mode while
configuring a BGP routing session.
address-family ipv4 {unicast | multicast }
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family ipv4 unicast
Step 10
Applies a routing policy to routes being installed into the routing
table.
table policy policy-name
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#
table-policy set-traffic-index
Step 11
Step 12 end Saves configuration changes.
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# end
When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 13
interface type interface-path-id Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# interface
TenGigE0/1/0/2
Step 14
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
68 OL-26068-02
Implementing Cisco Express Forwarding
Configuring BGP Policy AccountingCommand or Action Purpose
ipv4 bgp policy accounting {input | output Enables BGP policy accounting.
{destination-accounting [source-accounting] |
source-accounting [destination-accounting]}}
Step 15
Example:
RP/0/RSP0/CPU0:router(config-if)# ipv4 bgp
policy accounting output
destination-accounting
Step 16 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-if)# commit ? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Verifying BGP Policy Accounting
This task allows you to verify BGP policy accounting.
Note BGP policy accounting is supported on IPv4 prefixes.
Before You Begin
BGP policy accounting must be configured. See the Configuring BGP Policy Accounting, on page 64.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 69
Implementing Cisco Express Forwarding
Verifying BGP Policy AccountingSUMMARY STEPS
1. show route bgp
2. show bgp summary
3. show bgp ip-address
4. show route ipv4 ip-address
5. show cef ipv4 prefix
6. show cef ipv4 prefix detail
7. show cef ipv4 interface type interface-path-id bgp-policy-statistics
DETAILED STEPS
Command or Action Purpose
show route bgp Displays all BGP routes with traffic indexes.
Example:
RP/0/RSP0/CPU0:router# show route bgp
Step 1
show bgp summary Displays the status of all BGP neighbors.
Example:
RP/0/RSP0/CPU0:router# show bgp summary
Step 2
show bgp ip-address Displays BGP prefixes with BGP attributes.
Example:
RP/0/RSP0/CPU0:router# show bgp 40.1.1.1
Step 3
Displaysthe specific BGP route with the traffic index
in the RIB.
show route ipv4 ip-address
Example:
RP/0/RSP0/CPU0:router# show route ipv4 40.1.1.1
Step 4
Displays the specific BGP prefix with the traffic
index in the RP FIB.
show cef ipv4 prefix
Example:
RP/0/RSP0/CPU0:router# show cef ipv4 40.1.1.1
Step 5
Displays the specific BGP prefix with detailed
information in the RP FIB.
show cef ipv4 prefix detail
Example:
RP/0/RSP0/CPU0:router# show cef ipv4 40.1.1.1 detail
Step 6
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
70 OL-26068-02
Implementing Cisco Express Forwarding
Verifying BGP Policy AccountingCommand or Action Purpose
Displays the BGP Policy Accounting statistics for
the specific interface.
show cef ipv4 interface type interface-path-id
bgp-policy-statistics
Example:
RP/0/RSP0/CPU0:router# show cef ipv4 interface
TenGigE 0/2/0/4 bgp-policy-statistics
Step 7
Configuring a Route Purge Delay
This task allows you to configure a route purge delay. A purge delay purges routes when the RIB or other
related process experiences a failure.
SUMMARY STEPS
1. configure
2. cef purge-delay seconds
3. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Configures a delay in purging routes when the Routing Information Base (RIB)
or other related processes experience a failure.
cef purge-delay seconds
Example:
RP/0/RSP0/CPU0:router(config)# cef
purge-delay 180
Step 2
Step 3 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 71
Implementing Cisco Express Forwarding
Configuring a Route Purge DelayCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the
router to EXEC mode.
? Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
or
RP/0/RSP0/CPU0:router(config)#
commit
? Entering cancel leavesthe router in the current configuration session
without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Configuring Unicast RPF Checking
This task allows you to configure unicast Reverse Path Forwarding (uRPF) RPF checking. Unicast RPF
checking allows you to mitigate problems caused by malformed or forged (spoofed) IP source addresses that
pass through a router. Malformed or forged source addresses can indicate denial-of-service (DoS) attacks
based on source IP address spoofing.
SUMMARY STEPS
1. configure
2. interface type interface-path-id
3. {ipv4 | ipv6} verify unicast source reachable-via {any | rx} [allow-default] [allow-self-ping]
4. Do one of the following:
end
or
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
72 OL-26068-02
Implementing Cisco Express Forwarding
Configuring Unicast RPF CheckingCommand or Action Purpose
interface type interface-path-id Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)#
interface gigabitethernet 0/1/0/0
Step 2
{ipv4 | ipv6} verify unicast source Enables IPv4 or IPv6 uRPF checking.
reachable-via {any | rx} [allow-default]
[allow-self-ping]
Step 3
The rx keyword enables strict unicast RPF checking. If strict unicast
RPF is enabled, a packet is not forwarded unless its source prefix exists
Example:
RP/0/RSP0/CPU0:router(config-if)# ipv4
in the routing table and the output interface matches the interface on
which the packet was received.
The allow-default keyword enables the matching of default routes.
This option applies to both loose and strict RPF.
verify unicast source reachable-via
rx
The allow-self-ping keyword enables the router to ping out an
interface. This option applies to both loose and strict RPF.
Step 4 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them before
or
commit
exiting(yes/no/cancel)?[cancel]:
Example:
RP/0/RSP0/CPU0:router(config-if)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the
router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-if)#
commit
? Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Configuring Modular Services Card-to-Route Processor Management Ethernet
Interface Switching
This task allows you to enable MSC-to-RP management Ethernet interface switching.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 73
Implementing Cisco Express Forwarding
Configuring Modular Services Card-to-Route Processor Management Ethernet Interface SwitchingSUMMARY STEPS
1. configure
2. rp mgmtethernet forwarding
3. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enablesswitching from the MSC to the route processor Management Ethernet
interfaces.
rp mgmtethernet forwarding
Example:
RP/0/RSP0/CPU0:router(config)# rp
mgmtethernet forwarding
Step 2
Step 3 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the
router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
74 OL-26068-02
Implementing Cisco Express Forwarding
Configuring Modular Services Card-to-Route Processor Management Ethernet Interface SwitchingConfiguring BGP Attributes Download
This task allows you to configure the BGP Attributes Download feature.
Configuring BGP Attributes Download
SUMMARY STEPS
1. configure
2. cef bgp attribute {attribute-id | local-attribute-id }
3. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
cef bgp attribute {attribute-id | Configures a CEF BGP attribute.
local-attribute-id }
Step 2
Example:
RP/0/RSP0/CPU0:router(config)# cef bgp
attribute 508
Step 3 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exitsthe configuration session and returnsthe router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 75
Implementing Cisco Express Forwarding
Configuring BGP Attributes DownloadCommand or Action Purpose
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Configuration Examples for Implementing CEF on Routers
Software
This section provides the following configuration examples:
Configuring BGP Policy Accounting: Example
The following example shows how to configure BGP policy accounting.
Configure loopback interfaces for BGP router-id:
interface Loopback1
ipv4 address 10
.1.1.1 255.255.255.255
Configure interfaces with the BGP policy accounting options:
interface TenGigE0/2/0/2
mtu 1514
ipv4 address 10
.1.0.1 255.255.255.0
proxy-arp
ipv4 directed-broadcast
ipv4 bgp policy accounting input source-accounting destination-accounting
ipv4 bgp policy accounting output source-accounting destination-accounting
!
interface TenGigE0/2/0/2.1
ipv4 address 10
.1.1.1 255.255.255.0
ipv4 bgp policy accounting input source-accounting destination-accounting
ipv4 bgp policy accounting output source-accounting destination-accounting
dot1q vlan 1
!
interface TenGigE0/2/0/4
mtu 1514
ipv4 address 10
.1.0.1 255.255.255.0
proxy-arp
ipv4 directed-broadcast
ipv4 bgp policy accounting input source-accounting destination-accounting
ipv4 bgp policy accounting output source-accounting destination-accounting
!
interface TenGigE0/2/0/4.1
ipv4 address 10
.1.2
.1 255.255.255.0
ipv4 bgp policy accounting input source-accounting destination-accounting
ipv4 bgp policy accounting output source-accounting destination-accounting
dot1q vlan 1
!
interface gigabitethernet 0/0/0/4
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
76 OL-26068-02
Implementing Cisco Express Forwarding
Configuration Examples for Implementing CEF on Routers Softwaremtu 4474
ipv4 address 10
.1.0.40
255.255.0.0
ipv4 directed-broadcast
ipv4 bgp policy accounting input source-accounting destination-accounting
ipv4 bgp policy accounting output source-accounting destination-accounting
encapsulation ppp
gigabitethernet
crc 32
!
keepalive disable
!
interface gigabitethernet0/0/0/8
mtu 4474
ipv4 address 18
.8
.0.1 255.255.0.0
ipv4 directed-broadcast
ipv4 bgp policy accounting input source-accounting destination-accounting
ipv4 bgp policy accounting output source-accounting destination-accounting
gigabitethernet
crc 32
!
keepalive disable
!
Configure controller:
controller gigabitethernet0/0/0/4
ais-shut
path
ais-shut
!
threshold sf-ber 5
!
controller SONET0/0/0/8
ais-shut
path
ais-shut
!
threshold sf-ber 5
!
Configure AS-path-set and prefix-set:
as-path-set as107
ios-regex '107$'
end-set
as-path-set as108
ios-regex '108$'
end-set
prefix-set RT-65.0
65.0.0.0/16 ge 16 le 32
end-set
prefix-set RT-66.0
66.0.0.0/16 ge 16 le 32
end-set
Configure the route-policy (table-policy) to set up the traffic indexes based on each prefix, AS-path-set, and
prefix-set:
route-policy bpa1
if destination in (10
.1.1.0/24) then
set traffic-index 1
elseif destination in (10
.1.2.0/24) then
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 77
Implementing Cisco Express Forwarding
Configuring BGP Policy Accounting: Exampleset traffic-index 2
elseif destination in (10
.1.3.0/24) then
set traffic-index 3
elseif destination in (10
.1.4.0/24) then
set traffic-index 4
elseif destination in (10
.1.5.0/24) then
set traffic-index 5
endif
if destination in (10
.1.1.0/24) then
set traffic-index 6
elseif destination in (10
.1.2.0/24) then
set traffic-index 7
elseif destination in (10
.1.3.0/24) then
set traffic-index 8
elseif destination in (10
.1.4.0/24) then
set traffic-index 9
elseif destination in (10
.1.5.0/24) then
set traffic-index 10
endif
if as-path in as107 then
set traffic-index 7
elseif as-path in as108 then
set traffic-index 8
endif
if destination in RT-65.0 then
set traffic-index 15
elseif destination in RT-66.0 then
set traffic-index 16
endif
end-policy
Configure the regular BGP route-policy to pass or drop all the BGP routes:
route-policy drop-all
drop
end-policy
!
route-policy pass-all
pass
end-policy
!
Configure the BGP router and apply the table-policy to the global ipv4 address family:
router bgp 100
bgp router-id Loopback1
bgp graceful-restart
bgp as-path-loopcheck
address-family ipv4 unicast
table-policy bpa1
maximum-paths 8
bgp dampening
!
Configure the BGP neighbor-group:
neighbor-group ebgp-peer-using-int-addr
address-family ipv4 unicast
policy pass-all in
policy drop-all out
!
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
78 OL-26068-02
Implementing Cisco Express Forwarding
Configuring BGP Policy Accounting: Example!
neighbor-group ebgp-peer-using-int-addr-121
remote-as 121
address-family ipv4 unicast
policy pass-all in
policy drop-all out
!
!
neighbor-group ebgp-peer-using-int-addr-pass-out
address-family ipv4 unicast
policy pass-all in
policy pass-all out
!
!
Configure BGP neighbors:
neighbor 10
.4
.0.2
remote-as 107
use neighbor-group ebgp-peer-using-int-addr
!
neighbor 10
.8
.0.2
remote-as 108
use neighbor-group ebgp-peer-using-int-addr
!
neighbor 10
.7
.0.2
use neighbor-group ebgp-peer-using-int-addr-121
!
neighbor 10
.1.7
.2
use neighbor-group ebgp-peer-using-int-addr-121
!
neighbor 10
.18
.0.2
remote-as 122
use neighbor-group ebgp-peer-using-int-addr
!
neighbor 10
.18
.1.2
remote-as 1221
use neighbor-group ebgp-peer-using-int-addr
!
end
Verifying BGP Policy Statistics: Example
The following example shows how to verify the traffic index setup for each BGP prefix and BGP Policy
Accounting statistics on ingress and egress interfaces. The following traffic stream is configured for this
example:
Traffic comes in from TenGigE0/2/0/4 and goes out to 5 VLAN subinterfaces under TenGigE0/2/0/2
Traffic comes in from GigabitEthernet 0/0/08 and goes out to GigabitEthernet 0/0/0/4
show cef ipv4 interface gigabitethernet 0/0/0/8 bgp-policy-statistics
gigabitethernet0/0/0/8 is up
Input BGP policy accounting on dst IP address enabled
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 79
Implementing Cisco Express Forwarding
Verifying BGP Policy Statistics: Examplebuckets packets bytes
7 5001160 500116000
15 10002320 1000232000
Input BGP policy accounting on src IP address enabled
buckets packets bytes
8 5001160 500116000
16 10002320 1000232000
Output BGP policy accounting on dst IP address enabled
buckets packets bytes
0 15 790
Output BGP policy accounting on src IP address enabled
buckets packets bytes
0 15 790
show cef ipv4 interface gigabitethernet 0/0/0/4 bgp-policy-statistics
gigabitethernet0/0/0/4 is up
Input BGP policy accounting on dst IP address enabled
buckets packets bytes
Input BGP policy accounting on src IP address enabled
buckets packets bytes
Output BGP policy accounting on dst IP address enabled
buckets packets bytes
0 13 653
7 5001160 500116000
15 10002320 1000232000
Output BGP policy accounting on src IP address enabled
buckets packets bytes
0 13 653
8 5001160 500116000
16 10002320 1000232000
show cef ipv4 interface TenGigE0/2/0/4 bgp-policy-statistics
TenGigE0/2/0/4 is up
Input BGP policy accounting on dst IP address enabled
buckets packets bytes
1 3297102 329710200
2 3297102 329710200
3 3297102 329710200
4 3297101 329710100
5 3297101 329710100
Input BGP policy accounting on src IP address enabled
buckets packets bytes
6 3297102 329710200
7 3297102 329710200
8 3297102 329710200
9 3297101 329710100
10 3297101 329710100
Output BGP policy accounting on dst IP address enabled
buckets packets bytes
0 15 733
Output BGP policy accounting on src IP address enabled
buckets packets bytes
0 15 733
show cef ipv4 interface TenGigE0/2/0/2.1 bgp-policy-statistics
TenGigE0/2/0/2.1 is up
Input BGP policy accounting on dst IP address enabled
buckets packets bytes
Input BGP policy accounting on src IP address enabled
buckets packets bytes
Output BGP policy accounting on dst IP address enabled
buckets packets bytes
0 15 752
1 3297102 329710200
2 3297102 329710200
3 3297102 329710200
4 3297101 329710100
5 3297101 329710100
Output BGP policy accounting on src IP address enabled
buckets packets bytes
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
80 OL-26068-02
Implementing Cisco Express Forwarding
Verifying BGP Policy Statistics: Example0 15 752
6 3297102 329710200
7 3297102 329710200
8 3297102 329710200
9 3297101 329710100
10 3297101 329710100
The following example show how to verify BGP routes and traffic indexes:
show route bgp
B 10
.1.1.0/24 [20/0] via 10
.17
.1.2, 00:07:09
Traffic Index 1
B 10
.1.2.0/24 [20/0] via 10
.17
.1.2, 00:07:09
Traffic Index 2
B 10
.1.3.0/24 [20/0] via 10
.17
.1.2, 00:07:09
Traffic Index 3
B 10
.1.4.0/24 [20/0] via 10
.17
.1.2, 00:07:09
Traffic Index 4
B 10
.1.5.0/24 [20/0] via 10
.17
.1.2, 00:07:09
Traffic Index 5
B 10
.18
.1.0/24 [20/0] via 10
.18
.1.2, 00:07:09
Traffic Index 6
B 10
.18
.2.0/24 [20/0] via 10
.18
.1.2, 00:07:09
Traffic Index 7
B 10
.18
.3.0/24 [20/0] via 10
.18
.1.2, 00:07:09
Traffic Index 8
B 10
.28
.4.0/24 [20/0] via 10
.18
.1.2, 00:07:09
Traffic Index 9
B 10
.28
.5.0/24 [20/0] via 10
.18
.1.2, 00:07:09
Traffic Index 10
B 10
.65
.1.0/24 [20/0] via 10
.45
.0.2, 00:07:09
Traffic Index 15
B 10
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 81
Implementing Cisco Express Forwarding
Verifying BGP Policy Statistics: Example.65
.2.0/24 [20/0] via 10
.45
.0.2, 00:07:09
Traffic Index 15
B 10
.65
.3.0/24 [20/0] via 10
.45
.0.2, 00:07:09
Traffic Index 15
B 10
.65
.65
.0/24 [20/0] via 10
.45
.0.2, 00:07:09
Traffic Index 15
B 10
.65
.5.0/24 [20/0] via 10
.45
.0.2, 00:07:09
Traffic Index 15
B 10
.65
.6.0/24 [20/0] via 10
.45
.0.2, 00:07:09
Traffic Index 15
B 10
.65
.7.0/24 [20/0] via 10
.45
.0.2, 00:07:09
Traffic Index 15
B 10
.65
.8.0/24 [20/0] via 10
.45
.0.2, 00:07:09
Traffic Index 15
B 10
.65
.9.0/24 [20/0] via 10
.45
.0.2, 00:07:09
Traffic Index 15
B 10
.65
.10.0/24 [20/0] via 10
.45
.0.2, 00:07:09
Traffic Index 15
B 10
.66
.1.0/24 [20/0] via 10
.32
.0.2, 00:07:09
Traffic Index 16
B 10
.66
.2.0/24 [20/0] via 10
.32
.0.2, 00:07:09
Traffic Index 16
B 10
.66
.3.0/24 [20/0] via 10
.32
.0.2, 00:07:09
Traffic Index 16
B 10
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
82 OL-26068-02
Implementing Cisco Express Forwarding
Verifying BGP Policy Statistics: Example.66
.4.0/24 [20/0] via 10
.32
.0.2, 00:07:09
Traffic Index 16
B 10
.66
.5.0/24 [20/0] via 10
.32
.0.2, 00:07:09
Traffic Index 16
B 10
.66
.6.0/24 [20/0] via 10
.32
.0.2, 00:07:09
Traffic Index 16
B 10
.66
.7.0/24 [20/0] via 10
.32
.0.2, 00:07:09
Traffic Index 16
B 10
.66
.8.0/24 [20/0] via 10
.32
.0.2, 00:07:09
Traffic Index 16
B 10
.66
.9.0/24 [20/0] via 10
.32
.0.2, 00:07:09
Traffic Index 16
B 10
.66
.10.0/24 [20/0] via 10
.32
.0.2, 00:07:09
Traffic Index 16
B 10
.67
.1.0/24 [20/0] via 10
.32
.0.2, 00:07:09
Traffic Index 7
B 10
.67
.2.0/24 [20/0] via 10
.32
.0.2, 00:07:09
Traffic Index 7
B 10
.67
.3.0/24 [20/0] via 10
.32
.0.2, 00:07:09
Traffic Index 7
B 10
.67
.4.0/24 [20/0] via 10
.32
.0.2, 00:07:09
Traffic Index 7
B 10
.67
.5.0/24 [20/0] via 10
.32
.0.2, 00:07:09
Traffic Index 7
B 10
.67
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 83
Implementing Cisco Express Forwarding
Verifying BGP Policy Statistics: Example.6.0/24 [20/0] via 10
.32
.0.2, 00:07:09
Traffic Index 7
B 10
.67
.7.0/24 [20/0] via 10
.32
.0.2, 00:07:09
Traffic Index 7
B 10
.67
.8.0/24 [20/0] via 10
.32
.0.2, 00:07:09
Traffic Index 7
B 10
.67
.9.0/24 [20/0] via 10
.32
.0.2, 00:07:09
Traffic Index 7
B 10
.67
.10.0/24 [20/0] via 10
.32
.0.2, 00:07:09
Traffic Index 7
B 10
.68
.1.0/24 [20/0] via 10
.8
.0.2, 00:07:09
Traffic Index 8
B 10
.68
.2.0/24 [20/0] via 10
.8
.0.2, 00:07:09
Traffic Index 8
B 10
.68
.3.0/24 [20/0] via 10
.8
.0.2, 00:07:09
Traffic Index 8
B 10
.68
.4.0/24 [20/0] via 10
.8
.0.2, 00:07:09
Traffic Index 8
B 10
.68
.5.0/24 [20/0] via 10
.8
.0.2, 00:07:09
Traffic Index 8
B 10
.68
.6.0/24 [20/0] via 10
.8
.0.2, 00:07:09
Traffic Index 8
B 10
.68
.7.0/24 [20/0] via 10
.8
.0.2, 00:07:09
Traffic Index 8
B 10
.68
.8.0/24 [20/0] via 10
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
84 OL-26068-02
Implementing Cisco Express Forwarding
Verifying BGP Policy Statistics: Example.8
.0.2, 00:07:09
Traffic Index 8
B 10
.68
.9.0/24 [20/0] via 10
.8
.0.2, 00:07:09
Traffic Index 8
B 10
.68
.10.0/24 [20/0] via 10
.8
.0.2, 00:07:09
Traffic Index 8
show bgp summary
BGP router identifier 192
.0
.2
.0
, local AS number 100
BGP generic scan interval 60 secs
BGP main routing table version 151
Dampening enabled
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RecvTblVer bRIB/RIB SendTblVer
Speaker 151 151 151
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
10
.4
.0.2 0 107 54 53 151 0 0 00:25:26 20
10
.1.0.2 0 108 54 53 151 0 0 00:25:28 20
10
.1.0.2 0 121 53 54 151 0 0 00:25:42 0
10
.1.1.2 0 121 53 53 151 0 0 00:25:06 5
10
.1.2.2 0 121 52 54 151 0 0 00:25:04 0
10
.1.3.2 0 121 52 53 151 0 0 00:25:26 0
10
.1.4.2 0 121 53 54 151 0 0 00:25:41 0
10
.1.5.2 0 121 53 54 151 0 0 00:25:43 0
10
.1.6.2 0 121 51 53 151 0 0 00:24:59 0
10
.1.7.2 0 121 51 52 151 0 0 00:24:44 0
10
.1.8.2 0 121 51 52 151 0 0 00:24:49 0
10
.2
.0.2 0 122 52 54 151 0 0 00:25:21 0
10
.2
.1.2 0 1221 54 54 151 0 0 00:25:43 5
10
.2
.2.2 0 1222 53 54 151 0 0 00:25:38 0
10
.2
.3.2 0 1223 52 53 151 0 0 00:25:17 0
10
.2
.4.2 0 1224 51 52 151 0 0 00:24:57 0
10
.2
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 85
Implementing Cisco Express Forwarding
Verifying BGP Policy Statistics: Example.5.2 0 1225 52 53 151 0 0 00:25:14 0
10
.2
.6.2 0 1226 52 54 151 0 0 00:25:04 0
10
.2
.7.2 0 1227 52 54 151 0 0 00:25:13 0
10
.2
.8.2 0 1228 53 54 151 0 0 00:25:36 0
show bgp 27.1.1.1
BGP routing table entry for 27.1.1.0/24
Versions:
Process bRIB/RIB SendTblVer
Speaker 102 102
Paths: (1 available, best #1)
Not advertised to any peer
Received by speaker 0
121
10
.1.1.2 from 10
.1.1.2 (10
.1.1.2)
Origin incomplete, localpref 100, valid, external, best
Community: 27:1 121:1
show bgp 10
.1.1.1
BGP routing table entry for 10
.1.1.0/24
Versions:
Process bRIB/RIB SendTblVer
Speaker 107 107
Paths: (1 available, best #1)
Not advertised to any peer
Received by speaker 0
1221
10
.2
.1.2 from 10
.2
.1.2 (18.1.1.2)
Origin incomplete, localpref 100, valid, external, best
Community: 28:1 1221:1
show bgp 10
.0.1.1
BGP routing table entry for 10
.0.1.0/24
Versions:
Process bRIB/RIB SendTblVer
Speaker 112 112
Paths: (1 available, best #1)
Not advertised to any peer
Received by speaker 0
107
10
.1.0.2 from 10
.1.0.2 (10
.1.0.2)
Origin incomplete, localpref 100, valid, external, best
Community: 107:65
show bgp 10
.2
.1.1
BGP routing table entry for 10
.2
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
86 OL-26068-02
Implementing Cisco Express Forwarding
Verifying BGP Policy Statistics: Example.1.0/24
Versions:
Process bRIB/RIB SendTblVer
Speaker 122 122
Paths: (1 available, best #1)
Not advertised to any peer
Received by speaker 0
108
8.1.0.2 from 8.1.0.2 (8.1.0.2)
Origin incomplete, localpref 100, valid, external, best
Community: 108:66
show bgp 67.0.1.1
BGP routing table entry for 67.0.1.0/24
Versions:
Process bRIB/RIB SendTblVer
Speaker 132 132
Paths: (1 available, best #1)
Not advertised to any peer
Received by speaker 0
107
4.1.0.2 from 4.1.0.2 (4.1.0.2)
Origin incomplete, localpref 100, valid, external, best
Community: 107:67
show bgp 68.0.1.1
BGP routing table entry for 68.0.1.0/24
Versions:
Process bRIB/RIB SendTblVer
Speaker 142 142
Paths: (1 available, best #1)
Not advertised to any peer
Received by speaker 0
108
8.1.0.2 from 8.1.0.2 (8.1.0.2)
Origin incomplete, localpref 100, valid, external, best
Community: 108:68
show route ipv4 27.1.1.1
Routing entry for 27.1.1.0/24
Known via "bgp 100", distance 20, metric 0
Tag 121, type external, Traffic Index 1
Installed Nov 11 21:14:05.462
Routing Descriptor Blocks
17.1.1.2, from 17.1.1.2
Route metric is 0
No advertising protos.
show route ipv4 28.1.1.1
Routing entry for 28.1.1.0/24
Known via "bgp 100", distance 20, metric 0
Tag 1221, type external, Traffic Index 6
Installed Nov 11 21:14:05.462
Routing Descriptor Blocks
18.1.1.2, from 18.1.1.2
Route metric is 0
No advertising protos.
show route ipv4 65.0.1.1
Routing entry for 65.0.1.0/24
Known via "bgp 100", distance 20, metric 0
Tag 107, type external, Traffic Index 15
Installed Nov 11 21:14:05.462
Routing Descriptor Blocks
4.1.0.2, from 4.1.0.2
Route metric is 0
No advertising protos.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 87
Implementing Cisco Express Forwarding
Verifying BGP Policy Statistics: Exampleshow route ipv4 66.0.1.1
Routing entry for 66.0.1.0/24
Known via "bgp 100", distance 20, metric 0
Tag 108, type external, Traffic Index 16
Installed Nov 11 21:14:05.462
Routing Descriptor Blocks
8.1.0.2, from 8.1.0.2
Route metric is 0
No advertising protos.
show route ipv4 67.0.1.1
Routing entry for 67.0.1.0/24
Known via "bgp 100", distance 20, metric 0
Tag 107, type external, Traffic Index 7
Installed Nov 11 21:14:05.462
Routing Descriptor Blocks
4.1.0.2, from 4.1.0.2
Route metric is 0
No advertising protos.
show route ipv4 68.0.1.1
Routing entry for 68.0.1.0/24
Known via "bgp 100", distance 20, metric 0
Tag 108, type external, Traffic Index 8
Installed Nov 11 21:14:05.462
Routing Descriptor Blocks
8.1.0.2, from 8.1.0.2
Route metric is 0
No advertising protos.
show cef ipv4 27.1.1.1
27.1.1.0/24, version 263, source-destination sharing
Prefix Len 24, Traffic Index 1, precedence routine (0)
via 17.1.1.2, 0 dependencies, recursive
next hop 17.1.1.2/24, TenGigE0/2/0/2.1 via 17.1.1.0/24
valid remote adjacency
Recursive load sharing using 17.1.1.0/24
show cef ipv4 28.1.1.1
28.1.1.0/24, version 218, source-destination sharing
Prefix Len 24, Traffic Index 6, precedence routine (0)
via 18.1.1.2, 0 dependencies, recursive
next hop 18.1.1.2/24, TenGigE0/2/0/4.1 via 18.1.1.0/24
valid remote adjacency
Recursive load sharing using 18.1.1.0/24
show cef ipv4 65.0.1.1
65.0.1.0/24, version 253, source-destination sharing
Prefix Len 24, Traffic Index 15, precedence routine (0)
via 4.1.0.2, 0 dependencies, recursive
next hop 4.1.0.2/16, gigabitethernet0/0/0/4 via 4.1.0.0/16
valid remote adjacency
Recursive load sharing using 4.1.0.0/16
show cef ipv4 66.0.1.1
66.0.1.0/24, version 233, source-destination sharing
Prefix Len 24, Traffic Index 16, precedence routine (0)
via 8.1.0.2, 0 dependencies, recursive
next hop 8.1.0.2/16, gigabitethernet 0/0/0/8 via 8.1.0.0/16
valid remote adjacency
Recursive load sharing using 8.1.0.0/16
show cef ipv4 67.0.1.1
67.0.1.0/24, version 243, source-destination sharing
Prefix Len 24, Traffic Index 7, precedence routine (0)
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
88 OL-26068-02
Implementing Cisco Express Forwarding
Verifying BGP Policy Statistics: Examplevia 4.1.0.2, 0 dependencies, recursive
next hop 4.1.0.2/16, gigabitethernet 0/0/0/4 via 4.1.0.0/16
valid remote adjacency
Recursive load sharing using 4.1.0.0/16
show cef ipv4 68.0.1.1
68.0.1.0/24, version 223, source-destination sharing
Prefix Len 24, Traffic Index 8, precedence routine (0)
via 8.1.0.2, 0 dependencies, recursive
next hop 8.1.0.2/16, gigabitethernet0/0/0/8 via 8.1.0.0/16
valid remote adjacency
Recursive load sharing using 8.1.0.0/16
show cef ipv4 27.1.1.1 detail
27.1.1.0/24, version 263, source-destination sharing
Prefix Len 24, Traffic Index 1, precedence routine (0)
via 17.1.1.2, 0 dependencies, recursive
next hop 17.1.1.2/24, TenGigE0/2/0/2.1 via 17.1.1.0/24
valid remote adjacency
Recursive load sharing using 17.1.1.0/24
Load distribution: 0 (refcount 6)
Hash OK Interface Address Packets
1 Y TenGigE0/2/0/2.1 (remote) 0
show cef ipv4 28.1.1.1 detail
28.1.1.0/24, version 218, source-destination sharing
Prefix Len 24, Traffic Index 6, precedence routine (0)
via 18.1.1.2, 0 dependencies, recursive
next hop 18.1.1.2/24, TenGigE0/2/0/4.1 via 18.1.1.0/24
valid remote adjacency
Recursive load sharing using 18.1.1.0/24
Load distribution: 0 (refcount 6)
Hash OK Interface Address Packets
1 Y TenGigE0/2/0/4.1 (remote) 0
show cef ipv4 65.0.1.1 detail
65.0.1.0/24, version 253, source-destination sharing
Prefix Len 24, Traffic Index 15, precedence routine (0)
via 4.1.0.2, 0 dependencies, recursive
next hop 4.1.0.2/16, gigabitethernet0/0/0/4 via 4.1.0.0/16
valid remote adjacency
Recursive load sharing using 4.1.0.0/16
Load distribution: 0 (refcount 21)
Hash OK Interface Address Packets
1 Y gigabitethernet0/0/0/4 (remote) 0
show cef ipv4 66.0.1.1 detail
66.0.1.0/24, version 233, source-destination sharing
Prefix Len 24, Traffic Index 16, precedence routine (0)
via 8.1.0.2, 0 dependencies, recursive
next hop 8.1.0.2/16, gigabitethernet0/0/0/8 via 8.1.0.0/16
valid remote adjacency
Recursive load sharing using 8.1.0.0/16
Load distribution: 0 (refcount 21)
Hash OK Interface Address Packets
1 Y gigabitethernet 0/0/0/8 (remote) 0
show cef ipv4 67.0.1.1 detail
67.0.1.0/24, version 243, source-destination sharing
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 89
Implementing Cisco Express Forwarding
Verifying BGP Policy Statistics: ExamplePrefix Len 24, Traffic Index 7, precedence routine (0)
via 4.1.0.2, 0 dependencies, recursive
next hop 4.1.0.2/16, gigabitethernet 0/0/0/4 via 4.1.0.0/16
valid remote adjacency
Recursive load sharing using 4.1.0.0/16
Load distribution: 0 (refcount 21)
Hash OK Interface Address Packets
1 Y gigabitethernet 0/0/0/4 (remote) 0
show cef ipv4 68.0.1.1 detail
68.0.1.0/24, version 223, source-destination sharing
Prefix Len 24, Traffic Index 8, precedence routine (0)
via 8.1.0.2, 0 dependencies, recursive
next hop 8.1.0.2/16, gigabitethernet 0/0/0/8 via 8.1.0.0/16
valid remote adjacency
Recursive load sharing using 8.1.0.0/16
Load distribution: 0 (refcount 21)
Hash OK Interface Address Packets
1 Y gigabitethernet 0/0/0/8 (remote) 0
Configuring Unicast RPF Checking: Example
The following example shows how to configure unicast RPF checking:
configure
interface gigabitethernet 0/0/0/1
ipv4 verify unicast source reachable-via rx
end
Configuring the Switching of Modular Services Card to Management Ethernet
Interfaces on the Route Processor: Example
The following example shows how to configure the switching of the MSC to Management Ethernet interfaces
on the route processor:
configure
rp mgmtethernet forwarding
end
Configuring BGP Attributes Download: Example
The following example shows how to configure the BGP Attributes Download feature:
router configure
show cef bgp attribute {attribute-id| local-attribute-id}
Additional References
The following sections provide references related to implementing CEF.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
90 OL-26068-02
Implementing Cisco Express Forwarding
Configuring Unicast RPF Checking: ExampleRelated Documents
Related Topic Document Title
Cisco Express Forwarding Commands module in
Cisco ASR 9000 Series Aggregation Services Router
IP Addresses and Services Command Reference
CEF commands: complete command syntax,
command modes, command history, defaults, usage
guidelines, and examples
BGP Commands module in the Cisco ASR 9000
Series Aggregation Services Router Routing
Command Reference
BGP commands: complete command syntax,
command modes, command history, defaults, usage
guidelines, and examples
Link Bundling Commands module in the
Cisco ASR 9000 Series Aggregation Services Router
Interface and Hardware Component Command
Reference
Link Bundling Commands: complete command
syntax, command modes, command history, defaults,
usage guidelines, and examples
Standards
Standards Title
No new or modified standards are supported by this
feature, and support for existing standards has not
been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs, use the Cisco MIB
Locator found at the following URL and choose a
platform under the Cisco Access Products menu: http:/
/cisco.com/public/sw-center/netmgmt/cmtk/
mibs.shtml
RFCs
RFCs Title
No new or modified RFCs are supported by this
feature, and support for existing RFCs has not been
modified by this feature.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 91
Implementing Cisco Express Forwarding
Additional ReferencesTechnical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
92 OL-26068-02
Implementing Cisco Express Forwarding
Additional ReferencesC H A P T E R 4
Implementing the Dynamic Host Configuration
Protocol
This module describesthe concepts and tasks you will use to configure Dynamic Host Configuration Protocol
(DHCP).
For a complete description of the DHCP commandslisted in this module, refer to the Cisco ASR 9000 Series
Aggregation Services Router IP Addresses and Services Command Reference publication. To locate
documentation of other commands that appear in this chapter, use the command reference master index,
or search online.
Note
Feature History for Implementing the Dynamic Host Configuration Protocol
Release Modification
Release 3.7.2 This feature was introduced .
Prerequisites for Configuring DHCP Relay Agent , page 93
Information About DHCP Relay Agent, page 94
How to Configure and Enable DHCP Relay Agent, page 94
DHCPv6 Relay Agent Notification for Prefix Delegation, page 108
Configuration Examples for the DHCP Relay Agent, page 111
Implementing DHCP Snooping, page 112
Additional References, page 123
Prerequisites for Configuring DHCP Relay Agent
The following prerequisites are required to configure a DHCP relay agent:
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 93 You must be in a user group associated with a task group that includesthe proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment
is preventing you from using a command, contact your AAA administrator for assistance.
A configured and running DHCP client and DHCP server
Connectivity between the relay agent and DCHP server
Information About DHCP Relay Agent
A DHCP relay agent is a host that forwards DHCP packets between clients and servers that do not reside on
a shared physical subnet. Relay agent forwarding is distinct from the normal forwarding of an IP router where
IP datagrams are switched between networks transparently.
DHCP clients use User Datagram Protocol (UDP) broadcasts to send DHCPDISCOVER messages when they
lack information about the network to which they belong.
If a client is on a network segment that does not include a server, a relay agent is needed on that network
segment to ensure that DHCP packets reach the servers on another network segment. UDP broadcast packets
are not forwarded, because most routers are not configured to forward broadcast traffic. You can configure a
DHCP relay agent to forward DHCP packets to a remote server by configuring a DHCP relay profile and
configure one or more helper addresses in it. You can assign the profile to an interface or a VRF.
Figure 2: Forwarding UDP Broadcasts to a DHCP Server Using a Helper Address, on page 94 demonstrates
the process. The DHCP client broadcasts a request for an IP address and additional configuration parameters
on its local LAN. Acting as a DHCP relay agent, Router B picks up the broadcast, changes the destination
address to the DHCP server's address and sends the message out on another interface. The relay agent inserts
the IP address of the interface, on which the DHCP clients packets are received, into the gateway address
(giaddr) field of the DHCP packet, which enables the DHCP server to determine which subnet should receive
the offer and identify the appropriate IP address range. The relay agent unicasts the messages to the server
address, in this case 172.16.1.2 (which is specified by the helper address in the relay profile).
Figure 2: Forwarding UDP Broadcasts to a DHCP Server Using a Helper Address
How to Configure and Enable DHCP Relay Agent
This section contains the following tasks:
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
94 OL-26068-02
Implementing the Dynamic Host Configuration Protocol
Information About DHCP Relay AgentConfiguring and Enabling the DHCP Relay Agent
This task describes how to configure and enable DHCP relay agent.
SUMMARY STEPS
1. configure
2. dhcp ipv4
3. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
dhcp ipv4 Enters DHCP IPv4 configuration submode.
Example:
RP/0/RSP0/CPU0:router(config)# dhcp
ipv4
Step 2
Step 3 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the
router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)#
commit
? Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 95
Implementing the Dynamic Host Configuration Protocol
Configuring and Enabling the DHCP Relay AgentCommand or Action Purpose
Configuring a DHCP Relay Profile
This task describes how to configure and enable the DHCP relay agent.
SUMMARY STEPS
1. configure
2. dhcp ipv4
3. profile profile-name relay
4. helper-address [vrf vrf- name ] address
5. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
dhcp ipv4 Enters DHCP IPv4 configuration submode .
Example:
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
Step 2
profile profile-name relay Enters DHCP IPv4 profile relay submode.
Example:
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client relay
Step 3
Forwards UDP broadcasts, including BOOTP
and DHCP.
helper-address [vrf vrf- name ] address
Example:
RP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# helper-address
Step 4
The value of the address argument
can be a specific DHCP server address
vrf vrf1 or a network address (if other DHCP
10.10.1.1
servers are on the destination network
segment). Using the network address
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
96 OL-26068-02
Implementing the Dynamic Host Configuration Protocol
Configuring and Enabling the DHCP Relay AgentCommand or Action Purpose
enables other servers to respond to
DHCP requests.
For multiple servers, configure one
helper address for each server.
Step 5 Use one of these commands: Saves configuration changes.
end When you issue the end command, the
system prompts you to commit
changes:
Uncommitted changes found, commit
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
them
before exiting(yes/no/cancel)?
or [cancel]:
RP/0/RSP0/CPU0:router(config)# commit
? Entering yes saves configuration
changes to the running
configuration file, exits the
configuration session, and returns
the router to EXEC mode.
? Entering no exits the
configuration session and returns
the router to EXEC mode without
committing the configuration
changes.
? Entering cancel leaves the router
in the current configuration
session without exiting or
committing the configuration
changes.
Use the commit command to save the
configuration changes to the running
configuration file and remain within
the configuration session.
Configuring the DHCPv6 (Stateless) Relay Agent
Perform this task to specify a destination address to which client messages are forwarded and to enable
Dynamic Host Configuration Protocol (DHCP) for IPv6 relay service on the interface.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 97
Implementing the Dynamic Host Configuration Protocol
Configuring the DHCPv6 (Stateless) Relay AgentSUMMARY STEPS
1. configure
2. dhcp ipv6
3. interface type interface-path-id relay
4. destination ipv6-address
5. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
dhcp ipv6 Enables DHCP for IPv6 and enters the DHCP IPv6 configuration mode.
Example:
Step 2
RP/0/RSP0/CPU0:router(config) # dhcp
ipv6
RP/0/RSP0/CPU0:router(config-dhcpv6)#
Specifies an interface type and interface-path-id, places the router in
interface configuration mode, and enables DHCPv6 relay service on the
interface.
interface type interface-path-id relay
Example:
Step 3
RP/0/RSP0/CPU0:router(config-dhcpv6) #
interface tenGigE 0/5/0/0 relay
Step 4 destination ipv6-address Specifies a destination address to which client packets are forwarded.
Example:
When relay service is enabled on an interface, a DHCP for IPv6 message
received on that interface isforwarded to all configured relay destinations.
The incoming DHCP for IPv6 message may have come from a client on
RP/0/RSP0/CPU0:router(config-dhcpv6-if) that interface, or it may have been relayed by another relay agent.
# destination 10:10::10
Step 5 Use one of these commands: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
98 OL-26068-02
Implementing the Dynamic Host Configuration Protocol
Configuring the DHCPv6 (Stateless) Relay AgentCommand or Action Purpose
When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
end
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Enabling DHCP Relay Agent on an Interface
This task describes how to enable the Cisco IOS XR DHCP relay agent on an interface.
Note On Cisco IOS XR software, the DHCP relay agent is disabled by default.
SUMMARY STEPS
1. configure
2. dhcp ipv4
3. interface type name relay profile profile-name
4. Use one of these commands:
end
commit
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 99
Implementing the Dynamic Host Configuration Protocol
Enabling DHCP Relay Agent on an InterfaceDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
dhcp ipv4 Enters DHCP IPv4 configuration submode.
Example:
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
Step 2
interface type name relay profile profile-name Attaches a relay profile to an interface.
Example:
RP/0/RSP0/CPU0:router(config-dhcpv4)# interface
Step 3
gigabitethernet 0/0/0
/0 relay profile client
Step 4 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and
returnsthe router to EXEC mode without committing
the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration
changesto the running configuration file and remain within
the configuration session.
Disabling DHCP Relay on an Interface
Thistask describes how to disable the DHCP relay on an interface by assigning the none profile to the interface.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
100 OL-26068-02
Implementing the Dynamic Host Configuration Protocol
Disabling DHCP Relay on an InterfaceSUMMARY STEPS
1. configure
2. dhcp ipv4
3. interface type name none
4. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
dhcp ipv4 Enters DHCP IPv4 configuration submode.
Example:
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
Step 2
interface type name none Disables the DHCP relay on the interface.
Example:
RP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# interface
Step 3
gigabitethernet
0/1/4/1 none
Step 4 Use one of these commands: Saves configuration changes.
end When you issue the end command, the
system prompts you to commit changes:
Uncommitted changes found, commit
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
them
before exiting(yes/no/cancel)?
[cancel]:
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering yes saves configuration
changes to the running configuration
file, exits the configuration session,
and returns the router to EXEC mode.
? Entering no exits the configuration
session and returnsthe router to EXEC
mode without committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 101
Implementing the Dynamic Host Configuration Protocol
Disabling DHCP Relay on an InterfaceCommand or Action Purpose
? Entering cancel leaves the router in
the current configuration session
without exiting or committing the
configuration changes.
Use the commit command to save the
configuration changes to the running
configuration file and remain within the
configuration session.
Enabling DHCP Relay on a VRF
This task describes how to enable DHCP relay on a VRF.
SUMMARY STEPS
1. configure
2. dhcp ipv4
3. vrf vrf-name relay profile profile-name
4. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
dhcp ipv4 Enters DHCP IPv4 configuration submode.
Example:
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
Step 2
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
102 OL-26068-02
Implementing the Dynamic Host Configuration Protocol
Enabling DHCP Relay on a VRFCommand or Action Purpose
vrf vrf-name relay profile profile-name Enables DHCP relay on a VRF.
Example:
RP/0/RSP0/CPU0:router(config-dhcpv4)#
vrf default relay profile client
Step 3
Step 4 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Configuring the Relay Agent Information Feature
This task describes how to configure the DHCP relay agent information option processing capabilities.
A DHCP relay agent may receive a message from another DHCP relay agent that already contains relay
information. By default, the relay information from the previous relay agent is replaced (using the replace
option).
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 103
Implementing the Dynamic Host Configuration Protocol
Configuring the Relay Agent Information FeatureSUMMARY STEPS
1. configure
2. dhcp ipv4
3. profile profile-name relay
4. relay information option
5. relay information check
6. relay information policy {drop | keep}
7. relay information option allow-untrusted
8. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
dhcp ipv4 Enters DHCP IPv4 configuration submode .
Example:
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
Step 2
profile profile-name relay Enters DHCP IPv4 profile relay submode .
Example:
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client relay
Step 3
Enables the system to insert the DHCP relay agent
information option (option-82 field) in forwarded
BOOTREQUEST messages to a DHCP server.
relay information option
Example:
RP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# relay
information option
Step 4
This option is injected by the relay agent while
forwarding client-originated DHCP packetsto the
server. Servers recognizing this option can use the
information to implement IP address or other
parameter assignment policies. When replying,
the DHCP server echoes the option back to the
relay agent. The relay agent removes the option
before forwarding the reply to the client.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
104 OL-26068-02
Implementing the Dynamic Host Configuration Protocol
Configuring the Relay Agent Information FeatureCommand or Action Purpose
The relay agent information is organized as a
single DHCP option that contains one or more
suboptions. These options contain the information
known by the relay agent.
The supported suboptions are:
? Remote ID
? Circuit ID
This function is disabled by default.
The port field of the default circuit-ID denotes
the configured bundle-ID of the bundle. If
circuit IDs require that bundles be unique, and
because the port field is 8 bits, the low-order
8 bits of configured bundle IDs must be unique.
To achieve this, configure bundle-IDs within
the range from 0 to 255.
Note
(Optional) Configures DHCP to check the validity of
the relay agent information option in forwarded
relay information check
Example:
RP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# relay
information check
Step 5
BOOTREPLY messages. If an invalid message is
received, the relay agent drops the message. If a valid
message is received, the relay agent removes the relay
agent information option field and forwards the packet.
By default, DHCP does not check the validity of
the relay agent information option field in DHCP
reply packets, received from the DHCP server.
Use the relay information check command
to reenable thisfunctionality if the functionality
has been disabled.
Note
(Optional) Configures the reforwarding policy for a
DHCP relay agent; that is, whether the relay agent will
drop or keep the relay information.
relay information policy {drop | keep}
Example:
RP/0/RSP0/CPU0:router(config)# dhcp relay information
policy drop
Step 6
By default, the DHCP relay agent replaces the relay
information option.
(Optional) Configures the DHCP IPv4 Relay not to
discard BOOTREQUEST packetsthat have an existing
relay information option and the giaddr set to zero.
relay information option allow-untrusted
Example:
RP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# relay
information option allow-untrusted
Step 7
Step 8 Use one of these commands: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 105
Implementing the Dynamic Host Configuration Protocol
Configuring the Relay Agent Information FeatureCommand or Action Purpose
When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
end
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to
the running configuration file, exits the
or
RP/0/RSP0/CPU0:router(config)# commit
configuration session, and returns the router
to EXEC mode.
? Entering no exits the configuration session
and returns the router to EXEC mode
without committing the configuration
changes.
? Entering cancel leaves the router in the
current configuration session without exiting
or committing the configuration changes.
Use the commit command to save the
configuration changesto the running configuration
file and remain within the configuration session.
Configuring Relay Agent Giaddr Policy
This task describes how to configure the DHCP relay agents processing capabilities for received
BOOTREQUEST packets that already contain a nonzero giaddr attribute.
SUMMARY STEPS
1. configure
2. dhcp ipv4
3. profile relay
4. giaddr policy {replace | drop}
5. Use one of these commands:
end
commit
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
106 OL-26068-02
Implementing the Dynamic Host Configuration Protocol
Configuring Relay Agent Giaddr PolicyDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
dhcp ipv4 Enables the DHCP IPv4 configuration submode.
Example:
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
Step 2
profile relay Enables profile relay submode.
Example:
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile client relay
Step 3
Step 4 giaddr policy {replace | drop} Specifies the giaddr policy.
Example:
RP/0/RSP0/CPU0:router(config-dhcpv4-relay-profile)# giaddr
policy drop
replaceReplaces the existing giaddr value
with a value that it generates.
dropDrops the packet that has an existing
nonzero giaddr value.
By default, the DHCP relay agent keeps the existing
giaddr value.
Step 5 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
before exiting(yes/no/cancel)? [cancel]:
? Entering yessaves configuration changes
to the running configuration file, exits the
or
RP/0/RSP0/CPU0:router(config)# commit
configuration session, and returns the
router to EXEC mode.
? Entering no exits the configuration
session and returns the router to EXEC
mode without committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 107
Implementing the Dynamic Host Configuration Protocol
Configuring Relay Agent Giaddr PolicyCommand or Action Purpose
? Entering cancel leaves the router in the
current configuration session without
exiting or committing the configuration
changes.
Use the commit command to save the
configuration changes to the running
configuration file and remain within the
configuration session.
DHCPv6 Relay Agent Notification for Prefix Delegation
DHCPv6 relay agent notification for prefix delegation allows the router working as a DHCPv6 relay agent to
find prefix delegation options by reviewing the contents of a DHCPv6 RELAY-REPLY packet that is being
relayed by the relay agent to the client. When the relay agent finds the prefix delegation option, the relay agent
extracts the information about the prefix being delegated and inserts an IPv6 subscriber route matching the
prefix delegation information onto the relay agent. Future packets destined to that prefix via relay are forwarded
based on the information contained in the prefix delegation. The IPv6 subscriber route remains in the routing
table until the prefix delegation lease time expires or the relay agent receives a release packet from the client
releasing the prefix delegation.
The relay agent automatically does the subscriber route management.
The IPv6 routes are added when the relay agent relays a RELAY-REPLY packet, and the IPv6 routes are
deleted when the prefix delegation lease time expires or the relay agent receives a release message. An IPv6
subscriber route in the routing table of the relay agent can be updated when the prefix delegation lease time
is extended.
This feature leaves an IPv6 route on the routing table of the relay agent. This registered IPv6 address allows
unicast reverse packet forwarding (uRPF) to work by allowing the router doing the reverse lookup to confirm
that the IPv6 address on the relay agent is not malformed or spoofed. The IPv6 route in the routing table of
the relay agent can be redistributed to other routing protocols to advertise the subnets to other nodes. When
the client sends a DHCP_DECLINE message, the routes are removed.
Configuring DHCPv6 Stateful Relay Agent for Prefix Delegation
Perform this task to configure Dynamic Host Configuration Protocol (DHCP) IPv6 relay agent notification
for prefix delegation.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
108 OL-26068-02
Implementing the Dynamic Host Configuration Protocol
DHCPv6 Relay Agent Notification for Prefix DelegationSUMMARY STEPS
1. configure
2. dhcp ipv6
3. profile profile-name proxy
4. helper-address ipv6-address interface type interface-path-id
5. exit
6. interface type interface-path-id proxy
7. profile profile-name
8. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables DHCP for IPv6 and enters DHCP IPv6 configuration
mode.
dhcp ipv6
Example:
Step 2
RP/0/RSP0/CPU0:router(config) # dhcp ipv6
RP/0/RSP0/CPU0:router(config-dhcpv6)#
profile profile-name proxy Enters the proxy profile configuration mode.
Example:
Step 3
RP/0/RSP0/CPU0:router(config-dhcpv6)# profile
downstream proxy
RP/0/RSP0/CPU0:router(config-dhcpv6-profile)#
helper-address ipv6-address interface type Configure the DHCP IPv6 relay agent.
interface-path-id
Step 4
Example:
RP/0/RSP0/CPU0:router(config-dhcpv6-profile)#
helper-address 2001:db8::1 GigabitEthernet
0/1/0/1
RP/0/RSP0/CPU0:router(config-dhcpv6-profile)
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 109
Implementing the Dynamic Host Configuration Protocol
Configuring DHCPv6 Stateful Relay Agent for Prefix DelegationCommand or Action Purpose
exit Exits from the profile configuration mode.
Example:
Step 5
RP/0/RSP0/CPU0:router(config-dhcpv6-profile)#
exit
RP/0/RSP0/CPU0:router(config-dhcpv6)#
Enables IPv6 DHCP on an interface and acts as an IPv6
DHCP stateful relay agent.
interface type interface-path-id proxy
Example:
Step 6
RP/0/RSP0/CPU0:router(config-dhcpv6)# interface
GigabitEthernet 0/1/0/0 proxy
RP/0/RSP0/CPU0:router(config-dhcpv6-if)#
profile profile-name Enters the profile configuration mode.
Example:
Step 7
RP/0/RSP0/CPU0:router(config-dhcpv6-if)# profile
downstream
RP/0/RSP0/CPU0:router(config-dhcpv6-if)#
Step 8 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
110 OL-26068-02
Implementing the Dynamic Host Configuration Protocol
Configuring DHCPv6 Stateful Relay Agent for Prefix DelegationConfiguration Examples for the DHCP Relay Agent
This section provides the following configuration examples:
DHCP Relay Profile: Example
The following example shows how to configure the Cisco IOS XR relay profile:
dhcp ipv4
profile client relay
helper-address vrf foo 10.10.1.1
!
! ...
DHCP Relay on an Interface: Example
The following example shows how to enable the DHCP relay agent on an interface:
dhcp ipv4
interface gigabitethernet 0/1/1/0 relay profile client
!
DHCP Relay on a VRF: Example
The following example shows how to enable the DHCP relay agent on a VRF:
dhcp ipv4
vrf default relay profile client
!
Relay Agent Information Option Support: Example
The following example shows how to enable the relay agent and the insertion and removal of the DHCP relay
information option:
dhcp ipv4
profile client relay
relay information option
!
!
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 111
Implementing the Dynamic Host Configuration Protocol
Configuration Examples for the DHCP Relay AgentRelay Agent Giaddr Policy: Example
The following example shows how to configure relay agent giaddr policy:
dhcp ipv4
profile client relay
giaddr policy drop
!
!
Implementing DHCP Snooping
Prerequisites for Configuring DHCP Snooping
The following prerequisites are required example shows how to configure DHCP IPv4 snooping relay agent
broadcast flag policy:
You must be in a user group associated with a task group that includesthe proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment
is preventing you from using a command, contact your AAA administrator for assistance.
A Cisco ASR 9000 Series Router running Cisco IOS XR software.
A configured and running DHCP client and DHCP server.
Information about DHCP Snooping
DHCP Snooping features are focused on the edge of the aggregation network. Security features are applied
at the first point of entry for subscribers. Relay agent information option information is used to identify the
subscribers line, which is either the DSL line to the subscribers home or the first port in the aggregation
network.
The central concept for DHCP snooping is that of trusted and untrusted links. A trusted link is one providing
secure access for traffic on that link. On an untrusted link, subscriber identity and subscriber traffic cannot
be determined. DHCP snooping runs on untrusted links to provide subscriber identity. Figure 3: DHCP
Snooping in an Aggregation Network, on page 113 shows an aggregation network. The link from the DSLAM
to the aggregation network is untrusted and is the point of presence for DHCP snooping. The links connecting
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
112 OL-26068-02
Implementing the Dynamic Host Configuration Protocol
Relay Agent Giaddr Policy: Examplethe switches in the aggregation network and the link from the aggregation network to the intelligent edge is
considered trusted.
Figure 3: DHCP Snooping in an Aggregation Network
Trusted and Untrusted Ports
On trusted ports, DHCP BOOTREQUEST packets are forwarded by DHCP snooping. The clients address
lease is not tracked and the client is not bound to the port. DHCP BOOTREPLY packets are forwarded.
When the first DHCP BOOTREQUEST packet from a client isreceived on an untrusted port, DHCP snooping
binds the client to the bridge port and tracks the clientss address lease. When that address lease expires, the
client is deleted from the database and is unbound from the bridge port. Packets from this client received on
this bridge port are processed and forwarded aslong asthe binding exists. Packets that are received on another
bridge port from this client are dropped while the binding exists. DHCP snooping only forwards DHCP
BOOTREPLY packets for this client on the bridge port that the client is bound to. DHCP BOOTREPLY
packets that are received on untrusted ports are not forwarded.
DHCP Snooping in a Bridge Domain
To enable DHCP snooping in a bridge domain, there must be at least two profiles, a trusted profile and an
untrusted profile. The untrusted profile is assigned to the client-facing ports, and the trusted profile is assigned
to the server-facing ports. In most cases, there are many client facing ports and few server-facing ports. The
simplest example istwo ports, a client-facing port and a server-facing port, with an untrusted profile explicitly
assigned to the client-facing port and a trusted profile assigned to the server-facing port.
Assigning Profiles to a Bridge Domain
Because there are normally many client-facing ports and a small number of server-facing ports, the operator
assigns the untrusted profile to the bridge domain. This configuration effectively assigns an untrusted profile
to every port in the bridge domain. This action saves the operator from explicitly assigning the untrusted
profile to all of the client-facing ports. Because there also must be server-facing ports that have trusted DHCP
snooping profiles, in order for DHCP snooping to function properly, this untrusted DHCP snooping profile
assignment is overridden to server-facing ports by specifically configuring trusted DHCP snooping profiles
on the server-facing ports. For ports in the bridge domain that do not require DHCP snooping, all should have
the none profile assigned to them to disable DHCP snooping on those ports.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 113
Implementing the Dynamic Host Configuration Protocol
Information about DHCP SnoopingRelay Information Options
You can configure a DHCP snooping profile to insert the relay information option (option 82) into DHCP
client packets only when it is assigned to a client port. The relay information option allow-untrusted
command addresses what to do with DHCP client packets when there is a null giaddr and a relay-information
option already in the client packet when it is received. This is a different condition than a DHCP snooping
trusted/untrusted port. The relay information option allow-untrusted command determines how the DHCP
snooping application handles untrusted relay information options.
How to Configure DHCP Snooping
This section contains the following tasks:
Enabling DHCP Snooping in a Bridge Domain
The following configuration creates two ports, a client-facing port and a server-facing port. In Step 1 through
Step 8, an untrusted DHCP snooping profile is assigned to the client bridge port and trusted DHCP snooping
profile is assigned to the server bridge port. In Step 9 through Step 18, an untrusted DHCP snooping profile
is assigned to the bridge domain and trusted DHCP snooping profiles are assigned to server bridge ports.
SUMMARY STEPS
1. configure
2. dhcp ipv4
3. profile untrusted-profile-name snoop
4. exit
5. dhcp ipv4
6. profile profile-name snoop
7. trusted
8. exit
9. l2vpn
10. bridge group group-name
11. bridge-domain bridge-domain-name
12. interface type interface-path-id
13. dhcp ipv4 snoop profile untrusted-profile-name
14. interface type interface-path-id
15. dhcp ipv4 snoop profile trusted-profile-name
16. exit
17. exit
18. Use one of these commands:
end
commit
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
114 OL-26068-02
Implementing the Dynamic Host Configuration Protocol
How to Configure DHCP SnoopingDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
dhcp ipv4 Enters DHCP IPv4 profile configuration submode.
Example:
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
Step 2
Configures an untrusted DHCP snooping profile for the
client port.
profile untrusted-profile-name snoop
Example:
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile
untrustedClientProfile snoop
Step 3
exit Exits DHCP IPv4 profile configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-dhcpv4)# exit
Step 4
Enables DHCP for IPv4 and enters DHCP IPv4 profile
configuration mode.
dhcp ipv4
Example:
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
Step 5
Configures a trusted DHCP snooping profile for the server
port.
profile profile-name snoop
Example:
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile
trustedServerProfile snoop
Step 6
trusted Configures a DHCP snoop profile to be trusted.
Example:
RP/0/RSP0/CPU0:router(config-dhcv4)# trusted
Step 7
exit Exits DHCP IPv4 profile configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-dhcv4)# exit
Step 8
l2vpn Enters l2vpn configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Step 9
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 115
Implementing the Dynamic Host Configuration Protocol
How to Configure DHCP SnoopingCommand or Action Purpose
Creates a bridge group to contain bridge domains and enters
l2vpn bridge group configuration submode.
bridge group group-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge
group ccc
Step 10
bridge-domain bridge-domain-name Establishes a bridge domain.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)#
bridge-domain ddd
Step 11
interface type interface-path-id Identifies an interface.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
interface gigabitethernet 0/1/0/0
Step 12
Attaches an untrusted DHCP snoop profile to the bridge
port.
dhcp ipv4 snoop profile untrusted-profile-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#
dhcp ipv4 snoop profile untrustedClientProfile
Step 13
interface type interface-path-id Identifies an interface.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#
gigabitethernet 0/1/0/1
Step 14
dhcp ipv4 snoop profile trusted-profile-name Attaches a trusted DHCP snoop profile to the bridge port.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#
dhcp ipv4 snoop profile trustedServerProfile
Step 15
Exits the l2vpn bridge group bridge-domain interface
configuration submode.
exit
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#
exit
Step 16
Exits the l2vpn bridge group bridge-domain configuration
submode.
exit
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# exit
Step 17
Step 18 Use one of these commands: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
116 OL-26068-02
Implementing the Dynamic Host Configuration Protocol
How to Configure DHCP SnoopingCommand or Action Purpose
When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
end
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yessaves configuration changesto the
running configuration file, exits the
or
RP/0/RSP0/CPU0:router(config)# commit
configuration session, and returns the router to
EXEC mode.
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Disabling DHCP Snooping on a Specific Bridge Port
The following configuration enables DHCP to snoop packets on all bridge ports in the bridge domain ISP1
except for bridge port GigabitEthernet 0/1/0/1 and GigabitEthernet 0/1/0/2. DHCP snooping is disabled on
bridge port GigabitEthernet 0/1/0/1. Bridge port GigabitEthernet 0/1/0/2 is the trusted port that connects to
the server. In this example, no additional features are enabled, so only DHCP snooping is running.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 117
Implementing the Dynamic Host Configuration Protocol
How to Configure DHCP SnoopingSUMMARY STEPS
1. configure
2. l2vpn
3. bridge group group-name
4. bridge-domain bridge-domain-name
5. dhcp ipv4 snoop profile profile-name
6. interface type interface-path-id
7. dhcp ipv4 none
8. interface type interface-path-id
9. dhcp ipv4 snoop profile profile-name
10. exit
11. exit
12. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
l2vpn Enters l2vpn configuration submode.
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Step 2
Creates a bridge group to contain bridge domains and enters
l2vpn bridge group configuration submode.
bridge group group-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge
group GRP1
Step 3
Establishes a bridge domain and enters l2vpn bridge group
bridge-domain configuration submode.
bridge-domain bridge-domain-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)#
bridge-domain ISP1
Step 4
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
118 OL-26068-02
Implementing the Dynamic Host Configuration Protocol
How to Configure DHCP SnoopingCommand or Action Purpose
Attaches the untrusted DHCP snooping profile to the bridge
domain.
dhcp ipv4 snoop profile profile-name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
Step 5
dhcp ipv4 snoop profile untrustedClientProfile
Identifies an interface and enters l2vpn bridge group
bridge-domain interface configuration submode.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
interface gigabitethernet 0/1/0/1
Step 6
dhcp ipv4 none Disables DHCP snooping on the port.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-if)#
dhcp ipv4 none
Step 7
Identifies an interface and enters l2vpn bridge group
bridge-domain interface configuration submode.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
interface gigabitethernet 0/1/0/2
Step 8
dhcp ipv4 snoop profile profile-name Attaches the trusted DHCP snooping profile to a port.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#
dhcp ipv4 snoop profile trustedServerProfile
Step 9
Exitsl2vpn bridge-domain bridge group interface configuration
submode.
exit
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bd-bg)#
exit
Step 10
exit Exits l2vpn bridge-domain submode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# exit
Step 11
Step 12 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 119
Implementing the Dynamic Host Configuration Protocol
How to Configure DHCP SnoopingCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Using the Relay Information Option
This task shows how to use the relay information commands to insert the relay information option (option 82)
into DHCP client packets and forward DHCP packets with untrusted relay information options.
SUMMARY STEPS
1. configure
2. dhcp ipv4
3. profile profile-name snoop
4. relay information option
5. relay information option allow-untrusted
6. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
120 OL-26068-02
Implementing the Dynamic Host Configuration Protocol
How to Configure DHCP SnoopingCommand or Action Purpose
dhcp ipv4 Enters DHCP IPv4 profile configuration submode.
Example:
RP/0/RSP0/CPU0:router(config)# dhcp ipv4
Step 2
Configures an untrusted DHCP snooping profile for the
client port.
profile profile-name snoop
Example:
RP/0/RSP0/CPU0:router(config-dhcpv4)# profile
untrustedClientProfile snoop
Step 3
Enables the system to insert the DHCP relay information
option field in forwarded BOOTREQUEST messages to a
DHCP server.
relay information option
Example:
RP/0/RSP0/CPU0:router(config-dhcpv4-snoop-profile)#
relay information option
Step 4
Configures DHCP IPv4 relay not to discard
BOOTREQUEST packets that have an existing relay
information option and the giaddr set to zero.
relay information option allow-untrusted
Example:
RP/0/RSP0/CPU0:router(config-dhcpv4-snoop-profile)#
relay information option allow-untrusted
Step 5
Step 6 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the
running configuration file, exitsthe configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 121
Implementing the Dynamic Host Configuration Protocol
How to Configure DHCP SnoopingConfiguration Examples for DHCP Snooping
This section provides the following configuration examples:
Assigning a DHCP Profile to a Bridge Domain: Example
The following example shows how to enable DHCP snooping in a bridge domain:
l2vpn
bridge group GRP1
bridge-domain ISP1
dhcp ipv4 profile untrustedClientProfile snoop
Disabling DHCP Snooping on a Specific Bridge Port: Example
The following example shows how to disable DHCP snooping on a specific bridge port:
interface gigabitethernet 0/1/0/1
dhcp ipv4 none
Configuring a DHCP Profile for Trusted Bridge Ports: Example
The following example shows how to configure a DHCP profile for trusted bridge ports:
dhcp ipv4 profile trustedServerProfile snoop
trusted
Configuring an Untrusted Profile on a Bridge Domain: Example
The following example shows how to attach a profile to a bridge domain and disable snooping on a bridge
port.
l2vpn
bridge group GRP1
bridge-domain ISP1
dhcp ipv4 profile untrustedClientProfile snoop
interface gigabitethernet 0/1/0/1
dhcp ipv4 none
Configuring a Trusted Bridge Port: Example
The following example shows ow to assign a trusted DHCP snooping profile to a bridge port:
l2vpn
bridge group GRP1
bridge-domain ISP1
interface gigabitethernet 0/1/0/2
dhcp ipv4 profile trustedServerProfile snoop
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
122 OL-26068-02
Implementing the Dynamic Host Configuration Protocol
Configuration Examples for DHCP SnoopingAdditional References
The following sections provide references related to implementing the Cisco IOS XR DHCP relay agent and
DHCP snooping features.
Related Documents
Related Topic Document Title
DHCP Commands module in the Cisco ASR 9000
Series Aggregation Services RouterIP Addresses and
Services Command Reference
Cisco IOS XR
DHCP commands
Cisco ASR 9000 Series Aggregation Services Router
Getting Started Guide
Getting started material
Configuring AAA Services module in the
Cisco ASR 9000 Series Aggregation Services Router
System Security Configuration Guide
Information about user groups and task IDs
Standards
Standards Title
No new or modified standards are supported by this
feature, and support for existing standards has not
been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs, use the Cisco MIB
Locator found at the following URL and choose a
platform under the Cisco Access Products menu: http:/
/cisco.com/public/sw-center/netmgmt/cmtk/
mibs.shtml
RFCs
RFC Title
RFC 2131 Dynamic Host Configuration Protocol
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 123
Implementing the Dynamic Host Configuration Protocol
Additional ReferencesTechnical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
124 OL-26068-02
Implementing the Dynamic Host Configuration Protocol
Additional ReferencesC H A P T E R 5
Implementing Host Services and Applications
Cisco IOS XR softwareHost Services and Applicationsfeatures on the router are used primarily for checking
network connectivity and the route a packet follows to reach a destination, mapping a hostname to an IP
address or an IP address to a hostname, and transferring files between routers and UNIX workstations.
For a complete description of host services and applications commands listed in this module, refer to the
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference
publication. To locate documentation of other commands that appear in this module, use the command
reference master index, or search online.
Note
Feature History for Implementing Host Services and Applications
Release Modification
Release 3.7.2 This feature was introduced.
Prerequisites for Implementing Host Services and Applications , page 125
Information About Implementing Host Services and Applications , page 126
How to Implement Host Services and Applications , page 128
Configuration Examples for Implementing Host Services and Applications , page 141
Additional References, page 144
Prerequisites for Implementing Host Services and Applications
The following prerequisites are required to implement Cisco IOS XR software Host Services and applications
You must be in a user group associated with a task group that includesthe proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment
is preventing you from using a command, contact your AAA administrator for assistance.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 125Information About Implementing Host Services and Applications
To implement Cisco IOS XR software Host Services and applications features discussed in this document,
you should understand the following concepts:
Network Connectivity Tools
Network connectivity tools enable you to check device connectivity by running traceroutes and pinging devices
on the network.
Ping
The ping command is a common method for troubleshooting the accessibility of devices. It uses two Internet
Control Message Protocol (ICMP) query messages, ICMP echo requests, and ICMP echo replies to determine
whether a remote host is active. The ping command also measures the amount of time it takes to receive the
echo reply.
The ping command first sends an echo request packet to an address, and then it waits for a reply. The ping
is successful only if the echo request gets to the destination, and the destination is able to get an echo reply
(hostname is alive) back to the source of the ping within a predefined time interval.
The bulk option has been introduced to check reachability to multiple destinations. The destinations are directly
input through the CLI. This option is supported for ipv4 destinations only.
Traceroute
Where the ping command can be used to verify connectivity between devices, the traceroute command can
be used to discover the paths packets take to a remote destination and where routing breaks down.
The traceroute command records the source of each ICMP "time-exceeded" message to provide a trace of
the path that the packet took to reach the destination. You can use the IP traceroute command to identify the
path that packets take through the network on a hop-by-hop basis. The command output displays all network
layer (Layer 3) devices, such as routers, that the traffic passes through on the way to the destination.
The traceroute command uses the Time To Live (TTL) field in the IP header to cause routers and servers to
generate specific return messages. The traceroute command sends a User Datagram Protocol (UDP) datagram
to the destination host with the TTL field set to 1. If a router finds a TTL value of 1 or 0, it drops the datagram
and sends back an ICMP time-exceeded message to the sender. The traceroute facility determines the address
of the first hop by examining the source address field of the ICMP time-exceeded message.
To identify the next hop, the traceroute command sends a UDP packet with a TTL value of 2. The first
router decrements the TTL field by 1 and sends the datagram to the next router. The second router sees a TTL
value of 1, discards the datagram, and returns the time-exceeded message to the source. This process continues
until the TTL increments to a value large enough for the datagram to reach the destination host (or until the
maximum TTL is reached).
To determine when a datagram reaches its destination, the traceroute command sets the UDP destination
port in the datagram to a very large value that the destination host is unlikely to be using. When a host receives
a datagram with an unrecognized port number, it sends an ICMP port unreachable error to the source. This
message indicates to the traceroute facility that it has reached the destination.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
126 OL-26068-02
Implementing Host Services and Applications
Information About Implementing Host Services and ApplicationsDomain Services
Cisco IOS XR software domain services acts as a Berkeley Standard Distribution (BSD) domain resolver.
The domain services maintains a local cache of hostname-to-address mappings for use by applications, such
as Telnet, and commands,such as ping and traceroute . The local cache speedsthe conversion of hostnames
to addresses. Two types of entries exist in the local cache: static and dynamic. Entries configured using the
domain ipv4 host or domain ipv6 host command are added as static entries, while entries received from
the name server are added as dynamic entries.
The name server is used by the World Wide Web (WWW) for translating names of network nodes into
addresses. The name server maintains a distributed database that maps hostnames to IP addresses through the
DNS protocol from a DNS server. One or more name servers can be specified using the domain name-server
command.
When an application needs the IP address of a host or the hostname of an IP address, a remote-procedure call
(RPC) is made to the domain services. The domain service looks up the IP address or hostname in the cache,
and if the entry is not found, the domain service sends a DNS query to the name server.
You can specify a default domain name that Cisco IOS XR software uses to complete domain name requests.
You can also specify either a single domain or a list of domain names. Any IP hostname that does not contain
a domain name has the domain name you specify appended to it before being added to the host table. To
specify a domain name or names, use either the domain name or domain list command.
TFTP Server
It istoo costly and inefficient to have a machine that acts only as a server on every network segment. However,
when you do not have a server on every segment, your network operations can incur substantial time delays
across network segments. You can configure a router to serve as a TFTP server to reduce costs and time delays
in your network while allowing you to use your router for its regular functions.
Typically, a router that is configured as a TFTP server provides other routers with system image or router
configuration files from its flash memory. You can also configure the router to respond to other types of
services requests.
File Transfer Services
File Transfer Protocol (FTP), Trivial File Transfer Protocol (TFTP), and remote copy protocol (rcp) rcp clients
are implemented as file systems or resource managers. For example, pathnames beginning with tftp:// are
handled by the TFTP resource manager.
The file system interface uses URLs to specify the location of a file. URLs commonly specify files or locations
on the WWW. However, on Cisco routers, URLs also specify the location of files on the router or remote file
servers.
When a router crashes, it can be useful to obtain a copy of the entire memory contents of the router (called a
core dump) for your technical support representative to use to identify the cause of the crash. FTP, TFTP, or
rcp can be used to save the core dump to a remote server. See the Cisco ASR 9000 Series Aggregation Services
Router System Management Configuration Guide for information on executing a core dump.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 127
Implementing Host Services and Applications
Domain ServicesRCP
The remote copy protocol (RCP) commands rely on the remote shell (rsh) server (or daemon) on the remote
system. To copy files using rcp, you do not need to create a server for file distribution, as you do with TFTP.
You need only to have access to a server that supports the rsh. Because you are copying a file from one place
to another, you must have read permissions for the source file and write permission in the destination directory.
If the destination file does not exist, rcp creates it for you.
Although Cisco rcp implementation emulates the functions of the UNIX rcp implementationcopying files
among systems on the networkCisco command syntax differs from the UNIX rcp command syntax.
Cisco IOS XR software offers a set of copy commands that use rcp as the transport mechanism. These rcp
copy commands are similar in style to the Cisco IOS XR software TFTP copy commands, but they offer an
alternative that provides faster performance and reliable delivery of data. These improvements are possible
because the rcp transport mechanism is built on and uses the TCP/IP stack, which is connection-oriented. You
can use rcp commands to copy system images and configuration files from the router to a network server and
so forth.
FTP
File Transfer Protocol (FTP) is part of the TCP/IP protocol stack, which is used for transferring files between
network nodes. FTP is defined in RFC 959.
TFTP
Trivial File Transfer Protocol (TFTP) is a simplified version of FTP that allows files to be transferred from
one computer to another over a network, usually without the use of client authentication (for example, username
and password).
Cisco inetd
Cisco Internet services process daemon (Cinetd) is a multithreaded server process that is started by the system
manager after the system has booted. Cinetd listens for Internet services such as Telnet service, TFTP service,
and so on. Whether Cinetd listens for a specific service depends on the router configuration. For example,
when the tftp server command is entered, Cinetd starts listening for the TFTP service. When a request
arrives, Cinetd runs the server program associated with the service.
Telnet
Enabling Telnet allows inbound Telnet connections into a networking device.
How to Implement Host Services and Applications
This section contains the following procedures:
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
128 OL-26068-02
Implementing Host Services and Applications
Cisco inetdChecking Network Connectivity
As an aid to diagnosing basic network connectivity, many network protocols support an echo protocol. The
protocol involves sending a special datagram to the destination host, then waiting for a reply datagram from
that host. Results from this echo protocol can help in evaluating the path-to-host reliability, delays over the
path, and whether the host can be reached or is functioning.
SUMMARY STEPS
1. ping [ipv4 | ipv6 | vrf vrf-name] [host-name | ip-address]
DETAILED STEPS
Command or Action Purpose
ping [ipv4 | ipv6 | vrf vrf-name] Starts the ping tool that is used for testing connectivity.
[host-name | ip-address]
Step 1
If you do not enter a hostname or an IP address on the same line as the
ping command, the system prompts you to specify the target IP address
and several other command parameters. After specifying the target IP
address, you can specify alternate values for the remaining parameters
or accept the displayed default for each parameter.
Note
Example:
RP/0/RSP0/CPU0:router# ping
Checking Network Connectivity for Multiple Destinations
The bulk option enables you to check reachability to multiple destinations. The destinations are directly input
through the CLI. This option is supported for ipv4 destinations only.
SUMMARY STEPS
1. ping bulk ipv4 [ input cli { batch | inline }]
2. [vrf vrf-name] [host-name | ip-address]
DETAILED STEPS
Command or Action Purpose
Starts the ping tool that is used for
testing connectivity.
ping bulk ipv4 [ input cli { batch | inline }]
Example:
Step 1
RP/0/RSP0/CPU0:router# ping bulk ipv4 input cli
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 129
Implementing Host Services and Applications
Checking Network ConnectivityCommand or Action Purpose
You must hit the Enter button and
then specify one destination address
per line.
[vrf vrf-name] [host-name | ip-address]
Example:
Step 2
Please enter input via CLI with one destination per line:
vrf myvrf1 1.1.1.1
vrf myvrf2 2.2.2.2
vrf myvrf1 myvrf1.cisco.com
vrf myvrf2 myvrf2.cisco.com
Starting pings...
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 1.1.1.1, vrf is myvrf1:
!
Success rate is 100 percent (1/1), round-trip min/avg/max = 1/1/1 ms
Sending 2, 100-byte ICMP Echos to 2.2.2.2, vrf is myvrf2:
!!
Success rate is 100 percent (2/2), round-trip min/avg/max = 1/1/1 ms
Sending 1, 100-byte ICMP Echos to 1.1.1.1, vrf is myvrf1:
!
Success rate is 100 percent (1/1), round-trip min/avg/max = 1/4/1 ms
Sending 2, 100-byte ICMP Echos to 2.2.2.2, vrf is myvrf2:
!!
Success rate is 100 percent (2/2), round-trip min/avg/max = 1/3/1 ms
Checking Packet Routes
The traceroute command allows you to trace the routes that packets actually take when traveling to their
destinations.
SUMMARY STEPS
1. traceroute [ipv4 | ipv6 | vrf vrf-name] [host-name | ip-address]
DETAILED STEPS
Command or Action Purpose
traceroute [ipv4 | ipv6 | vrf vrf-name] Traces packet routes through the network.
[host-name | ip-address]
Step 1
If you do not enter a hostname or an IP address on the same line as
the traceroute command, the system prompts you to specify the
target IP address and several other command parameters. After
specifying the target IP address, you can specify alternate values for
the remaining parameters or accept the displayed default for each
parameter.
Note
Example:
RP/0/RSP0/CPU0:router# traceroute
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
130 OL-26068-02
Implementing Host Services and Applications
Checking Packet RoutesConfiguring Domain Services
This task allows you to configure domain services.
Before You Begin
DNS-based hostname-to-address translation is enabled by default. If hostname-to-address translation has been
disabled using the domain lookup disable command, re-enable the translation using the no domain lookup
disable command. See the Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services
Command Reference for more information on the domain lookup disable command.
SUMMARY STEPS
1. configure
2. Do one of the following:
domain name domain-name
or
domain list domain-name
3. domain name-server server-address
4. domain {ipv4 | ipv6} host host-name {ipv4address | ipv6address}
5. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Defines a default domain name used to complete unqualified
hostnames.
Step 2 Do one of the following:
domain name domain-name
or
domain list domain-name
Example:
RP/0/RSP0/CPU0:router(config)# domain name
cisco.com
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 131
Implementing Host Services and Applications
Configuring Domain ServicesCommand or Action Purpose
or
RP/0/RSP0/CPU0:router(config)# domain list
domain1.com
Specifies the address of a name server to use for name and address
resolution (hosts that supply name information).
domain name-server server-address
Example:
RP/0/RSP0/CPU0:router(config)# domain
name-server 192.168.1.111
Step 3
You can enter up to six addresses, but only one for each
command.
Note
(Optional) Defines a static hostname-to-address mapping in the host
cache using IPv4 or IPv6 .
domain {ipv4 | ipv6} host host-name
{ipv4address | ipv6address}
Step 4
Example:
RP/0/RSP0/CPU0:router(config)# domain ipv4
host1 192.168.7.18
You can bind up to eight additional associated addresses to
a hostname.
Note
Step 5 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Configuring a Router as a TFTP Server
This task allows you to configure the router as a TFTP server so other devices acting as TFTP clients are able
to read and write files from and to the router under a specific directory, such as slot0:, /tmp, and so on (TFTP
home directory).
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
132 OL-26068-02
Implementing Host Services and Applications
Configuring a Router as a TFTP ServerNote For security reasons, the TFTP server requires that a file must already exist for a write request to succeed.
Before You Begin
The server and client router must be able to reach each other before the TFTP function can be implemented.
Verify this connection by testing the connection between the server and client router (in either direction) using
the ping command.
SUMMARY STEPS
1. configure
2. tftp {ipv4 | ipv6} server {homedir tftp-home-directory} {max-servers number} [access-list name]
3. Use one of these commands:
end
commit
4. show cinetd services
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
tftp {ipv4 | ipv6} server {homedir Specifies:
tftp-home-directory} {max-servers number}
[access-list name]
Step 2
IPv4 or IPv6 address prefixes (required)
Example:
RP/0/RSP0/CPU0:router(config)# tftp
Home directory (required)
Maximum number of concurrent TFTP servers (required)
Name of the associated access list (optional)
ipv4 server access-list listA homedir
disk0
Step 3 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 133
Implementing Host Services and Applications
Configuring a Router as a TFTP ServerCommand or Action Purpose
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Displays the network service for each process. The service column shows
TFTP if the TFTP server is configured.
show cinetd services
Example:
RP/0/RSP0/CPU0:router# show cinetd
services
Step 4
Configuring a Router to Use rcp Connections
This task allows you to configure a router to use rcp.
Before You Begin
For the rcp copy request to execute successfully, an account must be defined on the network server for the
remote username.
If you are reading or writing to the server, the rcp server must be properly configured to accept the rcp read/write
request from the user on the router. For UNIX systems, you must add an entry to the hosts file for the remote
user on the rcp server.
SUMMARY STEPS
1. configure
2. rcp client username username
3. rcp client source-interface type interface-path-id
4. Use one of these commands:
end
commit
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
134 OL-26068-02
Implementing Host Services and Applications
Configuring a Router to Use rcp ConnectionsDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the name of the remote user on the rcp server. This name is used
when a remote copy using rcp is requested. If the rcp server has a directory
rcp client username username
Example:
RP/0/RSP0/CPU0:router(config)# rcp
client username netadmin1
Step 2
structure, all files and images to be copied are searched for or written
relative to the directory in the remote user account.
rcp client source-interface type Sets the IP address of an interface as the source for all rcp connections.
interface-path-id
Step 3
Example:
RP/0/RSP0/CPU0:router(config)# rcp
client source-interface
gigabitethernet 1/0/2/1
Step 4 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exitsthe configuration session and returnsthe router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Troubleshooting Tips
When using rcp to copy any file from a source to a destination, use the following path format:
copy rcp
:
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 135
Implementing Host Services and Applications
Configuring a Router to Use rcp Connections//username
@
{
hostname
|
ipaddress
}/
directory-path
/
pie-name target-device
When using an IPv6 rcp server, use the following path format:
copy rcp
:
//username
@
[ipv6-address]/
directory-path
/
pie-name
See the copy command in the Cisco ASR 9000 Series Aggregation Services Router System Management
Command Reference for detailed information on using rcp protocol with the copy command.
Configuring a Router to Use FTP Connections
This task allows you to configure the router to use FTP connections for transferring files between systems on
the network. With the the Cisco ASR 9000 Series Routerimplementation of FTP, you can set the following
FTP characteristics:
Passive-mode FTP
Password
IP address
SUMMARY STEPS
1. configure
2. ftp client passive
3. ftp client anonymous-password password
4. ftp client source-interface type interface-path-id
5. Use one of these commands:
end
commit
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
136 OL-26068-02
Implementing Host Services and Applications
Configuring a Router to Use FTP ConnectionsDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
ftp client passive Allows the software to use only passive FTP connections.
Example:
RP/0/RSP0/CPU0:router(config)# ftp client
passive
Step 2
ftp client anonymous-password password Specifies the password for anonymous users.
Example:
RP/0/RSP0/CPU0:router(config)# ftp client
anonymous-password xxxx
Step 3
ftp clientsource-interface type interface-path-id Specifies the source IP address for FTP connections.
Example:
RP/0/RSP0/CPU0:router(config)# ftp client
source-interface gigabitethernet 0/1/2/1
Step 4
Step 5 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 4.2.x
OL-26068-02 137
Implementing Host Services and Applications
Configuring a Router to Use FTP ConnectionsTroubleshooting Tips
When using FTP to copy any file from a source to a destination, use the following path format:
copy ftp
://
username:password
@
{
hostname
|
ipaddress
}/
directory-path
/
pie-name target-device
When using an IPv6 FTP server, use the following path format:
copy ftp
:
//username
:
password
@
[ipv6-address]/
directory-path
/
pie-name
If unsafe or reserved characters appear in the username, password, hostname, and so on, they have to be
encoded (RFC 1738).
The following characters are unsafe:
<, >, #, % {, }, |, , ~, [, ], and
The following characters are reserved:
:, / ?, :, @, and &
The directory-path is a relative path to the home directory of the user. The slash (/) has to be encoded as
%2f to specify the absolute path. For example:
ftp://user:password@hostname/%2fTFTPboot/directory/pie-name
See the copy command in the Cisco ASR 9000 Series Aggregation Services Router System Management
Command Reference for detailed information on using FTP protocol with the copy command.
Configuring a Router to Use TFTP Connections
This task allows you to configure a router to use TFTP connections. You must specify the source IP address
for a TFTP connection.
Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release
4.2.x
138 OL-26068-02
Implementing Host Services and Applications
Configuring a Router to Use TFTP Connections
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Cisco ASR 9000 Aggregation Services
Router Interfaces and Hardware
Component Configuration Guide
Cisco IOS XR Software Release 4.2.x
Text Part Number: OL-26061-02THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the
document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
Cisco ASR 9000 Aggregation Services Router Interfaces and Hardware Component Configuration Guide
© 2010-2011 Cisco Systems, Inc. All rights reserved.HC-iii
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
C O N T E N T S
Preface HC-xxix
Changes to This Document HC-xxix
Obtaining Documentation and Submitting a Service Request HC-xxix
Preconfiguring Physical Interfaces on the Cisco ASR 9000 Series Router HC-1
Contents HC-2
Prerequisites for Preconfiguring Physical Interfaces HC-2
Information About Preconfiguring Physical Interfaces HC-2
Physical Interface Preconfiguration Overview HC-2
Benefits of Interface Preconfiguration HC-3
Use of the Interface Preconfigure Command HC-3
Active and Standby RSPs and Virtual Interface Configuration HC-4
How to Preconfigure Physical Interfaces HC-4
Configuration Examples for Preconfiguring Physical Interfaces HC-6
Preconfiguring an Interface: Example HC-6
Additional References HC-7
Related Documents HC-7
Standards HC-7
MIBs HC-7
RFCs HC-7
Technical Assistance HC-8
Advanced Configuration and Modification of the Management Ethernet Interface on the
Cisco ASR 9000 Series Router HC-9
Contents HC-9
Prerequisites for Configuring Management Ethernet Interfaces HC-10
Information About Configuring Management Ethernet Interfaces HC-10
Default Interface Settings HC-10
How to Perform Advanced Management Ethernet Interface Configuration HC-11
Configuring a Management Ethernet Interface HC-11
Configuring the Duplex Mode for a Management Ethernet Interface HC-13
Configuring the Speed for a Management Ethernet Interface HC-14
Modifying the MAC Address for a Management Ethernet Interface HC-16
Verifying Management Ethernet Interface Configuration HC-17Contents
HC-iv
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Configuration Examples for Management Ethernet Interfaces HC-18
Configuring a Management Ethernet Interface: Example HC-18
Additional References HC-19
Related Documents HC-19
Standards HC-19
MIBs HC-19
RFCs HC-19
Technical Assistance HC-20
Configuring Ethernet Interfaces on the Cisco ASR 9000 Series Router HC-21
Contents HC-23
Prerequisites for Configuring Ethernet Interfaces HC-23
Information About Configuring Ethernet HC-24
16-Port 10-Gigabit Ethernet SFP+ Line Card HC-24
Features HC-24
Restrictions HC-25
Default Configuration Values for Gigabit Ethernet and 10-Gigabit Ethernet HC-25
Layer 2 VPN on Ethernet Interfaces HC-26
Gigabit Ethernet Protocol Standards Overview HC-27
IEEE 802.3 Physical Ethernet Infrastructure HC-27
IEEE 802.3ab 1000BASE-T Gigabit Ethernet HC-27
IEEE 802.3z 1000 Mbps Gigabit Ethernet HC-27
IEEE 802.3ae 10 Gbps Ethernet HC-27
IEEE 802.3ba 100 Gbps Ethernet HC-28
MAC Address HC-28
MAC Accounting HC-28
Ethernet MTU HC-28
Flow Control on Ethernet Interfaces HC-29
802.1Q VLAN HC-29
VRRP HC-29
HSRP HC-29
Link Autonegotiation on Ethernet Interfaces HC-30
Subinterfaces on the Cisco ASR 9000 Series Router HC-30
Layer 2, Layer 3, and EFP's HC-33
Enhanced Performance Monitoring for Layer 2 Subinterfaces (EFPs) HC-35
Frequency Synchronization and SyncE HC-36
How to Configure Ethernet HC-37
Configuring Ethernet Interfaces HC-37
Configuring Gigabit Ethernet Interfaces HC-38
What to Do Next HC-40Contents
HC-v
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Configuring MAC Accounting on an Ethernet Interface HC-41
Configuring a L2VPN Ethernet Port HC-43
What to Do Next HC-44
Configuring Frequency Synchronization and SyncE HC-44
Global Configuration HC-45
Line Interface Configuration HC-46
Configuration Examples for Ethernet HC-47
Configuring an Ethernet Interface: Example HC-47
Configuring MAC-Accounting: Example HC-48
Configuring a Layer 2 VPN AC: Example HC-48
Clock Interface Configuration: Example HC-49
Enabling an Interface for Frequency Synchronization: Example HC-49
Where to Go Next HC-49
Additional References HC-49
Related Documents HC-49
Standards HC-50
MIBs HC-50
RFCs HC-50
Technical Assistance HC-50
Configuring Ethernet OAM on the Cisco ASR 9000 Series Router HC-51
Contents HC-53
Prerequisites for Configuring Ethernet OAM HC-53
Information About Configuring Ethernet OAM HC-54
Ethernet Link OAM HC-54
Neighbor Discovery HC-55
Link Monitoring HC-55
MIB Retrieval HC-55
Miswiring Detection (Cisco-Proprietary) HC-55
Remote Loopback HC-55
SNMP Traps HC-55
Unidirectional Link Fault Detection HC-55
Ethernet CFM HC-56
Maintenance Domains HC-57
Services HC-59
Maintenance Points HC-59
CFM Protocol Messages HC-62
MEP Cross-Check HC-69
Configurable Logging HC-70Contents
HC-vi
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
EFD HC-70
Flexible VLAN Tagging for CFM HC-71
CFM on MC-LAG HC-72
Ethernet SLA (Y.1731 Performance Monitoring) HC-75
Ethernet SLA Concepts HC-76
Statistics Measurement and Ethernet SLA Operations Overview HC-78
Configuration Overview of Scheduled Ethernet SLA Operations HC-79
Ethernet LMI HC-79
E-LMI Messaging HC-80
Cisco-Proprietary Remote UNI Details Information Element HC-81
E-LMI Operation HC-81
Supported E-LMI PE Functions on the Cisco ASR 9000 Series Router HC-81
Unsupported E-LMI Functions HC-82
Unidirectional Link Detection Protocol HC-83
UDLD Operation HC-83
Types of Fault Detection HC-83
UDLD Modes of Operation HC-84
UDLD Aging Mechanism HC-84
State Machines HC-84
How to Configure Ethernet OAM HC-85
Configuring Ethernet Link OAM HC-85
Configuring an Ethernet OAM Profile HC-85
Attaching an Ethernet OAM Profile to an Interface HC-91
Configuring Ethernet OAM at an Interface and Overriding the Profile Configuration HC-92
Verifying the Ethernet OAM Configuration HC-93
Configuring Ethernet CFM HC-94
Configuring a CFM Maintenance Domain HC-94
Configuring Services for a CFM Maintenance Domain HC-96
Enabling and Configuring Continuity Check for a CFM Service HC-97
Configuring Automatic MIP Creation for a CFM Service HC-99
Configuring Cross-Check on a MEP for a CFM Service HC-101
Configuring Other Options for a CFM Service HC-103
Configuring CFM MEPs HC-105
Configuring Y.1731 AIS HC-107
Configuring EFD for a CFM Service HC-111
Configuring Flexible VLAN Tagging for CFM HC-112
Verifying the CFM Configuration HC-114
Troubleshooting Tips HC-114
Configuring Ethernet SLA HC-116
Ethernet SLA Configuration Guidelines HC-116Contents
HC-vii
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Configuring an SLA Operation Profile HC-116
Configuring SLA Probe Parameters in a Profile HC-117
Configuring SLA Statistics Measurement in a Profile HC-119
Configuring a Schedule for an SLA Operation Probe in a Profile HC-121
Configuring an SLA Operation HC-123
Configuring an On-Demand SLA Operation HC-124
Verifying SLA Configuration HC-126
Configuring Ethernet LMI HC-126
Prerequisites for Configuring E-LMI HC-127
Restrictions for Configuring E-LMI HC-127
Creating EVCs for E-LMI HC-127
Configuring Ethernet CFM for E-LMI HC-131
Configuring UNI Names on the Physical Interface HC-133
Enabling E-LMI on the Physical Interface HC-134
Configuring the Polling Verification Timer HC-136
Configuring the Status Counter HC-137
Disabling Syslog Messages for E-LMI Errors or Events HC-139
Disabling Use of the Cisco-Proprietary Remote UNI Details Information Element HC-140
Verifying the Ethernet LMI Configuration HC-142
Troubleshooting Tips for E-LMI Configuration HC-142
Configuring UDLD HC-144
Configuration Examples for Ethernet OAM HC-146
Configuration Examples for EOAM Interfaces HC-146
Configuring an Ethernet OAM Profile Globally: Example HC-146
Configuring Ethernet OAM Features on an Individual Interface: Example HC-147
Configuring Ethernet OAM Features to Override the Profile on an Individual Interface:
Example HC-147
Configuring a Remote Loopback on an Ethernet OAM Peer: Example HC-148
Clearing Ethernet OAM Statistics on an Interface: Example HC-148
Enabling SNMP Server Traps on a Router: Example HC-148
Configuration Examples for Ethernet CFM HC-148
Ethernet CFM Domain Configuration: Example HC-149
Ethernet CFM Service Configuration: Example HC-149
Flexible Tagging for an Ethernet CFM Service Configuration: Example HC-149
Continuity Check for an Ethernet CFM Service Configuration: Example HC-149
MIP Creation for an Ethernet CFM Service Configuration: Example HC-149
Cross-check for an Ethernet CFM Service Configuration: Example HC-149
Other Ethernet CFM Service Parameter Configuration: Example HC-150
MEP Configuration: Example HC-150
Ethernet CFM Show Command: Examples HC-150Contents
HC-viii
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
AIS for CFM Configuration: Examples HC-153
AIS for CFM Show Commands: Examples HC-154
EFD Configuration: Examples HC-158
Displaying EFD Information: Examples HC-158
Configuration Examples for Ethernet SLA HC-159
Ethernet SLA Profile Type Configuration: Examples HC-160
Ethernet SLA Probe Configuration: Examples HC-160
Profile Statistics Measurement Configuration: Examples HC-161
Scheduled SLA Operation Probe Configuration: Examples HC-162
Ethernet SLA Operation Probe Scheduling and Aggregation Configuration: Example HC-162
Ongoing Ethernet SLA Operation Configuration: Example HC-163
On-Demand Ethernet SLA Operation Basic Configuration: Examples HC-164
Ethernet SLA Show Commands: Examples HC-164
Configuration Example for Ethernet LMI HC-167
Where to Go Next HC-168
Additional References HC-168
Related Documents HC-168
Standards HC-169
MIBs HC-169
RFCs HC-169
Technical Assistance HC-169
Configuring Integrated Routing and Bridging on the Cisco ASR 9000 Series Router HC-171
Contents HC-173
Prerequisites for Configuring IRB HC-173
Restrictions for Configuring IRB HC-173
Information About Configuring IRB HC-175
IRB Introduction HC-175
Bridge-Group Virtual Interface HC-176
BVI Introduction HC-176
Supported Features on a BVI HC-177
BVI MAC Address HC-177
BVI Interface and Line Protocol States HC-177
Packet Flows Using IRB HC-177
Packet Flows When Host A Sends to Host B on the Bridge Domain HC-178
Packet Flows When Host A Sends to Host C From the Bridge Domain to a Routed
Interface HC-178
Packet Flows When Host C Sends to Host B From a Routed Interface to the Bridge
Domain HC-179
Supported Environments for IRB HC-179Contents
HC-ix
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Additional IPv4-Specific Environments Supported for IRB HC-180
Additional IPv6-Specific Environments Supported for IRB HC-180
How to Configure IRB HC-181
Configuring the Bridge Group Virtual Interface HC-181
Configuration Guidelines HC-181
Configuring the Layer 2 AC Interfaces HC-183
Prerequisites HC-183
Configuring a Bridge Group and Assigning Interfaces to a Bridge Domain HC-185
Associating the BVI as the Routed Interface on a Bridge Domain HC-187
Displaying Information About a BVI HC-189
Configuration Examples for IRB HC-189
Basic IRB Configuration: Example HC-189
IRB Using ACs With VLANs: Example HC-190
IPv4 Addressing on a BVI Supporting Multiple IP Networks: Example HC-190
Comprehensive IRB Configuration with BVI Bundle Interfaces and Multicast Configuration:
Example HC-191
IRB With BVI and VRRP Configuration: Example HC-192
6PE/6VPE With BVI Configuration: Example HC-192
Additional References HC-194
Related Documents HC-194
Standards HC-195
MIBs HC-195
RFCs HC-195
Technical Assistance HC-195
Configuring Link Bundling on the Cisco ASR 9000 Series Router HC-197
Contents HC-198
Prerequisites for Configuring Link Bundling HC-198
Prerequisites for Configuring Link Bundling on Cisco ASR 9000 Series Router HC-199
Information About Configuring Link Bundling HC-199
Link Bundling Overview HC-200
Features and Compatible Characteristics of Ethernet Link Bundles HC-200
Characteristics of POS Link Bundles in Cisco ASR 9000 Series Router HC-201
Restrictions of POS Link Bundles in Cisco ASR 9000 Series Router HC-202
Link Aggregation Through LACP HC-202
IEEE 802.3ad Standard HC-202
Multichassis Link Aggregation HC-203
Failure Cases HC-203
Interchassis Communication Protocol HC-204
Access Network Redundancy Model HC-205Contents
HC-x
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Core Network Redundancy Model HC-206
Switchovers HC-207
MC-LAG Topologies HC-208
Load Balancing HC-210
Layer 2 Ingress Load Balancing on Link Bundles HC-210
Layer 3 Egress Load Balancing on Link Bundles HC-211
Dynamic Load Balancing for LAG HC-212
QoS and Link Bundling HC-212
VLANs on an Ethernet Link Bundle HC-212
Link Bundle Configuration Overview HC-213
Nonstop Forwarding During Card Failover HC-213
Link Failover HC-214
Multi-Gigabit Service Control Point HC-214
How to Configure Link Bundling HC-215
Configuring Ethernet Link Bundles HC-215
Configuring EFP Load Balancing on an Ethernet Link Bundle HC-216
Configuring VLAN Bundles HC-218
Configuring POS Link Bundles HC-219
Configuring Multichassis Link Aggregation HC-223
Configuring Interchassis Communication Protocol HC-223
Configuring Multichassis Link Aggregation Control Protocol Session HC-226
Configuring Multichassis Link Aggregation Control Protocol Bundle HC-228
Configuring Dual-Homed Device HC-230
Configuring Access Backup Pseudowire HC-232
Configuring One-way Pseudowire Redundancy in MC-LAG HC-235
Configuring VPWS Cross-Connects in MC-LAG HC-237
Configuring VPLS in MC-LAG HC-240
How to Configure MGSCP HC-242
Prerequisites for Configuring MGSCP HC-242
Restrictions for Configuring MGSCP HC-243
Configuring the Access Bundle for the Subscriber-Facing Side HC-244
Configuring the Network Bundle for the Core-Facing Side HC-246
Configuring the Bundle Member Interfaces HC-248
Configuring VRFs to Route Traffic to the Bundles HC-249
Configuring VRFs with Static Routing HC-249
Configuring VRFs with Dynamic Routing HC-250
Configuration Examples for Link Bundling HC-250
Example: Configuring an Ethernet Link Bundle HC-250
Example: Configuring a VLAN Link Bundle HC-251Contents
HC-xi
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Example: Configuring a POS Link Bundle HC-251
Example: Configuring EFP Load Balancing on an Ethernet Link Bundle HC-252
Example: Configuring Multichassis Link Aggregation HC-252
Configuration Examples for MGSCP HC-256
Example: Configuring Bundle Interfaces and Member Links HC-257
Examples: Configuring VRFs to Route Traffic to the Bundles HC-258
Example: Configuring VRFs with Static Routing HC-258
Example: Configuring VRFs with OSPF Routing HC-259
Example: Configuring MGSCP with ABF to Route Traffic to the Bundles HC-260
Additional References HC-261
Related Documents HC-261
Standards HC-261
MIBs HC-261
RFCs HC-262
Technical Assistance HC-262
Configuring Traffic Mirroring on the Cisco ASR 9000 Series Router HR-263
Contents HR-263
Restrictions for Traffic Mirroring HR-263
Performance Impact with Traffic Mirroring HR-264
Information about Traffic Mirroring HR-264
Introduction to Traffic Mirroring HR-264
Implementing Traffic Mirroring on the Cisco ASR 9000 Series Router HR-265
Traffic Mirroring Terminology HR-265
Characteristics of the Source Port HR-266
Characteristics of the Monitor Session HR-266
Characteristics of the Destination Port HR-267
Supported Traffic Mirroring Types HR-267
Pseudowire Traffic Mirroring HR-268
ACL-Based Traffic Mirroring HR-269
Configuring Traffic Mirroring HR-269
How to Configure Local Traffic Mirroring HR-269
How to Configure Remote Traffic Mirroring HR-271
How to Configure Traffic Mirroring over Pseudowire HR-273
How to Configure ACL-Based Traffic Mirroring HR-277
Prerequisites HR-277
Troubleshooting ACL-Based Traffic Mirroring HR-280
How to Configure Partial Packet Mirroring HR-280
Traffic Mirroring Configuration Examples HR-282Contents
HC-xii
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Traffic Mirroring with Physical Interfaces (Local): Example HR-282
Traffic Mirroring with EFPs (Remote): Example HR-283
Viewing Monitor Session Status: Example HR-283
Monitor Session Statistics: Example HR-284
Traffic Mirroring over Pseudowire: Example HR-285
Layer 3 ACL-Based Traffic Mirroring: Example HR-285
Layer 2 ACL-Based Traffic Mirroring: Example HR-285
Partial Packet Mirroring: Example HR-286
Troubleshooting Traffic Mirroring HR-286
Where to Go Next HR-289
Additional References HR-289
Related Documents HR-289
Standards HR-289
MIBs HR-290
RFCs HR-290
Technical Assistance HR-290
Configuring Virtual Loopback and Null Interfaces on the Cisco ASR 9000 Series Router HC-291
Contents HC-291
Prerequisites for Configuring Virtual Interfaces HC-292
Information About Configuring Virtual Interfaces HC-292
Virtual Loopback Interface Overview HC-292
Null Interface Overview HC-292
Virtual Management Interface Overview HC-293
Active and Standby RPs and Virtual Interface Configuration HC-293
How to Configure Virtual Interfaces HC-294
Configuring Virtual Loopback Interfaces HC-294
Restrictions HC-294
Configuring Null Interfaces HC-295
Configuring Virtual IPv4 IPV4 Interfaces HC-296
Configuration Examples for Virtual Interfaces HC-297
Configuring a Loopback Interface: Example HC-298
Configuring a Null Interface: Example HC-298
Configuring a Virtual IPv4 Interface: Example HC-298
Additional References HC-299
Related Documents HC-299
Standards HC-299
MIBs HC-300
RFCs HC-300Contents
HC-xiii
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Technical Assistance HC-300
Configuring Channelized SONET/SDH on the Cisco ASR 9000 Series Router HC-301
Contents HC-301
Prerequisites for Configuring Channelized SONET/SDH HC-301
Information About Configuring Channelized SONET/SDH HC-302
Channelized SONET Overview HC-302
Channelized SDH Overview HC-307
Default Configuration Values for Channelized SONET/SDH HC-310
How to Configure Channelized SONET/SDH HC-311
Configuring SONET T3 and VT1.5-Mapped T1 Channels HC-311
Prerequisites HC-311
Restrictions HC-311
Configuring Packet over SONET Channels HC-316
Prerequisites HC-316
Configuring a Clear Channel SONET Controller for T3 HC-319
Prerequisites HC-319
Configuring Channelized SONET APS HC-322
Prerequisites HC-322
Restrictions HC-323
Configuring SDH AU-3 HC-325
Configuring SDH AU-3 Mapped to C11-T1 or C12-E1 HC-325
Configuring SDH AU-3 Mapped to T3 or E3 HC-329
Configuring SDH AU-4 HC-333
Prerequisites HC-333
Restrictions HC-333
Configuration Examples for Channelized SONET HC-338
Channelized SONET Examples HC-338
Channelized SONET T3 to T1 Configuration: Example HC-338
Channelized SONET in VT1.5 Mode and T1 Channelization to NxDS0 HC-338
Channelized Packet over SONET Configuration: Example HC-339
SONET Clear Channel T3 Configuration: Example HC-339
Channelized SONET APS Multirouter Configuration: Example HC-339
Channelized SDH Examples HC-340
Channelized SDH AU-3 Configuration: Examples HC-340
Channelized SDH AU-4 Configuration: Examples HC-341
Additional References HC-344
Related Documents HC-344
Standards HC-344Contents
HC-xiv
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
MIBs HC-345
RFCs HC-345
Technical Assistance HC-345
Configuring Circuit Emulation over Packet on the Cisco ASR 9000 Series Router HC-347
Contents HC-347
Prerequisites for Configuration HC-347
Overview of Circuit Emulation over Packet Service HC-348
Information About Configuring CEoP Channelized SONET/SDH HC-349
Channelized SONET and SDH Overview HC-349
Default Configuration Values for Channelized SONET/SDH HC-353
Clock Distribution HC-354
How to implement CEM HC-355
Configuring SONET VT1.5-Mapped T1 Channels and Creating CEM Interface HC-356
Prerequisites HC-356
Configuring SDH AU-3 Mapped to C11-T1 or C12-E1 HC-359
Configuring SDH AU-3 Mapped to C11-T1 and Creating CEM Interface HC-359
Configuring SDH AU-3 Mapped to C12-E1 and Creating CEM Interface HC-362
Configuring CEM Interface HC-365
Configuration Guidelines and Restrictions HC-366
Configuring a Global CEM Class HC-366
Attaching a CEM Class HC-368
HC-369
Configuring Payload Size HC-370
Setting the Dejitter Buffer Size HC-370
Setting an Idle Pattern HC-371
Enabling Dummy Mode HC-371
Setting a Dummy Pattern HC-371
Configuring Clocking HC-373
Configuring Clock Recovery HC-373
Verifying Clock recovery HC-375
Configuration Examples for CEM HC-376
Circuit Emulation Interface Configuration: Examples HC-376
Channelized Sonet / SDH Configurations and CEM Interface Creation HC-376
Clock Recovery : Example HC-378
Adaptive Clock Recovery Configuration: HC-378
Differential Clock Recovery Configuration: HC-378
Additional References HC-379
Related Documents HC-379Contents
HC-xv
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Standards HC-379
MIBs HC-380
RFCs HC-380
Technical Assistance HC-380
Configuring Clear Channel SONET Controllers on the Cisco ASR 9000 Series Router HC-381
Contents HC-382
Prerequisites for Configuring Clear Channel SONET Controllers HC-382
Information About Configuring SONET Controllers HC-382
SONET Controller Overview HC-382
Default Configuration Values for SONET Controllers HC-383
SONET APS HC-384
How to Configure Clear Channel SONET Controllers HC-384
Configuring a Clear Channel SONET Controller HC-385
Prerequisites HC-385
Configuring SONET APS HC-388
Prerequisites HC-388
Restrictions HC-388
Configuring a Hold-off Timer to Prevent Fast Reroute from Being Triggered HC-393
Prerequisites HC-393
Configuration Examples for SONET Controllers HC-395
SONET Controller Configuration: Example HC-395
SONET APS Group Configuration: Example HC-395
Additional References HC-396
Related Documents HC-396
Standards HC-396
MIBs HC-396
RFCs HC-396
Technical Assistance HC-397
Configuring Clear Channel T3/E3 and Channelized T3 and T1/E1 Controllers on the
Cisco ASR 9000 Series Router HC-399
Contents HC-400
Prerequisites for Configuring T3/E3 Controllers HC-400
Information About T3/E3 Controllers and Serial Interfaces HC-400
Loopback Support HC-404
Configuration Overview HC-406
Default Configuration Values for T3 and E3 Controllers HC-406
Default Configuration Values for T1 and E1 Controllers HC-407
Link Noise Monitoring on T1 or E1 Links HC-408Contents
HC-xvi
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
LNM Events HC-408
LNM Logging HC-409
How to Configure Clear Channel T3/E3 Controllers and Channelized T1/E1 Controllers HC-409
Configuring a Clear Channel E3 Controller HC-409
Restrictions HC-409
What to Do Next HC-411
Modifying the Default E3 Controller Configuration HC-411
Prerequisites HC-411
Restrictions HC-412
What to Do Next HC-413
Configuring a Clear Channel T3 Controller HC-414
Prerequisites HC-414
Restrictions HC-414
What to Do Next HC-415
Configuring a Channelized T3 Controller HC-415
Prerequisites HC-416
What to Do Next HC-417
Modifying the Default T3 Controller Configuration HC-418
Prerequisites HC-418
What to Do Next HC-421
Configuring a T1 Controller HC-421
Prerequisites HC-421
Restrictions HC-422
What to Do Next HC-425
Configuring an E1 Controller HC-425
Prerequisites HC-425
Restrictions HC-426
What to Do Next HC-429
Configuring BERT HC-429
Configuring BERT on T3/E3 and T1/E1 Controllers HC-430
Prerequisites HC-430
Restrictions HC-430
Configuring BERT on a DS0 Channel Group HC-433
Prerequisites HC-433
Configuring Link Noise Monitoring on a T1 or E1 Channel HC-436
Prerequisites HC-436
Restrictions HC-436
Verifying Link Noise Monitoring Configuration and Status HC-438
Clearing Link Noise Monitoring States and Statistics HC-439
Configuration Examples HC-439Contents
HC-xvii
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Configuring a Clear Channel T3 Controller: Example HC-440
Configuring a T3 Controller with Channelized T1 Controllers: Example HC-440
Configuring BERT on a T3 Controller: Example HC-441
Configuring Link Noise Monitoring on a T1 Controller: Examples HC-442
QoS on T3 Channels: Example HC-443
Additional References HC-443
Related Documents HC-443
Standards HC-444
MIBs HC-444
RFCs HC-444
Technical Assistance HC-445
Configuring Dense Wavelength Division Multiplexing Controllers on the
Cisco ASR 9000 Series Router HC-447
Contents HC-447
Prerequisites for Configuring DWDM Controller Interfaces HC-448
Information About the DWDM Controllers HC-448
Information about IPoDWDM HC-449
How to Configure DWDM Controllers HC-450
Configuring G.709 Parameters HC-450
Prerequisites HC-450
What to Do Next HC-452
How to Perform Performance Monitoring on DWDM Controllers HC-453
Configuring DWDM Controller Performance Monitoring HC-453
Configuring IPoDWDM HC-457
Configuring the Optical Layer DWDM Ports HC-457
Configuring the Administrative State of DWDM Optical Ports HC-459
Configuring Proactive FEC-FRR Triggering HC-461
Configuration Examples HC-463
Turning On the Laser: Example HC-463
Turning Off the Laser: Example HC-464
DWDM Controller Configuration: Examples HC-464
DWDM Performance Monitoring: Examples HC-464
IPoDWDM Configuration: Examples HC-465
Optical Layer DWDM Port Configuration: Examples HC-465
Administrative State of DWDM Optical Ports Configuration: Examples HC-465
Proactive FEC-FRR Triggering Configuration: Examples HC-466
Additional References HC-466
Related Documents HC-466Contents
HC-xviii
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Standards HC-466
MIBs HC-466
RFCs HC-467
Technical Assistance HC-467
Configuring POS Interfaces onthe Cisco ASR 9000 Series Router HC-469
Contents HC-469
Prerequisites for Configuring POS Interfaces HC-470
Information About Configuring POS Interfaces HC-470
Default Settings for POS Interfaces HC-470
Cisco HDLC Encapsulation HC-471
PPP Encapsulation HC-471
Keepalive Timer HC-472
Frame Relay Encapsulation HC-473
LMI on Frame Relay Interfaces HC-474
How to Configure a POS Interface HC-475
Bringing Up a POS Interface HC-475
Prerequisites HC-475
Restrictions HC-475
What to Do Next HC-478
Configuring Optional POS Interface Parameters HC-478
Prerequisites HC-478
Restrictions HC-478
What to Do Next HC-480
Creating a Point-to-Point POS Subinterface with a PVC HC-480
Prerequisites HC-480
Restrictions HC-480
What to Do Next HC-482
Configuring Optional PVC Parameters HC-482
Prerequisites HC-483
Restrictions HC-483
What to Do Next HC-485
Modifying the Keepalive Interval on POS Interfaces HC-485
Prerequisites HC-485
Restrictions HC-485
How to Configure a Layer 2 Attachment Circuit HC-487
Creating a Layer 2 Frame Relay Subinterface with a PVC HC-488
Prerequisites HC-488
Restrictions HC-488
What to Do Next HC-489Contents
HC-xix
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Configuring Optional Layer 2 PVC Parameters HC-490
Prerequisites HC-490
Configuring Optional Layer 2 Subinterface Parameters HC-492
Prerequisites HC-492
Restrictions HC-492
Configuration Examples for POS Interfaces HC-494
Bringing Up and Configuring a POS Interface with Cisco HDLC Encapsulation: Example HC-494
Configuring a POS Interface with Frame Relay Encapsulation: Example HC-494
Configuring a POS Interface with PPP Encapsulation: Example HC-496
Additional References HC-496
Related Documents HC-496
Standards HC-497
MIBs HC-497
RFCs HC-497
Technical Assistance HC-498
Configuring Serial Interfaces on the Cisco ASR 9000 Series Router HC-499
Contents HC-501
Prerequisites for Configuring Serial Interfaces HC-501
Information About Configuring Serial Interfaces HC-502
High-Level Overview: Serial Interface Configuration on Clear-Channel SPAs HC-503
High-Level Overview: Serial Interface Configuration on Channelized SPAs HC-504
Cisco HDLC Encapsulation HC-506
PPP Encapsulation HC-506
Multilink PPP HC-507
Keepalive Timer HC-508
Frame Relay Encapsulation HC-509
LMI on Frame Relay Interfaces HC-510
Layer 2 Tunnel Protocol Version 3-Based Layer 2 VPN on Frame Relay HC-510
Default Settings for Serial Interface Configurations HC-511
Serial Interface Naming Notation HC-511
IPHC Overview HC-512
QoS and IPHC HC-513
How to Configure Serial Interfaces HC-514
Bringing Up a Serial Interface HC-514
Prerequisites HC-515
Restrictions HC-515
What to Do Next HC-518
Configuring Optional Serial Interface Parameters HC-518
Prerequisites HC-518Contents
HC-xx
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Restrictions HC-518
What to Do Next HC-520
Creating a Point-to-Point Serial Subinterface with a PVC HC-521
Prerequisites HC-521
Restrictions HC-521
What to Do Next HC-523
Configuring Optional PVC Parameters HC-524
Prerequisites HC-524
Restrictions HC-524
What to Do Next HC-526
Modifying the Keepalive Interval on Serial Interfaces HC-526
Prerequisites HC-527
Restrictions HC-527
How to Configure a Layer 2 Attachment Circuit HC-528
Creating a Serial Layer 2 Subinterface with a PVC HC-529
Prerequisites HC-529
Restrictions HC-529
What to Do Next HC-530
Configuring Optional Serial Layer 2 PVC Parameters HC-531
Prerequisites HC-531
Restrictions HC-531
What to Do Next HC-533
Configuring IPHC HC-533
Prerequisites for Configuring IPHC HC-533
Configuring the IPHC Slot Level Command HC-534
Configuring an IPHC Profile HC-536
Configuring an IPHC Profile HC-538
Enabling an IPHC Profile on an Interface HC-541
Configuration Examples for Serial Interfaces HC-542
Bringing Up and Configuring a Serial Interface with Cisco HDLC Encapsulation: Example HC-542
Configuring a Serial Interface with Frame Relay Encapsulation: Example HC-543
Configuring a Serial Interface with PPP Encapsulation: Example HC-545
IPHC Configuration: Examples HC-545
IPHC Profile Configuration: Example HC-546
IPHC on a Serial Interface Configuration: Examples HC-546
IPHC on Multilink Configuration: Example HC-546
IPHC on a Serial Interface with MLPPP/LFI and QoS Configuration: Example HC-547
Additional References HC-547
Related Documents HC-547
Standards HC-548Contents
HC-xxi
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
MIBs HC-548
RFCs HC-548
Technical Assistance HC-548
Configuring Frame Relay on the Cisco ASR 9000 Series Router HC-549
Contents HC-550
Prerequisites for Configuring Frame Relay HC-550
Information About Frame Relay Interfaces HC-550
Frame Relay Encapsulation HC-550
LMI HC-551
Multilink Frame Relay (FRF.16) HC-553
Multilink Frame Relay High Availability HC-553
Multilink Frame Relay Configuration Overview HC-553
End-to-End Fragmentation (FRF.12) HC-557
Configuring Frame Relay HC-557
Modifying the Default Frame Relay Configuration on an Interface HC-557
Prerequisites HC-557
Restrictions HC-558
Disabling LMI on an Interface with Frame Relay Encapsulation HC-560
Configuring Multilink Frame Relay Bundle Interfaces HC-562
Prerequisites HC-562
Restrictions HC-562
Configuring FRF.12 End-to-End Fragmentation on a Channelized Frame Relay Serial
Interface HC-568
Configuration Examples for Frame Relay HC-572
Optional Frame Relay Parameters: Example HC-573
Multilink Frame Relay: Example HC-575
End-to-End Fragmentation: Example HC-576
Additional References HC-576
Related Documents HC-577
Standards HC-577
MIBs HC-577
RFCs HC-577
Technical Assistance HC-578
Configuring PPP on the Cisco ASR 9000 Series Router HC-579
Contents HC-580
Prerequisites for Configuring PPP HC-580
Information About PPP HC-581
PPP Authentication HC-581Contents
HC-xxii
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
PAP Authentication HC-582
CHAP Authentication HC-582
MS-CHAP Authentication HC-582
Multilink PPP HC-582
MLPPP Feature Summary HC-583
IPHC Over MLPPP HC-583
ICSSO for PPP and MLPPP HC-584
Multi-Router Automatic Protection Switching (MR-APS) HC-584
Session State Redundancy Protocol (SSRP) HC-584
Redundancy Group Manager (RG-MGR) HC-585
IP Fast Reroute (IP-FRR) HC-585
VPN Routing And Forwarding (VRF) HC-585
Open Shortest Path First (OSPF) HC-586
ICSSO Configuration Overview HC-586
Multiclass MLPPP with QoS HC-586
T3 SONET Channels HC-587
How to Configure PPP HC-588
Modifying the Default PPP Configuration HC-588
Prerequisites HC-588
Configuring PPP Authentication HC-591
Enabling PAP, CHAP, and MS-CHAP Authentication HC-591
Prerequisites HC-591
Where To Go Next HC-593
Configuring a PAP Authentication Password HC-594
Configuring a CHAP Authentication Password HC-596
Configuring an MS-CHAP Authentication Password HC-598
Disabling an Authentication Protocol HC-599
Disabling PAP Authentication on an Interface HC-599
Disabling CHAP Authentication on an Interface HC-601
Disabling MS-CHAP Authentication on an Interface HC-602
Configuring Multilink PPP HC-604
Prerequisites HC-604
Restrictions HC-604
Configuring the Controller HC-604
Configuring the Interfaces HC-607
Configuring MLPPP Optional Features HC-610
Configuring ICSSO for PPP and MLPPP HC-612
Prerequisites HC-612
Restrictions HC-613
Configuring a Basic ICSSO Implementation HC-613Contents
HC-xxiii
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Configuring MR-APS HC-614
Configuring SSRP on Serial and Multilink Interfaces HC-616
Configuration Examples for PPP HC-621
Configuring a POS Interface with PPP Encapsulation: Example HC-621
Configuring a Serial Interface with PPP Encapsulation: Example HC-621
Configuring MLPPP: Example HC-622
ICSSO for PPP and MLPPP Configuration: Examples HC-622
ICSSO Configuration: Example HC-623
Channelized SONET Controller Configuration for Use with ICSSO: Example HC-623
MR-APS Configuration: Example HC-623
SSRP on Serial and Multilink Interfaces Configuration: Example HC-624
VRF on Multilink Configuration for Use with ICSSO: Example HC-625
VRF on Ethernet Configuration for Use with ICSSO: Example HC-625
OSPF Configuration for Use with ICSSO: Example HC-626
Verifying ICSSO Configuration: Examples HC-626
Verifying SSRP Groups: Example HC-626
Verifying ICSSO Status: Example HC-627
Verifying MR-APS Configuration: Example HC-627
Verifying OSPF Configuration: Example HC-628
Verifying Multilink PPP Configurations HC-629
show multilink interfaces: Examples HC-629
show ppp interfaces multilink: Example HC-631
show ppp interface serial: Example HC-632
show imds interface multilink: Example HC-632
Additional References HC-633
Related Documents HC-633
Standards HC-633
MIBs HC-633
RFCs HC-633
Technical Assistance HC-634
Configuring 802.1Q VLAN Interfaces on the Cisco ASR 9000 Series Router HC-635
Contents HC-635
Prerequisites for Configuring 802.1Q VLAN Interfaces HC-635
Information About Configuring 802.1Q VLAN Interfaces HC-636
802.1Q VLAN Overview HC-636
802.1Q Tagged Frames HC-636
CFM on 802.1Q VLAN Interfaces HC-637
Subinterfaces HC-637Contents
HC-xxiv
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Subinterface MTU HC-637
Native VLAN HC-637
EFPs HC-637
Layer 2 VPN on VLANs HC-638
Other Layer 2 VPN Features HC-639
How to Configure 802.1Q VLAN Interfaces HC-639
Configuring 802.1Q VLAN Subinterfaces HC-639
Configuring an Attachment Circuit on a VLAN HC-641
What to Do Next HC-643
Removing an 802.1Q VLAN Subinterface HC-643
Configuration Examples for VLAN Interfaces HC-645
VLAN Subinterfaces: Example HC-645
Additional References HC-647
Related Documents HC-647
Standards HC-647
MIBs HC-647
Technical Assistance HC-648
Configuring Bidirectional Forwarding Detection on the Cisco ASR 9000 Series Router HC-649
Contents HC-650
Prerequisites for Configuring BFD HC-650
Restrictions for Configuring BFD HC-651
Information About BFD HC-652
Differences in BFD in Cisco IOS XR Software and Cisco IOS Software HC-652
BFD Modes of Operation HC-653
BFD Packet Information HC-653
BFD Source and Destination Ports HC-654
BFD Packet Intervals and Failure Detection HC-654
Priority Settings for BFD Packets HC-658
BFD for IPv4 HC-658
BFD for IPv6 HC-660
BFD on Bundled VLANs HC-660
BFD Over Member Links on Link Bundles HC-660
Overview of BFD State Change Behavior on Member Links and Bundle Status HC-661
BFD Multipath Sessions HC-663
BFD for MultiHop Paths HC-663
Setting up BFD Multihop HC-663
How to Configure BFD HC-663
BFD Configuration Guidelines HC-664Contents
HC-xxv
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Configuring BFD Under a Dynamic Routing Protocol or Using a Static Route HC-664
Enabling BFD on a BGP Neighbor HC-665
Enabling BFD for OSPF on an Interface HC-667
Enabling BFD for OSPFv3 on an Interface HC-669
Enabling BFD on a Static Route HC-671
Configuring BFD on Bundle Member Links HC-673
Prerequisites HC-673
Specifying the BFD Destination Address on a Bundle HC-673
Enabling BFD Sessions on Bundle Members HC-674
Configuring the Minimum Thresholds for Maintaining an Active Bundle HC-675
Configuring BFD Packet Transmission Intervals and Failure Detection Times on a
Bundle HC-677
Configuring Allowable Delays for BFD State Change Notifications Using Timers on a
Bundle HC-679
Enabling Echo Mode to Test the Forwarding Path to a BFD Peer HC-681
Overriding the Default Echo Packet Source Address HC-681
Specifying the Echo Packet Source Address Globally for BFD HC-682
Specifying the Echo Packet Source Address on an Individual Interface or Bundle HC-683
Configuring BFD Session Teardown Based on Echo Latency Detection HC-685
Prerequisites HC-685
Restrictions HC-685
Delaying BFD Session Startup Until Verification of Echo Path and Latency HC-686
Prerequisites HC-686
Restrictions HC-686
Disabling Echo Mode HC-689
Disabling Echo Mode on a Router HC-689
Disabling Echo Mode on an Individual Interface or Bundle HC-690
Minimizing BFD Session Flapping Using BFD Dampening HC-692
Enabling and Disabling IPv6 Checksum Support HC-693
Enabling and Disabling IPv6 Checksum Calculations for BFD on a Router HC-694
Enabling and Disabling IPv6 Checksum Calculations for BFD on an Individual Interface or
Bundle HC-695
Clearing and Displaying BFD Counters HC-696
Configuration Examples for Configuring BFD HC-697
BFD Over BGP: Example HC-698
BFD Over OSPF: Examples HC-698
BFD Over Static Routes: Examples HC-699
BFD on Bundled VLANs: Example HC-699
Echo Packet Source Address: Examples HC-701
Echo Latency Detection: Examples HC-701Contents
HC-xxvi
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Echo Startup Validation: Examples HC-702
BFD Echo Mode Disable: Examples HC-702
BFD Dampening: Examples HC-702
BFD IPv6 Checksum: Examples HC-703
BFD Peers on Routers Running Cisco IOS and Cisco IOS XR Software: Example HC-703
Where to Go Next HC-704
Additional References HC-704
Related Documents HC-704
Standards HC-704
RFCs HC-705
MIBs HC-705
Technical Assistance HC-705
Configuring the Satellite Network Virtualization (nV) System on the
Cisco ASR 9000 Series Router HC-707
Contents HC-707
Prerequisites for Configuration HC-708
Overview of Satellite nV Switching System HC-708
Benefits of Satellite nV System HC-709
Overview of Port Extender Model HC-710
Features Supported in the Satellite nV System HC-711
Satellite System Physical Topology HC-711
Inter-Chassis Link Redundancy Modes and Load Balancing HC-711
Satellite Discovery and Control Protocols HC-712
Satellite Discovery and Control Protocol IP Connectivity HC-712
Layer-2 and L2VPN Features HC-712
Layer-3 and L3VPN Features HC-712
Layer-2 and Layer-3 Multicast Features HC-712
Quality of Service HC-713
Cluster Support HC-713
Time of Day Synchronization HC-713
Satellite Chassis Management HC-713
Restrictions of the Satellite nV System HC-714
Implementing a Satellite nV System HC-714
Defining the Satellite nV System HC-714
Configuring the host IP address HC-717
Configuring the Inter-Chassis Links and IP Connectivity HC-718
Configuring the Satellite nV Access Interfaces HC-720
Plug and Play Satellite nV Switch Turn up: (Rack, Plug, and Go installation) HC-721Contents
HC-xxvii
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Upgrading and Managing Satellite nV Software HC-722
Prerequisites HC-722
Installing a Satellite HC-722
Monitoring the Satellite Software HC-723
Monitoring the Satellite Protocol Status HC-724
Monitoring the Satellite Inventory HC-725
Reloading the Satellite Device HC-727
Port Level Parameters Configured on a Satellite HC-727
Configuration Examples for Satellite nV System HC-728
Satellite System Configuration: Example HC-728
Satellite Global Configuration HC-728
ICL (satellite-fabric-link) Interface Configuration HC-728
Satellite Interface Configuration HC-729
Satellite Management using private VRF HC-729
Additional References HC-730
Related Documents HC-730
Standards HC-730
MIBs HC-730
RFCs HC-731
Technical Assistance HC-731
Configuring the nV Edge System on the Cisco ASR 9000 Series Router HC-733
Contents HC-733
Prerequisites for Configuration HC-734
Overview of Cisco ASR 9000 nV Edge Architecture HC-734
Inter Rack Links on Cisco ASR 9000 Series nV Edge System HC-735
Failure Detection in Cisco ASR 9000 Series nV Edge System HC-736
Scenarios for High Availability HC-736
Benefits of Cisco ASR 9000 Series nV Edge System HC-737
Restrictions of the Cisco ASR 9000 Series nV Edge System HC-738
Implementing a Cisco ASR 9000 Series nV Edge System HC-738
Configuring Cisco ASR 9000 nV Edge System HC-738
Single Chassis to Cluster Migration HC-738
Configuration Examples for nV Edge System HC-739
nV Edge System Configuration: Example HC-739
IRL (inter-rack-link) Interface Configuration HC-739
Cisco nV Edge IRL link Support from 10Gig interface HC-740
Additional References HC-741
Related Documents HC-741Contents
HC-xxvii
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Standards HC-741
MIBs HC-742
RFCs HC-742
Technical Assistance HC-742
IndexHC-xxix
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Preface
The Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component
Configuration Guide provides information and procedures related to router interface and hardware
configuration.
The preface contains the following sections:
Changes to This Document
Obtaining Documentation and Submitting a Service Request
Changes to This Document
Table 1 lists the technical changes made to this document since it was first printed.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional
information, see the monthly Whats New in Cisco Product Documentation, which also lists all new and
revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the Whats New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS version 2.0.
Table 1 Changes to This Document
Revision Date Change Summary
OL-26061-02 June 2012 Republished with documentation updates for Cisco IOS XR
Release 4.2.1 features.
OL-26061-01 December 2011 Initial release of this document.Preface
HC-xxx
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02HC-1
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Preconfiguring Physical Interfaces on the
Cisco ASR 9000 Series Router
This module describes the preconfiguration of physical interfaces on the Cisco ASR 9000 Series
Aggregation Services Routers.
Preconfiguration is supported for the following types of interfaces and controllers:
Gigabit Ethernet
10-Gigabit Ethernet
Management Ethernet
Packet-over-SONET/SDH (POS)
Serial
SONET controllers and channelized SONET controllers
Preconfiguration allows you to configure modular services cards before they are inserted into the router.
When the cards are inserted, they are instantly configured.
The preconfiguration information is created in a different system database tree (known as the
preconfiguration directory on the route switch processor [RSP]), rather than with the regularly
configured interfaces.
There may be some preconfiguration data that cannot be verified unless the modular services card is
present, because the verifiers themselves run only on the modular services card. Such preconfiguration
data is verified when the modular services card is inserted and the verifiers are initiated. A configuration
is rejected if errors are found when the configuration is copied from the preconfiguration area to the
active area.
Note Only physical interfaces can be preconfigured.
Feature History for Preconfiguring Physical Interfaces
Release Modification
Release 3.7.2 Ethernet interface preconfiguration was introduced.
Release 4.0.0 POS interface preconfiguration was introduced.Preconfiguring Physical Interfaces on the Cisco ASR 9000 Series Router
Contents
HC-2
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Contents
Prerequisites for Preconfiguring Physical Interfaces, page 2
Information About Preconfiguring Physical Interfaces, page 2
How to Preconfigure Physical Interfaces, page 4
Configuration Examples for Preconfiguring Physical Interfaces, page 6
Additional References, page 7
Prerequisites for Preconfiguring Physical Interfaces
You must be in a user group associated with a task group that includes the proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment
is preventing you from using a command, contact your AAA administrator for assistance.
Before preconfiguring physical interfaces, be sure that the following conditions are met:
Preconfiguration drivers and files are installed. Although it may be possible to preconfigure physical
interfaces without a preconfiguration driver installed, the preconfiguration files are required to set
the interface definition file on the router that supplies the strings for valid interface names.
Information About Preconfiguring Physical Interfaces
To preconfigure interfaces, you must understand the following concepts:
Physical Interface Preconfiguration Overview, page 2
Benefits of Interface Preconfiguration, page 3
Use of the Interface Preconfigure Command, page 3
Active and Standby RSPs and Virtual Interface Configuration, page 4
Physical Interface Preconfiguration Overview
Preconfiguration is the process of configuring interfaces before they are present in the system.
Preconfigured interfaces are not verified or applied until the actual interface with the matching location
(rack/slot/module) is inserted into the router. When the anticipated modular services card is inserted and
the interfaces are created, the precreated configuration information is verified and, if successful,
immediately applied to the routers running configuration.
Note When you plug the anticipated modular services card in, make sure to verify any preconfiguration with
the appropriate show commands.
Use the show run command to see interfaces that are in the preconfigured state. Preconfiguring Physical Interfaces on the Cisco ASR 9000 Series Router
Information About Preconfiguring Physical Interfaces
HC-3
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Note We recommend filling out preconfiguration information in your site planning guide, so that you can
compare that anticipated configuration with the actual preconfigured interfaces when that card is
installed and the interfaces are up.
Tip Use the commit best-effort command to save the preconfiguration to the running configuration file. The
commit best-effort command merges the target configuration with the running configuration and
commits only valid configuration (best effort). Some configuration might fail due to semantic errors, but
the valid configuration still comes up.
Benefits of Interface Preconfiguration
Preconfigurations reduce downtime when you add new cards to the system. With preconfiguration, the
new modular services card can be instantly configured and actively running during modular services card
bootup.
Another advantage of performing a preconfiguration is that during a card replacement, when the modular
services card is removed, you can still see the previous configuration and make modifications.
Use of the Interface Preconfigure Command
Interfaces that are not yet present in the system can be preconfigured with the interface preconfigure
command in global configuration mode.
The interface preconfigure command places the router in interface configuration mode. Users should
be able to add any possible interface commands. The verifiers registered for the preconfigured interfaces
verify the configuration. The preconfiguration is complete when the user enters the end command, or
any matching exit or global configuration mode command.
Note It is possible that some configurations cannot be verified until the modular services card is inserted.
Note Do not enter the no shutdown command for new preconfigured interfaces, because the no form of this
command removes the existing configuration, and there is no existing configuration.
Users are expected to provide names during preconfiguration that will match the name of the interface
that will be created. If the interface names do not match, the preconfiguration cannot be applied when
the interface is created. The interface names must begin with the interface type that is supported by the
router and for which drivers have been installed. However, the slot, port, subinterface number, and
channel interface number information cannot be validated.
Note Specifying an interface name that already exists and is configured (or an abbreviated name like e0/3/0/0)
is not permitted.Preconfiguring Physical Interfaces on the Cisco ASR 9000 Series Router
How to Preconfigure Physical Interfaces
HC-4
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Active and Standby RSPs and Virtual Interface Configuration
The standby RSP is available and in a state in which it can take over the work from the active RSP should
that prove necessary. Conditions that necessitate the standby RSP to become the active RSP and assume
the active RSPs duties include:
Failure detection by a watchdog
Standby RSP is administratively commanded to take over
Removal of the active RSP from the chassis
If a second RSP is not present in the chassis while the first is in operation, a second RSP may be inserted
and will automatically become the standby RSP. The standby RSP may also be removed from the chassis
with no effect on the system other than loss of RSP redundancy.
After failover, the virtual interfaces will all be present on the standby (now active) RSP. Their state and
configuration will be unchanged, and there will have been no loss of forwarding (in the case of tunnels)
over the interfaces during the failover. The Cisco ASR 9000 Series Router uses nonstop forwarding
(NSF) over tunnels through the failover of the host RSP.
Note The user does not need to configure anything to guarantee that the standby interface configurations are
maintained.
How to Preconfigure Physical Interfaces
This task describes only the most basic preconfiguration of an interface.
SUMMARY STEPS
1. configure
2. interface preconfigure type interface-path-id
3. ipv4 address ip-address subnet-mask
4. Configure additional interface parameters.
5. end
or
commit
6. exit
7. exit
8. show running-configPreconfiguring Physical Interfaces on the Cisco ASR 9000 Series Router
How to Preconfigure Physical Interfaces
HC-5
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 interface preconfigure type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# interface
preconfigure GigabitEthernet 0/1/0/0
Enters interface preconfiguration mode for an interface,
where type specifies the supported interface type that you
want to configure and interface-path-id specifies the
location where the interface will be located in
rack/slot/module/port notation.
Step 3 ipv4 address ip-address subnet-mask
or
ipv4 address ip-address/prefix
Example:
RP/0/RSP0/CPU0:router(config-if-pre)# ipv4
address 192.168.1.2/32
Assigns an IP address and mask to the interface.
Step 4 Configure additional interface parameters, as
described in this manual in the configuration chapter
that applies to the type of interface that you are
configuring. Preconfiguring Physical Interfaces on the Cisco ASR 9000 Series Router
Configuration Examples for Preconfiguring Physical Interfaces
HC-6
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Configuration Examples for Preconfiguring Physical Interfaces
This section contains the following example:
Preconfiguring an Interface: Example, page 6
Preconfiguring an Interface: Example
The following example shows how to preconfigure a basic Ethernet interface:
RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# interface preconfigure GigabitEthernet 0/1/0/0
RP/0/RSP0/CPU0:router(config-if)# ipv4 address 192.168.1.2/32
RP/0/RSP0/CPU0:router(config-if)# commit
Step 5 end
or
commit best-effort
Example:
RP/0/RSP0/CPU0:router(config-if-pre)# end
or
RP/0/RSP0/CPU0:router(config-if-pre)# commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting (yes/no/cancel)?
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit best-effort command to save the
configuration changes to the running configuration file
and remain within the configuration session. The
commit best-effort command merges the target
configuration with the running configuration and
commits only valid changes (best effort). Some
configuration changes might fail due to semantic
errors.
Step 6 show running-config
Example:
RP/0/RSP0/CPU0:router# show running-config
(Optional) Displays the configuration information currently
running on the router.
Command or Action PurposePreconfiguring Physical Interfaces on the Cisco ASR 9000 Series Router
Additional References
HC-7
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Additional References
The sections that follow provide references related to the preconfiguration of physical interfaces.
Related Documents
Standards
MIBs
RFCs
Related Topic Document Title
Master command reference Cisco ASR 9000 Series Aggregation Services Routers Master
Command Listing
Interface configuration commands Cisco ASR 9000 Series Aggregation Services Routers Interface and
Hardware Component Command Reference
Initial system bootup and configuration information Cisco ASR 9000 Series Router Getting Started Guide
Information about user groups and task IDs Cisco IOS XR Task ID Reference Guide
Standards Title
No new or modified standards are supported by this
feature, and support for existing standards has not been
modified by this feature.
MIBs MIBs Link
There are no applicable MIBs for this module. To locate and download MIBs for selected platforms using
Cisco IOS XR Software, use the Cisco MIB Locator found at the
following URL:
http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
RFCs Title
No new or modified RFCs are supported by this
feature, and support for existing RFCs has not been
modified by this feature.
Preconfiguring Physical Interfaces on the Cisco ASR 9000 Series Router
Additional References
HC-8
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Technical Assistance
Description Link
The Cisco Technical Support website contains
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
http://www.cisco.com/techsupportHC-9
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Advanced Configuration and Modification of the
Management Ethernet Interface on the
Cisco ASR 9000 Series Router
This module describes the configuration of Management Ethernet interfaces on the
Cisco ASR 9000 Series Aggregation Services Routers.
Before you can use Telnet to access the router through the LAN IP address, you must set up a
Management Ethernet interface and enable Telnet servers, as described in the Configuring General
Router Features module of the Cisco ASR 9000 Series Router Getting Started Guide. This module
describes how to modify the default configuration of the Management Ethernet interface after it has been
configured, as described in the Cisco ASR 9000 Series Router Getting Started Guide.
Note Forwarding between physical layer interface modules (PLIM) ports and Management Ethernet interface
ports is disabled by default. To enable forwarding between PLIM ports and Management Ethernet
interface ports, use the rp mgmtethernet forwarding command.
Note Although the Management Ethernet interfaces on the system are present by default, the user must
configure these interfaces to use them for accessing the router, using protocols and applications such as
Simple Network Management Protocol (SNMP), Common Object Request Broker Architecture
(CORBA), HTTP, extensible markup language (XML), TFTP, Telnet, and command-line interface (CLI).
Feature History for Configuring Management Ethernet Interfaces
Contents
Prerequisites for Configuring Management Ethernet Interfaces, page 10
Information About Configuring Management Ethernet Interfaces, page 10
How to Perform Advanced Management Ethernet Interface Configuration, page 11
Configuration Examples for Management Ethernet Interfaces, page 18
Additional References, page 19
Release Modification
Release 3.7.2 This feature was introduced on the Cisco ASR 9000 Series Router.Advanced Configuration and Modification of the Management Ethernet Interface on the
Prerequisites for Configuring Management Ethernet Interfaces
HC-10
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Prerequisites for Configuring Management Ethernet Interfaces
You must be in a user group associated with a task group that includes the proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment
is preventing you from using a command, contact your AAA administrator for assistance.
Before performing the Management Ethernet interface configuration procedures that are described in
this chapter, be sure that the following tasks and conditions are met:
You have performed the initial configuration of the Management Ethernet interface, as described in
the Configuring General Router Features module of the Cisco ASR 9000 Series Router Getting
Started Guide.
You must be in a user group associated with a task group that includes the proper task IDs. The
command reference guides include the task IDs required for each command.
You know how to apply the generalized interface name specification rack/slot/module/port.
For further information on interface naming conventions, refer to the Cisco ASR 9000 Series Router
Getting Started Guide.
Note For transparent switchover, both active and standby Management Ethernet interfaces are expected to be
physically connected to the same LAN or switch.
Information About Configuring Management Ethernet
Interfaces
To configure Management Ethernet interfaces, you must understand the following concept:
Default Interface Settings, page 10
Default Interface Settings
Table 2 describes the default Management Ethernet interface settings that can be changed by manual
configuration. Default settings are not displayed in the show running-config command output.
Table 2 Management Ethernet Interface Default Settings
Parameter Default Value Configuration File Entry
Speed in Mbps Speed is autonegotiated. speed [10 | 100 | 1000]
To return the system to autonegotiate speed,
use the no speed [10 | 100 | 1000] command.Advanced Configuration and Modification of the Management Ethernet Interface on the Cisco ASR 9000 Series Router
How to Perform Advanced Management Ethernet Interface Configuration
HC-11
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
How to Perform Advanced Management Ethernet Interface
Configuration
This section contains the following procedures:
Configuring a Management Ethernet Interface, page 11 (required)
Configuring the Duplex Mode for a Management Ethernet Interface, page 13 (optional)
Configuring the Speed for a Management Ethernet Interface, page 14 (optional)
Modifying the MAC Address for a Management Ethernet Interface, page 16 (optional)
Verifying Management Ethernet Interface Configuration, page 17 (optional)
Configuring a Management Ethernet Interface
Perform this task to configure a Management Ethernet interface. This procedure provides the minimal
configuration required for the Management Ethernet interface.
The MTU is not configurable for the Management Ethernet Interface. The default value is 1514 bytes.
Note You do not need to perform this task if you have already set up the Management Ethernet interface to
enable telnet servers, as described in the Configuring General Router Features module of the
Cisco ASR 9000 Series Router Getting Started Guide.
SUMMARY STEPS
1. configure
2. interface MgmtEth interface-path-id
3. ipv4 address ip-address mask
4. no shutdown
5. end
or
commit
6. show interfaces MgmtEth interface-path-id
Duplex mode Duplex mode is
autonegotiated.
duplex {full | half}
To return the system to autonegotiated
duplex operation, use the no duplex {full |
half} command, as appropriate.
MAC address MAC address is read from the
hardware burned-in address
(BIA).
mac-address address
To return the device to its default MAC
address, use the no mac-address address
command.
Table 2 Management Ethernet Interface Default Settings
Parameter Default Value Configuration File EntryAdvanced Configuration and Modification of the Management Ethernet Interface on the
How to Perform Advanced Management Ethernet Interface Configuration
HC-12
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 interface MgmtEth interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# interface
MgmtEth 0/RSP0/CPU0/0
Enters interface configuration mode and specifies the
Ethernet interface name and notation rack/slot/module/port.
The example indicates port 0 on the RSP card that is
installed in slot 0.
Step 3 ipv4 address ip-address mask
Example:
RP/0/RSP0/CPU0:router(config-if)# ipv4 address
172.18.189.38 255.255.255.224
Assigns an IP address and subnet mask to the interface.
Replace ip-address with the primary IPv4 address for
the interface.
Replace mask with the mask for the associated IP
subnet. The network mask can be specified in either of
two ways:
The network mask can be a four-part dotted
decimal address. For example, 255.0.0.0 indicates
that each bit equal to 1 means that the
corresponding address bit belongs to the network
address.
The network mask can be indicated as a slash (/)
and number. For example, /8 indicates that the first
8 bits of the mask are ones, and the corresponding
bits of the address are network address.
Step 4 no shutdown
Example:
RP/0/RSP0/CPU0:router(config-if)# no shutdown
Removes the shutdown configuration, which removes the
forced administrative down on the interface, enabling it to
move to an up or down state.Advanced Configuration and Modification of the Management Ethernet Interface on the Cisco ASR 9000 Series Router
How to Perform Advanced Management Ethernet Interface Configuration
HC-13
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Configuring the Duplex Mode for a Management Ethernet Interface
Perform this task to configure the duplex mode of the Management Ethernet interfaces for the RPs.
SUMMARY STEPS
1. configure
2. interface MgmtEth interface-path-id
3. duplex [full | half]
4. end
or
commit
Step 5 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
or
RP/0/RSP0/CPU0:router(config-if)# commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Step 6 show interfaces MgmtEth interface-path-id
Example:
RP/0/RSP0/CPU0:router# show interfaces MgmtEth
0/RSP0/CPU0/0
(Optional) Displays statistics for interfaces on the router.
Command or Action PurposeAdvanced Configuration and Modification of the Management Ethernet Interface on the
How to Perform Advanced Management Ethernet Interface Configuration
HC-14
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
DETAILED STEPS
Configuring the Speed for a Management Ethernet Interface
Perform this task to configure the speed of the Management Ethernet interfaces for the RPs.
SUMMARY STEPS
1. configure
2. interface MgmtEth interface-path-id
3. speed {10 | 100 | 1000}
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 interface MgmtEth interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# interface
MgmtEth 0/RSP0/CPU0/0
Enters interface configuration mode and specifies the
Management Ethernet interface name and instance.
Step 3 duplex [full | half]
Example:
RP/0/RSP0/CPU0:router(config-if)# duplex full
Configures the interface duplex mode. Valid options are full
or half.
Note To return the system to autonegotiated duplex
operation, use the no duplex command.
Step 4 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
or
RP/0/RSP0/CPU0:router(config-if)# commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without committing
the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.Advanced Configuration and Modification of the Management Ethernet Interface on the Cisco ASR 9000 Series Router
How to Perform Advanced Management Ethernet Interface Configuration
HC-15
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
4. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 interface MgmtEth interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# interface
MgmtEth 0/RSP0/CPU0/0
Enters interface configuration mode and specifies the
Management Ethernet interface name and instance.
Step 3 speed {10 | 100 | 1000}
Example:
RP/0/RSP0/CPU0:router(config-if)# speed 100
Configures the interface speed parameter.
On a Cisco ASR 9000 Series Router, valid speed options
are 10 or 100 Mbps.
Note The default Management Ethernet interface speed is
autonegotiated.
Note To return the system to the default autonegotiated
speed, use the no speed command.
Step 4 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
or
RP/0/RSP0/CPU0:router(config-if)# commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.Advanced Configuration and Modification of the Management Ethernet Interface on the
How to Perform Advanced Management Ethernet Interface Configuration
HC-16
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Modifying the MAC Address for a Management Ethernet Interface
Perform this task to configure the MAC layer address of the Management Ethernet interfaces for the RPs.
SUMMARY STEPS
1. configure
2. interface MgmtEth interface-path-id
3. mac-address address
4. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 interface MgmtEth interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# interface
MgmtEth 0/RSP0/CPU0/0
Enters interface configuration mode and specifies the
Management Ethernet interface name and instance.Advanced Configuration and Modification of the Management Ethernet Interface on the Cisco ASR 9000 Series Router
How to Perform Advanced Management Ethernet Interface Configuration
HC-17
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Verifying Management Ethernet Interface Configuration
Perform this task to verify configuration modifications on the Management Ethernet interfaces for the
RPs.
SUMMARY STEPS
1. show interfaces MgmtEth interface-path-id
2. show running-config
Step 3 mac-address address
Example:
RP/0/RSP0/CPU0:router(config-if)# mac-address
0001.2468.ABCD
Configures the MAC layer address of the Management
Ethernet interface.
Note To return the device to its default MAC address, use
the no mac-address address command.
Step 4 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
or
RP/0/RSP0/CPU0:router(config-if)# commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action Purpose
Step 1 show interfaces MgmtEth interface-path-id
Example:
RP/0/RSP0/CPU0:router# show interfaces MgmtEth
0/RSP0/CPU0/0
Displays the Management Ethernet interface configuration.
Step 2 show running-config interface MgmtEth
interface-path-id
Example:
RP/0/RSP0/CPU0:router# show running-config
interface MgmtEth 0/RSP0/CPU0/0
Displays the running configuration.Advanced Configuration and Modification of the Management Ethernet Interface on the
Configuration Examples for Management Ethernet Interfaces
HC-18
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Configuration Examples for Management Ethernet Interfaces
This section provides the following configuration examples:
Configuring a Management Ethernet Interface: Example, page 18
Configuring a Management Ethernet Interface: Example
This example displays advanced configuration and verification of the Management Ethernet interface on
the RP:
RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# interface MgmtEth 0/RSP0/CPU0/0
RP/0/RSP0/CPU0:router(config)# ipv4 address 172.29.52.70 255.255.255.0
RP/0/RSP0/CPU0:router(config-if)# speed 100
RP/0/RSP0/CPU0:router(config-if)# duplex full
RP/0/RSP0/CPU0:router(config-if)# no shutdown
RP/0/RSP0/CPU0:router(config-if)# commit
RP/0/RSP0/CPU0:Mar 26 01:09:28.685 :ifmgr[190]:%LINK-3-UPDOWN :Interface
MgmtEth0/RSP0/CPU0/0, changed state to Up
RP/0/RSP0/CPU0:router(config-if)# end
RP/0/RSP0/CPU0:router# show interfaces MgmtEth 0/RSP0/CPU0/0
MMgmtEth0/RSP0/CPU0/0 is up, line protocol is up
Hardware is Management Ethernet, address is 0011.93ef.e8ea (bia 0011.93ef.e8ea
)
Description: Connected to Lab LAN
Internet address is 172.29.52.70/24
MTU 1514 bytes, BW 100000 Kbit
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set,
ARP type ARPA, ARP timeout 04:00:00
Last clearing of "show interface" counters never
5 minute input rate 3000 bits/sec, 7 packets/sec
5 minute output rate 0 bits/sec, 1 packets/sec
30445 packets input, 1839328 bytes, 64 total input drops
0 drops for unrecognized upper-level protocol
Received 23564 broadcast packets, 0 multicast packets
0 runts, 0 giants, 0 throttles, 0 parity
57 input errors, 40 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
171672 packets output, 8029024 bytes, 0 total output drops
Output 16 broadcast packets, 0 multicast packets
0 output errors, 0 underruns, 0 applique, 0 resets
0 output buffer failures, 0 output buffers swapped out
1 carrier transitions
RP/0/RSP0/CPU0:router# show running-config interface MgmtEth 0/RSP0/CPU0/0
interface MgmtEth0/RSP0/CPU0/0
description Connected to Lab LAN
ipv4 address 172.29.52.70 255.255.255.0
!Advanced Configuration and Modification of the Management Ethernet Interface on the Cisco ASR 9000 Series Router
Additional References
HC-19
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Additional References
The following sections provide references related to Management Ethernet interface configuration.
Related Documents
Standards
MIBs
RFCs
Related Topic Document Title
Cisco ASR 9000 Series Router master command
reference
Cisco ASR 9000 Series Router Master Commands List
Cisco ASR 9000 Series Router interface configuration
commands
Cisco ASR 9000 Series Router Interface and Hardware Component
Command Reference
Initial system bootup and configuration information for
a Cisco ASR 9000 Series Router using the Cisco IOS
XR Software.
Cisco ASR 9000 Series Router Getting Started Guide
Information about user groups and task IDs Cisco ASR 9000 Series Router Interface and Hardware Component
Command Reference
Standards Title
No new or modified standards are supported by this
feature, and support for existing standards has not been
modified by the feature.
MIBs MIBs Link
There are no applicable MIBs for this module. To locate and download MIBs for selected platforms using
Cisco IOS XR Software, use the Cisco MIB Locator found at the
following URL:
http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
RFCs Title
No new or modified RFCs are supported by this
feature, and support for existing RFCs has not been
modified by this feature.
Advanced Configuration and Modification of the Management Ethernet Interface on the
Additional References
HC-20
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Technical Assistance
Description Link
The Cisco Technical Support website contains
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
http://www.cisco.com/techsupportHC-21
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Configuring Ethernet Interfaces on the
Cisco ASR 9000 Series Router
This module describes the configuration of Ethernet interfaces on the Cisco ASR 9000 Series
Aggregation Services Routers.
The distributed Gigabit Ethernet and 10-Gigabit Ethernet architecture and features deliver network
scalability and performance, while enabling service providers to offer high-density, high-bandwidth
networking solutions designed to interconnect the router with other systems in POPs, including core and
edge routers and Layer 2 and Layer 3 switches.
Feature History for Configuring Ethernet Interfaces on the Cisco ASR 9000 Series Router
Release Modification
Release 3.7.2 Support was added on the Cisco ASR 9000 Series Router for the following
line cards:
40-Port Gigabit Ethernet Medium Queue and High Queue Line Cards
(A9K-40GE-B and A9K-40GE-E)
4-Port 10-Gigabit Ethernet Medium Queue and High Queue Line
Cards (A9K-4T-B and A9K-4T-E)
8-Port 10-Gigabit Ethernet Medium Queue and High Queue DX Line
Cards (A9K-8T/4-B and A9K-8T/4-E) (2:1 oversubscribed)Configuring Ethernet Interfaces on the Cisco ASR 9000 Series Router
HC-22
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Release 3.9.0 Support was added on the Cisco ASR 9000 Series Router for the following
line cards:
40-Port Gigabit Ethernet Low Queue Line Card (A9K-40GE-L)
4-Port 10-Gigabit Ethernet Low Queue Line Card (A9K-4T-L)
8-Port 10-Gigabit Ethernet Low Queue DX Line Card (A9K-8T/4-L)
(2:1 oversubscribed)
8-Port 10-Gigabit Ethernet Low and High Queue Line Card (A9K-8T-L
and A9K-8T-E)
2-Port 10-Gigabit Ethernet, 20-Port Gigabit Ethernet Medium Queue
and High Queue Combination Line Cards (A9K-2T20GE-B and
A9K-2T20GE-L)
Support for the following features was added:
Frequency Synchronization
SyncE
Release 3.9.1 Support was added on the Cisco ASR 9000 Series Router for the following
line cards:
8-Port 10-Gigabit Ethernet Medium Queue Line Card (A9K-8T-B)
16-Port 10-Gigabit Ethernet SFP+ Line Card (A9K-16T/8-B and
A9K-16T/8-B+AIP)
Release 4.0.1 Support for Layer 2 statistics collection for performance monitoring on
Layer 2 subinterfaces (EFPs) is added.
Release 4.1.1 Support was added for MAC address accounting feature.Configuring Ethernet Interfaces on the Cisco ASR 9000 Series Router
Contents
HC-23
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Contents
Prerequisites for Configuring Ethernet Interfaces, page 24
Information About Configuring Ethernet, page 26
Configuring Ethernet Interfaces, page 42
Configuration Examples for Ethernet, page 55
Where to Go Next, page 58
Additional References, page 58
Prerequisites for Configuring Ethernet Interfaces
You must be in a user group associated with a task group that includes the proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment
is preventing you from using a command, contact your AAA administrator for assistance.
Before configuring Ethernet interfaces, be sure that the following tasks and conditions are met:
Confirm that at least one of the following line cards supported on the router is installed:
2-Port 10-Gigabit Ethernet, 20-Port Gigabit Ethernet Combination line card (A9K-2T20GE-B
and A9K-2T20GE-L)
4-Port 10-Gigabit Ethernet line card (A9K-4T-L, -B, or -E)
8-Port 10-Gigabit Ethernet DX line card (A9K-8T/4-L, -B, or -E)
8-Port 10-Gigabit Ethernet line card (A9K-8T-L, -B, or -E)
16-Port 10-Gigabit Ethernet SFP+ line card (A9K-16T/8-B and A9K-16T/8-B+AIP)
40-Port Gigabit Ethernet line card (A9K-40GE-L, -B, or -E)
Know the interface IP address.
You know how to apply the specify the generalized interface name with the generalized notation
rack/slot/module/port. Configuring Ethernet Interfaces on the Cisco ASR 9000 Series Router
Information About Configuring Ethernet
HC-24
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Information About Configuring Ethernet
Ethernet is defined by the IEEE 802.3 international standard. It enables the connection of up to 1024
nodes over coaxial, twisted-pair, or fiber-optic cable.
The Cisco ASR 9000 Series Router supports Gigabit Ethernet (1000 Mbps) and 10-Gigabit Ethernet
(10 Gbps) interfaces.
This section provides the following information sections:
16-Port 10-Gigabit Ethernet SFP+ Line Card, page 26
Default Configuration Values for Gigabit Ethernet and 10-Gigabit Ethernet, page 27
Layer 2 VPN on Ethernet Interfaces, page 28
Gigabit Ethernet Protocol Standards Overview, page 29
MAC Address, page 30
MAC Accounting, page 31
Ethernet MTU, page 31
Flow Control on Ethernet Interfaces, page 31
802.1Q VLAN, page 32
VRRP, page 32
HSRP, page 32
Link Autonegotiation on Ethernet Interfaces, page 33
Subinterfaces on the Cisco ASR 9000 Series Router, page 34
Frequency Synchronization and SyncE, page 40
16-Port 10-Gigabit Ethernet SFP+ Line Card
The 16-Port10-Gigabit Ethernet SFP+ line card is a Small Form Factor (SFP transceiver) optical line
card introduced in Cisco IOS XR Release 3.9.1 on the Cisco ASR 9000 Series Router. The
16-Port10-Gigabit Ethernet SFP+ line card supports all of the Gigabit Ethernet commands and
configurations currently supported on the router.
The 16-Port10-Gigabit Ethernet SFP+ line card is compatible with all existing
Cisco ASR 9000 Series Router line cards, route/switch processors (RSPs), and chassis.
Features
The 16-Port10-Gigabit Ethernet SFP+ line card supports the following features:
16 10-Gigabit Ethernet ports
128 10-Gigabit Ethernet ports per system
1.28 Tbps per system
160 Gbps forwarding
120 Gbps bidirectional performance
SR/LR/ER SFP+ optics
Feature parity with existing line cardsConfiguring Ethernet Interfaces on the Cisco ASR 9000 Series Router
Information About Configuring Ethernet
HC-25
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Unicast and multicast forwarding at 160 Gbps, with zero packet loss during RSP switchover
Restrictions
The following features are not supported on the 16-Port10-Gigabit Ethernet SFP+ line card:
DWDM (G.709)
Default Configuration Values for Gigabit Ethernet and 10-Gigabit Ethernet
Table 3 describes the default interface configuration parameters that are present when an interface is
enabled on a Gigabit Ethernet or 10-Gigabit Ethernet modular services card and its associated PLIM.
Note You must use the shutdown command to bring an interface administratively down. The interface default
is no shutdown. When a modular services card is first inserted into the router, if there is no established
preconfiguration for it, the configuration manager adds a shutdown item to its configuration. This
shutdown can be removed only be entering the no shutdown command.
Table 3 Gigabit Ethernet and 10-Gigabit Ethernet Modular Services Card Default
Configuration Values
Parameter Configuration File Entry Default Value
MAC accounting mac-accounting off
Flow control flow-control egress on
ingress off
MTU mtu 1514 bytes for
normal frames
1518 bytes for
802.1Q tagged
frames.
1522 bytes for
Q-in-Q frames.
MAC address mac address Hardware burned-in
address (BIA)
Table 4 Fast Ethernet Default Configuration Values
Parameter Configuration File Entry Default Value
MAC accounting mac-accounting off
Duplex operation duplex full
duplex half
Auto-negotiates duplex
operation
MTU mtu 1500 bytes
Interface speed speed 100 Mbps
Auto-negotiation negotiation auto disableConfiguring Ethernet Interfaces on the Cisco ASR 9000 Series Router
Information About Configuring Ethernet
HC-26
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Layer 2 VPN on Ethernet Interfaces
Layer 2 Virtual Private Network (L2VPN) connections emulate the behavior of a LAN across an L2
switched, IP or MPLS-enabled IP network, allowing Ethernet devices to communicate with each other
as if they were connected to a common LAN segment.
The L2VPN feature enables service providers (SPs) to provide Layer 2 services to geographically
disparate customer sites. Typically, an SP uses an access network to connect the customer to the core
network. On the Cisco ASR 9000 Series Router, this access network is typically Ethernet.
Traffic from the customer travels over this link to the edge of the SP core network. The traffic then
tunnels through an L2VPN over the SP core network to another edge router. The edge router sends the
traffic down another attachment circuit (AC) to the customer's remote site.
On the Cisco ASR 9000 Series Router, an AC is an interface that is attached to an L2VPN component,
such as a bridge domain, pseudowire, or local connect.
The L2VPN feature enables users to implement different types of end-to-end services.
Cisco IOS XR software supports a point-to-point end-to-end service, where two Ethernet circuits are
connected together. An L2VPN Ethernet port can operate in one of two modes:
Port ModeIn this mode, all packets reaching the port are sent over the PW (pseudowire),
regardless of any VLAN tags that are present on the packets. In VLAN mode, the configuration is
performed under the l2transport configuration mode.
VLAN ModeEach VLAN on a CE (customer edge) or access network to PE (provider edge) link
can be configured as a separate L2VPN connection (using either VC type 4 or VC type 5). In VLAN
mode, the configuration is performed under the individual subinterface.
Switching can take place in three ways:
AC-to-PWTraffic reaching the PE is tunneled over a PW (and conversely, traffic arriving over the
PW is sent out over the AC). This is the most common scenario.
Local switchingTraffic arriving on one AC is immediately sent out of another AC without passing
through a pseudowire.
PW stitchingTraffic arriving on a PW is not sent to an AC, but is sent back into the core over
another PW.
Keep the following in mind when configuring L2VPN on an Ethernet interface:
L2VPN links support QoS (Quality of Service) and MTU (maximum transmission unit)
configuration.
If your network requires that packets are transported transparently, you may need to modify the
packets destination MAC (Media Access Control) address at the edge of the Service Provider (SP)
network. This prevents the packet from being consumed by the devices in the SP network.
Use the show interfaces command to display AC and PW information.
To configure a point-to-point pseudowire xconnect on an AC, refer to these documents:
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration
Guide
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Command
Reference
To attach Layer 2 service policies, such as QoS, to the Ethernet interface, refer to the appropriate
Cisco IOS XR software configuration guide.Configuring Ethernet Interfaces on the Cisco ASR 9000 Series Router
Information About Configuring Ethernet
HC-27
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Gigabit Ethernet Protocol Standards Overview
The Gigabit Ethernet interfaces support the following protocol standards:
IEEE 802.3 Physical Ethernet Infrastructure, page 30
IEEE 802.3ab 1000BASE-T Gigabit Ethernet, page 30
IEEE 802.3z 1000 Mbps Gigabit Ethernet, page 30
IEEE 802.3ae 10 Gbps Ethernet, page 30
These standards are further described in the sections that follow.
IEEE 802.3 Physical Ethernet Infrastructure
The IEEE 802.3 protocol standards define the physical layer and MAC sublayer of the data link layer of
wired Ethernet. IEEE 802.3 uses Carrier Sense Multiple Access with Collision Detection (CSMA/CD)
access at a variety of speeds over a variety of physical media. The IEEE 802.3 standard covers 10 Mbps
Ethernet. Extensions to the IEEE 802.3 standard specify implementations for Gigabit Ethernet,
10-Gigabit Ethernet, and Fast Ethernet.
IEEE 802.3ab 1000BASE-T Gigabit Ethernet
The IEEE 802.3ab protocol standards, or Gigabit Ethernet over copper (also known as 1000BaseT) is an
extension of the existing Fast Ethernet standard. It specifies Gigabit Ethernet operation over the
Category 5e/6 cabling systems already installed, making it a highly cost-effective solution. As a result,
most copper-based environments that run Fast Ethernet can also run Gigabit Ethernet over the existing
network infrastructure to dramatically boost network performance for demanding applications.
IEEE 802.3z 1000 Mbps Gigabit Ethernet
Gigabit Ethernet builds on top of the Ethernet protocol, but increases speed tenfold over Fast Ethernet
to 1000 Mbps, or 1 Gbps. Gigabit Ethernet allows Ethernet to scale from 10 or 100 Mbps at the desktop
to 100 Mbps up to 1000 Mbps in the data center. Gigabit Ethernet conforms to the IEEE 802.3z protocol
standard.
By leveraging the current Ethernet standard and the installed base of Ethernet and Fast Ethernet switches
and routers, network managers do not need to retrain and relearn a new technology in order to provide
support for Gigabit Ethernet.
IEEE 802.3ae 10 Gbps Ethernet
Under the International Standards Organizations Open Systems Interconnection (OSI) model, Ethernet
is fundamentally a Layer 2 protocol. 10-Gigabit Ethernet uses the IEEE 802.3 Ethernet MAC protocol,
the IEEE 802.3 Ethernet frame format, and the minimum and maximum IEEE 802.3 frame size. 10 Gbps
Ethernet conforms to the IEEE 802.3ae protocol standards.
Just as 1000BASE-X and 1000BASE-T (Gigabit Ethernet) remained true to the Ethernet model,
10-Gigabit Ethernet continues the natural evolution of Ethernet in speed and distance. Because it is a
full-duplex only and fiber-only technology, it does not need the carrier-sensing multiple-access with the
CSMA/CD protocol that defines slower, half-duplex Ethernet technologies. In every other respect,
10-Gigabit Ethernet remains true to the original Ethernet model.Configuring Ethernet Interfaces on the Cisco ASR 9000 Series Router
Information About Configuring Ethernet
HC-28
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
IEEE 802.3ba 100 Gbps Ethernet
IEEE 802.3ba is supported on the Cisco 1-Port 100-Gigabit Ethernet PLIM beginning in
Cisco IOS XR 4.0.1.
MAC Address
A MAC address is a unique 6-byte address that identifies the interface at Layer 2.
MAC Accounting
The MAC address accounting feature provides accounting information for IP traffic based on the source
and destination MAC addresses on LAN interfaces. This feature calculates the total packet and byte
counts for a LAN interface that receives or sends IP packets to or from a unique MAC address. It also
records a time stamp for the last packet received or sent.
These statistics are used for traffic monitoring, debugging and billing. For example, with this feature you
can determine the volume of traffic that is being sent to and/or received from various peers at
NAPS/peering points. This feature is currently supported on Ethernet, FastEthernet, and bundle
interfaces and supports Cisco Express Forwarding (CEF), distributed CEF (dCEF), flow, and optimum
switching.
Note A maximum of 512 MAC addresses per trunk interface are supported for MAC address accounting.
Ethernet MTU
The Ethernet maximum transmission unit (MTU) is the size of the largest frame, minus the 4-byte frame
check sequence (FCS), that can be transmitted on the Ethernet network. Every physical network along
the destination of a packet can have a different MTU.
Cisco IOS XR software supports two types of frame forwarding processes:
Fragmentation for IPV4 packetsIn this process, IPv4 packets are fragmented as necessary to fit
within the MTU of the next-hop physical network.
Note IPv6 does not support fragmentation.
MTU discovery process determines largest packet sizeThis process is available for all IPV6
devices, and for originating IPv4 devices. In this process, the originating IP device determines the
size of the largest IPv6 or IPV4 packet that can be sent without being fragmented. The largest packet
is equal to the smallest MTU of any network between the IP source and the IP destination devices.
If a packet is larger than the smallest MTU of all the networks in its path, that packet will be
fragmented as necessary. This process ensures that the originating device does not send an IP packet
that is too large.
Jumbo frame support is automatically enable for frames that exceed the standard frame size. The default
value is 1514 for standard frames and 1518 for 802.1Q tagged frames. These numbers exclude the 4-byte
frame check sequence (FCS). Configuring Ethernet Interfaces on the Cisco ASR 9000 Series Router
Information About Configuring Ethernet
HC-29
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Flow Control on Ethernet Interfaces
The flow control used on 10-Gigabit Ethernet interfaces consists of periodically sending flow control
pause frames. It is fundamentally different from the usual full- and half-duplex flow control used on
standard management interfaces. Flow control can be activated or deactivated for ingress traffic only. It
is automatically implemented for egress traffic.
802.1Q VLAN
A VLAN is a group of devices on one or more LANs that are configured so that they can communicate
as if they were attached to the same wire, when in fact they are located on a number of different LAN
segments. Because VLANs are based on logical instead of physical connections, it is very flexible for
user and host management, bandwidth allocation, and resource optimization.
The IEEE's 802.1Q protocol standard addresses the problem of breaking large networks into smaller
parts so broadcast and multicast traffic does not consume more bandwidth than necessary. The standard
also helps provide a higher level of security between segments of internal networks.
The 802.1Q specification establishes a standard method for inserting VLAN membership information
into Ethernet frames.
VRRP
The Virtual Router Redundancy Protocol (VRRP) eliminates the single point of failure inherent in the
static default routed environment. VRRP specifies an election protocol that dynamically assigns
responsibility for a virtual router to one of the VPN concentrators on a LAN. The VRRP VPN
concentrator controlling the IP addresses associated with a virtual router is called the master, and
forwards packets sent to those IP addresses. When the master becomes unavailable, a backup VPN
concentrator takes the place of the master.
For more information on VRRP, see the Implementing VRRP module of Cisco ASR 9000 Series Router
IP Addresses and Services Configuration Guide.
HSRP
Hot Standby Routing Protocol (HSRP) is a proprietary protocol from Cisco. HSRP is a routing protocol
that provides backup to a router in the event of failure. Several routers are connected to the same segment
of an Ethernet, FDDI, or token-ring network and work together to present the appearance of a single
virtual router on the LAN. The routers share the same IP and MAC addresses and therefore, in the event
of failure of one router, the hosts on the LAN are able to continue forwarding packets to a consistent IP
and MAC address. The transfer of routing responsibilities from one device to another is transparent to
the user.
HSRP is designed to support non disruptive switchover of IP traffic in certain circumstances and to allow
hosts to appear to use a single router and to maintain connectivity even if the actual first hop router they
are using fails. In other words, HSRP protects against the failure of the first hop router when the source
host cannot learn the IP address of the first hop router dynamically. Multiple routers participate in HSRP
and in concert create the illusion of a single virtual router. HSRP ensures that one and only one of the
routers is forwarding packets on behalf of the virtual router. End hosts forward their packets to the virtual
router. Configuring Ethernet Interfaces on the Cisco ASR 9000 Series Router
Information About Configuring Ethernet
HC-30
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
The router forwarding packets is known as the active router. A standby router is selected to replace the
active router should it fail. HSRP provides a mechanism for determining active and standby routers,
using the IP addresses on the participating routers. If an active router fails a standby router can take over
without a major interruption in the host's connectivity.
HSRP runs on top of User Datagram Protocol (UDP), and uses port number 1985. Routers use their
actual IP address as the source address for protocol packets, not the virtual IP address, so that the HSRP
routers can identify each other.
For more information on HSRP, see the Implementing HSRP module of Cisco ASR 9000 Series Router
IP Addresses and Services Configuration Guide.
Link Autonegotiation on Ethernet Interfaces
Link autonegotiation ensures that devices that share a link segment are automatically configured with
the highest performance mode of interoperation. Use the negotiation auto command in interface
configuration mode to enable link autonegotiation on an Ethernet interface. On line card Ethernet
interfaces, link autonegotiation is disabled by default.
Note The negotiation auto command is available on Gigabit Ethernet interfaces only.
Subinterfaces on the Cisco ASR 9000 Series Router
In Cisco IOS XR, interfaces are, by default, main interfaces. A main interface is also called a trunk
interface, which is not to be confused with the usage of the word trunk in the context of VLAN trunking.
There are three types of trunk interfaces:
Physical
Bundle
On the Cisco ASR 9000 Series Router, physical interfaces are automatically created when the router
recognizes a card and its physical interfaces. However, bundle interfaces are not automatically created.
They are created when they are configured by the user.
The following configuration samples are examples of trunk interfaces being created:
interface gigabitethernet 0/5/0/0
interface bundle-ether 1
A subinterface is a logical interface that is created under a trunk interface.
To create a subinterface, the user must first identify a trunk interface under which to place it. In the case
of bundle interfaces, if one does not already exist, a bundle interface must be created before any
subinterfaces can be created under it.
The user then assigns a subinterface number to the subinterface to be created. The subinterface number
must be a positive integer from zero to some high value. For a given trunk interface, each subinterface
under it must have a unique value.
Subinterface numbers do not need to be contiguous or in numeric order. For example, the following
subinterfaces numbers would be valid under one trunk interface:
1001, 0, 97, 96, 100000
Subinterfaces can never have the same subinterface number under one trunk. Configuring Ethernet Interfaces on the Cisco ASR 9000 Series Router
Information About Configuring Ethernet
HC-31
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
In the following example, the card in slot 5 has trunk interface, GigabitEthernet 0/5/0/0. A subinterface,
GigabitEthernet 0/5/0/0.0, is created under it.
RP/0/RSP0/CPU0:router# conf
Mon Sep 21 11:12:11.722 EDT
RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet0/5/0/0.0
RP/0/RSP0/CPU0:router(config-subif)# encapsulation dot1q 100
RP/0/RSP0/CPU0:router(config-subif)# commit
RP/0/RSP0/CPU0:Sep 21 11:12:34.819 : config[65794]: %MGBL-CONFIG-6-DB_COMMIT :
Configuration committed by user 'root'. Use 'show configuration commit changes
1000000152' to view the changes.
RP/0/RSP0/CPU0:router(config-subif)# end
RP/0/RSP0/CPU0:Sep 21 11:12:35.633 : config[65794]: %MGBL-SYS-5-CONFIG_I : Configured
from console by root
RP/0/RSP0/CPU0:router#
The show run command displays the trunk interface first, then the subinterfaces in ascending numerical
order.
RP/0/RSP0/CPU0:router# show run | begin GigabitEthernet0/5/0/0
Mon Sep 21 11:15:42.654 EDT
Building configuration...
interface GigabitEthernet0/5/0/0
shutdown
!
interface GigabitEthernet0/5/0/0.0
encapsulation dot1q 100
!
interface GigabitEthernet0/5/0/1
shutdown
!
When a subinterface is first created, the Cisco ASR 9000 Series Router recognizes it as an interface that,
with few exceptions, is interchangeable with a trunk interface. After the new subinterface is configured
further, the show interface command can display it along with its unique counters:
The following example shows the display output for the trunk interface, GigabitEthernet 0/5/0/0,
followed by the display output for the subinterface GigabitEthernet 0/5/0/0.0.
RP/0/RSP0/CPU0:router# show interface gigabitEthernet 0/5/0/0
Mon Sep 21 11:12:51.068 EDT
GigabitEthernet0/5/0/0 is administratively down, line protocol is administratively
down
Interface state transitions: 0
Hardware is GigabitEthernet, address is 0024.f71b.0ca8 (bia 0024.f71b.0ca8)
Internet address is Unknown
MTU 1514 bytes, BW 1000000 Kbit
reliability 255/255, txload 0/255, rxload 0/255
Encapsulation 802.1Q Virtual LAN,
Full-duplex, 1000Mb/s, SXFD, link type is force-up
output flow control is off, input flow control is off
loopback not set,
ARP type ARPA, ARP timeout 04:00:00
Last input never, output never
Last clearing of "show interface" counters never
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 total input drops
0 drops for unrecognized upper-level protocolConfiguring Ethernet Interfaces on the Cisco ASR 9000 Series Router
Information About Configuring Ethernet
HC-32
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
Received 0 broadcast packets, 0 multicast packets
0 runts, 0 giants, 0 throttles, 0 parity
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 total output drops
Output 0 broadcast packets, 0 multicast packets
0 output errors, 0 underruns, 0 applique, 0 resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
RP/0/RSP0/CPU0:router# show interface gigabitEthernet0/5/0/0.0
Mon Sep 21 11:12:55.657 EDT
GigabitEthernet0/5/0/0.0 is administratively down, line protocol is administratively
down
Interface state transitions: 0
Hardware is VLAN sub-interface(s), address is 0024.f71b.0ca8
Internet address is Unknown
MTU 1518 bytes, BW 1000000 Kbit
reliability 255/255, txload 0/255, rxload 0/255
Encapsulation 802.1Q Virtual LAN, VLAN Id 100, loopback not set,
ARP type ARPA, ARP timeout 04:00:00
Last input never, output never
Last clearing of "show interface" counters never
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 total input drops
0 drops for unrecognized upper-level protocol
Received 0 broadcast packets, 0 multicast packets
0 packets output, 0 bytes, 0 total output drops
Output 0 broadcast packets, 0 multicast packets
The following example shows two interfaces being created at the same time: first, the bundle trunk
interface, then a subinterface attached to the trunk:
RP/0/RSP0/CPU0:router# conf
Mon Sep 21 10:57:31.736 EDT
RP/0/RSP0/CPU0:router(config)# interface Bundle-Ether1
RP/0/RSP0/CPU0:router(config-if)# no shut
RP/0/RSP0/CPU0:router(config-if)# interface bundle-Ether1.0
RP/0/RSP0/CPU0:router(config-subif)# encapsulation dot1q 100
RP/0/RSP0/CPU0:router(config-subif)# commit
RP/0/RSP0/CPU0:Sep 21 10:58:15.305 : config[65794]: %MGBL-CONFIG-6-DB_COMMIT : C
onfiguration committed by user 'root'. Use 'show configuration commit changes 10
00000149' to view the changes.
RP/0/RSP0/CPU0:router# show run | begin Bundle-Ether1
Mon Sep 21 10:59:31.317 EDT
Building configuration...
interface Bundle-Ether1
!
interface Bundle-Ether1.0
encapsulation dot1q 100
!
You delete a subinterface using the no interface command.
RP/0/RSP0/CPU0:router#
RP/0/RSP0/CPU0:router# show run | begin GigabitEthernet0/5/0/0
Mon Sep 21 11:42:27.100 EDT
Building configuration...
interface GigabitEthernet0/5/0/0
negotiation auto
!
interface GigabitEthernet0/5/0/0.0
encapsulation dot1q 100Configuring Ethernet Interfaces on the Cisco ASR 9000 Series Router
Information About Configuring Ethernet
HC-33
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
!
interface GigabitEthernet0/5/0/1
shutdown
!
RP/0/RSP0/CPU0:router# conf
Mon Sep 21 11:42:32.374 EDT
RP/0/RSP0/CPU0:router(config)# no interface GigabitEthernet0/5/0/0.0
RP/0/RSP0/CPU0:router(config)# commit
RP/0/RSP0/CPU0:Sep 21 11:42:47.237 : config[65794]: %MGBL-CONFIG-6-DB_COMMIT :
Configuration committed by user 'root'. Use 'show configuration commit changes
1000000159' to view the changes.
RP/0/RSP0/CPU0:router(config)# end
RP/0/RSP0/CPU0:Sep 21 11:42:50.278 : config[65794]: %MGBL-SYS-5-CONFIG_I : Configured
from console by root
RP/0/RSP0/CPU0:router# show run | begin GigabitEthernet0/5/0/0
Mon Sep 21 11:42:57.262 EDT
Building configuration...
interface GigabitEthernet0/5/0/0
negotiation auto
!
interface GigabitEthernet0/5/0/1
shutdown
!
Layer 2, Layer 3, and EFP's
On the Cisco ASR 9000 Series Router, a trunk interface can be either a Layer 2 or Layer 3 interface.
A Layer 2 interface is configured using the interface command with the l2transport keyword. When
the l2transport keyword is not used, the interface is a Layer 3 interface. Subinterfaces are configured
as Layer 2 or Layer 3 subinterface in the same way.
A Layer 3 trunk interface or subinterface is a routed interface and can be assigned an IP address. Traffic
sent on that interface is routed.
A Layer 2 trunk interface or subinterface is a switched interface and cannot be assigned an IP address.
A Layer 2 interface must be connected to an L2VPN component. Once it is connected, it is called an
access connection.
Subinterfaces can only be created under a Layer 3 trunk interface. Subinterfaces cannot be created under
a Layer 2 trunk interface.
A Layer 3 trunk interface can have any combination of Layer 2 and Layer 3 interfaces.
The following example shows an attempt to configure a subinterface under an Layer 2 trunk and the
commit errors that occur. It also shows an attempt to change the Layer 2 trunk interface to an Layer 3
interface and the errors that occur because the interface already had an IP address assigned to it.
RP/0/RSP0/CPU0:router# config
Mon Sep 21 12:05:33.142 EDT
RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet0/5/0/0
RP/0/RSP0/CPU0:router(config-if)# ipv4 address 10.0.0.1/24
RP/0/RSP0/CPU0:router(config-if)# commit
RP/0/RSP0/CPU0:Sep 21 12:05:57.824 : config[65794]: %MGBL-CONFIG-6-DB_COMMIT :
Configuration committed by user 'root'. Use 'show configuration commit changes
1000000160' to view the changes.
RP/0/RSP0/CPU0:router(config-if)# end
RP/0/RSP0/CPU0:Sep 21 12:06:01.890 : config[65794]: %MGBL-SYS-5-CONFIG_I : Configured
from console by root
RP/0/RSP0/CPU0:router# show run | begin GigabitEthernet0/5/0/0
Mon Sep 21 12:06:19.535 EDT
Building configuration...
interface GigabitEthernet0/5/0/0Configuring Ethernet Interfaces on the Cisco ASR 9000 Series Router
Information About Configuring Ethernet
HC-34
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
ipv4 address 10.0.0.1 255.255.255.0
negotiation auto
!
interface GigabitEthernet0/5/0/1
shutdown
!
RP/0/RSP0/CPU0:router#
RP/0/RSP0/CPU0:router#
RP/0/RSP0/CPU0:router# conf
Mon Sep 21 12:08:07.426 EDT
RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet0/5/0/0 l2transport
RP/0/RSP0/CPU0:router(config-if-l2)# commit
% Failed to commit one or more configuration items during a pseudo-atomic operation.
All changes made have been reverted. Please issue 'show configuration failed' from
this session to view the errors
RP/0/RSP0/CPU0:router(config-if-l2)# no ipv4 address
RP/0/RSP0/CPU0:router(config-if)# commit
RP/0/RSP0/CPU0:Sep 21 12:08:33.686 : config[65794]: %MGBL-CONFIG-6-DB_COMMIT :
Configuration committed by user 'root'. Use 'show configuration commit changes
1000000161' to view the changes.
RP/0/RSP0/CPU0:router(config-if)# end
RP/0/RSP0/CPU0:Sep 21 12:08:38.726 : config[65794]: %MGBL-SYS-5-CONFIG_I : Configured
from console by root
RP/0/RSP0/CPU0:router#
RP/0/RSP0/CPU0:router# show run interface GigabitEthernet0/5/0/0
Mon Sep 21 12:09:02.471 EDT
interface GigabitEthernet0/5/0/0
negotiation auto
l2transport
!
!
RP/0/RSP0/CPU0:router#
RP/0/RSP0/CPU0:router# conf
Mon Sep 21 12:09:08.658 EDT
RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet0/5/0/0.0
^
RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet0/5/0/0.0
RP/0/RSP0/CPU0:router(config-subif)# commit
% Failed to commit one or more configuration items during a pseudo-atomic operation.
All changes made have been reverted. Please issue 'show configuration failed' from
this session to view the errors
RP/0/RSP0/CPU0:router(config-subif)#
RP/0/RSP0/CPU0:router(config-subif)# interface GigabitEthernet0/5/0/0
RP/0/RSP0/CPU0:router(config-if)# no l2transport
RP/0/RSP0/CPU0:router(config-if)# interface GigabitEthernet0/5/0/0.0
RP/0/RSP0/CPU0:router(config-subif)# encapsulation dot1q 99
RP/0/RSP0/CPU0:router(config-subif)# ipv4 address 11.0.0.1/24
RP/0/RSP0/CPU0:router(config-subif)# interface GigabitEthernet0/5/0/0.1 l2transport
RP/0/RSP0/CPU0:router(config-subif)# encapsulation dot1q 700
RP/0/RSP0/CPU0:router(config-subif)# commit
RP/0/RSP0/CPU0:Sep 21 12:11:45.896 : config[65794]: %MGBL-CONFIG-6-DB_COMMIT :
Configuration committed by user 'root'. Use 'show configuration commit changes
1000000162' to view the changes.
RP/0/RSP0/CPU0:router(config-subif)# end
RP/0/RSP0/CPU0:Sep 21 12:11:50.133 : config[65794]: %MGBL-SYS-5-CONFIG_I : Configured
from console by root
RP/0/RSP0/CPU0:router#
RP/0/RSP0/CPU0:router# show run | b GigabitEthernet0/5/0/0
Mon Sep 21 12:12:00.248 EDT
Building configuration...
interface GigabitEthernet0/5/0/0
negotiation autoConfiguring Ethernet Interfaces on the Cisco ASR 9000 Series Router
Information About Configuring Ethernet
HC-35
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
!
interface GigabitEthernet0/5/0/0.0
ipv4 address 11.0.0.1 255.255.255.0
encapsulation dot1q 99
!
interface GigabitEthernet0/5/0/0.1 l2transport
encapsulation dot1q 700
!
interface GigabitEthernet0/5/0/1
shutdown
!
All subinterfaces must have unique encapsulation statements, so that the router can send incoming
packets and frames to the correct subinterface. If a subinterface does not have an encapsulation
statement, the router will not send any traffic to it.
In Cisco IOS XR, an Ethernet Flow Point (EFP) is implemented as a Layer 2 subinterface, and
consequently, a Layer 2 subinterface is often called an EFP. For more information about EFPs, see the
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide.
A Layer 2 trunk interface can be used as an access connection. However, a Layer 2 trunk interface is not
an EFP because an EFP, by definition, is a substream of an overall stream of traffic.
Cisco IOS XR also has other restrictions on what can be configured as a Layer 2 or Layer 3 interface.
Certain configuration blocks only accept Layer 3 and not Layer 2. For example, OSPF only accepts
Layer 3 trunks and subinterface. Refer to the appropriate Cisco IOS XR configuration guide for other
restrictions.
Enhanced Performance Monitoring for Layer 2 Subinterfaces (EFPs)
Beginning in Cisco IOS XR Release 4.0.1, the Cisco ASR 9000 Series Router adds support for basic
counters for performance monitoring on Layer 2 subinterfaces.
This section provides a summary of the new support for Layer 2 interface counters. For information
about how to configure Performance Monitoring, see the Implementing Performance Management
chapter of the Cisco ASR 9000 Series Aggregation Services Router System Monitoring Configuration
Guide.
The interface basic-counters keyword has been added to support a new entity for performance statistics
collection and display on Layer 2 interfaces in the following commands:
performance-mgmt statistics interface basic-counters
performance-mgmt threshold interface basic-counters
performance-mgmt apply statistics interface basic-counters
performance-mgmt apply threshold interface basic-counters
performance-mgmt apply monitor interface basic-counters
show performance-mgmt monitor interface basic-counters
show performance-mgmt statistics interface basic-countersConfiguring Ethernet Interfaces on the Cisco ASR 9000 Series Router
Information About Configuring Ethernet
HC-36
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
The performance-mgmt threshold interface basic-counters command supports the following attribute
values for Layer 2 statistics, which also appear in the show performance-mgmt statistics interface
basic-counters and show performance-mgmt monitor interface basic-counters command:
Other Performance Management Enhancements
The following additional performance management enhancements are included in
Cisco IOS XR Release 4.0.1:
You can retain performance management history statistics across a process restart or route processor
(RP) failover using the new history-persistent keyword option for the performance-mgmt
statistics interface command.
You can save performance management statistics to a local file using the performance-mgmt
resources dump local command.
You can filter performance management instances by defining a regular expression group
(performance-mgmt regular-expression command), which includes multiple regular expression
indices that specify strings to match. You apply a defined regular expression group to one or more
statistics or threshold templates in the performance-mgmt statistics interface or
performance-mgmt thresholds interface commands.
Frequency Synchronization and SyncE
Cisco IOS XR Release 3.9 introduces support for SyncE-capable Ethernet on the Cisco ASR 9000 Series
Router. Frequency Synchronization provides the ability to distribute precision clock signals around the
network. Highly accurate timing signals are initially injected into the Cisco ASR 9000 router in the
network from an external timing technology (such as Cesium atomic clocks, or GPS), and used to clock
the router's physical interfaces. Peer routers can then recover this precision frequency from the line, and
also transfer it around the network. This feature is traditionally applicable to SONET/SDH networks, but
with Cisco IOS XR Release 3.9, is now provided over Ethernet for Cisco ASR 9000 Series
Aggregation Services Routers with Synchronous Ethernet capability.
interface
controller
Attribute Description
InOctets Bytes received (64-bit)
InPackets Packets received (64-bit)
InputQueueDrops Input queue drops (64-bit)
InputTotalDrops Inbound correct packets discarded (64-bit)
InputTotalErrors Inbound incorrect packets discarded (64-bit)
OutOctets Bytes sent (64-bit)
OutPackets Packets sent (64-bit)
OutputQueueDrops Output queue drops (64-bit)
OutputTotalDrops Outband correct packets discarded (64-bit)
OutputTotalErrors Outband incorrect packets discarded (64-bit)Configuring Ethernet Interfaces on the Cisco ASR 9000 Series Router
How to Configure Ethernet
HC-37
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide
OL-26061-02
clock-interface sync location
Where expands to:
frequency synchronization
selection input
ssm disable
priority
quality transmit { lowest [ highest ] |
highest |
exact }
quality receive { lowest [ highest ] |
highest |
exact }
wait-to-restore
Download the complete book (PDF - 4 MB)