28.7 DHCP Relay Across VRF
The EOS DHCP relay agent supports forwarding of DHCP requests to DHCP servers located in a different VRF to the DHCP client interface VRF. In order to enable VRF support for the DHCP relay agent, Option 82 (DHCP Relay Agent Information Option) must first be enabled. The DHCP relay agent uses Option 82 to pass client specific information to the DHCP server.
These sections describe DHCP Relay across VRF features:
The DHCP relay agent inserts Option 82 information into the DHCP forwarded request, which requires the DHCP server belongs to a network on an interface, and that interface belongs to a different VRF than the DHCP client interface. Option 82 information includes the following:
VPN identifier: The VRF name for the ingress interface of the DHCP request, inserted as sub-option 151.
Figure 28-1: VPN Identifier
SubOpt
Len
ASCII VRF Identifier
151
7
V
R
F
N
A
M
E
Link selection: The subnet address of the interface that receives the DHCP request, inserted as sub-option 5. When the DHCP smart relay is enabled, the link selection is filled with the subnet of the active address. The relay agent will set the Gateway IP address (gIPaddr) to its own IP address so that DHCP messages can be routed over the network to the DHCP server.
Figure 28-2: Link Selection
SubOpt
Len
Subnet IP Address
5
4
A1
A2
A3
A4
Server identifier override: The primary IP address of the interface that receives the DHCP request, inserted as sub-option 11. When the DHCP smart relay is enabled, the server identifier is filled with the active address (one of the primary or secondary addresses chosen by smart relay mechanism).
Figure 28-3: Link Selection
SubOpt
Len
Overriding Server Identifier Address
11
4
B1
B2
B3
B4
VSS control suboption as suboption 152: The DHCP server will strip out this suboption when sending the response to the relay, indicating that the DHCP server used VPN information to allocate IP address.
Note The DHCP server must be capable of handling VPN identifier information in option 82.
Direct communication between DHCP client and server may not be possible as they are in separate VRFs. The Server identifier override and Link Selection sub-options set the relay agent to act as the DHCP server, and enable all DHCP communication to flow through the relay agent.
The relay agent adds all the appropriate sub-options, and forwards all (including renew and release) request packets to the DHCP server. When the DHCP server response messages are received by the relay, Option 82 information is removed and the response is forwarded to the DHCP client in the client VRF.
28.7.1 Global Configuration
The DHCP relay agent information option is inserted in DHCP messages relayed to the DHCP server. The ip helper-address command enables DHCP relay on an interface; and relays DHCP messages to the specified IPv4 address.
Example
This command enables DHCP relay on the interface Ethernet 1/2; and relays DHCP messages to the server at 1.1.1.1.
switch(config)#interface ethernet 1/2
switch(config-if-Et1/2)#ip helper-address 1.1.1.1
switch(config-if-Et1/2)#
The commands provided in examples below will turn on the attachment of VRF-related tags in the relay agent information option. If both the DHCP client interface and server interface are on the same VRF (default or non-default), then no VRF-related DHCP relay agent information option is inserted.
Examples
This command configures the DHCP relay to add option 82 information.
switch(config)#ip dhcp relay information option
These commands configures two new VRF instances and assign them Route Distinguishers (RDs).
switch(config)#vrf instance mtxxg-vrf
switch(config-vrf-mtxxg-vrf)#router bgp 50
switch(config-router-bgp)#vrf mtxxg-vrf
switch(config-router-bgp-vrf-mtxxg-vrf)#rd 5546:5546
 
switch(config)#vrf instance qchyh-vrf
switch(config-vrf-qchyh-vrf)#router bgp 50
switch(config-router-bgp)#vrf qchyh-vrf
switch(config-router-bgp-vrf-qchyh-vrf)#rd 218:218
This command configures an interface connected to DHCP client in vrf mtxxg-vrf and assigns an IP address.
switch(config)#interface Ethernet 9
switch(config-if-Et9)#no switchport
This command configures the DHCP client interface in VRF mtxxg-vrf.
switch(config-if-Et9)#vrf mtxxg-vrf
switch(config-if-Et9)#ip address 10.10.0.1/16
This command configures the server interface in VRF qchyh-vrf.
switch(config-if-Et11)#vrf qchyh-vrf
switch(config-if-Et11)#ip address 10.40.0.1/16
This command configures a helper address for a DHCP server in VRF qchyh-vrf.
switch(config-if-Et11)#ip helper-address 10.40.2.3 vrf qchyh-vrf
28.7.2 Show Command
Example
This command displays the VRF specifier for the server:
rtr1#show ip dhcp relay
DHCP Relay is active
DHCP Relay Option 82 is enabled
DHCP Smart Relay is disabled
Interface: Ethernet9
Option 82 Circuit ID: Ethernet9
DHCP Smart Relay is disabled
DHCP servers: 10.40.2.3
10.40.2.3:vrf=qchyh-vrf
28.8 IP NAT
Network address translation (NAT) is a router process that modifies address information of IP packets in transit. NAT is typically used to correlate address spaces between a local network and a remote, often public, network. Static NAT defines a one-to-one map between local and remote IP addresses. Static maps are configured manually through CLI commands. An interface can support multiple NAT commands, but each command must specify a unique local IP address-port location.
NAT is configured on routers that have interfaces connecting to the local networks and interfaces connecting to a remote network.
NAT is available only on FM6000 platform switches (the 7150 series).
Inside and Outside Addresses
In NAT configurations, IP addresses are placed into one of two categories: inside or outside. Inside refers to IP addresses used within the organizational network. Outside refers to addresses on an external network outside the organizational network.
28.8.1 Static IP NAT
Static NAT configurations create a one-to-one mapping and translate a particular address to another address. This type of configuration creates a permanent entry in the NAT table as long as the configuration is present, and it enables both inside and outside hosts to initiate a connection.
Static NAT options include source NAT, destination NAT, and twice NAT.
Source NAT modifies the source address in the IP header of a packet exiting the interface, and can optionally change the source port referenced in the TCP/UDP headers.
Destination NAT modifies the destination address in the IP header of a packet entering the interface, and can optionally change the destination port referenced in the TCP/UDP headers.
Twice NAT modifies both the source and destination address of packets entering and exiting the interface, and can optionally change the L4 port information in the TCP/UDP headers. Twice NAT is generally used when inside network addresses overlap or otherwise conflict with outside network addresses. When a packet exits the interface, local source and destination addresses are translated to global source and destination addresses. When a packet enters the interface, global source and destination addresses are translated to local source and destination addresses.
28.8.1.1 Configuring Static NAT
Configuring Source NAT
Network address translation of a source address (source NAT) is enabled by the ip nat source static command for the configuration mode interface. Applying source NAT to interfaces that connect to local hosts shields the IP address of the host when sending IP packets to remote destinations.
This command installs hardware translation entries for forward and reverse unicast traffic. When the rule specifies a multicast group, the command does not install the reverse path in hardware. The command may include an access control list to filter packets for translation.
Figure 28-4: Source NAT Example
Note The switch uses a common NAT table for the entire switch, not a per interface one. For example, if a customer has the same inside local address translated to different inside global addresses depending on which interface it exits. It might be translated to exit interface B’s inside global address even though it exits through interface A. A way to avoid this is to use an access list that differentiates based on the destination IP address.
Example
These commands configure VLAN 201 to translate source address 10.24.1.10 to 168.32.14.15.
switch(config)#interface vlan 201
switch(config-if-Vl201)#ip nat source static 10.24.1.10 168.32.14.15
switch(config-if-Vl201)#
The ip nat source static command may include an ACL to limit packet translation. Only packets whose source IP address matches the ACL are cleared. ACLs configured for source NAT must specify a source IP address of any. Source port or protocol matching is not permitted. The destination may be an IP subnet. Commands referencing nonexistent ACLs are accepted by the CLI but not installed in hardware until the ACL is created. Modifying a referenced ACL causes the corresponding hardware entries to be replaced by entries that match the new command.
Example
These commands configure VLAN 101 to translate the source address 10.24.1.10 to 168.32.14.15 for all packets with IP destination addresses in the 168.10.1.1/32 subnet.
switch(config)#ip access-list ACL1
switch(config-acl-ACL1)#permit ip any 168.10.1.0/24
switch(config-acl-ACL1)#exit
switch(config)#interface vlan 101
switch(config-if-Vl101)#ip nat source static 168.32.14.15 access-list ACL1 10.24.1.10
switch(config-if-Vl101)#
Configuring Destination NAT
Network address translation of a destination address (destination NAT) is enabled by the ip nat destination static command for the configuration mode interface. Applying destination NAT to interfaces that connect to remote hosts shields the IP address of the recipient host when receiving IP packets from remote destinations.
This command installs hardware translation entries for forward and reverse unicast traffic. When the rule specifies a multicast group, the command does not install the reverse path in hardware. The command may include an access control list to filter packets for translation.
Figure 28-5: Destination NAT Example
Example
These commands configure VLAN 201 to translate destination address 168.32.14.15 to 10.24.1.10.
switch(config)#interface vlan 201
switch(config-if-Vl201)#ip nat destination static 168.32.14.15 10.24.1.10
switch(config-if-Vl201)#
The ip nat destination static command may include an ACL to limit packet translation. Only packets whose source IP address matches the ACL are cleared. ACLs configured for destination NAT must specify a destination IP address of any. Destination port or protocol matching is not permitted. The source may be an IP subnet. Commands referencing nonexistent ACLs are accepted by the CLI but not installed in hardware until the ACL is created. Modifying a referenced ACL causes the corresponding hardware entries to be replaced by entries that match the new command.
Example
These commands configure VLAN 201 to translate the destination address 168.32.14.15 to 10.24.1.10 for all packets with IP source addresses in the 168.10.1.4/32 subnet.
switch(config)#ip access-list ACL2
switch(config-acl-ACL2)#permit ip 168.10.1.4/32 any
switch(config-acl-ACL2)#exit
switch(config)#interface vlan 201
switch(config-if-Vl201)#ip nat destination static 168.32.14.15 access-list ACL2 10.24.1.10
switch(config-if-Vl201)#
Configuring Twice NAT
Network address translation of both source and destination addresses on the same interface (twice NAT) is enabled by creating one source NAT rule and one destination NAT rule on the same interface and associating them through a NAT group using the ip nat source static and ip nat destination static commands.
The ip nat source static command translates the actual local source address to a source address which can be used outside the local network to reference the source. The ip nat destination static command translates an internally used destination address to the actual IP address that is the destination of the packet.
The source and destination NAT rules must reference the same NAT group, and both should either specify only IP addresses or specify both IP addresses and L4 port information. If L4 port information is configured in one rule but not in the other, an error message will be displayed.
Each NAT rule installs hardware translation entries for forward and reverse unicast traffic. When the rule specifies a multicast group, the command does not install the reverse path in hardware. Twice NAT does not support the use of access control lists to filter packets for translation.
Example
These commands configure Ethernet interface 2 to translate the local source address 10.24.1.10 to the global source address 168.32.14.15, and to translate the local destination address 10.68.104.3 to the global destination address 168.25.10.7 for all packets moving through the interface. The use of NAT group 3 is arbitrary, but must be the same in both rules.
switch(config)#interface ethernet 2
switch(config-if-Et2)#ip nat source static 10.24.1.10 168.32.14.15 group 3
switch(config-if-Et2)#ip nat destination static 10.68.104.3 168.25.10.7 group 3
28.8.1.2 Static NAT Configuration Considerations
Egress VLAN filter for static NAT
When a static source NAT is configured on an interface, the source IP translation happens only for those packets that is going 'out' of this interface. If a packet is egressing on an interface which does not have NAT configured, then the source IP is not translated.
When there are two interfaces on which static SNAT is configured then the translation specified for one interface can be applied to a packet going out on the other interface.
Example
In this example, the packets with source IP 20.1.1.1 going out of E1 will still have the source IP translated to 172.1.1.1 even though the rule is configured in E2 and not on E1.
switch(config)#interface ethernet 1
switch(config-if-Et1)# ip nat source static 10.1.1.1 171.1.1.1
switch(config)#interface ethernet 2
switch(config-if-Et2)#ip nat source static 20.1.1.1 172.1.1.1
To prevent this, use an ACL to filter the traffic that needs NAT on the interfaces.
switch(config)#ip access-list acl1
switch(config-acl-acl1)#permit ip any 171.1.1.0/24
switch(config)#ip access-list acl2
switch(config-acl-acl2)#permit ip any 172.1.1.0/24
switch(config)#interface ethernet 1
switch(config-if-Et1)# ip nat source static 10.1.1.1 access-list acl1 171.1.1.1
switch(config)#interface ethernet 2
switch(config-if-Et2)#ip nat source static 20.1.1.1 access-list acl2 172.1.1.1
ACL filtering is not supported when using twice NAT.
28.8.2 Dynamic NAT
Dynamic NAT can be used when fewer addresses are accessible than the number of hosts to be translated. A NAT table entry is created when the host starts a connection and establishes a one-to-one mapping between addresses. The mapping can vary and is dependent upon the registered addresses in the pool at the time of the communication. Dynamic NAT sessions are only allowed to be initiated only from inside networks. NAT should be configured on a Layer 3 interface, either a routed port or Switch Virtual Interface (SVI). If the host doesn't communicate for a specific period, dynamic NAT entries are removed from the translation table. The address will then returned to the pool for use by another host
Figure 28-6: Dynamic NAT Scenario
Dynamic NAT options:
Many-to-Many NAT
Maps local addresses to a global address that is selected from a pool of global addresses. After pool is configured, the first available address from the pool is picked dynamically on receiving the first packet.
Many-to-One NAT (PAT)
PAT is a form of dynamic NAT where multiple local addresses are mapped to a single global address (many-to-one) using different source ports. This method is also called NAT Overloading, NAPT (Network and Port address translation), and Masquerade. The global address can be the IP address configured on the outside interface.
Hardware entries that translate packets are created when the CLI command is processed. Entries for forward and reverse traffic are created for unicast traffic. The hardware entry for reverse traffic is not created for multicast traffic.
Commands may include ACLs to filter packets that are cleared. Source NAT use ACLs to filter packets based on destination IP address. Destination NAT use ACLs to filter packets based on source IP address. Upon using NAT, inside usually refers to a private network while outside usually refers to a public network.
A switch with NAT configured translates forwarded traffic between inside and outside interfaces, and the flow that matches the criteria specified for translation.
The same IP address can't be used for the NAT static configuration and in the pool for dynamic NAT configurations. Public IP addresses must be unique. The global addresses used in static translations aren't excluded with dynamic pools containing the same global addresses.
Hardware entries that translate packets are created when the CLI command is processed. Entries for forward and reverse traffic are created for unicast traffic. The hardware entry for reverse traffic is not created for multicast traffic.
Commands may include ACLs to filter packets that are cleared. Source NAT use ACLs to filter packets based on destination IP address. Destination NAT use ACLs to filter packets based on source IP address. When using NAT, inside usually refers to a private network while outside usually refers to a public network.
A switch with NAT configured translates forwarded traffic between inside and outside interfaces, and the flow that matches the criteria specified for translation.
Important! The same IP address can't be used for the NAT static configuration and in the pool for dynamic NAT configurations. Public IP addresses must be unique. The global addresses used in static translations aren't excluded with dynamic pools containing the same global addresses.
28.8.2.1 Configuring Dynamic NAT
Prerequisites
Configure an ACL to specify IP addresses allowed to be translated.
Determine if you should use an IP address as the translated source address.
Decide on a public IP address pool for address translation.
Configure the Address Pool
The addresses used for translation are configured by issuing the ip nat pool command in global configuration mode.
Example
This command configures the pool of addresses using start address, and end address.
switch(config)#ip nat pool p1 10.15.15.15 10.15.15.25
switch(config)#
Set the IP Address
The ip address command configures VLAN 201 with an IP address.
Example
This command configures an IPv4 address for VLAN 201.
switch(config)#interface vlan 201
switch(config-if-Vl201)#ip address 10.0.0.1/24
switch(config-if-Vl201)#
This command configures the dynamic NAT source address and sets the NAT overload for pool P2.
switch(config-if-Vl201)#ip nat source dynamic access-list ACL2 pool p2
switch(config-if-Vl201)#
Define the NAT Source Address for Translation
The ip nat source dynamic command specifies a dynamic translation from the source IP address to the pool and to overload the pool address (or addresses).
Example
This command configures the dynamic NAT source address and sets the pool P2 NAT overload.
switch(config)#interface ethernet 3/1
switch(config-if-Et3/1)#ip nat source dynamic access-list ACL2 pool p2
switch(config-if-Et3/1)#
Specify the Timeout Values
The ip nat translation tcp-timeout or ip nat translation udp-timeout commands alter the translation timeout period for NAT translation table entries.
Example
This command globally sets the timeout for TCP to 600 seconds.
switch(config)# ip nat translation tcp-timeout 600
switch(config)#
This command globally sets the timeout for UDP to 800 seconds.
switch(config)# ip nat translation udp-timeout 8 00
switch(config)#
28.8.2.2 Verify the NAT Configuration
Display the Address Pools
The show ip nat pool command displays the configuration of the address pool.
Example
This command displays all the address pools configured on the switch.
switch#show ip nat pool
Pool                 StartIp               EndIp                 Prefix
p1                   10.15.15.15           10.15.15.25           24
p2                   10.10.15.15           10.10.15.25           22
p3                   10.12.15.15           10.12.15.25           12
switch#
28.8.2.3 Clearing IP NAT Table Entries
Use the clear ip nat flow translation command to remove all or the specified NAT table entries.
Example
This command clears all dynamic entries from the NAT table.
switch#clear ip nat flow translation
switch#
28.8.2.4 Dynamic NAT Configuration Considerations
Configuring Dynamic NAT Using Pools in a L2 Adjacent Network
When many-to-one dynamic NAT is configured using a NAT pool, and the next hop router for the NAT device is on the same network (L2 adjacent), then you must configure the IP addresses in the NAT pool as a secondary address on the interface.
Example
The IP addresses in the NAT pool are configured as the secondary address on the interface.
switch(config)#ip nat pool p1 10.1.1.1 10.1.1.4 prefix-length 24
switch(config)#interface ethernet 1
switch(config-if-Et1)#ip nat source dynamic access-list a1 pool p1
switch(config-if-Et1)#ip address 10.1.1.1/24 secondary
switch(config-if-Et1)#ip address 10.1.1.2/24 secondary
switch(config-if-Et1)#ip address 10.1.1.3/24 secondary
switch(config-if-Et1)#ip address 10.1.1.4/24 secondary
Configuring Dynamic NAT Using Pool in a L3 Network
If the next hop of the NAT device is on a different subnet, then you should configure a static Null route for the IP addresses in the NAT pool. Redistribute the static route using BGP/OSPF.
Example
Outside Interface
switch(config)#interface port-channel 319
switch(config-if-Po319)#ip nat source dynamic access-list dynamic-nat-m2m pool natpl-dynamic-nat-m2m
switch(config)#ip access-list dynamic-nat-m2m
switch(config-acl-dynamic-nat-m2m)#10 permit ip 192.168.93.0/24 any
switch(config)#ip nat pool natpl-dynamic-nat-m2m prefix-length 24
switch(config-natpool-p1)#range 11.3.3.2 11.3.3.10
Static Null Route for Virtual IP
switch(config)#ip route 11.0.0.0/8 Null0
switch(config)#router ospf 1
switch(config-router-ospf)#redistribute static
Configuring Dynamic NAT Using Overload with ECMP Routes
Dynamic many-to-one NAT using overload (PAT) should not be configured on interfaces that form an ECMP group. When one interface in the group goes down, the return packet for connections that are already established will continue to go to the IP address of the interface that went down and will not be forwarded to the inside host. For this type of scenario, use Dynamic NAT with pool configurations.
28.8.2.5 Dynamic NAT Peer State Synchronization
The NAT peer state synchronization provides redundancy and resiliency for dynamic NAT across a pair of devices to avoid single NAT device failure. Both devices in redundant pair are active and they track new sessions and create or delete NAT entries dynamically. Essentially, an active NAT entry is maintained on both devices irrespective of who created the NAT entry.
Configuring Dynamic NAT Peer State Synchronization
The following prerequisites should be fulfilled before configuring NAT peer state synchronization on devices in a redundant pair.
Both devices in redundant pair must be reachable across an IP address.
NAT version on both devices in redundant pair must be compatible.
Dynamic NAT configuration must be identical across both devices in redundant pair.
The following configuration output indicates a valid running configuration of the NAT peer state synchronization on one device.
ip nat pool POOL61 prefix-length 24
  range 170.24.0.2 170.24.0.200
 
 
ip access-list NatACL61
  10 permit ip 61.0.0.0/16 any
 
 
interface Port-Channel5
  mtu 9214
  no switchport
  ip address 10.0.0.1/31
  ip nat source dynamic access-list NatACL61 pool POOL61
 
 
ip nat synchronization
  peer-address 11.11.11.1
  local-interface Vlan1111
  port-range 1024 2048
The following limitations are applicable during NAT peer state synchronization.
While configuring dynamic NAT peer state synchronization across peer switches, the port range values of the switches should always be disjoint to avoid virtual IP conflict.
NAT peer state synchronization does not support asymmetrical TCP setup (SYN - SYNACK - ACK should always be hashed to the same peer.)
The connection is only synchronized with a peer if the TCP state is established.
28.9 TCP MSS Ceiling
The TCP ceiling involves clamping the maximum segment size (MSS) in the TCP header of TCP SYN packets, if the MSS exceeds the configured ceiling limit for the interface. By clamping the MSS limit, you can avoid IP fragmentation in tunnel scenarios by ensuring this limit accommodates the extra overhead of GRE and tunnel outer IP headers.
A major use case of the TCP MSS ceiling is observed during connectivity towards cloud providers via GRE that requires asymmetric routing.
TCP MSS ceiling is supported on the following platforms:
DCS-7020R series
DCS-7280R series
DCS-7280R2 series
DCS-7500N series with R series and R2 series line cards
28.9.1 Configuring the TCP MSS Ceiling
The TCP MSS ceiling limit is set on an interface using the tcp mss ceiling command in the configuration mode.
TCP MSS ceiling limitations (specific to Sand platform):
This command supports GRE tunnel interfaces and IPv4 routed interfaces in the egress direction only.
TCP MSS ceiling is supported on IPv4 unicast packets entering the switch and the configuration has no effect on GRE transit packets post configuration of the TCP MSS ceiling.
Example
These commands configure a maximum MSS ceiling value of 1458 bytes in the egress direction on an Ethernet interface 5.
switch(config)#interface ethernet 5
switch(config-if-Et5)#no switchport
switch(config-if-Et5)#tcp mss ceiling ipv4 1458 egress
28.10 IPv4 GRE Tunneling
GRE tunneling supports the forwarding over IPv4 GRE tunnel interfaces. The GRE tunnel interfaces act as a logical interface that performs GRE encapsulation or decapsulation.
The following switches support the IPv4 forwarding of GRE tunnel interface.
DCS-7020R
DCS-7280R
DCS-7500R
Note The forwarding over GRE tunnel interface on DCS-7500R is supported only if all the line cards on the system have Jericho family chip-set.
28.10.1 Configuring GRE Tunneling Interface
On a local Arista switch
switch(config)#ip routing
switch(config)#interface Tunnel 10
switch(config-if-Tu10)#tunnel mode gre
switch(config-if-Tu10)#ip address 192.168.1.1/24
switch(config-if-Tu10)#tunnel source 10.1.1.1
switch(config-if-Tu10)#tunnel destination 10.1.1.2
switch(config-if-Tu10)#tunnel path-mtu-discovery
switch(config-if-Tu10)#tunnel tos 10
switch(config-if-Tu10)#tunnel ttl 10
On a remote Arista switch
switch(config)#ip routing
switch(config)#interface Tunnel 10
switch(config-if-Tu10)#tunnel mode gre
switch(config-if-Tu10)#ip address 192.168.1.2/24
switch(config-if-Tu10)#tunnel source 10.1.1.2
switch(config-if-Tu10)#tunnel destination 10.1.1.1
switch(config-if-Tu10)#tunnel path-mtu-discovery
switch(config-if-Tu10)#tunnel tos 10
switch(config-if-Tu10)#tunnel ttl 10
Alternative configuration for tunnel source IPv4 address
switch(config)#interface Loopback 10
switch(config-if-Lo10)#ip add 10.1.1.1/32
switch(config-if-Lo10)#exit
 
switch(config)#conf terminal
switch(config)#interface Tunnel 10
switch(config-if-Tu10)#tunnel source interface Loopback 10
Configuration for adding an IPv4 route over the GRE tunnel interface
switch(config)#ip route 192.168.100.0/24 Tunnel 10
Tunnel Mode
Tunnel Mode needs to be configured as gre, for GRE tunnel interface. Default value is tunnel mode gre.
IP address
Configures the IP address for the GRE tunnel interface. The IP address can be used for routing over the GRE tunnel interface. The configured subnet is reachable over the GRE tunnel interface and the packets to the subnet are encapsulated in the GRE header.
Tunnel Source
Specifies the source IP address for the outer IPv4 encapsulation header for packets going over the GRE tunnel interface. The tunnel source IPv4 address should be a valid local IPv4 address configured on the Arista Switch. The tunnel source can also be specified as any routed interface on the Arista Switch. The routed interface’s IPv4 address is assigned as the tunnel source IPv4 address.
Tunnel Destination
Specifies the destination IPv4 address for the outer IPv4 encapsulation header for packets going over the GRE tunnel interface. The tunnel destination IPv4 should be reachable from the Arista Switch.
Tunnel Path Mtu Discovery
Specifies if the “Do not Fragment” flag needs to set in the outer IPv4 encapsulation header for packets going over the GRE tunnel interface.
Tunnel TOS
Specifies the Tunnel type of service (ToS) value to be assigned to the outer IPv4 encapsulation header for packets going over the GRE tunnel interface. Default TOS value of 0 will be assigned if tunnel TOS is not configured.
Tunnel TTL
Specifies the TTL value to the assigned to the outer IPv4 encapsulation header for packet going over the GRE tunnel interface. The TTL value is copied from the inner IPv4 header if tunnel TTL is not configured. The tunnel TTL configuration requires the tunnel Path MTU Discovery to be configured.
28.10.2 Displaying GRE tunnel Information
The following commands display the tunnel configuration.
switch#show interfaces Tunnel 10
Tunnel10 is up, line protocol is up (connected)
Hardware is Tunnel, address is 0a01.0101.0800
Internet address is 192.168.1.1/24
Broadcast address is 255.255.255.255
Tunnel source 10.1.1.1, destination 10.1.1.2
Tunnel protocol/transport GRE/IP
   Key disabled, sequencing disabled
   Checksumming of packets disabled
Tunnel TTL 10, Hardware forwarding enabled
Tunnel TOS 10
Path MTU Discovery
Tunnel transport MTU 1476 bytes
Up 3 seconds
 
switch#show gre tunnel static
Name        Index      Source         Destination       Nexthop     Interface
----------- ------- -------------- ----------------- -------------- -----------
Tunnel10    10         10.1.1.1       10.1.1.2          10.6.1.2    Ethernet6/1
 
switch#show tunnel fib static interface gre 10
Type 'Static Interface', index 10, forwarding Primary
   via 10.6.1.2, 'Ethernet6/1'
      GRE, destination 10.1.1.2, source 10.1.1.1, ttl 10, tos 0xa
 
Use show platform fap tcam summary to verify if the TCAM bank is allocated for GRE packet termination lookup.
switch#show platform fap tcam summary
 
           Tcam Allocation (Jericho0)
   Bank                   Used By    Reserved By
---------- ------------------------- -----------
      0               dbGreTunnel              -
Use show ip route to verify if the routes over tunnel is setup properly.
switch#show ip route
 
VRF: default
Codes: C - connected, S - static, K - kernel,
       O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
       E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
       N2 - OSPF NSSA external type2, B I - iBGP, B E - eBGP,
       R - RIP, I L1 - IS-IS level 1, I L2 - IS-IS level 2,
       O3 - OSPFv3, A B - BGP Aggregate, A O - OSPF Summary,
       NG - Nexthop Group Static Route, V - VXLAN Control Service,
       DH - DHCP client installed default route, M - Martian,
       DP - Dynamic Policy Route
 
Gateway of last resort is not set
 
C      192.168.1.0/24 is directly connected, Tunnel10, Static Interface GRE tunnel index 10, dst 10.1.1.2, src 10.1.1.1, TTL 10, TOS 10
S      192.168.100.0/24 is directly connected, Tunnel10, Static Interface GRE tunnel index 10, dst 10.1.1.2, src 10.1.1.1, TTL 10, TOS 10
 
The following commands are used to verify the tunnel encapsulation programming.
switch#show platform fap eedb ip-tunnel gre interface Tunnel 10
-------------------------------------------------------------------------------
|                                                  Jericho0                                        |
|                                 GRE Tunnel Egress Encapsulation DB                               |
|-----------------------------------------------------------------------------|
| Bank/ | OutLIF | Next   | VSI  | Encap | TOS  | TTL | Source | Destination| OamLIF| OutLIF | Drop|
| Offset|        | OutLIF | LSB  | Mode  |      |     | IP     | IP         | Set   | Profile|     |
|-----------------------------------------------------------------------------|
| 3/0   | 0x6000 | 0x4010 | 0    | 2     | 10   | 10  | 10.1.1.1 | 10.1.1.2 | No    | 0      | No |
 
switch#show platform fap eedb ip-tunnel
-------------------------------------------------------------------------------
|                                                  Jericho0                                     |
|                                     IP Tunnel Egress Encapsulation DB                         |
|-----------------------------------------------------------------------------|
| Bank/ | OutLIF | Next   | VSI | Encap| TOS | TTL | Src | Destination | OamLIF | OutLIF  | Drop|
| Offset|        | OutLIF | LSB | Mode | Idx | Idx | Idx | IP          | Set    | Profile |     |
|-----------------------------------------------------------------------------|
| 3/0   | 0x6000 | 0x4010 | 0   | 2    | 9   | 0   | 0   | 10.1.1.2    | No     | 0       | No |
 
28.11 IPv4 Commands
IP Routing and Address Commands
IPv4 DHCP Relay
IPv4 DHCP Snooping
IPv4 Multicast Counters
IPv4 NAT
ARP Table
arp
VRF Commands
Trident Forwarding Table Commands
IPv4 GRE Tunneling Commands
tunnel
agent SandL3Unicast terminate
The agent SandL3Unicast terminate command restarts the platform layer 3 agent to ensure IPv4 routes are optimized.
Command Mode
Global Configuration
Command Syntax
agent SandL3Unicast terminate
Related Commands
ip hardware fib optimize enables IPv4 route scale.
show platform arad ip route shows resources for all IPv4 routes in hardware. Routes that use the additional hardware resources will appear with an asterisk.
show platform arad ip route summary shows hardware resource usage of IPv4 routes.
Example
This configuration command restarts the platform layer 3 agent to ensure IPv4 routes are optimized.
switch(config)#agent SandL3Unicast terminate
SandL3Unicast was terminated
Restarting the platform layer 3 agent results in deletion of all IPv4 routes, which are re-added to the hardware.
arp
The arp command adds a static entry to an Address Resolution Protocol (ARP) cache. The switch uses ARP cache entries to correlate 32-bit IP addresses to 48-bit hardware addresses.
The no arp and default arp commands remove the ARP cache entry with the specified IP address. When multiple VRFs contain ARP cache entries for identical IP addresses, each entry can only be removed individually.
Command Mode
Global Configuration
Command Syntax
arp [VRF_INSTANCE] ipv4_addr mac_addr arpa
no arp [VRF_INSTANCE] ipv4_addr
default arp [VRF_INSTANCE] ipv4_addr
Parameters
VRF_INSTANCE     specifies the VRF instance being modified.
<no parameter>     changes are made to the default VRF.
vrf vrf_name     changes are made to the specified user-defined VRF.
ipv4_addr     IPv4 address of ARP entry.
mac_addr     local data-link (hardware) address (48-bit dotted hex notation – H.H.H).
Examples
This command adds a static entry to the ARP cache in the default VRF.
switch(config)#arp 172.22.30.52 0025.900e.c63c arpa
switch(config)#
This command adds the same static entry to the ARP cache in the VRF named “purple.”
switch(config)#arp vrf purple 172.22.30.52 0025.900e.c63c arpa
switch(config)#
arp aging timeout
The arp aging timeout command specifies the duration of dynamic address entries in the Address Resolution Protocol (ARP) cache for addresses learned through the configuration mode interface. The default duration is 14400 seconds (four hours).
The arp aging timeout and default arp aging timeout commands restores the default ARP aging timeout for addresses learned on the configuration mode interface by deleting the corresponding arp aging timeout command from running-config.
Command Mode
Interface-Ethernet Configuration
Interface-Loopback Configuration
Interface-Management Configuration
Interface-Port-channel Configuration
Interface-VLAN Configuration
Command Syntax
arp aging timeout arp_time
no arp aging timeout
default arp aging timeout
Parameters
arp_time      ARP aging timeout period (seconds). Values range from 60 to 65535. Default value is 14400.
Examples
This command specifies an ARP cache duration of 7200 seconds (two hours) for dynamic addresses added to the ARP cache that were learned through VLAN 200.
switch(config)#interface vlan 200
switch(config-if-Vl200)#arp aging timeout 7200
switch(config-if-Vl200)#show active
interface Vlan200
   arp timeout 7200
switch(config-if-Vl200)#
arp cache persistent
The arp cache persistent command restores the dynamic entries in the Address Resolution Protocol (ARP) cache after reboot.
The no arp cache persistent and default arp cache persistent commands remove the ARP cache persistent configuration from the running-config.
Command Mode
Global Configuration
Command Syntax
arp cache persistent
no arp cache persistent
default arp cache persistent
Example
This command restores the ARP cache after reboot.
switch(config)#arp cache persistent
switch(config)#
clear arp-cache
The clear arp-cache command refreshes dynamic entries in the Address Resolution Protocol (ARP) cache. Refreshing the ARP cache updates current ARP table entries and removes expired ARP entries not yet deleted by an internal, timer-driven process.
The command, without arguments, refreshes ARP cache entries for all enabled interfaces. With arguments, the command refreshes cache entries for the specified interface. Executing clear arp-cache for all interfaces can result in extremely high CPU usage while the tables are resolving.
Command Mode
Privileged EXEC
Command Syntax
clear arp-cache [VRF_INSTANCE][INTERFACE_NAME]
Parameters
VRF_INSTANCE     specifies the VRF instance for which arp data is refreshed.
<no parameter>     specifies the context-active VRF.
vrf vrf_name     specifies name of VRF instance. System default VRF is specified by default.
INTERFACE_NAME     interface upon which ARP cache entries are refreshed. Options include:
<no parameter>     All ARP cache entries.
interface ethernet e_num     ARP cache entries of specified Ethernet interface.
interface loopback l_num     ARP cache entries of specified loopback interface.
interface management m_num     ARP cache entries of specified management interface.
interface port-channel p_num     ARP cache entries of specified port-channel Interface.
interface vlan v_num     ARP cache entries of specified VLAN interface.
interface vxlan vx_num     VXLAN interface specified by vx_num.
Related Commands
cli vrf specifies the context-active VRF.
Example
These commands display the ARP cache before and after ARP cache entries are refreshed.
switch#show arp
Address         Age (min)  Hardware Addr   Interface
172.22.30.1             0  001c.730b.1d15  Management1
172.22.30.118           0  001c.7301.6015  Management1
 
switch#clear arp-cache
 
switch#show arp
Address         Age (min)  Hardware Addr   Interface
172.22.30.1             0  001c.730b.1d15  Management1
switch#
clear arp
The clear arp command removes the specified dynamic ARP entry for the specified IP address from the Address Resolution Protocol (ARP) table.
Command Mode
Privileged EXEC
Command Syntax
clear arp [VRF_INSTANCE] ipv4_addr
Parameters
VRF_INSTANCE     specifies the VRF instance for which arp data is removed.
<no parameter>     specifies the context-active VRF.
vrf vrf_name     specifies name of VRF instance. System default VRF is specified by default.
ipv4_addr     IPv4 address of dynamic ARP entry.
Related Commands
cli vrf specifies the context-active VRF.
Example
These commands display the ARP table before and after the removal of dynamic ARP entry for IP address 172.22.30.52.
switch#show arp
Address         Age (min)  Hardware Addr   Interface
172.22.30.1             0  001c.730b.1d15  Management1
172.22.30.52            0  0025.900e.c468  Management1
172.22.30.53            0  0025.900e.c63c  Management1
172.22.30.133           0  001c.7304.3906  Management1
switch#clear arp 172.22.30.52
switch#show arp
Address         Age (min)  Hardware Addr   Interface
172.22.30.1             0  001c.730b.1d15  Management1
172.22.30.53            0  0025.900e.c63c  Management1
172.22.30.133           0  001c.7304.3906  Management1
switch#
clear arp inspection statistics
The clear arp inspection statistics command clears ARP inspection statistics.
Command Mode
EXEC
Command Syntax
clear arp inspection statistics
Related Commands
Examples
This command clears ARP inspection statistics.
switch(config)#clear arp inspection statistics
switch(config)#
clear ip dhcp relay counters
The clear ip dhcp relay counters command resets the DHCP relay counters. The configuration mode determines which counters are reset:
Interface configuration: command clears the counter for the configuration mode interface.
Command Mode
Privileged EXEC
Command Syntax
clear ip dhcp relay counters [INTERFACE_NAME]
Parameters
INTERFACE_NAME     entity for which counters are cleared. Options include:
<no parameter>     clears counters for the switch and for all interfaces.
interface ethernet e_num     clears counters for the specified Ethernet interface.
interface loopback l_num     clears counters for the specified loopback interface.
interface port-channel p_num     clears counters for the specified port-channel Interface.
interface vlan v_num     clears counters for the specified VLAN interface.
Examples
These commands clear the DHCP relay counters for VLAN 1045 and shows the counters before and after the clear command.
switch#show ip dhcp relay counters
 
          |  Dhcp Packets  |
Interface | Rcvd Fwdd Drop |         Last Cleared
----------|----- ---- -----|---------------------
  All Req |  376  376    0 | 4 days, 19:55:12 ago
All Resp |  277  277    0 |
          |                |
Vlan1001 |  207  148    0 | 4 days, 19:54:24 ago
Vlan1045 |  376  277    0 | 4 days, 19:54:24 ago
 
switch#clear ip dhcp relay counters interface vlan 1045
 
          |  Dhcp Packets  |
Interface | Rcvd Fwdd Drop |         Last Cleared
----------|----- ---- -----|---------------------
  All Req |  380  380    0 | 4 days, 21:19:17 ago
All Resp |  281  281    0 |
          |                |
Vlan1000 |  207  148    0 | 4 days, 21:18:30 ago
Vlan1045 |    0    0    0 |          0:00:07 ago
These commands clear all DHCP relay counters on the switch.
switch(config-if-Vl1045)#exit
switch(config)#clear ip dhcp relay counters
switch(config)#show ip dhcp relay counters
 
          |  Dhcp Packets  |
Interface | Rcvd Fwdd Drop | Last Cleared
----------|----- ---- -----|-------------
  All Req |    0    0    0 |  0:00:03 ago
All Resp |    0    0    0 |
          |                |
Vlan1000 |    0    0    0 |  0:00:03 ago
Vlan1045 |    0    0    0 |  0:00:03 ago
clear ip dhcp snooping counters
The clear ip dhcp snooping counters command resets the DHCP snooping packet counters.
Command Mode
Privileged EXEC
Command Syntax
clear ip dhcp snooping counters [COUNTER_TYPE]
Parameters
COUNTER_TYPE     The type of counter that the command resets. Options include:
<no parameter>     counters for each VLAN.
debug     aggregate counters and drop cause counters.
Example
This command clears the DHCP snooping counters for each VLAN.
switch#clear ip dhcp snooping counters
switch#show ip dhcp snooping counters
 
     | Dhcp Request Pkts | Dhcp Reply Pkts |
Vlan |  Rcvd  Fwdd  Drop | Rcvd Fwdd  Drop | Last Cleared
-----|------ ----- ------|----- ---- ------|-------------
100 |     0     0     0 |    0    0     0 |  0:00:10 ago
 
switch#
This command clears the aggregate DHCP snooping counters.
switch#clear ip dhcp snooping counters debug
switch#show ip dhcp snooping counters debug
 
Counter                       Snooping to Relay Relay to Snooping
----------------------------- ----------------- -----------------
Received                                      0                 0
Forwarded                                     0                 0
Dropped - Invalid VlanId                      0                 0
Dropped - Parse error                         0                 0
Dropped - Invalid Dhcp Optype                 0                 0
Dropped - Invalid Info Option                 0                 0
Dropped - Snooping disabled                   0                 0
 
Last Cleared:  0:00:08 ago
switch#
clear ip multicast count
The clear ip multicast count command clears all counters associated with the multicast traffic.
Command Mode
Gobal Configuration
Command Syntax
clear ip multicast count [group_address [source_address]]
Parameters
<no parameters>     clears all counts of the multicast route traffic
group_address     clears the multicast traffic count of the specified group address
source_address     clears the multicast traffic count of the specified group and source addresses
Guidelines
This command functions only when the ip multicast count command is enabled.
Examples
This command clears all counters associated with the multicast traffic.
switch(config)#clear ip multicast count
This command clears the multicast traffic count of the specified group address.
switch(config)#clear ip multicast count 16.39.24.233
clear ip nat flow translation
The clear ip nat flow translation command clears all or the specified NAT table entries.
Command Mode
Privileged EXEC
Command Syntax
clear ip nat flow translation [HOST_ADDR [DEST_ADDR]] [INTF] [PROT_TYPE]
Parameters
DEST_ADDR immediately follows HOST_ADDR. All other parameters, including HOST_ADDR, may be placed in any order.
HOST_ADDR     Host address to be modified. Options include:
<no parameter>     All packets with specified destination address are cleared.
address local_ipv4     IPv4 address.
address local_ipv4   local_port     IPv4 address and port (port value ranges from 1 to 65535).
DEST_ADDR     Destination address of translated packet. Destination address can be entered only when the HOST_ADDR is specified. Options include:
<no parameter>     All packets with specified destination address are cleared.
global_ipv4     IPv4 address.
global_ipv4   global_port     IPv4 address and port (port value ranges from 1 to 65535).
INTF    Route source. Options include:
<no parameter>     All packets with specified destination address are cleared.
interface ethernet e_num     Ethernet interface specified by e_num.
interface loopback l_num     Loopback interface specified by l_num.
interface management m_num     Management interface specified by m_num.
interface port-channel p_num     Port-channel interface specified by p_num.
interface vlan v_num     VLAN interface specified by v_num.
PROT_TYPE     Filters packets based on protocol type. Options include:
<no parameter>     All packets with specified destination address are cleared.
tcp     TCP packets with specified destination address are cleared.
udp     UDP packets with specified destination address are cleared.
Example
This command clears all dynamic entries from the NAT translation table
switch#clear ip nat flow translation
switch#
This command clears a specific NAT IP address 172.22.30.52.
switch#clear ip nat flow translation address 172.22.30.52
switch#
This command clears the inside entry that maps the private address 10.10.10.3 to Internet address 172.22.30.52.
switch#clear ip nat flow translation address 172.22.30.52 10.10.10.3
switch#
cli vrf
The cli vrf command specifies the context-active VRF. The context-active VRF determines the default VRF that VRF-context aware commands use when displaying routing table data.
Command Mode
Privileged EXEC
Command Syntax
cli vrf [VRF_ID]
Parameters
VRF_ID     Name of VRF assigned as the current VRF scope. Options include:
vrf_name     Name of user-defined VRF.
default     System-default VRF.
Guidelines
VRF-context aware commands include:
Related Commands
show routing-context vrf displays the context-active VRF.
Example
These commands specify magenta as the context-active VRF, then display the context-active VRF.
switch#cli vrf magenta
switch#show routing-context vrf
Current VRF routing-context is magenta
switch#
description (VRF)
The description command adds a text string to the configuration mode VRF. The string has no functional impact on the VRF.
The no description and default description commands remove the text string from the configuration mode VRF by deleting the corresponding description command from running-config.
Command Mode
VRF Configuration
Command Syntax
description label_text
no description
default description
Parameters
label_text     character string assigned to the VRF configuration.
Related Commands
vrf instance places the switch in VRF configuration mode.
Examples
These commands add description text to the magenta VRF.
switch(config)#vrf instance magenta
switch(config-vrf-magenta)#description This is the first vrf
switch(config-vrf-magenta)#show active
vrf instance magenta
   description This is the first vrf
switch(config-vrf-magenta)#
ip address
The ip address command configures the IPv4 address and connected subnet on the configuration mode interface. Each interface can have one primary address and multiple secondary addresses.
The no ip address and default ip address commands remove the IPv4 address assignment from the configuration mode interface. Entering the command without specifying an address removes the primary and all secondary addresses from the interface. The primary address cannot be deleted until all secondary addresses are removed from the interface.
Removing all IPv4 address assignments from an interface disables IPv4 processing on that port.
Command Mode
Interface-Ethernet Configuration
Interface-Loopback Configuration
Interface-Management Configuration
Interface-Port-channel Configuration
Interface-VLAN Configuration
Command Syntax
ip address ipv4_subnet [PRIORITY]
no ip address [ipv4_subnet] [PRIORITY]
default ip address [ipv4_subnet] [PRIORITY]
Parameters
ipv4_subnet     IPv4 and subnet address (CIDR or address-mask notation). Running-config stores value in CIDR notation.
PRIORITY     interface priority. Options include:
<no parameter>     the address is the primary IPv4 address for the interface.
secondary     the address is the secondary IPv4 address for the interface.
Guidelines
The ip address command is supported on routable interfaces.
Example
This command configures an IPv4 address for VLAN 200.
switch(config)#interface vlan 200
switch(config-if-Vl200)#ip address 10.0.0.1/24
switch(config-if-Vl200)#
ip arp inspection limit
The ip arp inspection limit command err-disables the interface if the incoming ARP rate exceeds the configured value rate limit the incoming ARP packets on an interface.
Command Mode
EXEC
Command Syntax
[no | default] ip arp inspection limit [RATE <pps>] [BURST_INTERVAL <sec> | none]
Parameters
RATE     specifies the ARP inspection limit rate in packets per second.
<pps>     ARP inspection limit rate packets per second.
BURST_INTERVAL     specifies the ARP inspection limit burst interval.
<sec>     burst interval second.
Related Commands
Examples
This command configures the rate limit of incoming ARP packets to errdisable the interface when the incoming ARP rate exceeds the configured value, sets the rate to 512 (which is the upper limit for the number of invalid ARP packets allowed per second), and sets the burst consecutive interval over which the interface is monitored for a high ARP rate to 11 seconds.
switch(config)#ip arp inspection limit rate 512 burst interval 11
switch(config)#
This command displays verification of the interface specific configuration.
switch(config)#interface Ethernet 3 / 1
switch(config)#ip arp inspection limit rate 20 burst interval 5
switch(config)#interface Ethernet 3 / 3
switch(config)#ip arp inspection trust
switch(config)#show ip arp inspection interfaces
 Interface      Trust State  Rate (pps) Burst Interval
 -------------  -----------  ---------- --------------
 Et3/1          Untrusted    20         5
 Et3/3          Trusted      None       N/A
 
switch(config)#
ip arp inspection logging
The ip arp inspection logging command enables logging of incoming ARP packets on the interface if the rate exceeds the configured value.
Command Mode
EXEC
Command Syntax
[no | default] ip arp inspection logging [RATE <pps>] [BURST_INTERVAL <sec> | none]
Parameters
RATE     specifies the ARP inspection limit rate in packets per second.
<pps>     ARP inspection limit rate packets per second.
BURST_INTERVAL     specifies the ARP inspection limit burst interval.
<sec>     burst interval second.
Related Commands
Example
This command enables logging of incoming ARP packets when the incoming ARP rate exceeds the configured value on the interface, sets the rate to 2048 (which is the upper limit for the number of invalid ARP packets allowed per second), and sets the burst consecutive interval over which the interface is monitored for a high ARP rate to 15 seconds.
switch(config)#ip arp inspection logging rate 2048 burst interval 15
switch(config)#
ip arp inspection trust
The ip arp inspection trust command configures the trust state of an interface. By default, all interfaces are untrusted.
Command Mode
EXEC
Command Syntax
[no | default] ip arp inspection trust
Related Commands
Examples
This command configures the trust state of an interface.
switch(config)#ip arp inspection trust
switch(config)#
This command configures the trust state of an interface to untrusted.
switch(config)#no ip arp inspection trust
switch(config)#
This command configures the trust state of an interface to its default (untrusted).
switch(config)#default ip arp inspection trust
switch(config)#
ip arp inspection vlan
The ip arp inspection vlan command enables ARP inspection. ARP requests and responses on untrusted interfaces are intercepted on specified VLANs, and intercepted packets are verified to have valid IP-MAC address bindings. All invalid ARP packets are dropped. On trusted interfaces, all incoming ARP packets are processed and forwarded without verification. By default, ARP inspection is disabled on all VLANs.
Command Mode
EXEC
Command Syntax
ip arp inspection vlan [LIST]
Parameters
LIST     specifies the VLAN interface number.
Related Commands
Examples
This command enables ARP inspection on VLANs 1 through 150.
switch(config)#ip arp inspection vlan 1 - 150
switch(config)#
This command disables ARP inspection on VLANs 1 through 150.
switch(config)#no ip arp inspection vlan 1 - 150
switch(config)#
This command sets the ARP inspection default to VLANs 1 through 150.
switch(config)#default ip arp inspection vlan 1 - 150
switch(config)#
These commands enable ARP inspection on multiple VLANs 1 through 150 and 200 through 250.
switch(config)#ip arp inspection vlan 1-150,200-250
switch(config)#
ip dhcp relay all-subnets
The ip dhcp relay all-subnets command configures the DHCP smart relay status on the configuration mode interface. DHCP smart relay supports forwarding DHCP requests with a client’s secondary IP addresses in the gateway address field. Enabling DHCP smart relay on an interface requires that DHCP relay is also enabled on that interface.
By default, an interface assumes the global DHCP smart relay setting as configured by the ip dhcp relay all-subnets default command. The ip dhcp relay all-subnets command, when configured, takes precedence over the global smart relay setting.
The no ip dhcp relay all-subnets command disables DHCP smart relay on the configuration mode interface. The default ip dhcp relay all-subnets command restores the interface’s to the default DHCP smart relay setting, as configured by the ip dhcp relay all-subnets default command, by removing the corresponding ip dhcp relay all-subnets or no ip dhcp relay all-subnets statement from running-config.
Command Mode
Interface-Ethernet Configuration
Interface-Port-channel Configuration
Interface-VLAN Configuration
Command Syntax
ip dhcp relay all-subnets
no ip dhcp relay all-subnets
default ip dhcp relay all-subnets
Examples
This command enables DHCP smart relay on VLAN interface 100.
switch(config)#interface vlan 100
switch(config-if-Vl100)#ip helper-address 10.4.4.4
switch(config-if-Vl100)#ip dhcp relay all-subnets
switch(config-if-Vl100)#show ip dhcp relay
DHCP Relay is active
DHCP Relay Option 82 is disabled
DHCP Smart Relay is enabled
Interface: Vlan100
  DHCP Smart Relay is enabled
  DHCP servers: 10.4.4.4
switch(config-if-Vl100)#
This command disables DHCP smart relay on VLAN interface 100.
switch(config-if-Vl100)#no ip dhcp relay all-subnets
switch(config-if-Vl100)#show active
interface Vlan100
   no ip dhcp relay all-subnets
   ip helper-address 10.4.4.4
switch(config-if-Vl100)#show ip dhcp relay
DHCP Relay is active
DHCP Relay Option 82 is disabled
DHCP Smart Relay is enabled
Interface: Vlan100
  DHCP Smart Relay is disabled
  DHCP servers: 10.4.4.4
switch(config-if-Vl100)#
This command enables DHCP smart relay globally, configures VLAN interface 100 to use the global setting, then displays the DHCP relay status
switch(config)#ip dhcp relay all-subnets default
switch(config)#interface vlan 100
switch(config-if-Vl100)#ip helper-address 10.4.4.4
switch(config-if-Vl100)#default ip dhcp relay
switch(config-if-Vl100)#show ip dhcp relay
DHCP Relay is active
DHCP Relay Option 82 is disabled
DHCP Smart Relay is enabled
Interface: Vlan100
  Option 82 Circuit ID: 333
  DHCP Smart Relay is enabled
  DHCP servers: 10.4.4.4
switch(config-if-Vl100)#
ip dhcp relay all-subnets default
The ip dhcp relay all-subnets default command configures the global DHCP smart relay setting. DHCP smart relay supports forwarding DHCP requests with a client’s secondary IP addresses in the gateway address field. The default global DHCP smart relay setting is disabled.
The global DHCP smart relay setting is applied to all interfaces for which an ip dhcp relay all-subnets statement is not configured. Enabling DHCP smart relay on an interface requires that DHCP relay is also enabled on that interface.
The no ip dhcp relay all-subnets default and default ip dhcp relay all-subnets default commands restore the global DHCP smart relay default setting of disabled by removing the ip dhcp relay all-subnets default command from running-config.
Command Mode
Global Configuration
Command Syntax
ip dhcp relay all-subnets default
no ip dhcp relay all-subnets default
default ip dhcp relay all-subnets default
Related Commands
ip helper-address enables the DHCP relay agent on a configuration mode interface.
ip dhcp relay all-subnets enables the DHCP smart relay agent on a configuration mode interface.
Example
This command configures the global DHCP smart relay setting to enabled.
switch(config)#ip dhcp relay all-subnets default
switch(config)#
ip dhcp relay always-on
The ip dhcp relay always-on command enables the switch DHCP relay agent on the switch regardless of the DHCP relay agent status on any interface. By default, the DHCP relay agent is enabled only if at least one routable interface is configured with an ip helper-address statement.
The no ip dhcp relay always-on and default ip dhcp relay always-on commands remove the ip dhcp relay always-on command from running-config.
Command Mode
Global Configuration
Command Syntax
ip dhcp relay always-on
no ip dhcp relay always-on
default ip dhcp relay always-on
Related Commands
These commands implement DHCP relay agent.
Example
This command enables the DHCP relay agent.
switch(config)#ip dhcp relay always-on
switch(config)#
ip dhcp relay information option (Global)
The ip dhcp relay information option command configures the switch to attach tags to DHCP requests before forwarding them to the DHCP servers designated by ip helper-address commands. The ip dhcp relay information option circuit-id command specifies the tag contents for packets forwarded by the interface that it configures.
The no ip dhcp relay information option and default ip dhcp relay information option commands restore the switch’s default setting of not attaching tags to DHCP requests by removing the ip dhcp relay information option command from running-config.
Command Mode
Global Configuration
Command Syntax
ip dhcp relay information option
no ip dhcp relay information option
default ip dhcp relay information option
Related Commands
These commands implement DHCP relay agent.
Example
This command enables the attachment of tags to DHCP requests that are forwarded to DHCP server addresses.
switch(config)#ip dhcp relay information option
switch(config)#
ip dhcp relay information option circuit-id
The ip dhcp relay information option circuit-id command specifies the content of tags that the switch attaches to DHCP requests before they are forwarded from the configuration mode interface to DHCP server addresses specified by ip helper-address commands. Tags are attached to outbound DHCP requests only if the information option is enabled on the switch ( ip dhcp relay information option circuit-id. The default value for each interface is the name and number of the interface.
The no ip dhcp relay information option circuit-id and default ip dhcp relay information option circuit-id commands restore the default content setting for the configuration mode interface by removing the corresponding command from running-config.
Command Mode
Interface-Ethernet Configuration
Interface-Loopback Configuration
Interface-Management Configuration
Interface-Port-channel Configuration
Interface-VLAN Configuration
Command Syntax
ip dhcp relay information option circuit-id id_label
no ip dhcp relay information option circuit-id
default ip dhcp relay information option circuit-id
Parameters
id_label     Tag content. Format is alphanumeric characters (maximum 15 characters).
Related Commands
Example
This command configures x-1234 as the tag content for packets send from VLAN 200.
switch(config)#interface vlan 200
switch(config-if-Vl200)#ip dhcp relay information option circuit-id x-1234
switch(config-if-Vl200)#
ip dhcp snooping
The ip dhcp snooping command enables DHCP snooping globally on the switch. DHCP snooping is a set of layer 2 processes that can be configured on LAN switches and used with DHCP servers to control network access to clients with specific IP/MAC addresses. The switch supports Option-82 insertion, which is a DHCP snooping process that allows relay agents to provide remote-ID and circuit-ID information to DHCP reply and request packets. DHCP servers use this information to determine the originating port of DHCP requests and associate a corresponding IP address to that port. DHCP servers use port information to track host location and IP address usage by authorized physical ports.
DHCP snooping uses the information option (Option-82) to include the switch MAC address (router-ID) along with the physical interface name and VLAN number (circuit-ID) in DHCP packets. After adding the information to the packet, the DHCP relay agent forwards the packet to the DHCP server as specified by the DHCP protocol.
DHCP snooping on a specified VLAN requires all of these conditions to be met:
DHCP snooping is globally enabled.
Insertion of option-82 information in DHCP packets is enabled.
DHCP snooping is enabled on the specified VLAN.
DHCP relay is enabled on the corresponding VLAN interface.
The no ip dhcp snooping and default ip dhcp snooping commands disables global DHCP snooping by removing the ip dhcp snooping command from running-config.
Command Mode
Global Configuration
Command Syntax
ip dhcp snooping
no ip dhcp snooping
default ip dhcp snooping
Related Commands
ip dhcp snooping information option enables insertion of option-82 snooping data.
ip helper-address enables the DHCP relay agent on a configuration mode interface.
Example
This command globally enables snooping on the switch, displaying DHCP snooping status prior and after invoking the command.
switch(config)#show ip dhcp snooping
DHCP Snooping is disabled
switch(config)#ip dhcp snooping
switch(config)#show ip dhcp snooping
DHCP Snooping is enabled
DHCP Snooping is not operational
DHCP Snooping is configured on following VLANs:
  None
DHCP Snooping is operational on following VLANs:
  None
Insertion of Option-82 is disabled
switch(config)#
ip dhcp snooping information option
The ip dhcp snooping information option command enables the insertion of option-82 DHCP snooping information in DHCP packets on VLANs where DHCP snooping is enabled. DHCP snooping is a layer 2 switch process that allows relay agents to provide remote-ID and circuit-ID information to DHCP reply and request packets. DHCP servers use this information to determine the originating port of DHCP requests and associate a corresponding IP address to that port.
DHCP snooping uses information option (Option-82) to include the switch MAC address (router-ID) along with the physical interface name and VLAN number (circuit-ID) in DHCP packets. After adding the information to the packet, the DHCP relay agent forwards the packet to the DHCP server through DHCP protocol processes.
DHCP snooping on a specified VLAN requires all of these conditions to be met:
DHCP snooping is globally enabled.
Insertion of option-82 information in DHCP packets is enabled.
DHCP snooping is enabled on the specified VLAN.
DHCP relay is enabled on the corresponding VLAN interface.
When global DHCP snooping is not enabled, the ip dhcp snooping information option command persists in running-config without any operational effect.
The no ip dhcp snooping information option and default ip dhcp snooping information option commands disable the insertion of option-82 DHCP snooping information in DHCP packets by removing the ip dhcp snooping information option statement from running-config.
Command Mode
Global Configuration
Command Syntax
ip dhcp snooping information option
no ip dhcp snooping information option
default ip dhcp snooping information option
Related Commands
ip dhcp snooping globally enables DHCP snooping.
ip helper-address enables the DHCP relay agent on a configuration mode interface.
Example
These commands enable DHCP snooping on DHCP packets from ports on snooping-enabled VLANs. DHCP snooping was previously enabled on the switch.
switch(config)#ip dhcp snooping information option
switch(config)#show ip dhcp snooping
DHCP Snooping is enabled
DHCP Snooping is operational
DHCP Snooping is configured on following VLANs:
  100
DHCP Snooping is operational on following VLANs:
  100
Insertion of Option-82 is enabled
  Circuit-id format: Interface name:Vlan ID
  Remote-id: 00:1c:73:1f:b4:38 (Switch MAC)
switch(config)#
ip dhcp snooping vlan
The ip dhcp snooping vlan command enables DHCP snooping on specified VLANs. DHCP snooping is a layer 2 process that allows relay agents to provide remote-ID and circuit-ID information in DHCP packets. DHCP servers use this data to determine the originating port of DHCP requests and associate a corresponding IP address to that port. DHCP snooping is configured on a global and VLAN basis.
VLAN snooping on a specified VLAN requires each of these conditions:
DHCP snooping is globally enabled.
Insertion of option-82 information in DHCP packets is enabled.
DHCP snooping is enabled on the specified VLAN.
DHCP relay is enabled on the corresponding VLAN interface.
When global DHCP snooping is not enabled, the ip dhcp snooping vlan command persists in running-config without any operational affect.
The no ip dhcp snooping information option and default ip dhcp snooping information option commands disable DHCP snooping operability by removing the ip dhcp snooping information option statement from running-config.
Command Mode
Global Configuration
Command Syntax
ip dhcp snooping vlan v_range
no ip dhcp snooping vlan v_range
default ip dhcp snooping vlan v_range
Parameters
v_range     VLANs upon which snooping is enabled. Formats include a number, a number range, or a comma-delimited list of numbers and ranges. Numbers range from 1 to 4094.
Related Commands
ip dhcp snooping globally enables DHCP snooping.
ip dhcp snooping information option enables insertion of option-82 snooping data.
ip helper-address enables the DHCP relay agent on a configuration mode interface.
Example
These commands enable DHCP snooping globally, DHCP on VLAN interface100, and DHCP snooping on VLAN 100.
switch(config)#ip dhcp snooping
switch(config)#ip dhcp snooping information option
switch(config)#ip dhcp snooping vlan 100
switch(config)#interface vlan 100
switch(config-if-Vl100)#ip helper-address 10.4.4.4
switch(config-if-Vl100)#show ip dhcp snooping
DHCP Snooping is enabled
DHCP Snooping is operational
DHCP Snooping is configured on following VLANs:
  100
DHCP Snooping is operational on following VLANs:
  100
Insertion of Option-82 is enabled
  Circuit-id format: Interface name:Vlan ID
  Remote-id: 00:1c:73:1f:b4:38 (Switch MAC)
switch(config)#
ip hardware fib ecmp resilience
The ip hardware fib ecmp resilience command enables resilient ECMP for the specified IP address prefix and configures a fixed number of next hop entries in the hardware ECMP table for that prefix. In addition to specifying the maximum number of next hop addresses that the table can contain for the prefix, the command includes a redundancy factor that allows duplication of each next hop address. The fixed table space for the address is the maximum number of next hops multiplied by the redundancy factor.
Resilient ECMP is useful when it is not desirable for routes to be rehashed due to link flap, as when ECMP is being used for load balancing.
The no ip hardware fib ecmp resilience and default ip hardware fib ecmp resilience commands restore the default hardware ECMP table management by removing the ip hardware fib ecmp resilience command from running-config.
Command Mode
Global Configuration
Command Syntax
ip hardware fib ecmp resilience net_addr capacity nhop_max redundancy duplicates
no ip hardware fib ecmp resilience net_addr
default ip hardware fib ecmp resilience net_addr
Parameters
net_addr     IP address prefix managed by command. (CIDR or address-mask).
nhop_max     Maximum number of nexthop addresses for specified IP address prefix. Value range varies by platform:
Helix: <2 to 64>
Trident: <2 to 32>
Trident II: <2 to 64>
duplicates     Specifies the redundancy factor. Value ranges from 1 to 128.
Example
This command configures a hardware ECMP table space of 24 entries for the IP address 10.14.2.2/24. A maximum of six next-hop addresses can be specified for the IP address. When the table contains six next-hop addresses, each appears in the table four times. When the table contains fewer than six next-hop addresses, each is duplicated until the 24 table entries are filled.
switch(config)#ip hardware fib ecmp resilience 10.14.2.2/24 capacity 6 redundancy 4
switch(config)#
ip hardware fib optimize
The ip hardware fib optimize command enables IPv4 route scale. The platform layer 3 agent is restarted to ensure IPv4 routes are optimized with the agent SandL3Unicast terminate command for the configuration mode interface.
Command Mode
Global Configuration
Command Syntax
ip hardware fib optimize exact-match prefix-length <prefix-length>
<optional: prefix-length>
no ip hardware fib optimize exact-match prefix-length <prefix-length>
<optional: prefix-length>
Parameters
prefix-length     The length of the prefix equal to 12, 16, 20, 24, 28, or 32. One additional prefix-length limited to the prefix-length of 32 is optional.
Related Commands
agent SandL3Unicast terminate enables restarting the layer 3 agent to ensure IPv4 routes are optimized.
show platform arad ip route shows resources for all IPv4 routes in hardware. Routes that use the additional hardware resources will appear with an asterisk.
show platform arad ip route summary shows hardware resource usage of IPv4 routes.
Examples
This configuration command allows configuring prefix lengths 12 and 32.
switch(config)#ip hardware fib optimize exact-match prefix-length 12 32
! Please restart layer 3 forwarding agent to ensure IPv4 routes are optimized
One of the two prefixes in this command is a prefix-length of 32, which is required in the instance where there are two prefixes. For this command to take effect, the platform layer 3 agent must be restarted.
This configuration command restarts the platform layer 3 agent to ensure IPv4 routes are optimized.
switch(config)#agent SandL3Unicast terminate
SandL3Unicast was terminated
Restarting the platform layer 3 agent results in deletion of all IPv4 routes, which are re-added to the hardware.
This configuration command allows configuring prefix lengths 32 and 16.
switch(config)#ip hardware fib optimize exact-match prefix-length 32 16
! Please restart layer 3 forwarding agent to ensure IPv4 routes are optimized
One of the two prefixes in this command is a prefix-length of 32, which is required in the instance where there are two prefixes. For this command to take effect, the platform layer 3 agent must be restarted.
This configuration command restarts the platform layer 3 agent to ensure IPv4 routes are optimized.
switch(config)#agent SandL3Unicast terminate
SandL3Unicast was terminated
Restarting the platform layer 3 agent results in deletion of all IPv4 routes, which are re-added to the hardware.
This configuration command allows configuring prefix length 24.
switch(config)#ip hardware fib optimize exact-match prefix-length 24
! Please restart layer 3 forwarding agent to ensure IPv4 routes are optimized
In this instance, there is only one prefix-length, so a prefix-length of 32 is not required. For this command to take effect, the platform layer 3 agent must be restarted.
This configuration command restarts the platform layer 3 agent to ensure IPv4 routes are optimized.
switch(config)#agent SandL3Unicast terminate
SandL3Unicast was terminated
Restarting the platform layer 3 agent results in deletion of all IPv4 routes, which are re-added to the hardware.
This configuration command allows configuring prefix length 32.
switch(config)#ip hardware fib optimize exact-match prefix-length 32
! Please restart layer 3 forwarding agent to ensure IPv4 routes are optimized
For this command to take effect, the platform layer 3 agent must be restarted.
This configuration command restarts the platform layer 3 agent to ensure IPv4 routes are optimized.
switch(config)#agent SandL3Unicast terminate
SandL3Unicast was terminated
Restarting the platform layer 3 agent results in deletion of all IPv4 routes, which are re-added to the hardware.
Example
This configuration command disables configuring prefix lengths 12 and 32.
switch(config)#no ip hardware fib optimize exact-match prefix-length 12 32
! Please restart layer 3 forwarding agent to ensure IPv4 routes are not optimized
One of the two prefixes in this command is a prefix-length of 32, which is required in the instance where there are two prefixes. For this command to take effect, the platform layer 3 agent must be restarted.
ip helper-address
The ip helper-address command enables the DHCP relay agent on the configuration mode interface and specifies a forwarding address for DHCP requests. An interface that is configured with multiple helper-addresses forwards DHCP requests to all specified addresses.
The no ip helper-address and default ip helper-address commands remove the corresponding ip helper-address command from running-config. Commands that do not specify an IP helper-address removes all helper-addresses from the interface.
Command Mode
Interface-Ethernet Configuration
Interface-Port-channel Configuration
Interface-VLAN Configuration
Command Syntax
ip helper-address ipv4_addr [vrf vrf_name] [source-address ipv4_addr | source-interface INTERFACES]]
no ip helper-address [ipv4_addr]
default ip helper-address [ipv4_addr]
Parameters
vrf vrf_name     specify the user-defined VRF for DHCP server.
ipv4_addr     specify the DHCP server address accessed by interface.
source-address ipv4_addr     specify the source IPv4 address to communicate with DHCP server.
source-interface INTERFACES     specify the source interface to communicate with DHCP server. Options include:
Ethernet eth_num     specify the Ethernet interface number. Value ranges from 1 to 64.
Loopback lpbck_num     specify the loopback interface number. Value ranges from 0 to 1000.
Management mgmt_num     specify the management interface number. Accepted values are 1 and 2.
Port-Channel {int_num | sub_int_num}     specify the port-channel interface number. Value of interface ranges from 1 to 2000. Value of sub-interface ranges from 1 to 4094.
Tunnel tnl_num     specify the tunnel interface number. Value ranges from 0 to 255.
VLAN vlan_num     specify the Ethernet interface number. Value ranges from 1 to 4094.
Related Commands
Guidelines
If the source-address parameter is specified, then the DHCP client receives an IPv4 address from the subnet of source IP address. The source-address must be one of the configured addresses on the interface.
Examples
This command enables DHCP relay on the VLAN interface 200; and configure the switch to forward DHCP requests received on this interface to the server at 10.10.41.15.
switch(config)#interface vlan 200
switch(config-if-Vl200)#ip helper-address 10.10.41.15
switch(config-if-Vl200)#show active
interface Vlan200
   ip helper-address 10.10.41.15
switch(config-if-Vl200)#
This command enables DHCP relay on the interface Ethernet 1/2; and configures the switch to use 2.2.2.2 as the source IP address when relaying IPv4 DHCP messages to the server at 1.1.1.1.
switch(config)#interface ethernet 1/2
switch(config-if-Et1/2)#ip helper-address 1.1.1.1 source-address 2.2.2.2
switch(config-if-Et1/2)#
ip icmp redirect
The ip icmp redirect command enables the transmission of ICMP redirect messages. Routers send ICMP redirect messages to notify data link hosts of the availability of a better route for a specific destination.
The no ip icmp redirect disables the switch from sending ICMP redirect messages.
Command Mode
Global Configuration
Command Syntax
ip icmp redirect
no ip icmp redirect
default ip icmp redirect
Example
This command disables the redirect messages.
switch(config)#no ip icmp redirect
switch(config)#show running-config
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
!
no ip icmp redirect
ip routing
!
<-------OUTPUT OMITTED FROM EXAMPLE-------->
switch(config)#
ip load-sharing
The ip load-sharing command provides the hash seed to an algorithm that the switch uses to distribute data streams among multiple equal-cost routes to an individual IPv4 subnet.
In a network topology using Equal-Cost Multipath routing, all switches performing identical hash calculations may result in hash polarization, leading to uneven load distribution among the data paths. Hash polarization is avoided when switches use different hash seeds to perform different hash calculations.
The no ip load-sharing and default ip load-sharing commands return the hash seed to the default value of zero by removing the ip load-sharing command from running-config.
Command Mode
Global Configuration
Command Syntax
ip load-sharing HARDWARE seed
no ip load-sharing HARDWARE
default ip load-sharing HARDWARE
Parameters
HARDWARE     The ASIC switching device. The available option depend on the switch platform. Verify available options with the CLI ? command.
arad     
fm6000     
petraA     
trident     
seed     The hash seed. Value range varies by switch platform. The default value on all platforms is 0.:
when HARDWARE=arad     seed ranges from 0 to 2.
when HARDWARE=fm6000     seed ranges from 0 to 39.
when HARDWARE=petraA     seed ranges from 0 to 2.
when HARDWARE=trident     seed ranges from 0 to 5.
Example
This command sets the IPv4 load sharing hash seed to one on FM6000 platform switches.
switch(config)#ip load-sharing fm6000 1
switch(config)#
ip local-proxy-arp
The ip local-proxy-arp command enables local proxy ARP (Address Resolution Protocol) on the configuration mode interface. When local proxy ARP is enabled, ARP requests received on the configuration mode interface will return an IP address even when the request comes from within the same subnet.
The no ip local-proxy-arp and default ip local-proxy-arp commands disable local proxy ARP on the configuration mode interface by removing the corresponding ip local-proxy-arp command from running-config.
Command Mode
Interface-Ethernet Configuration
Interface-Loopback Configuration
Interface-Management Configuration
Interface-Port-channel Configuration
Interface-VLAN Configuration
Command Syntax
ip local-proxy-arp
no ip local-proxy-arp
default ip local-proxy-arp
Example
These commands enable local proxy ARP on VLAN interface 140.
switch(config)#interface vlan 140
switch(config-if-Vl140)#ip local-proxy-arp
switch(config-if-Vl140)#show active
interface Vlan140
   ip local-proxy-arp
switch(config-if-Vl140)#
ip multicast count
The ip multicast count command enables the IPv4 multicast route traffic counter of group and source addresses in either bytes or packets.
The no ip multicast count command deletes all multicast counters including the routes of group and source addresses.
The no ip multicast count group_address source_address command removes the current configuration of the specified group and source addresses. It does not delete the counter because the wildcard is still active.
The default ip multicast count command reverts the current counter configuration of multicast route to the default state.
Command Mode
Global Configuration
Command Syntax
ip multicast count [group_address [source_address] | bytes | packets]
no ip multicast count [group_address [source_address] | bytes | packets]
default ip multicast count [group_address [source_address] | bytes | packets]
Parameters
group_address     configures the multicast route traffic count of the specified group address
source_address     configures the multicast route traffic count of the specified group and source addresses
bytes     configures the multicast route traffic count to bytes
packets     configures the multicast route traffic count to packets
Guidelines
This command is supported on the Alta platform only.
Examples
This command configures the multicast route traffic count to bytes.
switch(config)#ip multicast count bytes
This command configures the multicast route traffic count of the specified group and source addresses.
switch(config)#ip multicast count 10.50.30.23 45.67.89.100
This command deletes all multicast counters including the routes of group and source addresses.
switch(config)#no ip multicast count
This command reverts the current multicast route configuration to the default state.
switch(config)#default ip multicast count
ip nat destination static
The ip nat destination static command enables NAT of a specified destination address for the configuration mode interface. This command installs hardware translation entries for forward and reverse unicast traffic. When the rule specifies a multicast group, the command does not install the reverse path in hardware. The command may include an access control list to filter packets for translation.
When configuring twice NAT, an arbitrary NAT group number is used to associate the source NAT and destination NAT rules. This number must be the same in both rules.
The no ip nat destination static and default ip nat destination static commands disables NAT translation of the specified destination address by removing the corresponding ip nat destination static command from running_config.
Command Mode
Interface-Ethernet Configuration
Interface-Port-channel Configuration
Interface-VLAN Configuration
Command Syntax
ip nat destination static ORIGINAL [FILTER] TRANSLATED [PROT_TYPE] [group group_number]
no ip nat destination static ORIGINAL [FILTER] TRANSLATED [PROT_TYPE] [group group_number]
default ip nat destination static ORIGINAL [FILTER] TRANSLATED [PROT_TYPE] [group group_number]
Parameters
ORIGINAL     Destination address to be modified. Options include:
local_ipv4     IPv4 address.
local_ipv4   local_port     IPv4 address and port (port value ranges from 1 to 65535).
FILTER     Access control list that filters packets. Options include:
<no parameter>     All packets with specified destination address are cleared.
access-list list_name     List that specifies the packets that are cleared. Not supported when configuring twice NAT.
TRANSLATED     Destination address of translated packet. Options include:
global_ipv4     IPv4 address.
global_ipv4   global_port     IPv4 address and port (port value ranges from 1 to 65535). When configuring twice NAT, source and destination NAT rules must either both specify a port translation or both not specify a port translation.
PROT_TYPE     Filters packets based on protocol type. Options include:
<no parameter>     All packets with specified destination address are cleared.
protocol tcp     TCP packets with specified destination address are cleared.
protocol udp     UDP packets with specified destination address are cleared.
group group_number     Used only when configuring twice NAT, the NAT group number associates a source NAT rule with a destination NAT rule on the same interface. The group number (values range from 1 to 255) is arbitrary, but must be the same in both rules.
Example
These commands configure VLAN 201 to translate destination address 10.24.1.10 to 168.32.14.15.
switch(config)#interface vlan 201
switch(config-if-Vl201)#ip nat destination static 10.24.1.10 168.32.14.15
switch(config-if-Vl201)#
These commands configure VLAN 201 to translate the source address 10.24.1.10 to 168.32.14.15 for all packets with IP destination addresses in the 168.10.1.1/32 subnet.
switch(config)#ip access-list ACL2
switch(config-acl-ACL2)#permit ip 168.10.1.1/32 any
switch(config-acl-ACL2)#exit
switch(config)#interface vlan 201
switch(config-if-Vl201)#ip nat destination static 10.24.1.10 access-list ACL2 168.32.14.15
switch(config-if-Vl201)#
These commands configure Ethernet interface 2 to translate the local source address 10.24.1.10 to the global source address 168.32.14.15, and to translate the local destination address 10.68.104.3 to the global destination address 168.25.10.7 for all packets moving through the interface. The use of NAT group 3 is arbitrary, but must be the same in both rules.
switch(config)#interface ethernet 2
switch(config-if-Et2)#ip nat source static 10.24.1.10 168.32.14.15 group 3
switch(config-if-Et2)#ip nat destination static 10.68.104.3 168.25.10.7 group 3
 
ip nat pool
The ip nat pool command identifies a pool of addresses using start address, end address, and either netmask or prefix length. If its starting IP address and ending IP address are the same, there is only one address in the address pool.
The no ip nat pool removes the ip nat pool command from running_config.
Command Mode
Global Configuration
Command Syntax
ip nat pool pool_name [ADDRESS_SPAN] SUBNET_SIZE
no ip nat pool pool_name
default ip nat pool pool_name
Parameters
pool_name     name of the IP address pool.
ADDRESS_SPAN     Options include:
start_addr     The first IP address in the address pool (IPv4 addresses in dotted decimal notation).
end_addr     The last IP address in the address pool. (IPv4 addresses in dotted decimal notation).
SUBNET_SIZE     this functions as a sanity check to ensure it is not a network or broadcast network. Options include:
netmask ipv4_addr     The netmask of the address pool’s network (dotted decimal notation).
prefix-length <0 to 32>     The number of bits of the netmask (of the address pool’s network) that are ones (how many bits of the address indicate network).
Examples
This command configures the pool of addresses using start address, end address, and prefix length of 24.
switch(config)#ip nat pool poo1 10.15.15.15 10.15.15.25 prefix-length 24
switch(config)
This command removes the pool of addresses.
switch(config)# no ip nat pool poo1 10.15.15.15 10.15.15.25 prefix-length 24
switch(config)
ip nat source dynamic
The ip nat source dynamic command enables NAT of a specified source address for packets sent and received on the configuration mode interface. This command installs hardware translation entries for forward and reverse traffic. When the rule specifies a multicast group, the command does not install the reverse path in hardware. The command may include an access control list to filter packets for translation.
The no ip nat source dynamic and default ip nat source dynamic commands disables NAT translation of the specified destination address by removing the corresponding ip nat source dynamic command from running_config.
Note Ethernet and Port-channel interfaces should be configured as routed ports.
Command Mode
Interface-Ethernet Configuration
Interface-Port-channel Configuration
Interface-VLAN Configuration
Command Syntax
ip nat source dynamic access-list acl_name POOL_TYPE
no ip nat source dynamic access-list acl_name
default ip nat source dynamic access-list acl_name
Parameters
acl_name     Access control list that controls the internal network addresses eligible for NAT.
POOL_TYPE     Options include:
overload     Translates multiple local addresses to a single global address. When overloading is enabled, conversations using the same IP address are distinguished by their TCP or UDP port number.
pool pool_name    The name of the IP address pool. The pool is defined using the ip nat pool command.
The pool option is required even if the pool has just one address. NAT uses that one address for all of the translations.
pool_fullcone    Enables full cone NAT where all requests from the same internal IP address and port are mapped to the same external IP address and port.
Example
This command configures the dynamic NAT source address and sets the NAT overload for pool P2.
switch(config)#interface ethernet 3/1
switch(config-if-Et3/1)#ip nat source dynamic access-list ACL2 pool p2
switch#
This command disables the NAT source translation on interface Ethernet 3/1.
switch(config)#interface ethernet 3/1
switch(config-if-Et3/1)# no ip nat source dynamic access-list ACL2
switch(config-if-Et3/1)#
ip nat source static
The ip nat source static command enables NAT of a specified source address for the configuration mode interface. This command installs hardware translation entries for forward and reverse unicast traffic. When the rule specifies a multicast group, the command does not install the reverse path in hardware. The command may include an access control list to filter packets for translation.
When configuring twice NAT, an arbitrary NAT group number is used to associate the source NAT and destination NAT rules. This number must be the same in both rules.
The no ip nat source static and default ip nat source static commands disables NAT translation of the specified source address by removing the corresponding ip nat source command from running_config.
Command Mode
Interface-Ethernet Configuration
Interface-Port-channel Configuration
Interface-VLAN Configuration
Command Syntax
ip nat source static ORIGINAL [FILTER] TRANSLATED [PROT_TYPE] [group group_number]
no ip nat source static ORIGINAL [FILTER] TRANSLATED [PROT_TYPE] [group group_number]
default ip nat source static ORIGINAL [FILTER] TRANSLATED [PROT_TYPE] [group group_number]
Parameters
ORIGINAL     Source address to be modified. Options include:
original_ipv4     IPv4 address.
original_ipv4    original_port     IPv4 address and port (port value ranges from 1 to 65535).
FILTER     Access control list that filters packets. Options include:
<no parameter>     All packets with specified source address are cleared.
access-list list_name     List that specifies the packets that are cleared. Not supported when configuring twice NAT.
TRANSLATED     Source address of translated packet. Options include:
translated_ipv4     IPv4 address.
translated_ipv4   translated_port     IPv4 address and port (port value ranges from 1 to 65535). When configuring twice NAT, source and destination NAT rules must either both specify a port translation or both not specify a port translation.
PROT_TYPE     Filters packets based on protocol type. Options include:
<no parameter>     All packets with specified source address are cleared.
protocol tcp     TCP packets with specified source address are cleared.
protocol udp     UDP packets with specified source address are cleared.
group group_number     Used only when configuring twice NAT, the NAT group number associates a source NAT rule with a destination NAT rule on the same interface. The group number (values range from 1 to 255) is arbitrary, but must be the same in both rules.
Restrictions
If ORIGINAL includes a port, TRANSLATED must also include a port.
If ORIGINAL does not include a port, TRANSLATED cannot include a port.
Example
These commands configure VLAN 101 to translate source address 10.24.1.10 to 168.32.14.15.
switch(config)#interface vlan 101
switch(config-if-Vl101)#ip nat source static 10.24.1.10 168.32.14.15
switch(config-if-Vl101)#
These commands configure VLAN 100 to translate the source address 10.24.1.10 to 168.32.14.15 for all packets with IP destination addresses in the 168.10.1.1/32 subnet.
switch(config)#ip access-list ACL1
switch(config-acl-ACL1)#permit ip any 168.10.1.1/32
switch(config-acl-ACL1)#exit
switch(config)#interface vlan 101
switch(config-if-Vl101)#ip nat source static 10.24.1.10 access-list ACL1 168.32.141.15
switch(config-if-Vl101)#
These commands configure Ethernet interface 2 to translate the local source address 10.24.1.10 to the global source address 168.32.14.15, and to translate the local destination address 10.68.104.3 to the global destination address 168.25.10.7 for all packets moving through the interface. The use of NAT group 3 is arbitrary, but must be the same in both rules.
switch(config)#interface ethernet 2
switch(config-if-Et2)#ip nat source static 10.24.1.10 168.32.14.15 group 3
switch(config-if-Et2)#ip nat destination static 10.68.104.3 168.25.10.7 group 3
ip nat translation counters
The ip nat translation counters command enables the feature to count packets that are translated by static and twice NAT rules in hardware. Once this feature is enabled, all current rules in hardware and new rules that are configured after running this command receive policers for counting packets.
The no ip nat translation counters and default ip nat translation counters commands disable the packet counter feature for static and twice NAT connections.
Command Mode
Global Configuration
Command Syntax
ip nat translation counters
no ip nat translation counters
default ip nat translation counters
Guidelines
The ip nat translation counters command is supported on the DCS-7150 series switches only. This command is solely intended to debug static and twice NAT translation failures in hardware. Disable this feature after completing troubleshooting. If this feature remains enabled even when the count of static connections exceed 275, it can cause unpredictable behavior including restart of FocalPointV2 agent. The restart of FocalPointV2 agent results in traffic disruption.
Example
The ip nat translation counters command enables the packet counter feature for static and twice NAT connections. Using the show ip nat translation hardware detail and show ip nat translation twice hardware detail commands, you can verify the packet count.
switch(config)#ip nat translation counters
switch(config)#show ip nat translation hardware detail
Source IP           Destination IP      Translated IP     TGT Type Intf   Proto     Packets    Packets Reply
------------------------------------------------------------------------------------------------------------
192.168.10.2:0      -                    20.1.10.2:0      SRC STAT Vl2640 -           2              1
192.168.110.2:0     -                    20.1.110.2:0     SRC STAT Vl2640 -           2              1
switch(config)#show ip nat translation twice hardware detail
Source IP      Destination IP   Translated        Translated       Intf       Group    Packets   Packets
                                  Src IP            Dst IP                    Proto              Reply
---------------------------------------------------------------------------------------------------------
192.16.50.2:0   10.1.50.2:0      20.1.50.2:0       10.1.60.2:0     Vl2922 2     -         2        1
19.16.150.2:0   10.1.150.2:0     20.1.150.2:0      10.1.160.2:0    Vl2922 12    -         2
ip nat translation low-mark
The ip nat translation low-mark command configures the minimum threshold that triggers the resumption of programming new NAT translation connections.
The ip nat translation max-entries command specifies the maximum number of NAT translation connections that can be stored. When this limit is reached, new connections are dropped instead of being programmed in hardware or software. At this point no new connections will be programmed until the number of stored entries drop below the configured low-mark, expressed as a percentage of the max-entries value. The default low mark value is 90%.
The no ip nat translation low-mark and default ip nat translation low-mark commands restores the default low-mark value by removing the ip nat translation low-mark command from running_config.
Command Mode
Global Configuration
Command Syntax
ip nat translation low-mark threshold
no ip nat translation low-mark
default ip nat translation low-mark
Parameters
threshold     Percentage of maximum connection entries. Value ranges from 1 to 99. Default is 90.
Examples
This command globally sets the translation low mark of 93%.
switch(config)#ip nat translation low-mark 93
switch(config)#
ip nat translation max-entries
The ip nat translation max-entries command specifies maximum number of NAT translation connections. After this threshold is reached, new connections are dropped until the number of programmed connections is reduced below the level specified by the ip nat translation low-mark command.
The no ip nat translation max-entries and default ip nat translation max-entries commands removes the maximum connection limit and resets the parameter value to zero by removing the ip nat translation max-entries command from running_config.
Command Mode
Global Configuration
Command Syntax
ip nat translation max-entries connections
no ip nat translation max-entries
default ip nat translation max-entries
Parameters
connections     The maximum number of NAT translation connections. Value ranges from 0 to 4294967295. Default value is 0, which removes the connection limit.
Examples
This command limits the number of NAT translation connections the switch can store to 3000.
switch(config)#ip nat translation max-entries 3000
switch(config)#
ip nat translation tcp-timeout
The ip nat translation tcp-timeout command specifies the translation timeout period for translation table entries. The timeout period specifies the interval during which the switch will attempt to reuse an existing TCP translation for devices specified by table entries.
The no ip nat translation tcp-timeout and default ip nat translation tcp-timeout commands reset the timeout to its default by removing the corresponding ip nat translation tcp-timeout command from running_config.
Command Mode
Global Configuration
Command Syntax
ip nat translation tcp-timeout period
no ip nat translation tcp-timeout
default ip nat translation tcp-timeout
Parameters
period     Time-out period in seconds for port translations. Value ranges from 0 to 4294967295. Default value is 86400 (24 hours).
Examples
This command sets the TCP timeout for translations to 600 seconds.
switch(config)# ip nat translation tcp-timeout 600
switch(config)#
This command removes the TCP translation timeout.
switch(config)# no ip nat translation tcp-timeout
switch(config)#
ip nat translation udp-timeout
The ip nat translation udp-timeout command specifies the translation timeout period for translation table entries. The timeout period specifies the interval the switch attempts to establish a UDP connection with devices specified by table entries.
The no ip nat translation udp-timeout and default ip nat translation udp-timeout commands disables NAT translation of the specified destination address by removing the corresponding ip nat translation udp-timeout command from running_config.
Command Mode
Global Configuration
Command Syntax
ip nat translation udp-timeout period
no ip nat translation udp-timeout
default ip nat translation udp-timeout
Parameters
period      Value ranges from 0 to 4294967295. Default value is 300 (5 minutes).
Examples
This command globally sets the timeout for UDP to 800 seconds.
switch(config)# ip nat translation udp-timeout 8 00
This command removes the timeout for UDP.
switch(config)# no ip nat translation udp-timeout
ip proxy-arp
The ip proxy-arp command enables proxy ARP on the configuration mode interface. Proxy ARP is disabled by default.
The no ip proxy-arp and default ip proxy-arp commands disable proxy ARP on the configuration mode interface by removing the corresponding ip proxy-arp command from running-config.
Command Mode
Interface-Ethernet Configuration
Interface-Loopback Configuration
Interface-Management Configuration
Interface-Port-channel Configuration
Interface-VLAN Configuration
Command Syntax
ip proxy-arp
no ip proxy-arp
default ip proxy-arp
Examples
This command enables proxy ARP on Ethernet interface 4.
switch(config)#interface ethernet 4
switch(config-if-Et4)#ip proxy-arp
switch(config-if-Et4)#
ip route
The ip route command creates a static route. The destination is a network segment; the nexthop address is either an IPv4 address or a routable port. When multiple routes exist to a destination prefix, the route with the lowest administrative distance takes precedence.
By default, the administrative distance assigned to static routes is 1. Assigning a higher administrative distance to a static route configures it to be overridden by dynamic routing data. For example, a static route with an administrative distance value of 200 is overridden by OSPF intra-area routes, which have a default administrative distance of 110.
Tags are used by route maps to filter routes. The default tag value on static routes is 0.
Multiple routes with the same destination and the same administrative distance comprise an Equal Cost Multi-Path (ECMP) route. The switch attempts to spread outbound traffic equally through all ECMP route paths. All paths comprising an ECMP are assigned identical tag values; commands that change the tag value of a path change the tag value of all paths in the ECMP.
The no ip route and default ip route commands delete the specified static route by removing the corresponding ip route command from running-config. Commands that do not list a nexthop address remove all ip route statements with the specified destination from running-config. If an ip route statement exists for the same IP address in multiple VRFs, each must be removed separately. All static routes in a user-defined VRF are deleted when the VRF is deleted.
Command Mode
Global Configuration
Command Syntax
ip route [VRF_INSTANCE] dest_net NEXTHOP [DISTANCE] [TAG_OPTION] [RT_NAME]
no ip route [VRF_INSTANCE] dest_net [NEXTHOP] [DISTANCE]
default ip route [VRF_INSTANCE] dest_net [NEXTHOP] [DISTANCE]
Parameters
VRF_INSTANCE     Specifies the VRF instance being modified.
<no parameter>     Changes are made to the default VRF.
vrf vrf_name     Changes are made to the specified VRF.
dest_net     Destination IPv4 subnet (CIDR or address-mask notation).
NEXTHOP    Location or access method of next hop device. Options include:
ipv4_addr     An IPv4 address.
null0     Null0 interface.
ethernet e_num     Ethernet interface specified by e_num.
loopback l_num     Loopback interface specified by l_num.
management m_num     Management interface specified by m_num.
port-channel p_num     Port-channel interface specified by p_num.
vlan v_num     VLAN interface specified by v_num.
vxlan vx_num     VXLAN interface specified by vx_num.
DISTANCE     Administrative distance assigned to route. Options include:
<no parameter>      Route assigned default administrative distance of one.
<1-255>     The administrative distance assigned to route.
TAG_OPTION     static route tag. Options include:
<no parameter>      Assigns default static route tag of 0.
tag t_value      Static route tag value. t_value ranges from 0 to 4294967295.
RT_NAME     Associates descriptive text to the route. Options include:
<no parameter>      No text is associated with the route.
name descriptive_text     The specified text is assigned to the route.
Related Commands
ip route nexthop-group command creates a static route that specifies a Nexthop Group to determine the Nexthop address.
Example
This command creates a static route in the default VRF.
switch(config)#ip route 172.17.252.0/24 vlan 2000
switch(config)#
ip routing
The ip routing command enables IPv4 routing. When IPv4 routing is enabled, the switch attempts to deliver inbound packets to destination IPv4 addresses by forwarding them to interfaces or next hop addresses specified by the forwarding table.
The no ip routing and default ip routing commands disable IPv4 routing by removing the ip routing command from running-config. When IPv4 routing is disabled, the switch attempts to deliver inbound packets to their destination MAC addresses. When this address matches the switch’s MAC address, the packet is delivered to the CPU. IP packets with IPv4 destinations that differ from the switch’s address are typically discarded. The delete-static-routes option removes static entries from the routing table.
IPv4 routing is disabled by default.
Command Mode
Global Configuration
Command Syntax
ip routing [VRF_INSTANCE]
no ip routing [DELETE_ROUTES] [VRF_INSTANCE]
default ip routing [DELETE_ROUTES] [VRF_INSTANCE]
Parameters
DELETE_ROUTES     Resolves routing table static entries when routing is disabled.
<no parameter>     Routing table retains static entries.
delete-static-routes     Static entries are removed from the routing table.
VRF_INSTANCE     specifies the VRF instance being modified.
<no parameter>     changes are made to the default VRF.
vrf vrf_name     changes are made to the specified user-defined VRF.
Example
This command enables IPv4 routing.
switch(config)#ip routing
switch(config)#
ip source binding
IP source guard (IPSG) is supported on Layer 2 Port-Channels, not member ports. The IPSG configuration on port channels supersedes the configuration on the physical member ports. Hence, source IP MAC binding entries should be configured on port channels. When configured on a port channel member port, IPSG does not take effect until this port is deleted from the port channel configuration.
Note IP source bindings are also used by static ARP inspection.
The no ip source binding and default ip source binding commands exclude parameters from IPSG filtering, and set the default for ip source binding.
Command Mode
Interface-Ethernet Configuration
Command Syntax
ip source binding [IP_ADDRESS] [MAC_ADDRESS] vlan [VLAN_RANGE] interface [INTERFACE]
no ip source binding [IP_ADDRESS] [MAC_ADDRESS] vlan [VLAN_RANGE] interface [INTERFACE]
default ip source binding [IP_ADDRESS] [MAC_ADDRESS] vlan [VLAN_RANGE] interface [INTERFACE]
Parameters
IP_ADDRESS     Specifies the IP ADDRESS.
MAC_ADDRESS     Specifies the MAC ADDRESS.
VLAN_RANGE     Specifies the VLAN ID range.
INTERFACE     Specifies the Ethernet interface.
Related Commands
Example
This command configures source IP-MAC binding entries to IP address 10.1.1.1, MAC address 0000.aaaa.1111, VLAN ID 4094, and Ethernet interface 36.
switch(config)#ip source binding 10.1.1.1 0000.aaaa.1111 vlan 4094 interface ethernet 36
switch(config)#
ip verify
The ip verify command configures Unicast Reverse Path Forwarding (uRPF) for inbound IPv4 packets on the configuration mode interface. uRPF verifies the accessibility of source IP addresses in packets that the switch forwards.
uRPF defines two operational modes: strict mode and loose mode.
Strict mode: uRPF verifies that a packet is received on the interface that its routing table entry specifies for its return packet.
Loose mode: uRPF validation does not consider the inbound packet’s ingress interface only that there is a valid return path.
The no ip verify and default ip verify commands disable uRPF on the configuration mode interface by deleting the corresponding ip verify command from running-config.
Command Mode
Interface-Ethernet Configuration
Interface-Loopback Configuration
Interface-Management Configuration
Interface-Port-Channel Configuration
Interface-VLAN Configuration
Command Syntax
ip verify unicast source reachable-via RPF_MODE
no ip verify unicast
default ip verify unicast
Parameters
RPF_MODE     Specifies the uRPF mode. Options include:
any     Loose mode.
rx     Strict mode.
rx allow-default     Strict mode. All inbound packets are forwarded if a default route is defined.
Guidelines
The first IPv4 uRPF implementation briefly disrupts IPv4 unicast routing. Subsequent ip verify commands on any interface do not disrupt IPv4 routing.
Example
This command enables uRPF loose mode on VLAN interface 17.
switch(config)#interface vlan 17
switch(config-if-Vl17)#ip verify unicast source reachable-via any
switch(config-if-Vl17)#show active
interface Vlan17
   ip verify unicast source reachable-via any
switch(config-if-Vl17)#
This command enables uRPF strict mode on VLAN interface 18.
switch(config)#interface vlan 18
switch(config-if-Vl18)#ip verify unicast source reachable-via rx
switch(config-if-Vl18)#show active
interface Vlan18
   ip verify unicast source reachable-via rx
switch(config-if-Vl18)#
ip verify source
The ip verify source command configures IP source guard (IPSG) applicable only to Layer 2 ports. When configured on Layer 3 ports, IPSG does not take effect until this interface is converted to Layer 2.
IPSG is supported on Layer 2 Port-Channels, not member ports. The IPSG configuration on port channels supersedes the configuration on the physical member ports. Hence, source IP MAC binding entries should be configured on port channels. When configured on a port channel member port, IPSG does not take effect until this port is deleted from the port channel configuration.
The no ip verify source and default ip verify source commands exclude VLAN IDs from IPSG filtering, and set the default for ip verify source.
Command Mode
Interface-Ethernet Configuration
Command Syntax
ip verify source vlan [VLAN_RANGE]
no ip verify source [VLAN_RANGE]
default ip verify source
Parameters
VLAN_RANGE     Specifies the VLAN ID range.
Related Commands
Example
This command excludes VLAN IDs 1 through 3 from IPSG filtering. When enabled on a trunk port, IPSG filters the inbound IP packets on all allowed VLANs. IP packets received on VLANs 4 through 10 on Ethernet 36 will be filtered by IPSG, while those received on VLANs 1 through 3 are permitted.
switch(config)#no ip verify source vlan 1-3
switch(config)#interface ethernet 36
switch(config-if-Et36)#switchport mode trunk
switch(config-if-Et36)#switchport trunk allowed vlan 1-10
switch(config-if-Et36)#ip verify source
switch(config-if-Et36)#
platform trident forwarding-table partition
The platform trident forwarding-table partition command provides a shared table memory for L2, L3 and algorithmic LPM entries that can be partitioned in different ways.
Instead of having fixed-size tables for L2 MAC entry tables, L3 IP forwarding tables, and Longest Prefix Match (LPM) routes, the tables can be unified into a single shareable forwarding table.
Important! Changing the Unified Forwarding Table mode causes the forwarding agent to restart, briefly disrupting traffic forwarding on all ports.
The no platform trident forwarding-table partition and default platform trident forwarding-table partition commands remove the  platform trident forwarding-table partition command from running-config.
Command Mode
Global Configuration
Command Syntax
platform trident forwarding-table partition SIZE
no platform trident forwarding-table partition
default platform trident forwarding-table partition
Parameters
SIZE      Size of partition. Options include:
0      288k l2 entries, 16k host entries, 16k lpm entries
1      224k l2 entries, 80k host entries, 16k lpm entries
2      160k l2 entries, 144k host entries, 16k lpm entries
3      96k l2 entries, 208k host entries, 16k lpm entries
Default value is 2 (160k l2 entries, 144k host entries, 16k lpm entries).
Example
This command sets the single shareable forwarding table to option 2 that supports 160k L2 entries, 144k host entries, and 16k LPM entries.
switch(config)#platform trident forwarding-table partition 2
switch(config)
This command sets the single shareable forwarding table to option 3 that supports 96k L2 entries, 208k host entries, and 16k LPM entries. Since the switch was previously configured to option 2, you’ll see a warning notice before the changes are implemented.
#switch(config)# platform trident forwarding-table partition 3
Warning: StrataAgent will restart immediately
platform trident routing-table partition
The platform trident routing-table partition command manages the partition sizes for the hardware LPM table that stores IPv6 routes of varying sizes.
An IPv6 route of length /64 (or shorter) requires half the hardware resources of an IPv6 route that is longer than /64. The switch installs routes of varying lengths in different table partitions. This command specifies the size of these partitions to optimize table usage.
Important! Changing the routing table partition mode causes the forwarding agent to restart, briefly disrupting traffic forwarding on all ports
The no platform trident routing-table partition and default platform trident routing-table partition commands restore the default partitions sizes by removing the platform trident routing-table partition command from running-config.
Command Mode
Global Configuration
Command Syntax
platform trident routing-table partition SIZE
no platform trident routing-table partition
default platform trident routing-table partition
Parameters
SIZE      Size of partition. Options include:
1      16k IPv4 entries, 6k IPv6 (/64 and smaller) entries, 1k IPv6 (any prefix length)
2      16k IPv4 entries, 4k IPv6 (/64 and smaller) entries, 2k IPv6 (any prefix length)
3      16k IPv4 entries, 2k IPv6 (/64 and smaller) entries, 3k IPv6 (any prefix length)
Default value is 2 (16k IPv4 entries, 4k IPv6 (/64 and smaller) entries, 2k IPv6 (any prefix length).
Restrictions
Partition allocation cannot be changed from the default setting when uRPF is enabled for IPv6 traffic.
Example
This command sets the shareable routing table to option 1 that supports 6K prefixes equal to or shorter than /64 and 1K prefixes longer than /64.
switch(config)#platform trident routing-table partition 1
switch(config)
rd (VRF configuration mode)
The rd command issued in VRF Configuration Mode is a legacy command supported for backward compatibility. To configure a route distinguisher (RD) for a VRF, use the rd (Router-BGP VRF and VNI Configuration Modes) command.
Note Legacy RDs that were assigned to a VRF in VRF Configuration Mode will still appear in show vrf outputs if an RD has not been configured in Router-BGP VRF Configuration Mode, but they no longer have an effect on the system.
rib fib policy
The rib fib policy command enables FIB policy for a particular VRF under router general configuration mode.The FIB policy can be configured to advertise only specific RIB routes and exclude all other routes.
For example, a FIB policy can be configured that will not place routes associated with a specific origin in the routing table. These routes will not be used to forward data packets and these routes are not advertised by the routing protocol to neighbors.
The no rib fib policy and default rib fib policy commands restore the switch to its default state by removing the corresponding rib fib policy command from running-config.
Command Mode
Router General Configuration
Command Syntax
rib <ipv4|ipv6> fib policy <name>
no rib <ipv4|ipv6> fib policy <name>
default rib <ipv4|ipv6> fib policy <name>
Parameters
ipv4     IPv4 configuration commands.
ipv6     IPv6 configuration commands.
name     Route map name.
Example
The following example enables FIB policy for IPv4 in the default VRF, using the route map, map1.
Switch(config)#router general
Switch(config-router-general)#vrf default
Switch(config-router-general-vrf-default)#rib ipv4 fib policy map1
show arp
The show arp command displays all ARP tables. This command differs from the show ip arp command in that it shows MAC bindings for all protocols, whereas show ip arp only displays MAC address – IP address bindings. Addresses are displayed as their host name by including the resolve argument.
Command Mode
EXEC
Command Syntax
show arp [VRF_INST][FORMAT][HOST_ADD][HOST_NAME][INTF][MAC_ADDR][DATA]
Parameters
The VRF_INST and FORMAT parameters are always listed first and second. The DATA parameter is always listed last. All other parameters can be placed in any order.
VRF_INST     specifies the VRF instance for which data is displayed.
<no parameter>     context-active VRF.
vrf vrf_name     specifies name of VRF instance. System default VRF is specified by default.
FORMAT     Display format of host address. Options include:
<no parameter>     entries associate hardware address with an IPv4 address.
resolve     entry associate hardware address with a host name (if it exists).
HOST_ADD     IPv4 address by which routing table entries are filtered. Options include:
<no parameter>     routing table entries are not filtered by host address.
ipv4_addr     table entries matching specified IPv4 address.
HOST_NAME     Host name by which routing table entries are filtered. Options include:
<no parameter>     routing table entries are not filtered by host name.
host hostname     entries matching hostname (text).
INTF     interfaces for which command displays status.
<no parameter>     Routing table entries are not filtered by interface.
interface ethernet e_num     Routed Ethernet interface specified by e_num.
interface loopback l_num     Routed loopback interface specified by l_num.
interface management m_num     Routed management interface specified by m_num.
interface port-channel p_num     Routed port channel Interface specified by p_num.
interface vlan v_num     VLAN interface specified by v_num.
interface vxlan vx_num     VXLAN interface specified by vx_num.
MAC_ADDR     MAC address by which routing table entries are filtered. Options include:
<no parameter>     Routing table entries are not filtered by interface MAC address.
mac_address mac_address     entries matching mac_address (dotted hex notation – H.H.H).
DATA     Detail of information provided by command. Options include:
<no parameter>     Routing table entries.
summary     Summary of ARP table entries.
summary total     Number of ARP table entries.
Related Commands
cli vrf specifies the context-active VRF.
Example
This command displays the ARP table.
switch>show arp
Address         Age (min)  Hardware Addr   Interface
172.22.30.1             0  001c.730b.1d15  Management1
172.22.30.133           0  001c.7304.3906  Management1
switch>
show ip
The show ip command displays IPv4 routing, IPv6 routing, IPv4 multicast routing, and VRRP status on the switch.
Command Mode
EXEC
Command Syntax
show ip
Example
This command displays IPv4 routing status.
switch>show ip
 
IP Routing : Enabled
IP Multicast Routing : Disabled
VRRP: Configured on 0 interfaces
 
IPv6 Unicast Routing : Enabled
IPv6 ECMP Route support : False
IPv6 ECMP Route nexthop index: 5
IPv6 ECMP Route num prefix bits for nexthop index: 10
 
switch>
show ip arp
The show ip arp command displays ARP cache entries that map an IPv4 address to a corresponding MAC address. The table displays addresses by their host names when the command includes the resolve argument.
Command Mode
EXEC
Command Syntax
show ip arp [VRF_INST][FORMAT][HOST_ADD][HOST_NAME][INTF][MAC_ADDR][DATA]
Parameters
The VRF_INST and FORMAT parameters are always listed first and second. The DATA parameter is always listed last. All other parameters can be placed in any order.
VRF_INST     specifies the VRF instance for which data is displayed.
<no parameter>     context-active VRF.
vrf vrf_name     specifies name of VRF instance. System default VRF is specified by default.
FORMAT     Display format of host address. Options include:
<no parameter>     entries associate hardware address with an IPv4 address.
resolve     entry associate hardware address with a host name (if it exists).
HOST_ADDR     IPv4 address by which routing table entries are filtered. Options include:
<no parameter>     routing table entries are not filtered by host address.
ipv4_addr     table entries matching specified IPv4 address.
HOST_NAME     Host name by which routing table entries are filtered. Options include:
<no parameter>     routing table entries are not filtered by host name.
host hostname     entries matching hostname (text).
INTERFACE_NAME     interfaces for which command displays status.
<no parameter>     Routing table entries are not filtered by interface.
interface ethernet e_num     Routed Ethernet interface specified by e_num.
interface loopback l_num     Routed loopback interface specified by l_num.
interface management m_num     Routed management interface specified by m_num.
interface port-channel p_num     Routed port channel Interface specified by p_num.
interface vlan v_num     VLAN interface specified by v_num.
interface vxlan vx_num     VXLAN interface specified by vx_num.
MAC_ADDR     MAC address by which routing table entries are filtered. Options include:
<no parameter>     Routing table entries are not filtered by interface MAC address.
mac_address mac_address     entries matching mac_address (dotted hex notation – H.H.H).
DATA     Detail of information provided by command. Options include:
<no parameter>     Routing table entries.
summary     Summary of ARP table entries.
summary total     Number of ARP table entries.
Related Commands
cli vrf specifies the context-active VRF.
Examples
This command displays ARP cache entries that map MAC addresses to IPv4 addresses.
switch>show ip arp
Address         Age (min)  Hardware Addr   Interface
172.25.0.2              0  004c.6211.021e  Vlan101, Port-Channel2
172.22.0.1              0  004c.6214.3699  Vlan1000, Port-Channel1
172.22.0.2              0  004c.6219.a0f3  Vlan1000, Port-Channel1
172.22.0.3              0  0045.4942.a32c  Vlan1000, Ethernet33
172.22.0.5              0  f012.3118.c09d  Vlan1000, Port-Channel1
172.22.0.6              0  00e1.d11a.a1eb  Vlan1000, Ethernet5
172.22.0.7              0  004f.e320.cd23  Vlan1000, Ethernet6
172.22.0.8              0  0032.48da.f9d9  Vlan1000, Ethernet37
172.22.0.9              0  0018.910a.1fc5  Vlan1000, Ethernet29
172.22.0.11             0  0056.cbe9.8510  Vlan1000, Ethernet26
switch>
This command displays ARP cache entries that map MAC addresses to IPv4 addresses. Host names assigned to IP addresses are displayed in place of the address.
switch>show ip arp resolve
Address         Age (min)  Hardware Addr   Interface
green-vl101.new         0  004c.6211.021e  Vlan101, Port-Channel2
172.22.0.1              0  004c.6214.3699  Vlan1000, Port-Channel1
orange-vl1000.n         0  004c.6219.a0f3  Vlan1000, Port-Channel1
172.22.0.3              0  0045.4942.a32c  Vlan1000, Ethernet33
purple.newcompa         0  f012.3118.c09d  Vlan1000, Port-Channel1
pink.newcompany         0  00e1.d11a.a1eb  Vlan1000, Ethernet5
yellow.newcompa         0  004f.e320.cd23  Vlan1000, Ethernet6
172.22.0.8              0  0032.48da.f9d9  Vlan1000, Ethernet37
royalblue.newco         0  0018.910a.1fc5  Vlan1000, Ethernet29
172.22.0.11             0  0056.cbe9.8510  Vlan1000, Ethernet26
switch>
show ip arp inspection vlan
The show ip arp inspection vlan command displays the configuration and operation state of ARP inspection. For a VLAN range specified, only VLANs with ARP inspection enabled will be displayed. If no VLAN is specified, all VLANs with ARP inspection enabled are displayed. The operation state turns to Active when hardware is ready to trap ARP packets for inspection.
Command Mode
EXEC
Command Syntax
show ip arp inspection vlan [LIST]
Parameters
LIST     specifies the VLAN interface number.
Related Commands
Example
This command displays the configuration and operation state of ARP inspection for VLANs 1 through 150.
switch(config)#show ip arp inspection vlan 1 - 150
VLAN 1
----------
Configuration
: Enabled
Operation State : Active
VLAN 2
----------
Configuration
: Enabled
Operation State : Active
{...}
VLAN 150
----------
Configuration
: Enabled
Operation State : Active
 
switch(config)#
show ip arp inspection statistics
The show ip arp inspection statistics command displays the statistics of inspected ARP packets. For a VLAN specified, only VLANs with ARP inspection enabled will be displayed. If no VLAN is specified, all VLANs with ARP inspection enabled are displayed.
Command Mode
EXEC
Command Syntax
show ip arp inspection statistics [vlan [VID] | [INTERFACE] interface <intf_slot/intf_port>]
Parameters
VID     specifies the VLAN interface ID.
INTERFACE     specifies the interface (e.g., Ethernet).
<intf_slot>     interface slot.
<intf_port>     interface port.
INTF     specifies the VLAN interface slot and port.
Related Commands
Examples
This command display statistics of inspected ARP packets for VLAN 10.
switch(config)#show ip arp inspection statistics vlan 10
Vlan : 10
--------------
ARP
Req Forwarded = 20
ARP Res Forwarded = 20
ARP Req Dropped = 1
ARP Res Dropped = 1
Last invalid ARP:
Time: 10:20:30 ( 5 minutes ago )
Reason: Bad IP/Mac match
Received on: Ethernet 3/1
Packet:
  Source MAC: 00:01:00:01:00:01
  Dest MAC: 00:02:00:02:00:02
  ARP Type: Request
  ARP Sender MAC: 00:01:00:01:00:01
  ARP Sender IP: 1.1.1
 
switch(config)#
This command displays ARP inspection statistics for Ethernet interface 3/1.
switch(config)#show ip arp inspection statistics ethernet interface 3/1
Interface : 3/1
--------
ARP Req Forwarded = 10
ARP Res Forwarded = 10
ARP Req Dropped = 1
ARP Res Dropped = 1
 
Last invalid ARP:
Time: 10:20:30 ( 5 minutes ago )
Reason: Bad IP/Mac match
Received on: VLAN 10
Packet:
  Source MAC: 00:01:00:01:00:01
  Dest MAC: 00:02:00:02:00:02
  ARP Type: Request
  ARP Sender MAC: 00:01:00:01:00:01
  ARP Sender IP: 1.1.1
 
switch(config)#
show ip dhcp relay
The show ip dhcp relay command displays the DHCP relay agent configuration status on the switch.
Command Mode
EXEC
Command Syntax
show ip dhcp relay
Example
This command displays the DHCP relay agent configuration status.
switch>show ip dhcp relay
DHCP Relay is active
DHCP Relay Option 82 is disabled
DHCP Smart Relay is enabled
Interface: Vlan100
  DHCP Smart Relay is disabled
  DHCP servers: 10.4.4.4
switch>
show ip dhcp relay counters
The show ip dhcp relay counters command displays the number of DHCP packets received, forwarded, or dropped on the switch and on all interfaces enabled as DHCP relay agents.
Command Mode
EXEC
Command Syntax
show ip dhcp relay counters
Example
This command displays the IP DHCP relay counter table.
switch>show ip dhcp relay counters
 
          |  Dhcp Packets  |
Interface | Rcvd Fwdd Drop |         Last Cleared
----------|----- ---- -----|---------------------
  All Req |  376  376    0 | 4 days, 19:55:12 ago
All Resp |  277  277    0 |
          |                |
Vlan1000 |    0    0    0 | 4 days, 19:54:24 ago
Vlan1036 |  376  277    0 | 4 days, 19:54:24 ago
 
switch>
show ip dhcp snooping
The show ip dhcp snooping command displays the DHCP snooping configuration.
Command Mode
EXEC
Command Syntax
show ip dhcp snooping
Related Commands
ip dhcp snooping globally enables DHCP snooping.
ip dhcp snooping vlan enables DHCP snooping on specified VLANs.
ip dhcp snooping information option enables insertion of option-82 snooping data.
ip helper-address enables the DHCP relay agent on a configuration mode interface.
Example
This command displays the switch’s DHCP snooping configuration.
switch>show ip dhcp snooping
DHCP Snooping is enabled
DHCP Snooping is operational
DHCP Snooping is configured on following VLANs:
  100
DHCP Snooping is operational on following VLANs:
  100
Insertion of Option-82 is enabled
  Circuit-id format: Interface name:Vlan ID
  Remote-id: 00:1c:73:1f:b4:38 (Switch MAC)
switch>
show ip dhcp snooping counters
The show ip dhcp snooping counters command displays counters that track the quantity of DHCP request and reply packets that the switch receives. Data is either presented for each VLAN or aggregated for all VLANs with counters for packets dropped.
Command Mode
EXEC
Command Syntax
show ip dhcp snooping counters [COUNTER_TYPE]
Parameters
COUNTER_TYPE     The type of counter that the command resets. Formats include:
<no parameter>     command displays counters for each VLAN.
debug     command displays aggregate counters and drop cause counters.
Example
This command displays the number of DHCP packets sent and received on each VLAN.
switch>show ip dhcp snooping counters
 
     | Dhcp Request Pkts | Dhcp Reply Pkts |
Vlan |  Rcvd  Fwdd  Drop | Rcvd Fwdd  Drop | Last Cleared
-----|------ ----- ------|----- ---- ------|-------------
100 |     0     0     0 |    0    0     0 |  0:35:39 ago
 
switch>
This command displays the number of DHCP packets sent on the switch.
switch>show ip dhcp snooping counters debug
 
Counter                       Snooping to Relay Relay to Snooping
----------------------------- ----------------- -----------------
Received                                      0                 0
Forwarded                                     0                 0
Dropped - Invalid VlanId                      0                 0
Dropped - Parse error                         0                 0
Dropped - Invalid Dhcp Optype                 0                 0
Dropped - Invalid Info Option                 0                 0
Dropped - Snooping disabled                   0                 0
 
Last Cleared:  3:37:18 ago
switch>
show ip dhcp snooping hardware
The show ip dhcp snooping hardware command displays internal hardware DHCP snooping status on the switch.
Command Mode
EXEC
Command Syntax
show ip dhcp snooping hardware
Example
This command DHCP snooping hardware status.
switch>show ip dhcp snooping hardware
DHCP Snooping is enabled
DHCP Snooping is enabled on following VLANs:
    None
    Vlans enabled per Slice
        Slice:  FixedSystem
        None
switch>
show ip interface
The show ip interface command displays the status of specified interfaces that are configured as routed ports. The command provides the following information:
Interface description
Internet address
Broadcast address
Address configuration method
Proxy-ARP status
MTU size
Command Mode
EXEC
Command Syntax
show ip interface [INTERFACE_NAME][VRF_INST]
Parameters
INTERFACE_NAME     interfaces for which command displays status.
<no parameter>     all routed interfaces.
ipv4_addr     Neighbor IPv4 address.
ethernet e_range     Routed Ethernet interfaces specified by e_range.
loopback l_range     Routed loopback interfaces specified by l_range.
management m_range     Routed management interfaces specified by m_range.
port-channel p_range     Routed port channel Interfaces specified by p_range.
vlan v_range     VLAN interfaces specified by v_range.
vxlan vx_range     VXLAN interfaces specified by vx_range.
VRF_INST     specifies the VRF instance for which data is displayed.
<no parameter>     context-active VRF.
vrf vrf_name     specifies name of VRF instance. System default VRF is specified by default.
Example
This command displays IP status of configured VLAN interfaces numbered between 900 and 910.
switch>show ip interface vlan 900-910
! Some interfaces do not exist
Vlan901 is up, line protocol is up (connected)
  Description: ar.pqt.mlag.peer
  Internet address is 170.23.254.1/30
  Broadcast address is 255.255.255.255
  Address determined by manual configuration
  Proxy-ARP is disabled
  MTU 9212 bytes
Vlan903 is up, line protocol is up (connected)
  Description: ar.pqt.rn.170.23.254.16/29
  Internet address is 170.23.254.19/29
  Broadcast address is 255.255.255.255
  Address determined by manual configuration
  Proxy-ARP is disabled
  MTU 9212 bytes
This command displays the configured TCP maximum segment size (MSS) ceiling value of 1436 bytes for an Ethernet interface 25.
switch>show ip interface ethernet 25
Ethernet25 is up, line protocol is up (connected)
  Internet address is 10.1.1.1/24
  Broadcast address is 255.255.255.255
  IPv6 Interface Forwarding : None
  Proxy-ARP is disabled
  Local Proxy-ARP is disabled
  Gratuitous ARP is ignored
  IP MTU 1500 bytes
  IPv4 TCP MSS egress ceiling is 1436 bytes
show ip interface brief
Use the show ip interface brief command output to display the status summary of the specified interfaces that are configured as routed ports. The command provides the following information for each specified interface:
IP address
Operational status
Line protocol status
MTU size
Command Mode
EXEC
Command Syntax
show ip interface [INTERFACE_NAME][VRF_INST] brief
Parameters
INTERFACE_NAME     interfaces for which command displays status.
<no parameter>     all routed interfaces.
ipv4_addr     Neighbor IPv4 address.
ethernet e_range     Routed Ethernet interfaces specified by e_range.
loopback l_range     Routed loopback interfaces specified by l_range.
management m_range     Routed management interfaces specified by m_range.
port-channel p_range     Routed port channel Interfaces specified by p_range.
vlan v_range     VLAN interfaces specified by v_range.
vxlan vx_range     VXLAN interface range specified by vx_range.
VRF_INST     specifies the VRF instance for which data is displayed.
<no parameter>     context-active VRF.
vrf vrf_name     specifies name of VRF instance. System default VRF is specified by default.
Example
This command displays the summary status of VLAN interfaces 900-910
switch>show ip interface vlan 900-910 brief
! Some interfaces do not exist
Interface              IP Address         Status     Protocol         MTU
Vlan901                170.33.254.1/30    up         up              9212
Vlan902                170.33.254.14/29   up         up              9212
Vlan905                170.33.254.17/29   up         up              1500
Vlan907                170.33.254.67/29   up         up              9212
Vlan910                170.33.254.30/30   up         up              9212
show ip nat access-list interface
The show ip nat acl interface command displays the access control lists (ACLs) that are configured as source NAT or destination NAT filters. The display indicates ACL rules that do not comply with these NAT requirements:
Source IP address is any.
Destination IP address may use any mask size.
Source port matching is not allowed.
Protocol matching is not allowed.
Command Mode
EXEC
Command Syntax
show ip nat access-list [INTF] [LISTS]
Parameters
INTF    Filters NAT statements by interface. Options include:
<no parameter>     includes all statements on all interfaces.
interface ethernet e_num     Statements on specified Ethernet interface.
interface loopback l_num     Statements on specified Loopback interface.
interface management m_num     Statements on specified Management interface.
interface port-channel p_num     Statements on specified Port-Channel Interface.
interface vlan v_num     Statements on specified VLAN interface.
interface vxlan vx_num     Statements on specified VXLAN interface.
LISTS     ACLs displayed by command. Options include:
<no parameter>     all ACLs.
acl_name      Specifies individual ACL.
Example
These commands display the NAT command usage of the ACL1 and ACL2 access control lists.
switch>show ip nat acl ACL1
acl ACL1
        (0.0.0.0/0, 168.10.1.1/32)
Interfaces using this ACL for Nat:
        Vlan100
 
switch>show ip nat acl ACL2
acl ACL2
        (168.10.1.1/32, 0.0.0.0/0)
Interfaces using this ACL for Nat:
        Vlan201
switch>
show ip nat pool
The show ip nat pool command displays the configuration of the address pool.
Command Mode
EXEC
Command Syntax
show ip nat pool POOL_SET
Parameters
pool_name     The name of the pool.
POOL_SET     Options include:
<no parameter>     all configured port channels.
pool_name     The name of the pool.
Example
This command displays all the address pools configured on the switch.
switch#show ip nat pool
Pool                 StartIp               EndIp                 Prefix
p1                   10.15.15.15           10.15.15.25           24
p2                   10.10.15.15           10.10.15.25           22
p3                   10.12.15.15           10.12.15.25           12
switch#
These commands display specific information for the address pools configured on the switch.
switch#show ip nat pool p1
Pool                 StartIp               EndIp                 Prefix
p1                   4.1.1.1               4.1.1.2               24
                     1.1.1.1               1.1.1.2               24
                     3.1.1.1               3.1.1.2               24
switch#show ip nat pool p2
Pool                 StartIp               EndIp                 Prefix
p2                   10.1.1.1              10.1.1.2              16
switch#
show ip nat translation
The show ip nat translation command displays configured NAT statements in the switch hardware.
Command Mode
EXEC
Command Syntax
show ip nat translation [address | address-only | destination | detail | dynamic | hardware | interface | kernel | max-entries | source | static | summary | twice]
Command position of all parameters are interchangeable.
Parameters
<no parameter>     displays all NAT connections installed in software.
address ipv4_addr     displays NAT connections of the specified IPv4 host address.
address-only ipv4_addr      displays address-only NAT connections of the specified IPv4 host address.
destination     displays destination NAT connections installed in software.
detail     displays detailed output of all NAT connections.
dynamic     displays dynamic NAT connections.
hardware     displays NAT connections installed in hardware.
interface   Filters NAT connections by interface. Options include:
interface ethernet e_num     displays NAT connections of the specified ethernet interface.
interface port-channel p_num     displays NAT connections of the specified port-channel interface.
interface vlan v_num     displays NAT connections of the specified VLAN interface.
kernel     displays NAT connections installed in kernel.
max-entries      displays the configured NAT connection limits of a hardware.
source     displays source NAT connections installed in software.
static     displays static NAT connections.
summary     displays summary of all NAT connections.
twice     displays twice NAT connections.
Example
This command displays all configured NAT translations.
switch>show ip nat translation
Source IP            Destination IP        Translated IP         TGT Type Intf
--------------------------------------------------------------------------------
192.168.1.10:62822   172.22.22.40:53       172.17.254.161:62822  SRC DYN Vl3925
192.152.1.10:20342   172.22.22.40:80       172.17.254.161:22222  SRC STAT  Vl3945
switch#
This command displays NAT connections of the specified ethernet interface.
switch>show ip nat translation dynamic interface Ethernet 26
Source IP             Destination IP        Translated IP         TGT Type Intf
--------------------------------------------------------------------------------
192.168.1.2:8080      10.1.1.5:600          20.1.1.5:8080         SRC DYN  Et26
This command displays the configured NAT connection limits of a hardware.
switch>show ip nat translation max-entries
Global connection limit                                 100
Global connection limit low mark                  90(90%)
Hosts connection limit                                   20
Hosts connection limit low mark                   18(90%)
Total number of connections                        1
Host                  Max-Entries           Low-Mark              Connections
----------------------------------------------------------------------------------------------------
10.1.1.1              10                    9(90%)                0
 
show ip nat synchronization peer
The show ip nat synchronization peer command displays the detailed status of a peer device.
Command Mode
EXEC
Command Syntax
show ip nat synchronization peer
Example
This command displays details of a peer device with an IP address of 11.11.11.0 and interface Vlan1111 that is used to connect to the peer device.
switch#show ip nat synchronization peer
Description : Value
Peer : 11.11.11.0
Connection Port : 4532
Connection Source : 0.0.0.0
Kernel Interface : vlan1111
Local Interface : Vlan1111
Established Time : 1969-12-31 16:00:00
Connection Attempts : 0
Oldest Supported Version : 1
Newest Supported Version : 1
Version Compatible : True
Connection State : connected
Shutdown State : False
Status Mount State : mountMounted
Version Mount State : mountMounted
Recover Mount State : mountMounted
Reboot Mount State : mountMounted
show ip nat synchronization advertised-translations
The show ip nat synchronization advertised-translations command displays the detailed status of devices that are advertised to a peer device.
Command Mode
EXEC
Command Syntax
show ip nat synchronization advertised-translations
Example
This command displays details of devices that are advertised to a peer device.
switch#show ip nat synchronization advertised-translations
Source IP    Destination IP     Translated IP              TGT  Type Intf
-------------------------------------------------------------------------------
61.0.0.15:6661    100.0.0.2:80     192.170.230.171:6661    SRC  DYN  Et5
61.0.0.41:2245    100.0.0.2:80     192.170.230.170:2245    SRC  DYN  Et5
61.0.0.48:22626   100.0.0.2:80     192.170.230.169:22626   SRC  DYN  Et5
61.0.0.41:22601   100.0.0.2:80     192.170.230.170:22601   SRC  DYN  Et5
61.0.0.41:16798   100.0.0.2:80     192.170.230.170:16798   SRC  DYN  Et5
61.0.0.18:22605   100.0.0.2:80     192.170.230.177:22605   SRC  DYN  Et5
61.0.0.16:2256    100.0.0.2:80     192.170.230.166:2256    SRC  DYN  Et5
show ip nat synchronization discovered-translations
The show ip nat synchronization discovered-translations command displays details of what has been advertised from a peer device.
Command Mode
EXEC
Command Syntax
show ip nat synchronization discovered-translations
Example
This command displays details of devices that are advertised to a peer device.
switch#show ip nat synchronization discovered-translations
Source IP       Destination IP    Translated IP            TGT  Type Intf
-------------------------------------------------------------------------------
61.0.2.229:63     100.0.0.2:63     170.24.86.180:63        SRC  DYN  Et5
61.0.15.51:63     100.0.0.2:63     170.24.73.90:63         SRC  DYN  Et5
61.0.6.68:63      100.0.0.2:63     170.24.110.128:63       SRC  DYN  Et5
61.0.7.163:63     100.0.0.2:63     170.24.104.35:63        SRC  DYN  Et5
show ip route
The show ip route command displays routing table entries that are in the Forwarding Information Base (FIB), including static routes, routes to directly connected networks, and dynamically learned routes. Multiple equal-cost paths to the same prefix are displayed contiguously as a block, with the destination prefix displayed only on the first line.
The show running-config command displays configured commands not in the FIB.
Command Mode
EXEC
Command Syntax
show ip route [VRF_INSTANCE][ADDRESS][ROUTE_TYPE][INFO_LEVEL][PREFIX]
Parameters
The VRF_INSTANCE and ADDRESS parameters are always listed first and second, respectively. All other parameters can be placed in any order.
VRF_INSTANCE     specifies the VRF instance for which data is displayed.
<no parameter>     context-active VRF.
vrf vrf_name     specifies name of VRF instance. System default VRF is specified by default.
ADDRESS     Filters routes by IPv4 address or subnet.
<no parameter>     all routing table entries.
ipv4_addr     routing table entries matching specified address.
ipv4_subnet     routing table entries matching specified subnet (CIDR or address-mask).
ROUTE_TYPE    Filters routes by specified protocol or origin. Options include:
<no parameter>     all routing table entries.
aggregate     entries for BGP aggregate routes.
bgp     entries added through BGP protocol.
connected     entries for routes to networks directly connected to the switch.
isis     entries added through ISIS protocol.
kernel     entries appearing in Linux kernel but not added by EOS software.
ospf     entries added through OSPF protocol.
rip     entries added through RIP protocol.
static     entries added through CLI commands.
INFO_LEVEL     Filters entries by next hop connection. Options include:
<no parameter>     filters routes whose next hops are directly connected.
detail     displays all routes.
PREFIX     filters routes by prefix.
<no parameter>     specific route entry that matches the ADDRESS parameter.
longer-prefixes     all subnet route entries in range specified by ADDRESS parameter.
Related Commands
cli vrf specifies the context-active VRF.
Example
This command displays IPv4 routes learned through BGP.
switch>show ip route bgp
Codes: C - connected, S - static, K - kernel,
       O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
       E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
       N2 - OSPF NSSA external type2, B I - iBGP, B E - eBGP,
       R - RIP, A - Aggregate
 
B E    170.44.48.0/23 [20/0] via 170.44.254.78
B E    170.44.50.0/23 [20/0] via 170.44.254.78
B E    170.44.52.0/23 [20/0] via 170.44.254.78
B E    170.44.54.0/23 [20/0] via 170.44.254.78
B E    170.44.254.112/30 [20/0] via 170.44.254.78
B E    170.53.0.34/32 [1/0] via 170.44.254.78
B I    170.53.0.35/32 [1/0] via 170.44.254.2
                             via 170.44.254.13
                             via 170.44.254.20
                             via 170.44.254.67
                             via 170.44.254.35
                             via 170.44.254.98
This command displays the unicast IP routes installed in the system.
switch# show ip route
VRF name: default
Codes: C - connected, S - static, K - kernel,
O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type2, B I - iBGP, B E - eBGP,
R - RIP, I - ISIS, A B - BGP Aggregate, A O - OSPF Summary,
NG - Nexthop Group Static Route
 
Gateway of last resort is not set
C 10.1.0.0/16 is directly connected, Vlan2659
C 10.2.0.0/16 is directly connected, Vlan2148
C 10.3.0.0/16 is directly connected, Vlan2700
S 172.17.0.0/16 [1/0] via 172.24.0.1, Management1
S 172.18.0.0/16 [1/0] via 172.24.0.1, Management1
S 172.19.0.0/16 [1/0] via 172.24.0.1, Management1
S 172.20.0.0/16 [1/0] via 172.24.0.1, Management1
S 172.22.0.0/16 [1/0] via 172.24.0.1, Management1
C 172.24.0.0/18 is directly connected, Management1
show ip route age
The show ip route age command displays the time when the route for the specified network was present in the routing table. It does not account for the changes in parameters like metric, next-hop etc.
Command Mode
EXEC
Command Syntax
show ip route ADDRESS age
Parameters
ADDRESS     Filters routes by IPv4 address or subnet.
ipv4_addr     routing table entries matching specified address.
ipv4_subnet     routing table entries matching specified subnet (CIDR or address-mask).
Example
This command shows the amount of time since the last update to ip route 172.17.0.0/20.
switch>show ip route 172.17.0.0/20 age
Codes: C - connected, S - static, K - kernel,
       O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
       E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
       N2 - OSPF NSSA external type2, B I - iBGP, B E - eBGP,
       R - RIP, I - ISIS, A - Aggregate
 
B E    172.17.0.0/20 via 172.25.0.1, age 3d01h
switch>
show ip route gateway
The show ip route gateway command displays IP addresses of all gateways (next hops) used by active routes.
Command Mode
EXEC
Command Syntax
show ip route [VRF_INSTANCE] gateway
Parameters
VRF_INSTANCE     specifies the VRF instance for which data is displayed.
<no parameter>     context-active VRF.
vrf vrf_name     specifies name of VRF instance. System default VRF is specified by default.
Related Commands
cli vrf specifies the context-active VRF.
Example
This command displays next hops used by active routes.
switch>show ip route gateway
The following gateways are in use:
   172.25.0.1 Vlan101
   172.17.253.2 Vlan3000
   172.17.254.2 Vlan3901
   172.17.254.11 Vlan3902
   172.17.254.13 Vlan3902
   172.17.254.17 Vlan3903
   172.17.254.20 Vlan3903
   172.17.254.66 Vlan3908
   172.17.254.67 Vlan3908
   172.17.254.68 Vlan3908
   172.17.254.29 Vlan3910
   172.17.254.33 Vlan3911
   172.17.254.35 Vlan3911
   172.17.254.105 Vlan3912
   172.17.254.86 Vlan3984
   172.17.254.98 Vlan3992
   172.17.254.99 Vlan3992
switch>
show ip route host
The show ip route host command displays all host routes in the host forwarding table. Host routes are those whose destination prefix is the entire address (mask = 255.255.255.255 or prefix = /32). Each entry includes a code of the route’s purpose:
F      static routes from the FIB.
R     routes defined because the IP address is an interface address.
B      broadcast address.
A      routes to any neighboring host for which the switch has an ARP entry.
Command Mode
EXEC
Command Syntax
show ip route [VRF_INSTANCE] host
Parameters
VRF_INSTANCE     specifies the VRF instance for which data is displayed.
<no parameter>     context-active VRF.
vrf vrf_name     specifies name of VRF instance. System default VRF is specified by default.
Related Commands
cli vrf specifies the context-active VRF.
Example
This command displays all host routes in the host forwarding table.
switch>show ip route host
R - receive B - broadcast F - FIB, A - attached
 
F   127.0.0.1 to cpu
B   172.17.252.0 to cpu
A   172.17.253.2 on Vlan2000
R   172.17.253.3 to cpu
A   172.17.253.10 on Vlan2000
B   172.17.253.255 to cpu
B   172.17.254.0 to cpu
R   172.17.254.1 to cpu
B   172.17.254.3 to cpu
B   172.17.254.8 to cpu
A   172.17.254.11 on Vlan2902
R   172.17.254.12 to cpu
 
F   172.26.0.28 via 172.17.254.20 on Vlan3003
                via 172.17.254.67 on Vlan3008
                via 172.17.254.98 on Vlan3492
                via 172.17.254.2 on Vlan3601
                via 172.17.254.13 on Vlan3602
via 172.17.253.2 on Vlan3000
F   172.26.0.29 via 172.25.0.1 on Vlan101
F   172.26.0.30 via 172.17.254.29 on Vlan3910
F   172.26.0.32 via 172.17.254.105 on Vlan3912
switch>
show ip route match tag
The show ip route match tag command displays the route tag assigned to the specified IPv4 address or subnet. Route tags are added to static routes for use by route maps.
Command Mode
EXEC
Command Syntax
show ip route [VRF_INSTANCE] ADDRESS match tag
Parameters
VRF_INSTANCE     specifies the VRF instance for which data is displayed.
<no parameter>     context-active VRF.
vrf vrf_name     specifies name of VRF instance. System default VRF is specified by default.
ADDRESS     displays routes of specified IPv4 address or subnet.
ipv4_addr     routing table entries matching specified IPv4 address.
ipv4_subnet     routing table entries matching specified IPv4 subnet (CIDR or address-mask).
Example
This command displays the route tag for the specified subnet.
switch>show ip route 172.17.50.0/23 match tag
Codes: C - connected, S - static, K - kernel,
       O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
       E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
       N2 - OSPF NSSA external type2, B I - iBGP, B E - eBGP,
       R - RIP, I L1 - IS-IS level 1, I L2 - IS-IS level 2,
       O3 - OSPFv3, A B - BGP Aggregate, A O - OSPF Summary,
       NG - Nexthop Group Static Route, V - VXLAN Control Service,
       DH - DHCP client installed default route, M - Martian
 
O E2   172.17.50.0/23 tag 0
 
switch>
show ip route summary
The show ip route summary command displays the number of routes, categorized by destination prefix, in the routing table.
Command Mode
EXEC
Command Syntax
show ip route [VRF_INSTANCE] summary
Parameters
VRF_INSTANCE     specifies the VRF instance for which data is displayed.
<no parameter>     context-active VRF.
vrf vrf_name     specifies name of VRF instance. System default VRF is specified by default.
Example
This command displays a summary of the routing table contents.
switch>show ip route summary
Route Source         Number Of Routes
-------------------------------------
connected                   15
static                       0
ospf                        74
  Intra-area: 32 Inter-area:33 External-1:0 External-2:9
  NSSA External-1:0 NSSA External-2:0
bgp                          7
  External: 6 Internal: 1
internal                    45
attached                    18
aggregate                    0
switch>
 
show ip verify source
The show ip verify source command displays the IP source guard (IPSG) configuration, operational states, and IP-MAC binding entries for the configuration mode interface.
Command Mode
EXEC
Command Syntax
show ip verify source [VLAN | DETAIL]
Parameters
VLAN     displays all VLANs configured in no ip verify source vlan.
DETAIL     displays all source IP-MAC binding entries configured for IPSG.
Related Commands
Example
This command verifies the IPSG configuration and operational states.
switch(config)#show ip verify source
Interface       Operational State
--------------- ------------------------
Ethernet1       IP source guard enabled
Ethernet2       IP source guard disabled
Example
This command displays all VLANs configured in no ip verify source vlan. Hardware programming errors, e.g.,VLAN classification failed, are indicated in the operational state. If an error occurs, this VLAN will be considered as enabled for IPSG. Traffic on this VLAN will still be filtered by IPSG.
switch(config)#show ip verify source vlan
IPSG disabled on VLANS: 1-2
VLAN            Operational State
--------------- ------------------------
1               IP source guard disabled
2               Error: vlan classification failed
Example
This command displays all source IP-MAC binding entries configured for IPSG. A source binding entry is considered active if it is programmed in hardware. IP traffic matching any active binding entry will be permitted. If a source binding entry is configured on an interface or a VLAN whose operational state is IPSG disabled, this entry will not be installed in the hardware, in which case an “IP source guard disabled” state will be shown. If a port channel has no member port configured, binding entries configured for this port channel will not be installed in hardware, and a “Port-Channel down” state will be shown.
switch(config)#show ip verify source detail
Interface       IP Address    MAC Address      VLAN   State
--------------- ------------- ---------------- ------ ------------------------
Ethernet1       10.1.1.1      0000.aaaa.1111   5      active
Ethernet1       10.1.1.5      0000.aaaa.5555   1      IP source guard disabled
Port-Channel1   20.1.1.1      0000.bbbb.1111   4      Port-Channel down
show platform arad ip route
The show platform arad ip route command shows resources for all IPv4 routes in hardware. Routes that use the additional hardware resources will appear with an asterisk.
Command Mode
EXEC
Command Syntax
show platform arad ip route
Example
This command displays the platform unicast forwarding routes. In this example, the ACL label field in the following table is 4094 by default for all routes. If an IPv4 egress RACL is applied to an SVI, all routes corresponding to that VLAN will have an ACL label value. In this case, the ACL Label field value is 2.
switch# show platform arad ip route
Tunnel Type: M(mpls), G(gre)
-------------------------------------------------------------------------------|                                Routing Table                                       |               |
|------------------------------------------------------------------------------
|VRF|   Destination    |      |                    |     | Acl   |                 | ECMP| FEC | Tunnel
| ID|   Subnet         | Cmd  |       Destination  | VID | Label |  MAC / CPU Code |Index|Index|T Value
-------------------------------------------------------------------------------
|0  |0.0.0.0/8          |TRAP | CoppSystemL3DstMiss|0    | - | ArpTrap | - |1031 | -
|0  |10.1.0.0/16        |TRAP | CoppSystemL3DstMiss|2659 | - | ArpTrap | - |1030 | -
|0  |10.2.0.0/16        |TRAP | CoppSystemL3DstMiss|2148 | - | ArpTrap | - |1026 | -
|0  |172.24.0.0/18      |TRAP | CoppSystemL3DstMiss|0    | - | ArpTrap | - |1032 | -
|0  |0.0.0.0/0          |TRAP | CoppSystemL3LpmOver|0    | - | SlowReceive | - |1024 | -
|0  |10.1.0.0/32*       |TRAP | CoppSystemIpBcast  |0    | - | BcastReceive | - |1027 | -
|0  |10.1.0.1/32*       |TRAP | CoppSystemIpUcast  |0    | - | Receive | - |32766| -
|0  |10.1.255.1/32*     |ROUTE| Po1                |2659 |4094 | 00:1f:5d:6b:ce:45 | - |1035 | -
|0  |10.1.255.255/32*   |TRAP | CoppSystemIpBcast  |0    | - | BcastReceive | - |1027 | -
|0  |10.3.0.0/32*       |TRAP | CoppSystemIpBcast  |0    | - | BcastReceive | - |1027 | -
|0  |10.3.0.1/32*       |TRAP | CoppSystemIpUcast  |0    | - | Receive | - |32766| -
|0  |10.3.255.1/32*     |ROUTE| Et18               |2700 |2 | 00:1f:5d:6b:00:01 | - |1038 | -
...........................................................
Related Commands
agent SandL3Unicast terminate enables restarting the layer 3 agent to ensure IPv4 routes are optimized.
ip hardware fib optimize enables IPv4 route scale.
show platform arad ip route summary shows hardware resource usage of IPv4 routes.
Examples
This command shows resources for all IPv4 routes in hardware. Routes that use the additional hardware resources will appear with an asterisk.
switch(config)#show platform arad ip route
Tunnel Type: M(mpls), G(gre)
* - Routes in LEM
------------------------------------------------------------------------------------------------
|                              Routing Table                                      |             |
|------------------------------------------------------------------------------------------------
|VRF|  Destination   |     |                   |    |Acl  |                 |ECMP | FEC | Tunnel
|ID |    Subnet      | Cmd |    Destination    |VID |Label| MAC / CPU Code  |Index|Index|T Value
------------------------------------------------------------------------------------------------
|0  |0.0.0.0/8       |TRAP |CoppSystemL3DstMiss|0   | -   |ArpTrap          |  -  |1030 |   -  
|0  |100.1.0.0/32    |TRAP |CoppSystemIpBcast  |0   | -   |BcastReceive     |  -  |1032 |   -  
|0  |100.1.0.0/32    |TRAP |CoppSystemIpUcast  |0   | -   |Receive          |  -  |32766|   -  
|0  |100.1.255.255/32|TRAP |CoppSystemIpBcast  |0   | -   |BcastReceive     |  -  |1032 |   -  
|0  |200.1.255.255/32|TRAP |CoppSystemIpBcast  |0   | -   |BcastReceive     |  -  |1032 |   -  
|0  |200.1.0.0/16    |TRAP |CoppSystemL3DstMiss|1007| -   |ArpTrap          |  -  |1029 |   -  
|0  |0.0.0.0/0       |TRAP |CoppSystemL3LpmOver|0   | -   |SlowReceive      |  -  |1024 |   -  
|0  |4.4.4.0/24*     |ROUTE|Et10               |1007| -   |00:01:00:02:00:03|  -  |1033 |   -  
|0  |10.20.30.0/24*  |ROUTE|Et9                |1006| -   |00:01:00:02:00:03|  -  |1027 |   -
 
switch(config)#
 
show platform arad ip route summary
The show platform arad ip route summary command shows hardware resource usage of IPv4 routes.
Command Mode
EXEC
Command Syntax
show platform arad ip route summary
Related Commands
agent SandL3Unicast terminate enables restarting the layer 3 agent to ensure IPv4 routes are optimized.
ip hardware fib optimize enables IPv4 route scale.
show platform arad ip route shows resources for all IPv4 routes in hardware. Routes that use the additional hardware resources will appear with an asterisk.
Example
This command shows hardware resource usage of IPv4 routes.
switch(config)#show platform arad ip route summary
Total number of VRFs: 1
Total number of routes: 25
Total number of route-paths: 21
Total number of lem-routes: 4
 
switch(config)#
 
show platform trident forwarding-table partition
The show platform trident forwarding-table partition command displays the size of the L2 MAC entry tables, L3 IP forwarding tables, and Longest Prefix Match (LPM) routes.
Command Mode
Privileged EXEC
Command Syntax
show platform trident forwarding-table partition
Example
This command shows the Trident forwarding table information.
switch(config)#show platform trident forwarding-table partition
L2 Table Size: 96k
L3 Host Table Size: 208k
LPM Table Size: 16k
switch(config)#
show rib route ip
The show rib route ip command displays a list of IPv4 Routing Information Base (RIB) routes.
Command Mode
EXEC
Command Syntax
show rib route ip [vrf vrf_name] [PREFIX] [ROUTE TYPE]
Parameters
vrf vrf_name      displays RIB routes from the specified VRF.
PREFIX           displays routes filtered by the specified IPv4 information. Options include:
ip_address      displays RIB routes filtered by the specified IPv4 address.
ip_subnet_mask      displays RIB routes filtered by the specified IPv4 address and subnet mask.
ip_prefix      displays RIB routes filtered by the specified IPv4 prefix.
ROUTE TYPE       displays routes filtered by the specified route type. Options include:
bgp      displays RIB routes filtered by BGP.
connected      displays RIB routes filtered by connected routes.
dynamicPolicy      displays RIB routes filtered by dynamic policy routes.
host      displays RIB routes filtered by host routes.
isis      displays RIB routes filtered by ISIS routes.
ospf      displays RIB routes filtered by OSPF routes.
ospf3      displays RIB routes filtered by OSPF3 routes.
reserved      displays RIB routes filtered by reserved routes.
route-input      displays RIB routes filtered by route-input routes.
static      displays RIB routes filtered by static routes.
 
Examples
This command displays IPv4 RIB static routes.
switch#show rib route ip static
VRF name: default, VRF ID: 0xfe, Protocol: static
Codes: C - Connected, S - Static, P - Route Input
       B - BGP, O - Ospf, O3 - Ospf3, I - Isis
       > - Best Route, * - Unresolved Nexthop
       L - Part of a recursive route resolution loop
>S    10.80.0.0/12 [1/0]
         via 172.30.149.129 [0/1]
            via Management1, directly connected
>S    172.16.0.0/12 [1/0]
         via 172.30.149.129 [0/1]
            via Management1, directly connected
switch#
This command displays IPv4 RIB connected routes.
switch#show rib route ip connected
VRF name: default, VRF ID: 0xfe, Protocol: connected
Codes: C - Connected, S - Static, P - Route Input
       B - BGP, O - Ospf, O3 - Ospf3, I - Isis
       > - Best Route, * - Unresolved Nexthop
       L - Part of a recursive route resolution loop
>C    10.1.0.0/24 [0/1]
         via 10.1.0.102, Ethernet1
>C    10.2.0.0/24 [0/1]
         via 10.2.0.102, Ethernet2
>C    10.3.0.0/24 [0/1]
         via 10.3.0.102, Ethernet3
switch#
show rib route <ipv4 | ipv6> fib policy excluded
The show rib route <ipv4 | ipv6> fib policy excluded command displays the RIB routes filtered by FIB policy. The fib policy exclude option displays the RIB routes that have been excluded from being programmed into FIB, by FIB policy.
Command Mode
EXEC
Command Syntax
show rib route <ipv4 | ipv6> fib policy excluded
Example
The following example displays the RIB routes excluded by the FIB policy using the fib policy excluded option of the show rib route <ipv4 | ipv6> command.
Switch#show rib route ipv6 fib policy excluded
Switch#show rib route ip bgp fib policy excluded
VRF name: default, VRF ID: 0xfe, Protocol: bgp
Codes: C - Connected, S - Static, P - Route Input
       B - BGP, O - Ospf, O3 - Ospf3, I - Isis
       > - Best Route, * - Unresolved Nexthop
       L - Part of a recursive route resolution loop
>B    10.1.0.0/24 [200/0]
         via 10.2.2.1 [115/20] type tunnel
            via 10.3.5.1, Ethernet1
         via 10.2.0.1 [115/20] type tunnel
            via 10.3.4.1, Ethernet2
            via 10.3.6.1, Ethernet3
>B    10.1.0.0/24 [200/0]
         via 10.2.2.1 [115/20] type tunnel
            via 10.3.5.1, Ethernet1
         via 10.2.0.1 [115/20] type tunnel
            via 10.3.4.1, Ethernet2
            via 10.3.6.1, Ethernet3
 
show routing-context vrf
The show routing-context vrf command displays the context-active VRF. The context-active VRF determines the default VRF that VRF-context aware commands use when displaying routing table data from a specified VRF.
Command Mode
EXEC
Command Syntax
show routing-context vrf
Related Commands
cli vrf specifies the context-active VRF.
Example
This command displays the context-active VRF.
switch>show routing-context vrf
Current VRF routing-context is PURPLE
switch>
show vrf
The show vrf command displays the VRF name, RD, supported protocols, state and included interfaces for the specified VRF or for all VRFs on the switch.
Command Mode
EXEC
Command Syntax
show vrf [VRF_INSTANCE]
Parameters
VRF_INSTANCE     specifies the VRF instance to display.
<no parameter>     information is displayed for all VRFs.
vrf vrf_name     information is displayed for the specified user-defined VRF.
Example
This command displays information for the VRF named “purple.”
switch>show vrf purple
   Vrf          RD              Protocols       State         Interfaces
------------ --------------- --------------- ---------------- --------------
   purple       64496:237       ipv4            no routing    Vlan42, Vlan43
 
switch>
tcp mss ceiling
The tcp mss ceiling command configures the maximum segment size (MSS) limit in the TCP header in the interface configuration mode.
The no tcp mss ceiling and the default tcp mss ceiling commands disable the MSS ceiling limit that was previously configured.
Command Mode
Interface-Ethernet Configuration
Command Syntax
tcp mss ceiling {ipv4 segment size | ipv6 segment size} {egress | ingress}
no tcp mss ceiling
default tcp mss ceiling
Parameters
ipv4 segment size     The IPv4 segment size value in bytes. Values range from 64 to 65515.
ipv6 segment size     The IPv6 segment size value in bytes. Values range from 64 to 65495.
egress     The TCP SYN packets that are forwarded from the interface to the network.
ingress     The TCP SYN packets that are received from the network to the interface. The ingress keyword is not supported on the Sand platform.
Related Commands
Guidelines
This command supports GRE tunnel interfaces and IPv4 routed interfaces in the egress direction only on a Sand platform.
TCP MSS ceiling is supported on IPv4 unicast packets entering the switch and the configuration has no effect on GRE transit packets post configuration of the TCP MSS ceiling on a Sand platform.
Example
These commands configure a maximum MSS ceiling value of 1458 bytes in the egress direction on an Ethernet interface 5.
switch(config)#interface ethernet 5
switch(config-if-Et5)#no switchport
switch(config-if-Et5)#tcp mss ceiling ipv4 1458 egress
vrf (Interface mode)
The vrf command adds the configuration mode interface to the specified VRF. You must create the VRF first, using the vrf instance command.
The no vrf and default vrf commands remove the configuration mode interface from the specified VRF by deleting the corresponding vrf command from running-config.
All forms of the vrf command remove all IP addresses associated with the configuration mode interface.
Command Mode
Interface-Ethernet Configuration
Interface-Loopback Configuration
Interface-Management Configuration
Interface-Port-channel Configuration
Interface-VLAN Configuration
Command Syntax
vrf vrf_name
no vrf [vrf_name]
default vrf [vrf_name]
Parameters
vrf_name     name of configured VRF.
Examples
These commands add the configuration mode interface (VLAN 20) to the VRF named “purple”.
switch(config)#interface vlan 20
switch(config-if-Vl20)#vrf purple
switch(config-if-Vl20)#
These commands remove the configuration mode interface from VRF “purple”.
switch(config)#interface vlan 20
switch(config-if-Vl20)#no vrf purple
switch(config-if-Vl20)#
 
vrf instance
The vrf instance command places the switch in VRF configuration mode for the specified VRF. If the named VRF does not exist, this command creates it. The number of user-defined VRFs supported varies by platform.
To add an interface to the VRF once it is created, use the vrf (Interface mode) command.
The no vrf instance and default vrf instance commands delete the specified VRF instance by removing the corresponding vrf instance command from running-config. This also removes all IP addresses associated with interfaces that belong to the deleted VRF.
The exit command returns the switch to global configuration mode.
Command Mode
Global Configuration
Command Syntax
vrf instance vrf_name
no vrf instance vrf_name
default vrf instance vrf_name
Parameters
vrf_name     Name of VRF being created, deleted or configured. The names “main” and “default” are reserved.
Example
This command creates a VRF named “purple” and places the switch in VRF configuration mode for that VRF.
switch(config)#vrf instance purple
switch(config-vrf-purple)#
interface tunnel
The interface tunnel command places the switch in the interface tunnel configuration mode.
Interface tunnel configuration mode is not a group change mode; running-config is changed immediately after commands are executed.
The no interface tunnel command deletes the interface tunnel configuration.
The exit command returns the switch to the global configuration mode.
Command Mode
Global Configuration
Command Syntax
interface tunnel <value>
no interface tunnel <value>
Parameter
value     Tunnel interface number. The value ranges from 0 to 255.
Example
This command places the switch in interface tunnel configuration mode with a tunnel value 10.
switch(config)#interface tunnel 10
switch(config-if-Tu10)#
tunnel
The tunnel command places the switch in protocol- over- protocol tunneling configuration mode for specific tunnel options.
Tunnel configuration mode is not a group change mode; running-config is changed immediately after commands are executed. The exit command does not affect the configuration.
The no tunnel command deletes the tunnel configuration.
The exit command returns the switch to global configuration mode.
Command Mode
Interface Tunnel Configuration
Command Syntax
tunnel <options>
no tunnel <options>
Parameters
options     Specifies the various tunneling options as listed below.
destination     destination address of the tunnel.
ipsec     secures the tunnel with the IPsec address.
key     sets the tunnel key.
mode     tunnel encapsulation method.
path-mtu-discovery     enables the Path MTU discovery on tunnel.
source     source of the tunnel packets.
tos     sets the IP type of service value.
ttl     sets time to live value.
underlay     tunnel underlay.
Example
These commands place the switch in interface tunnel configuration mode with a tunnel value 10 and with GRE tunnel configured on the interfaces specified.
switch(config)#ip routing
switch(config)#interface Tunnel 10
switch(config-if-Tu10)#tunnel mode gre
switch(config-if-Tu10)#ip address 192.168.1.1/24
switch(config-if-Tu10)#tunnel source 10.1.1.1
switch(config-if-Tu10)#tunnel destination 10.1.1.2
switch(config-if-Tu10)#tunnel path-mtu-discovery
switch(config-if-Tu10)#tunnel tos 10
switch(config-if-Tu10)#tunnel ttl 10
show interface tunnel
The show interface tunnel command displays the interface tunnel information.
Command Mode
EXEC
Command Syntax
show interface tunnel <number>
Parameter
number     Specifies the tunnel interface number.
Example
This command displays tunnel interface configuration information for tunnel interface 10.
switch#show interface tunnel 10
 
Tunnel10 is up, line protocol is up (connected)
Hardware is Tunnel, address is 0a01.0101.0800
Internet address is 192.168.1.1/24
Broadcast address is 255.255.255.255
Tunnel source 10.1.1.1, destination 10.1.1.2
Tunnel protocol/transport GRE/IP
   Key disabled, sequencing disabled
   Checksumming of packets disabled
Tunnel TTL 10, Hardware forwarding enabled
Tunnel TOS 10
Path MTU Discovery
Tunnel transport MTU 1476 bytes
Up 3 seconds
show platform fap eedb ip-tunnel gre interface tunnel
The show platform fap eedb ip-tunnel gre interface tunnel command verifies the tunnel encapsulation programming for the tunnel interface.
Command Mode
EXEC
Command Syntax
show platform fap eedb ip-tunnel gre interface tunnel <number>
Parameter
number     Specifies the tunnel interface number.
Examples
These commands verify the tunnel encapsulation programming for the tunnel interface 10.
switch#show platform fap eedb ip-tunnel gre interface tunnel 10
 
----------------------------------------------------------------------------
|                                                  Jericho0                                        |
|                                 GRE Tunnel Egress Encapsulation DB                               |
|--------------------------------------------------------------------------|
| Bank/ | OutLIF | Next   | VSI  | Encap | TOS  | TTL | Source | Destination| OamLIF| OutLIF | Drop|
| Offset|        | OutLIF | LSB  | Mode  |      |     | IP     | IP         | Set   | Profile|     |
|--------------------------------------------------------------------------|
| 3/0   | 0x6000 | 0x4010 | 0    | 2     | 10   | 10  | 10.1.1.1 | 10.1.1.2 | No    | 0      | No  |
 
switch#show platform fap eedb ip-tunnel
-------------------------------------------------------------------------------
|                                                  Jericho0                                     |
|                                     IP Tunnel Egress Encapsulation DB                         |
|------------------------------------------------------------------------------
| Bank/ | OutLIF | Next   | VSI | Encap| TOS | TTL | Src | Destination | OamLIF | OutLIF  | Drop|
| Offset|        | OutLIF | LSB | Mode | Idx | Idx | Idx | IP          | Set    | Profile |     |
|------------------------------------------------------------------------------
| 3/0   | 0x6000 | 0x4010 | 0   | 2    | 9   | 0   | 0   | 10.1.1.2    | No     | 0       | No  |
show tunnel fib static interface gre
The show tunnel fib static interface gre command displays the forwarding information base (FIB) information for a static interface GRE tunnel.
Command Mode
EXEC
Command Syntax
show tunnel fib static interface gre <number>
Parameter
number     Specifies the tunnel index number.
Example
This command display the interface tunnel configuration with GRE configured.
switch#show tunnel fib static interface gre 10
 
Type 'Static Interface', index 10, forwarding Primary
   via 10.6.1.2, 'Ethernet6/1'
      GRE, destination 10.1.1.2, source 10.1.1.1, ttl 10, tos 0xa
show platform fap tcam summary
The show platform fap tcam summary command displays information about the TCAM bank that is allocated for GRE packet termination lookup.
Command Mode
EXEC
Command Syntax
show platform fap tcam summary
Example
This command verifies if the TCAM bank is allocated for GRE packet termination lookup.
switch#show platform fap tcam summary
 
Tcam Allocation (Jericho0)
   Bank                   Used By    Reserved By
---------- ------------------------- -----------
      0               dbGreTunnel              -
 
IPv4
Arista switches support Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) for routing packets across network boundaries. This chapter describes Arista’s implementation of IPv4 and includes these sections:
28.1 IPv4 Addressing
Each IPv4 network device is assigned a 32-bit IP address that identifies its network location. These sections describe IPv4 address formats, data structures, configuration tasks, and display options:
28.1.1 IPv4 Address Formats
IPv4 addresses are composed of 32 bits, expressed in dotted decimal notation by four decimal numbers, each ranging from 0 to 255. A subnet is identified by an IP address and an address space defined by a routing prefix. The switch supports the following subnet formats:
IP address and subnet mask: The subnet mask is a 32-bit number (dotted decimal notation) that specifies the subnet address space. The subnet address space is calculated by performing an AND operation between the IP address and subnet mask.
IP address and wildcard mask: The wildcard mask is a 32-bit number (dotted decimal notation) that specifies the subnet address space. Wildcard masks differ from subnet masks in that the bits are inverted. Some commands use wildcard masks instead of subnet masks.
CIDR notation: CIDR notation specifies the scope of the subnet space by using a decimal number to identify the number of leading ones in the routing prefix. When referring to wildcard notation, CIDR notation specifies the number of leading zeros in the routing prefix.
Example
These subnets (subnet mask and CIDR notation) are calculated identically:
10.24.154.13 255.255.255.0
10.24.154.13/24
The defined space includes all addresses between 10.24.154.0 and 10.24.154.255.
These subnets (wildcard mask and CIDR notation) are calculated identically:
124.17.3.142 0.0.0.15
124.17.3.142/28
The defined space includes all addresses between 124.17.3.128 and 124.17.3.143.
28.1.2 IPv4 Address Configuration
Assigning an IPv4 Address to an Interface
The ip address command specifies the IPv4 address of an interface and the mask for the subnet to which the interface is connected.
Example
These commands configure an IPv4 address with subnet mask for VLAN 200:
switch(config)#interface vlan 200
switch(config-if-Vl200)#ip address 10.0.0.1/24
switch(config-if-Vl200)#
28.1.3 Address Resolution Protocol (ARP)
Address Resolution Protocol (ARP) is a protocol that maps IP addresses to MAC addresses that local network devices recognize. The ARP cache is a table that stores the correlated addresses of the devices for which the router facilitates data transmissions.
After receiving a packet, routers use ARP to find the MAC address of the device assigned to the packet’s destination IP address. If the ARP cache contains both addresses, the router sends the packet to the specified port. If the ARP cache does not contain the addresses, ARP broadcasts a request packet to all devices in the subnet. The device at the requested IP address responds and provides its MAC address. ARP updates the ARP cache with a dynamic entry and forwards the packet to the responding device. Static ARP entries can also be added to the cache through the CLI.
Proxy ARP is an ARP variant. A network device (proxy) responds to ARP requests for network addresses on a different network with its MAC address. Traffic to the destination is directed to the proxy device which then routes the traffic toward the ultimate destination.
Configuring ARP
The switch uses ARP cache entries to correlate 32-bit IP addresses to 48-bit hardware addresses. The arp aging timeout command specifies the duration of dynamic address entries in the Address Resolution Protocol (ARP) cache for addresses learned through the layer 3 interface. The default duration is 14400 seconds (four hours).
Static ARP entries never time out and must be removed from the table manually.
Example
This command specifies an ARP cache duration of 7200 seconds (two hours) for dynamic addresses added to the ARP cache that were learned through VLAN 200.
switch(config)#interface vlan 200
switch(config-if-Vl200)#arp aging timeout 7200
switch(config-if-Vl200)#show active
interface Vlan200
   arp timeout 7200
switch(config-if-Vl200)#
The arp command adds a static entry to an Address Resolution Protocol (ARP) cache.
Example
This command adds a static entry to the ARP cache in the default VRF.
switch(config)#arp 172.22.30.52 0025.900e.c63c arpa
switch(config)#
Displaying ARP Entries
The show ip arp command displays ARP cache entries that map an IP address to a corresponding MAC address. The table displays addresses by their host names when the command includes the resolve argument.
Example
This command displays ARP cache entries that map MAC addresses to IPv4 addresses.
switch>show ip arp
Address         Age (min)  Hardware Addr   Interface
172.25.0.2              0  004c.6211.021e  Vlan101, Port-Channel2
172.22.0.1              0  004c.6214.3699  Vlan1000, Port-Channel1
172.22.0.2              0  004c.6219.a0f3  Vlan1000, Port-Channel1
172.22.0.3              0  0045.4942.a32c  Vlan1000, Ethernet33
172.22.0.5              0  f012.3118.c09d  Vlan1000, Port-Channel1
172.22.0.6              0  00e1.d11a.a1eb  Vlan1000, Ethernet5
172.22.0.7              0  004f.e320.cd23  Vlan1000, Ethernet6
172.22.0.8              0  0032.48da.f9d9  Vlan1000, Ethernet37
172.22.0.9              0  0018.910a.1fc5  Vlan1000, Ethernet29
172.22.0.11             0  0056.cbe9.8510  Vlan1000, Ethernet26
switch>
This command displays ARP cache entries that map MAC addresses to IPv4 addresses. Host names assigned to IP addresses are displayed in place of the address.
switch>show ip arp resolve
Address         Age (min)  Hardware Addr   Interface
green-vl101.new         0  004c.6211.021e  Vlan101, Port-Channel2
172.22.0.1              0  004c.6214.3699  Vlan1000, Port-Channel1
orange-vl1000.n         0  004c.6219.a0f3  Vlan1000, Port-Channel1
172.22.0.3              0  0045.4942.a32c  Vlan1000, Ethernet33
purple.newcompa         0  f012.3118.c09d  Vlan1000, Port-Channel1
pink.newcompany         0  00e1.d11a.a1eb  Vlan1000, Ethernet5
yellow.newcompa         0  004f.e320.cd23  Vlan1000, Ethernet6
172.22.0.8              0  0032.48da.f9d9  Vlan1000, Ethernet37
royalblue.newco         0  0018.910a.1fc5  Vlan1000, Ethernet29
172.22.0.11             0  0056.cbe9.8510  Vlan1000, Ethernet26
switch>
28.1.3.1 ARP Inspection
Address Resolution Protocol (ARP) inspection command ip arp inspection vlan activates a security feature that protects the network from ARP spoofing. ARP requests and responses on untrusted interfaces are intercepted on specified VLANs, and intercepted packets are verified to have valid IP-MAC address bindings. All invalid ARP packets are dropped. On trusted interfaces, all incoming ARP packets are processed and forwarded without verification.
Enabling and Disabling ARP Inspection
By default, ARP inspection is disabled on all VLANs.
Examples
This command enables ARP inspection on VLANs 1 through 150.
switch(config)#ip arp inspection vlan 1 - 150
switch(config)#
This command disables ARP inspection on VLANs 1 through 150.
switch(config)#no ip arp inspection vlan 1 - 150
switch(config)#
This command sets the ARP inspection default to VLANs 1 through 150.
switch(config)#default ip arp inspection vlan 1 - 150
switch(config)#
These commands enable ARP inspection on multiple VLANs 1 through 150 and 200 through 250.
switch(config)#ip arp inspection vlan 1-150,200-250
switch(config)#
Syslog for Invalid ARP Packets Dropped
When an invalid ARP packet is dropped, the following syslog message appears. The log severity level can be set higher if required.
%SECURITY-4-ARP_PACKET_DROPPED: Dropped ARP packet on interface Ethernet28/1 Vlan 2121 because invalid mac and ip binding. Received: 00:0a:00:bc:00:de/1.1.1.1.
Displaying ARP Inspection States
The command show ip arp inspection vlan displays the configuration and operation state of ARP inspection. For a VLAN range specified by show ip arp inspection vlan only VLANs with ARP inspection enabled will be displayed. If no VLAN is specified, all VLANs with ARP inspection enabled are displayed. The operation state turns to Active when hardware is ready to trap ARP packets for inspection.
Example
This command displays the configuration and operation state of ARP inspection for VLANs 1 through 150.
switch(config)#show ip arp inspection vlan 1 - 150
VLAN 1
----------
Configuration
: Enabled
Operation State : Active
VLAN 2
----------
Configuration
: Enabled
Operation State : Active
{...}
VLAN 150
----------
Configuration
: Enabled
Operation State : Active
 
switch(config)#
Displaying ARP Inspection Statistics
The command show ip arp inspection statistics displays the statistics of inspected ARP packets. For a VLAN specified by show ip arp inspection vlan only VLANs with ARP inspection enabled will be displayed. If no VLAN is specified, all VLANs with ARP inspection enabled are displayed.
The command clear arp inspection statistics clears ARP inspection.
Examples
This command displays ARP inspection statistics for VLAN 1.
switch(config)#show ip arp inspection statistics vlan 2
Vlan : 2
------------
ARP Req Forwarded = 20
ARP Res Forwarded = 20
ARP Req Dropped = 1
ARP Res Dropped = 1
 
Last invalid ARP:
Time: 10:20:30 ( 5 minutes ago )
Reason: Bad IP/Mac match
Received on: Ethernet 3/1
Packet:
  Source MAC: 00:01:00:01:00:01
  Dest MAC: 00:02:00:02:00:02
  ARP Type: Request
  ARP Sender MAC: 00:01:00:01:00:01
  ARP Sender IP: 1.1.1
 
switch(config)#
This command displays ARP inspection statistics for Ethernet interface 3/1.
switch(config)#show ip arp inspection statistics ethernet interface 3/1
Interface : 3/1
--------
ARP Req Forwarded = 10
ARP Res Forwarded = 10
ARP Req Dropped = 1
ARP Res Dropped = 1
 
Last invalid ARP:
Time: 10:20:30 ( 5 minutes ago )
Reason: Bad IP/Mac match
Received on: VLAN 10
Packet:
  Source MAC: 00:01:00:01:00:01
  Dest MAC: 00:02:00:02:00:02
  ARP Type: Request
  ARP Sender MAC: 00:01:00:01:00:01
  ARP Sender IP: 1.1.1
 
switch(config)#
This command clears ARP inspection statistics.
switch(config)#clear arp inspection statistics
switch(config)#
Configure Trust Interface
By default, all interfaces are untrusted. The command ip arp inspection trust configures the trust state of an interface.
Examples
This command configures the trust state of an interface.
switch(config)#ip arp inspection trust
switch(config)#
This command configures the trust state of an interface to untrusted.
switch(config)#no ip arp inspection trust
switch(config)#
This command configures the trust state of an interface to its default (untrusted).
switch(config)#default ip arp inspection trust
switch(config)#
Configure Rate Limit
When ARP inspection is enabled, ARP packets are trapped to the CPU. Two actions can be taken when the incoming ARP rate exceeds expectation. For notification purpose, the command ip arp inspection logging will enable logging of the incoming ARP packets. To prevent a denial-of-service attack, the command ip arp inspection limit will error-disable interfaces.
Examples
This command enables logging of incoming ARP packets when its rate exceeds the configured value, and sets the rate to 2048 (which is the upper limit for the number of invalid ARP packets allowed per second), and sets the burst consecutive interval over which the interface is monitored for a high ARP rate to 15 seconds.
switch(config)#ip arp inspection logging rate 2048 burst interval 15
switch(config)#
This command configures the rate limit of incoming ARP packets to errdisable the interface when the incoming ARP rate exceeds the configured value, sets the rate to 512 (which is the upper limit for the number of invalid ARP packets allowed per second), and sets the burst consecutive interval over which the interface is monitored for a high ARP rate to 11 seconds.
switch(config)#ip arp inspection limit rate 512 burst interval 11
switch(config)#
This command displays verification of the interface specific configuration.
switch(config)#interface Ethernet 3 / 1
switch(config)#ip arp inspection limit rate 20 burst interval 5
switch(config)#interface Ethernet 3 / 3
switch(config)#ip arp inspection trust
switch(config)#show ip arp inspection interfaces
 Interface      Trust State  Rate (pps) Burst Interval
 -------------  -----------  ---------- --------------
 Et3/1          Untrusted    20         5
 Et3/3          Trusted      None       N/A
 
switch(config)#
Configure Errdisable Caused by ARP Inspection
If the incoming ARP packet rate on an interface exceeds the configured rate limit in burst interval, the interface will be errdisabled (by default). If errdisabled, the interface will stay in this state until you intervene with the command errdisable detect cause arp-inspection (e.g., after you perform a shutdown or no shutdown of the interface) or it automatically recovers after a certain time period. The command errdisable recovery cause arp-inspection will enable auto recovery. The command errdisable recovery interval will enable sharing the auto recovery interval among all errdisable interfaces. (See the chapter “Data Transfer” for information on all errdisable commands.
Examples
This command enables errdisable caused by an ARP inspection violation.
switch(config)#errdisable detect cause arp-inspection
switch(config)#
This command disables errdisable caused by an ARP inspection violation.
switch(config)#no errdisable detect cause arp-inspection
switch(config)#
This command enables auto recovery.
switch(config)#errdisable recovery cause arp-inspection
switch(config)#
This command disables auto recovery.
switch(config)#no errdisable recovery cause arp-inspection
switch(config)#
This command enables sharing the auto recovery interval of 10 seconds among all errdisable interfaces.
switch(config)#errdisable recovery interval 10
switch(config)#
This command disables sharing the auto recovery interval of 10 seconds among all errdisable interfaces.
switch(config)#no errdisable recovery interval 10
switch(config)#
This command displays the reason for a port entering the errdisable state.
switch(config)#show interfaces status errdisabled
 Port                 Name             Status             Reason
-------------------- ---------------- ------------------ ------------------
 Et3/2                                 errdisabled        arp-inspection
 
switch(config)#
Configure Static IP MAC Binding
The ARP inspection command ip source binding allows users to add static IP-MAC binding. If enabled, ARP inspection verifies incoming ARP packets based on the configured IP-MAC bindings. The static IP-MAC binding entry can only be configured on Layer 2 ports. By default, there is no binding entry on the system.
Examples
This command configures static IP-MAC binding for IP address 127.0.0.1, MAC address 0001.0001.0001, VLAN 1, and Ethernet interface slot 4 and port 1.
switch(config)#ip source binding 127.0.0.1 0001.0001.0001 vlan 1 interface ethernet 4/1
switch(config)#
This command configures static IP-MAC binding for IP address 127.0.0.1, MAC address 0001.0001.0001, VLAN 1, and port-channel interface 20.
switch(config)#ip source binding 127.0.0.1 0001.0001.0001 vlan 1 interface port-channel 20
switch(config)#
This command displays the configured IP-MAC binding entries. Note that the Lease column is mainly used for displaying dynamic DHCP snooping binding entries. For static binding entries, lease time is shown as infinite.
switch(config)#show ip source binding 127.0.0.1 0001.0001.0001 static vlan 1 interface port-channel 20
MacAddress       IpAddress   Lease(sec)     Type   VLAN           Interface
--------------- ----------- ------------ -------- ------- -------------------
0001.0001.0001   127.0.0.1     infinite   static   1       Port-Channel20
switch(config)#
27.10 Quality of Service Configuration Commands
QoS Data Field and Traffic Class Configuration Commands
QoS and ECN Display Commands
ECN Configuration Commands
Transmit Queue and Port Shaping Commands – Arad and Jericho Platforms
Transmit Queue and Port Shaping Commands – FM6000 Platform
Transmit Queue and Port Shaping Commands – Helix Platform
Transmit Queue and Port Shaping Commands – Petra Platform
Transmit Queue and Port Shaping Commands – Trident and Tomahawk Platform
Transmit Queue and Port Shaping Commands – Trident-II Platform
bandwidth guaranteed (Helix)
The bandwidth guaranteed command specifies the minimum bandwidth for outbound traffic on the transmit queue. By default, no bandwidth is guaranteed to any transmit queue.
The no bandwidth guaranteed and default bandwidth guaranteed commands remove the minimum bandwidth guarantee on the transmit queue by deleting the corresponding bandwidth guaranteed command from running-config.
Command Mode
Tx-Queue Configuration
Command Syntax
bandwidth guaranteed rate DATA_MIN
no bandwidth guaranteed
default bandwidth guaranteed
Parameters
DATA_MIN     minimum bandwidth. Value range varies with data unit:
<8 to 40000000>      8 to 40,000,000 kbytes per second.
<8 to 40000000>kbps      8 to 40,000,000 kbytes per second.
<8 to 60000000>pps      1 to 60,000,000 packets per second.
Related Commands
tx-queue (Helix) places the switch in tx-queue configuration mode.
Example
These commands configure a minimum egress bandwidth of 1 Mbps for transmit queue 4 of Ethernet interface 17/3.
switch(config)#interface ethernet 17
switch(config-if-Et17)#tx-queue 4
switch(config-if-Et17-txq-4)#bandwidth guaranteed 1000 kbps
switch(config-if-Et17-txq-4)#show qos interfaces ethernet 17
Ethernet17/3:
   Trust Mode: COS
   Default COS: 0
   Default DSCP: 0
 
   Port shaping rate: disabled
 
  Tx       Bandwidth                 Shape Rate        Priority
Queue     Guaranteed (units)         (units)
   ------------------------------------------------------------
   7        - / -    (  -  )       - / -    (  -  )    SP / SP
   6        - / -    (  -  )       - / -    (  -  )    SP / SP
   5        - / -    (  -  )       - / -    (  -  )    SP / SP
   4        1 / 1    ( Mbps )      - / -    (  -  )    SP / SP
   3        - / -    (  -  )       - / -    (  -  )    SP / SP
   2        - / -    (  -  )       - / -    (  -  )    SP / SP
   1        - / -    (  -  )       - / -    (  -  )    SP / SP
   0        - / -    (  -  )       - / -    (  -  )    SP / SP
 
Note: Values are displayed as Operational/Configured
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
switch(config-if-Et17-txq-4)#
bandwidth guaranteed (Trident-II)
The bandwidth guaranteed command specifies the minimum bandwidth for outbound traffic on the transmit queue. By default, no bandwidth is guaranteed to any transmit queue.
The no bandwidth guaranteed and default bandwidth guaranteed commands remove the minimum bandwidth guarantee on the transmit queue by deleting the corresponding bandwidth guaranteed command from running-config.
Command Mode
Tx-Queue Configuration
Command Syntax
bandwidth guaranteed rate DATA_MIN
no bandwidth guaranteed
default bandwidth guaranteed
Parameters
DATA_MIN     minimum bandwidth. Value range varies with data unit:
<8 to 40000000>      8 to 40,000,000 kbytes per second.
<8 to 40000000>kbps      8 to 40,000,000 kbytes per second.
<8 to 60000000>pps      1 to 60,000,000 packets per second.
Related Commands
tx-queue (Trident-II) places the switch in tx-queue configuration mode.
Example
These commands configure a minimum egress bandwidth of 1 Mbps for transmit queue 4 of Ethernet interface 17/3.
switch(config)#interface ethernet 17/3
switch(config-if-Et17/3)#tx-queue 4
switch(config-if-Et17/3-txq-4)#bandwidth guaranteed 1000 kbps
switch(config-if-Et17/3-txq-4)#show qos interfaces ethernet 17/3
Ethernet17/3:
   Trust Mode: COS
   Default COS: 0
   Default DSCP: 0
 
   Port shaping rate: disabled
 
  Tx       Bandwidth                 Shape Rate        Priority
Queue     Guaranteed (units)         (units)
   ------------------------------------------------------------
   7        - / -    (  -  )       - / -    (  -  )    SP / SP
   6        - / -    (  -  )       - / -    (  -  )    SP / SP
   5        - / -    (  -  )       - / -    (  -  )    SP / SP
   4        1 / 1    ( Mbps )      - / -    (  -  )    SP / SP
   3        - / -    (  -  )       - / -    (  -  )    SP / SP
   2        - / -    (  -  )       - / -    (  -  )    SP / SP
   1        - / -    (  -  )       - / -    (  -  )    SP / SP
   0        - / -    (  -  )       - / -    (  -  )    SP / SP
 
Note: Values are displayed as Operational/Configured
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
switch(config-if-Et17/3-txq-4)#
bandwidth percent (Arad/Jericho)
The bandwidth percent command configures the bandwidth share of the transmit queue when configured for round robin priority. Bandwidth is allocated to all queues based on the cumulative configured bandwidth of all the port’s round robin queues.
The cumulative operational bandwidth of all round robin queues is always less than or equal to 100%. If the cumulative configured bandwidth is greater than 100%, each port’s operational bandwidth is its configured bandwidth divided by the cumulative configured bandwidth.
The no bandwidth percent and default bandwidth percent commands restore the default bandwidth share of the transmit queue by removing the corresponding bandwidth percent command from running-config.
Command Mode
Tx-Queue Configuration
Command Syntax
bandwidth percent proportion
no bandwidth percent
default bandwidth percent
Parameters
proportion     Bandwidth percentage assigned to queues. Values range from 1 to 100.
Related Commands
tx-queue (Arad/Jericho) places the switch in tx-queue configuration mode.
Example
These commands configure queues 0 through 3 (Ethernet interface 3/5/1) as round robin, then allocate bandwidth for three queues at 30% and one queue at 10%.
switch(config)#interface ethernet 3/5/1
switch(config-if-Et3/5/1)#tx-queue 3
switch(config-if-Et3/5/1-txq-3)#no priority
switch(config-if-Et3/5/1-txq-3)#bandwidth percent 10
switch(config-if-Et3/5/1-txq-3)#tx-queue 2
switch(config-if-Et3/5/1-txq-2)#bandwidth percent 30
switch(config-if-Et3/5/1-txq-2)#tx-queue 1
switch(config-if-Et3/5/1-txq-1)#bandwidth percent 30
switch(config-if-Et3/5/1-txq-1)#tx-queue 0
switch(config-if-Et3/5/1-txq-0)#bandwidth percent 30
switch(config-if-Et3/5/1-txq-0)#show qos interfaces ethernet 3/5/1
Ethernet3/5/1:
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
  Tx    Bandwidth       Shape Rate        Priority  ECN
Queue  (percent)        (units)
   -----------------------------------------------------
   7      - / -        - / -    (  -  )    SP / SP    D
   6      - / -        - / -    (  -  )    SP / SP    D
   5      - / -        - / -    (  -  )    SP / SP    D
   4      - / -        - / -    (  -  )    SP / SP    D
   3     10 / 10       - / -    (  -  )    RR / RR    D
   2     30 / 30       - / -    (  -  )    RR / SP    D
   1     30 / 30       - / -    (  -  )    RR / SP    D
   0     30 / 30       - / -    (  -  )    RR / SP    D
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
switch(config-if-Et3/5/1-txq-0)#
These commands re-configure the bandwidth share of the fourth queue at 30%.
switch(config-if-Et3/5/1-txq-0)#tx-queue 3
switch(config-if-Et3/5/1-txq-3)#bandwidth percent 30
switch(config-if-Et3/5/1-txq-3)#show qos interfaces ethernet 3/5/1
Ethernet3/5/1:
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
   Port shaping rate: disabled
 
  Tx    Bandwidth       Shape Rate        Priority  ECN
Queue  (percent)        (units)
   -----------------------------------------------------
   7      - / -        - / -    (  -  )    SP / SP    D
   6      - / -        - / -    (  -  )    SP / SP    D
   5      - / -        - / -    (  -  )    SP / SP    D
   4      - / -        - / -    (  -  )    SP / SP    D
   3     24 / 30       - / -    (  -  )    RR / RR    D
   2     24 / 30       - / -    (  -  )    RR / SP    D
   1     24 / 30       - / -    (  -  )    RR / SP    D
   0     24 / 30       - / -    (  -  )    RR / SP    D
 
Note: Values are displayed as Operational/Configured
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
switch(config-if-Et3/5/1-txq-3)#
These commands configure the bandwidth share of the fourth queue at 2%.
switch(config-if-Et3/5/1-txq-3)#bandwidth percent 2
switch(config-if-Et3/5/1-txq-3)#show qos interfaces ethernet 3/5/1
Ethernet3/5/1:
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
   Port shaping rate: disabled
 
  Tx    Bandwidth       Shape Rate        Priority  ECN
Queue  (percent)        (units)
   -----------------------------------------------------
   7      - / -        - / -    (  -  )    SP / SP    D
   6      - / -        - / -    (  -  )    SP / SP    D
   5      - / -        - / -    (  -  )    SP / SP    D
   4      - / -        - / -    (  -  )    SP / SP    D
   3      2 / 2        - / -    (  -  )    RR / RR    D
   2     30 / 30       - / -    (  -  )    RR / SP    D
   1     30 / 30       - / -    (  -  )    RR / SP    D
   0     30 / 30       - / -    (  -  )    RR / SP    D
 
Note: Values are displayed as Operational/Configured
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
switch(config-if-Et3/5/1-txq-3)#
bandwidth percent (FM6000)
The bandwidth percent command configures the bandwidth share of the transmit queue when configured for round robin priority. Bandwidth is allocated to all queues based on the cumulative configured bandwidth of all the port’s round robin queues.
The cumulative operational bandwidth of all round robin queues is always less than or equal to 100%. If the cumulative configured bandwidth is greater than 100%, each port’s operational bandwidth is its configured bandwidth divided by the cumulative configured bandwidth.
The no bandwidth percent and default bandwidth percent commands restore the default bandwidth share of the transmit queue by removing the corresponding bandwidth percent command running-config.
Command Mode
Tx-Queue Configuration
Command Syntax
bandwidth percent proportion
no bandwidth percent
default bandwidth percent
Parameters
proportion     Configured bandwidth percentage. Value ranges from 1 to 100. Default value is 0.
Related Commands
tx-queue (FM6000) places the switch in tx-queue configuration mode.
Example
These commands configure queues 0 through 3 (Ethernet interface 19) as round robin, then allocate bandwidth for three queues at 30% and one queue at 10%.
switch(config)#interface ethernet 19
switch(config-if-Et19)#tx-queue 3
switch(config-if-Et19-txq-3)#no priority
switch(config-if-Et19-txq-3)#bandwidth percent 10
switch(config-if-Et19-txq-3)#tx-queue 2
switch(config-if-Et19-txq-2)#bandwidth percent 30
switch(config-if-Et19-txq-2)#tx-queue 1
switch(config-if-Et19-txq-1)#bandwidth percent 30
switch(config-if-Et19-txq-1)#tx-queue 0
switch(config-if-Et19-txq-0)#bandwidth percent 30
switch(config-if-Et19-txq-0)#show qos interface ethernet 19
Ethernet19:
   Trust Mode: COS
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
   Tx-Queue   Bandwidth    Shape Rate     Priority
              (percent)       (Kbps)
   -----------------------------------------------
          6         N/A     disabled        strict
          5         N/A     disabled        strict
          4         N/A     disabled        strict
          3          10     disabled   round-robin
          2          30     disabled   round-robin
          1          30     disabled   round-robin
          0          30     disabled   round-robin
 
switch(config-if-Et19-txq-0)#
These commands re-configure the bandwidth share of transmit queue 3 at 30%.
switch(config-if-Et19-txq-0)#tx-queue 3
switch(config-if-Et19-txq-3)#bandwidth percent 30
switch(config-if-Et19-txq-3)#show qos interface ethernet 19
Ethernet19:
   Trust Mode: COS
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
   Tx-Queue   Bandwidth    Shape Rate     Priority
              (percent)       (Kbps)
   -----------------------------------------------
          6         N/A     disabled        strict
          5         N/A     disabled        strict
          4         N/A     disabled        strict
          3          24     disabled   round-robin
          2          24     disabled   round-robin
          1          24     disabled   round-robin
          0          24     disabled   round-robin
 
switch(config-if-Et19-txq-3)#
These commands re-configure the bandwidth share of transmit queue 3 at 2%.
switch(config-if-Et19-txq-3)#bandwidth percent 2
switch(config-if-Et19-txq-3)#show qos interface ethernet 19
Ethernet19:
   Trust Mode: COS
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
   Tx-Queue   Bandwidth    Shape Rate     Priority
              (percent)       (Kbps)
   -----------------------------------------------
          6         N/A     disabled        strict
          5         N/A     disabled        strict
          4         N/A     disabled        strict
          3           2     disabled   round-robin
          2          30     disabled   round-robin
          1          30     disabled   round-robin
          0          30     disabled   round-robin
 
switch(config-if-Et19-txq-3)#
bandwidth percent (Petra)
The bandwidth percent command configures the bandwidth share of the transmit queue when configured for round robin priority. Bandwidth is allocated to all queues based on the cumulative configured bandwidth of all the port’s round robin queues.
The cumulative operational bandwidth of all round robin queues is always less than or equal to 100%. If the cumulative configured bandwidth is greater than 100%, each port’s operational bandwidth is its configured bandwidth divided by the cumulative configured bandwidth.
The no bandwidth percent and default bandwidth percent commands restore the default bandwidth share of the transmit queue by removing the corresponding bandwidth percent command running-config.
Command Mode
Tx-Queue Configuration
Command Syntax
bandwidth percent proportion
no bandwidth percent
default bandwidth percent
Parameters
proportion     Bandwidth percentage assigned to queues. Values range from 1 to 100.
Related Commands
tx-queue (Petra) places the switch in tx-queue configuration mode.
Example
These commands configure queues 0 through 3 (Ethernet interface 3/28) as round robin, then allocate bandwidth for three queues at 30% and one queue at 10%.
switch(config)#interface ethernet 3/28
switch(config-if-Et3/28)#tx-queue 3
switch(config-if-Et3/28-txq-3)#no priority
switch(config-if-Et3/28-txq-3)#bandwidth percent 10
switch(config-if-Et3/28-txq-3)#tx-queue 2
switch(config-if-Et3/28-txq-2)#bandwidth percent 30
switch(config-if-Et3/28-txq-2)#tx-queue 1
switch(config-if-Et3/28-txq-1)#bandwidth percent 30
switch(config-if-Et3/28-txq-1)#tx-queue 0
switch(config-if-Et3/28-txq-0)#bandwidth percent 30
switch(config-if-Et3/28-txq-0)#show qos interface ethernet 3/28
Ethernet3/28:
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
   Tx-Queue   Bandwidth    Shape Rate     Priority
              (percent)       (Kbps)
   -----------------------------------------------
          7         N/A     disabled        strict
          6         N/A     disabled        strict
          5         N/A     disabled        strict
          4         N/A     disabled        strict
          3          10     disabled   round-robin
          2          30     disabled   round-robin
          1          30     disabled   round-robin
          0          30     disabled   round-robin
 
switch(config-if-Et3/28-txq-0)#
These commands re-configure the bandwidth share of the fourth queue at 30%.
switch(config-if-Et3/28-txq-0)#tx-queue 3
switch(config-if-Et3/28-txq-3)#bandwidth percent 30
switch(config-if-Et3/28-txq-3)#show qos interface ethernet 3/28
Ethernet3/28:
   Trust Mode: COS
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
   Tx-Queue   Bandwidth    Shape Rate     Priority
              (percent)       (Kbps)
-----------------------------------------------
          7         N/A     disabled        strict
          6         N/A     disabled        strict
          5         N/A     disabled        strict
          4         N/A     disabled        strict
          3          24     disabled   round-robin
          2          24     disabled   round-robin
          1          24     disabled   round-robin
          0          24     disabled   round-robin
 
switch(config-if-Et3/28-txq-3)#
These commands configure the bandwidth share of the fourth queue at 2%.
switch(config-if-Et3/28)#tx-queue 3
switch(config-if-Et3/28-txq-3)#bandwidth percent 2
switch(config-if-Et3/28-txq-3)#show qos interface ethernet 3/28
Ethernet3/28:
   Trust Mode: COS
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
 
   Tx-Queue   Bandwidth    Shape Rate     Priority
              (percent)       (Kbps)
   -----------------------------------------------
          7         N/A     disabled        strict
          6         N/A     disabled        strict
          5         N/A     disabled        strict
          4         N/A     disabled        strict
          3           2     disabled   round-robin
          2          30     disabled   round-robin
          1          30     disabled   round-robin
          0          30     disabled   round-robin
 
switch(config-if-Et3/28-txq-3)#
bandwidth percent (Trident and Tomahawk)
The bandwidth percent command configures the bandwidth share of the transmit queue when configured for round robin priority. Bandwidth is allocated to all queues based on the cumulative configured bandwidth of all the port’s round robin queues.
The cumulative operational bandwidth of all round robin queues is always less than or equal to 100%. If the cumulative configured bandwidth is greater than 100%, each port’s operational bandwidth is its configured bandwidth divided by the cumulative configured bandwidth.
The no bandwidth percent and default bandwidth percent commands restore the default bandwidth share of the transmit queue by removing the corresponding bandwidth percent command running-config.
Command Mode
Mc-Tx-Queue configuration
Uc-Tx-Queue configuration
Command Syntax
bandwidth percent proportion
no bandwidth percent
default bandwidth percent
Parameters
proportion     Bandwidth percentage assigned to queues. Values range from 1 to 100.
Related Commands
mc-tx-queue places the switch in mc-tx-queue configuration mode.
uc-tx-queue places the switch in uc-tx-queue configuration mode.
Example
These commands configure unicast transmit queue 3 (and all other queues of lower priority) as round robin, then allocate bandwidth for unicast transmit queues 1, 2, and 3 at 30% and multicast transmit queue 1 at 10%.
switch(config)#interface ethernet 7
switch(config-if-Et7)#uc-tx-queue 3
switch(config-if-Et7-uc-txq-3)#no priority
switch(config-if-Et7-uc-txq-3)#bandwidth percent 30
switch(config-if-Et7-uc-txq-3)#uc-tx-queue 2
switch(config-if-Et7-uc-txq-2)#bandwidth percent 30
switch(config-if-Et7-uc-txq-2)#uc-tx-queue 1
switch(config-if-Et7-uc-txq-1)#bandwidth percent 30
switch(config-if-Et7-uc-txq-1)#mc-tx-queue 1
switch(config-if-Et7-mc-txq-1)#bandwidth percent 10
switch(config-if-Et7-mc-txq-1)#show qos interfaces ethernet 7
Ethernet7:
   Trust Mode: COS
   Default COS: 0
   Default DSCP: 0
 
   Port shaping rate: disabled
 
   Tx-Queue   Bandwidth    Shape Rate     Priority   Priority Group
              (percent)       (Kbps)
   ----------------------------------------------------------------
        UC7         N/A     disabled        strict                1
        UC6         N/A     disabled        strict                1
        MC3         N/A     disabled        strict                1
        UC5         N/A     disabled        strict                0
        UC4         N/A     disabled        strict                0
        MC2         N/A     disabled        strict                0
        UC3          30     disabled   round-robin                0
        UC2          30     disabled   round-robin                0
        MC1          10     disabled   round-robin                0
        UC1          30     disabled   round-robin                0
        UC0           0     disabled   round-robin                0
        MC0           0     disabled   round-robin                0
 
switch(config-if-Et7-mc-txq-1)#
These commands re-configure the bandwidth share of unicast queue 3 at 55%.
switch(config-if-Et7-mc-txq-1)#uc-tx-queue 3
switch(config-if-Et7-uc-txq-3)#bandwidth percent 55
switch(config-if-Et7-uc-txq-3)#show qos interface ethernet 7
Ethernet7:
   Trust Mode: COS
   Default COS: 0
   Default DSCP: 0
 
   Port shaping rate: disabled
 
   Tx-Queue   Bandwidth    Shape Rate     Priority   Priority Group
              (percent)       (Kbps)
   ----------------------------------------------------------------
        UC7         N/A     disabled        strict                1
        UC6         N/A     disabled        strict                1
        MC3         N/A     disabled        strict                1
        UC5         N/A     disabled        strict                0
        UC4         N/A     disabled        strict                0
        MC2         N/A     disabled        strict                0
        UC3          44     disabled   round-robin                0
        UC2          24     disabled   round-robin                0
        MC1           8     disabled   round-robin                0
        UC1          24     disabled   round-robin                0
        UC0           0     disabled   round-robin                0
        MC0           0     disabled   round-robin                0
 
switch(config-if-Et7-uc-txq-3)#
mc-tx-queue
The mc-tx-queue command places the switch in mc-tx-queue configuration mode to configure a multicast transmit queue on the configuration mode interface. Mc-tx-queue configuration mode is not a group change mode; running-config is changed immediately after commands are executed. The exit command does not affect the configuration.
Trident and Tomahawk switches have four multicast queues (MC0 – MC03) and eight unicast queues (UC0 – UC7), categorized into two priority groups. All queues are exposed through the CLI and are user configurable.
Priority Group 1: UC7, UC6, MC3
Priority Group 0: UC5, UC4, MC2, UC3, UC2, MC1, UC1, UC0, MC0
The exit command returns the switch to the configuration mode for the base Ethernet or port channel interface.
The no mc-tx-queue and default mc-tx-queue commands remove the configuration for the specified transmit queue by deleting the all corresponding mc-tx-queue mode commands from running-config.
Command Mode
Interface-Ethernet Configuration
Interface-Port-Channel Configuration
Command Syntax
mc-tx-queue queue_level
Parameters
queue_level     The multicast transmit queue number. Values range from 0 to 3.
Commands Available in tx-queue Configuration Mode
Related Commands
uc-tx-queue: Configures unicast transmit queues on Trident and Tomahawk platform switches.
Example
This command enters mc-tx-queue configuration mode for multicast transmit queue 3 of Ethernet interface 5.
switch(config)#interface ethernet 5
switch(config-if-Et5)#mc-tx-queue 3
switch(config-if-Et5-mc-txq-3)#
platform petraA traffic-class
The platform petraA traffic-class command configures the default traffic class used by all ports on a specified chip. The default traffic class is implemented by Petra platform switches to replace qos cos and qos dscp commands. Traffic class values range from 0 to 7. The default traffic class is one.
When platform ? returns Petra:
CoS trusted ports: inbound untagged packets are assigned to the default traffic class. Tagged packets are assigned to the traffic class that corresponds to the contents of its CoS field.
DSCP trusted ports: inbound non-IP packets are assigned to the default traffic class. IP packets are assigned to the traffic class that corresponds to the contents of its DSCP field.
Untrusted ports: all inbound packets are assigned to the default traffic class.
The no platform petraA traffic-class and default platform petraA traffic-class commands restore the default traffic class of one for all ports on the specified chips by deleting the corresponding platform petraA traffic-class command from running-config.
Command Mode
Global Configuration
Command Syntax
platform petraA [CHIP_NAME] traffic-class tc_value
no platform petraA [CHIP_NAME] traffic-class
default platform petraA [CHIP_NAME] traffic-class
Parameters
CHIP_NAME    trust mode assigned to the specified ports. Port designation options include:
<no parameter>     all ports on the switch.
module cardX     all ports on specified linecard (7500 Series).
petracardX /chipY     all ports on PetraA chip chipY on linecard cardX (7500 Series).
petra-chipZ     all ports on PetraA chip chipZ (7048 Series)
7500 Series
Switches can contain up to eight linecards. cardX varies from 3 to 10.
Each linecard contains six PetraA chips. Each chip controls eight ports. chipY varies from 0 to 5:
0 controls ports 1 through 8
1 controls ports 9 through 16
2 controls ports 17 through 24
3 controls ports 25 through 32
4 controls ports 33 through 40
5 controls ports 41 through 48
7048 Series
Each switch contains two PetraA chips. chipZ varies from 0 to 1:
0 controls ports 1 through 32
1 controls ports 33 through 52
tc_value     Traffic class value. Values range from 0 to 7. Default value is 1.
Related Commands
show platform petraA traffic-class displays the traffic class assignment on all specified Petra chips.
Example
This command configures the default traffic class to six for ports 25-32 on linecard 5.
switch(config)#platform petraA petra5/3 traffic-class 6
switch(config)#
priority (Arad/Jericho)
The priority command specifies the priority of the transmit queue. The switch supports two queue priorities:
strict priority: contents are removed from the queue - subject to maximum bandwidth limits, before data from lower priority queues. The default setting on all queues is strict priority.
round robin priority: contents are removed proportionately from all round robin queues - subject to maximum bandwidth limits assigned to the strict priority queues.
Tx-queue 7 is set to strict priority and is not configurable.
When a queue is configured as a round robin queue, all lower priority queues also function as round robin queues. A queue’s numerical label denotes its priority: higher labels denote higher priority. Tx-queue 6 has higher priority than Tx-queue 5, and Tx-queue 0 has the lowest priority.
The priority strict and default priority commands configure a transmit queue to function as a strict priority queue unless a higher priority queue is configured as a round robin queue.
The no priority command configures a transmit queue as a round robin queue. All lower priority queues also function as round robin queues regardless of their configuration.
Command Mode
Tx-Queue Configuration
Command Syntax
priority strict
no priority
default priority
Related Commands
tx-queue (Arad/Jericho) places the switch in tx-queue configuration mode.
Example
These commands perform the following on Ethernet interface 3/4/1:
Displays the default state of all transmit queues.
Configures transmit queue 3 as a round robin queue.
Displays the effect of the no priority command on all transmit queues on the interface.
 
switch(config)#interface ethernet 3/4/1
switch(config-if-Et3/4/1)#show qos interfaces ethernet 3/4/1
Ethernet3/4/1:
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
  Tx    Bandwidth       Shape Rate        Priority  ECN
Queue  (percent)        (units)
   -----------------------------------------------------
   7      - / -        - / -    (  -  )    SP / SP    D
   6      - / -        - / -    (  -  )    SP / SP    D
   5      - / -        - / -    (  -  )    SP / SP    D
   4      - / -      999 / 1000 ( Mbps )   SP / SP    D
   3      - / -      999 / 1000 ( Mbps )   SP / SP    D
   2      - / -        - / -    (  -  )    SP / SP    D
   1      - / -        - / -    (  -  )    SP / SP    D
   0      - / -        - / -    (  -  )    SP / SP    D
 
Note: Values are displayed as Operational/Configured
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
switch(config-if-Et3/4/1)#tx-queue 3
switch(config-if-Et3/4/1-txq-3)#no priority
switch(config-if-Et3/4/1-txq-3)#show qos interfaces ethernet 3/4/1
Ethernet3/4/1:
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
  Tx    Bandwidth       Shape Rate        Priority  ECN
Queue  (percent)        (units)
   -----------------------------------------------------
   7      - / -        - / -    (  -  )    SP / SP    D
   6      - / -        - / -    (  -  )    SP / SP    D
   5      - / -        - / -    (  -  )    SP / SP    D
   4      - / -      999 / 1000 ( Mbps )   SP / SP    D
   3     25 / -      999 / 1000 ( Mbps )   RR / RR    D
   2     25 / -        - / -    (  -  )    RR / SP    D
   1     25 / -        - / -    (  -  )    RR / SP    D
   0     25 / -        - / -    (  -  )    RR / SP    D
 
Note: Values are displayed as Operational/Configured
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
switch(config-if-Et3/4/1-txq-3)#
priority (FM6000)
The priority command specifies the priority of the transmit queue. The switch supports two queue priorities:
strict priority: contents are removed from the queue - subject to maximum bandwidth limits, before data from lower priority queues. The default setting on all queues is strict priority.
round robin priority: contents are removed proportionately from all round robin queues - subject to maximum bandwidth limits assigned to the strict priority queues.
When a queue is configured as a round robin queue, all lower priority queues also function as round robin queues. A queue’s numerical label denotes its priority: higher labels denote higher priority. Tx-queue 6 has higher priority than Tx-queue 5, and Tx-queue 0 has the lowest priority.
The priority strict and default priority commands configure a transmit queue to function as a strict priority queue unless a higher priority queue is configured as a round robin queue.
The no priority command configures a transmit queue as a round robin queue. All lower priority queues also function as round robin queues regardless of their configuration.
Command Mode
Tx-Queue Configuration
Command Syntax
priority strict
no priority
default priority
Related Commands
tx-queue (FM6000) places the switch in tx-queue configuration mode.
Example
These commands perform the following on Ethernet interface 2:
Displays the default state of all transmit queues.
Configures transmit queue 3 as a round robin queue.
Displays the effect of the no priority command on all transmit queues on the interface.
 
switch(config)#interface ethernet 19
switch(config-if-Et19)#show qos interface ethernet 19
Ethernet19:
   Trust Mode: COS
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
   Tx-Queue   Bandwidth    Shape Rate     Priority
              (percent)       (Kbps)
   -----------------------------------------------
          6         N/A     disabled        strict
          5         N/A     disabled        strict
          4         N/A     disabled        strict
          3         N/A     disabled        strict
          2         N/A     disabled        strict
          1         N/A     disabled        strict
          0         N/A     disabled        strict
 
switch(config-if-Et19)#tx-queue 3
switch(config-if-Et19-txq-3)#no priority
switch(config-if-Et19-txq-3)#show qos interface ethernet 19
Ethernet19:
   Trust Mode: COS
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
   Tx-Queue   Bandwidth    Shape Rate     Priority
              (percent)       (Kbps)
   -----------------------------------------------
          6         N/A     disabled        strict
          5         N/A     disabled        strict
          4         N/A     disabled        strict
          3          25     disabled   round-robin
          2          25     disabled   round-robin
          1          25     disabled   round-robin
          0          25     disabled   round-robin
 
switch(config-if-Et19-txq-3)#
priority (Petra)
The priority command specifies the priority of the transmit queue. The switch supports two queue priorities:
strict priority: contents are removed from the queue - subject to maximum bandwidth limits, before data from lower priority queues. The default setting on all queues is strict priority.
round robin priority: contents are removed proportionately from all round robin queues - subject to maximum bandwidth limits assigned to the strict priority queues.
Tx-queue 7 is set to strict priority and is not configurable.
When a queue is configured as a round robin queue, all lower priority queues also function as round robin queues. A queue’s numerical label denotes its priority: higher labels denote higher priority. Tx-queue 6 has higher priority than Tx-queue 5, and Tx-queue 0 has the lowest priority.
The priority strict and default priority commands configure a transmit queue to function as a strict priority queue unless a higher priority queue is configured as a round robin queue.
The no priority command configures a transmit queue as a round robin queue. All lower priority queues also function as round robin queues regardless of their configuration.
Command Mode
Tx-Queue Configuration
Command Syntax
priority strict
no priority
default priority
Related Commands
tx-queue (Petra) places the switch in tx-queue configuration mode.
Example
These commands perform the following on Ethernet interface 3/28:
Displays the default state of all transmit queues.
Configures transmit queue 3 as a round robin queue.
Displays the effect of the no priority command on all transmit queues on the interface.
 
switch(config)#interface ethernet 3/28
switch(config-if-Et3/28)#show qos interface ethernet 3/28
Ethernet3/28:
   Trust Mode: COS
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
   Tx-Queue   Bandwidth    Shape Rate     Priority
              (percent)       (Kbps)
   -----------------------------------------------
          7         N/A     disabled        strict
          6         N/A     disabled        strict
          5         N/A     disabled        strict
          4         N/A     disabled        strict
          3         N/A     disabled        strict
          2         N/A     disabled        strict
          1         N/A     disabled        strict
          0         N/A     disabled        strict
 
switch(config-if-Et3/28)#tx-queue 3
switch(config-if-Et3/28-txq-3)#no priority
switch(config-if-Et3/28-txq-3)#show qos interface ethernet 3/28
Ethernet3/28:
   Trust Mode: COS
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
   Tx-Queue   Bandwidth    Shape Rate     Priority
              (percent)       (Kbps)
   -----------------------------------------------
          7         N/A     disabled        strict
          6         N/A     disabled        strict
          5         N/A     disabled        strict
          4         N/A     disabled        strict
          3          25     disabled   round-robin
          2          25     disabled   round-robin
          1          25     disabled   round-robin
          0          25     disabled   round-robin
 
switch(config-if-Et3/28-txq-3)#
priority (Trident and Tomahawk)
The priority command specifies the priority of the transmit queue. The switch supports two queue priorities:
strict priority: contents are removed from the queue - subject to maximum bandwidth limits, before data from lower priority queues. The default setting on all other queues is strict priority.
round robin priority: contents are removed proportionately from all round robin queues - subject to maximum bandwidth limits assigned to the strict priority queues.
Trident and Tomahawk switches have eight unicast queues (UC0 – UC7) and four multicast queues (MC0 – MC03), categorized into two priority groups. Priority group 1 queues have priority over priority 0 queues. The following lists display the priority group queues in order from higher priority to lower priority.
Priority Group 1: UC7, UC6, MC3
Priority Group 0: UC5, UC4, MC2, UC3, UC2, MC1, UC1, UC0, MC0
Priority group 1 queues are strict priority queues and are not configurable as round robin. Priority 0 queues are strict priority by default and are configurable as round robin. When a queue is configured as a round robin queue, all lower priority queues automatically function as round robin queues.
The priority strict and default priority commands configure a transmit queue to function as a strict priority queue unless a higher priority queue is configured as a round robin queue.
The no priority command configures a transmit queue as a round robin queue. All lower priority queues also function as round robin queues regardless of their configuration.
Command Mode
Mc-Tx-Queue configuration
Uc-Tx-Queue configuration
Command Syntax
priority strict
no priority
default priority
Related Commands
mc-tx-queue places the switch in mc-tx-queue configuration mode.
uc-tx-queue: places the switch in uc-tx-queue configuration mode.
Example
These commands perform the following on Ethernet interface 7:
Displays the default state of all transmit queues.
Configures transmit queue 3 as a round robin queue.
Displays the effect of the no priority command on all transmit queues on the interface.
 
switch(config)#interface ethernet 7
switch(config-if-Et7)#show qos interface ethernet 7
Ethernet7:
   Trust Mode: COS
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
   Tx-Queue   Bandwidth    Shape Rate     Priority   Priority Group
              (percent)       (Kbps)
   ----------------------------------------------------------------
        UC7         N/A     disabled        strict                1
        UC6         N/A     disabled        strict                1
        MC3         N/A     disabled        strict                1
        UC5         N/A     disabled        strict                0
        UC4         N/A     disabled        strict                0
        MC2         N/A     disabled        strict                0
        UC3         N/A     disabled        strict                0
        UC2         N/A     disabled        strict                0
        MC1         N/A     disabled        strict                0
        UC1         N/A     disabled        strict                0
        UC0         N/A     disabled        strict                0
        MC0         N/A     disabled        strict                0
 
switch(config-if-Et7)#uc-tx-queue 3
switch(config-if-Et7-uc-txq-3)#no priority
switch(config-if-Et7-uc-txq-3)#show qos interface ethernet 7
Ethernet7:
   Trust Mode: COS
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
   Tx-Queue   Bandwidth    Shape Rate     Priority   Priority Group
              (percent)       (Kbps)
   ----------------------------------------------------------------
        UC7         N/A     disabled        strict                1
        UC6         N/A     disabled        strict                1
        MC3         N/A     disabled        strict                1
        UC5         N/A     disabled        strict                0
        UC4         N/A     disabled        strict                0
        MC2         N/A     disabled        strict                0
        UC3          20     disabled   round-robin                0
        UC2          16     disabled   round-robin                0
        MC1          16     disabled   round-robin                0
        UC1          16     disabled   round-robin                0
        UC0          16     disabled   round-robin                0
        MC0          16     disabled   round-robin                0
 
switch(config-if-Et7-uc-txq-3)#
qos cos
The qos cos command specifies the default class of service (CoS) value of the configuration mode interface. CoS values range from 0 to 7. Default value is 0.
Arad, Jericho, fm6000, Trident, Tomahawk, and Trident-II platform switches:
CoS trusted ports: the default CoS value determines the traffic class for inbound untagged packets. Tagged packets are assigned to the traffic class that corresponds to the contents of its CoS field.
Untrusted ports: the default CoS value determines the traffic class for all inbound packets.
Petra platform switches:
CoS trusted ports: inbound untagged packets are assigned to the default traffic class, as configured by platform petraA traffic-class. Tagged packets are assigned to the traffic class that corresponds to the contents of its CoS field.
Untrusted ports: all inbound packets are assigned to the default traffic class.
The no qos cos and default qos cos commands restore the port’s default CoS value to zero by deleting the corresponding qos cos command from running-config.
Command Mode
Interface-Ethernet Configuration
Interface-Port-Channel Configuration
Command Syntax
qos cos cos_value
no qos cos
default qos cos
Parameters
cos_value     CoS value assigned to port. Value ranges from 0 to 7. Default value is 0.
Example
This command configures the default CoS of four on Ethernet interface 8.
switch(config-if-Et8)#qos cos 4
switch(config-if-Et8)#
qos dscp
The qos dscp command specifies the default Differentiated Services Code Point (DSCP) value of the configuration mode interface. The default DSCP determines the traffic class for non-IP packets that are inbound on DSCP trusted ports. DSCP trusted ports determine the traffic class for inbound packets as follows:
Arad, Jericho, fm6000, Trident, Tomahawk, and Trident-II platform switches:
non-IP packets: default DSCP value specified by qos dscp determines the traffic class.
IP packets: assigned to the traffic class corresponding to its DSCP field contents.
Petra platform switches:
non-IP packets: assigned to default traffic class configured by platform petraA traffic-class.
IP packets: assigned to the traffic class corresponding to its DSCP field contents.
The no qos dscp and default qos dscp commands restore the port’s default DSCP value to zero by deleting the corresponding qos dscp command from running-config.
Command Mode
Interface-Ethernet Configuration
Interface-Port-Channel Configuration
Command Syntax
qos dscp dscp_value
no qos dscp
default qos dscp
Parameters
dscp_value     DSCP value assigned to the port. Value ranges from 0 to 63. Default value is 0.
Example
This command sets the default DSCP of 44 on Ethernet 7 interface.
switch(config)#interface ethernet 7
switch(config-if-Et7)#qos dscp 44
switch(config-if-Et7)
qos map cos
The qos map cos command associates a traffic class to a list of class of service (CoS) settings. Multiple commands create a complete CoS to traffic class map. The switch uses this map to assign a traffic class to data packets on the basis of the packet’s CoS field or the port upon which it is received.
The no qos map cos and default qos map cos commands restore the specified CoS values to their default traffic class setting by deleting the corresponding qos map cos statements from running-config.
Command Mode
Global Configuration
Command Syntax
qos map cos cos_value_1 [cos_value_2 ... cos_value_n] to traffic-class tc_value
no qos map cos cos_value_1 [cos_value_2 ... cos_value_n]
default qos map cos cos_value_1 [cos_value_2 ... cos_value_n]
Parameters
cos_value_x     Class of service (CoS) value. Value ranges from 0 to 7.
tc_value     Traffic class value. Value range varies by platform.
Default CoS to traffic class map varies by platform ().
Default Inbound CoS to Traffic Class Map
displays the default CoS to traffic class map for each platform.
Table 27-36  Default CoS to Traffic Class Map
Inbound CoS
untagged
0
1
2
3
4
5
6
7
Traffic Class (Arad /Jericho)
Derived: use default CoS as inbound CoS
1
0
2
3
4
5
6
7
Traffic Class (FM6000)
Derived: use default CoS as inbound CoS
1
0
2
3
4
5
6
7
Traffic Class (Helix)
Derived: use default CoS as inbound CoS
1
0
2
3
4
5
6
7
Traffic Class (Petra)
Assigned default traffic class
1
0
2
3
4
5
6
7
Traffic Class (Trident and Tomahawk)
Derived: use default CoS as inbound CoS
1
0
2
3
4
5
6
7
Traffic Class (Trident-II)
Derived: use default CoS as inbound CoS
1
0
2
3
4
5
6
7
Related Commands
qos cos specifies the default CoS
platform petraA traffic-class specifies the default traffic class
Example
This command assigns the traffic class of 5 to the classes of service 1, 3, 5, and 7.
switch(config)#qos map cos 1 3 5 7 to traffic-class 5
switch(config)#
qos map dscp
The qos map dscp command associates a traffic class to a set of Differentiated Services Code Point (DSCP) values. Multiple commands create a complete DSCP to traffic class map. The switch uses this map to assign a traffic class to data packets on the basis of the packet’s DSCP field or the chip upon which it is received.
The no qos map dscp and default qos map dscp commands restore the specified DSCP values to their default traffic class settings by deleting corresponding qos map dscp statements from running-config.
Command Mode
Global Configuration
Command Syntax
qos map dscp dscpv_1 [dscpv_2 ... dscpv_n] to traffic-class tc_value
no qos map dscp dscpv_1 [dscpv_2 ... dscpv_n]
default qos map dscp dscpv_1 [dscpv_2 ... dscpv_n]
Parameters
dscpv_x     Differentiated services code point (DSCP) value. Value ranges from 0 to 63.
tc_value     Traffic class value. Value range varies by platform.
Default map varies by platform ().
Default Inbound DSCP to Traffic Class Map
displays the default DSCP to traffic class map for each platform.
Table 27-37  Default DSCP to Traffic Class Map
Inbound DSCP
0-7
8-15
16-23
24-31
32-39
40-47
48-55
56-63
Traffic Class (Arad /Jericho)
1
0
2
3
4
5
6
7
Traffic Class (FM6000)
1
0
2
3
4
5
6
7
Traffic Class (Helix)
1
0
2
3
4
5
6
7
Traffic Class (Petra)
1
0
2
3
4
5
6
7
Traffic Class (Trident and Tomahawk)
1
0
2
3
4
5
6
7
Traffic Class (Trident-II)
1
0
2
3
4
5
6
7
Example
This command assigns the traffic class of three to the DSCP values of 12, 13, 25, and 37.
switch(config)#qos map dscp 12 13 25 37 to traffic-class 3
switch(config)#
qos map traffic-class to cos
The qos map traffic-class to cos command associates a class of service (CoS) to a list of traffic classes. Multiple commands create a complete traffic class to CoS map. The switch uses this map in CoS rewrite operations to fill the CoS field in outbound packets. This map is applicable to DSCP trusted ports and untrusted ports. CoS rewrite is disabled on CoS trusted ports. The show qos maps command displays the CoS to traffic class map.
The no qos traffic-class to cos and default qos traffic-class to cos commands restore the specified traffic class values to their default CoS settings by removing the corresponding qos map traffic-class to cos command from running-config.
Command Mode
Global Configuration
Command Syntax
qos map traffic-class tc_num_1 [tc_num_2 ... tc_num_n] to cos cos_value
no qos map traffic-class tc_num_1 [tc_num_2 ... tc_num_n] to cos
default qos map traffic-class tc_num_1 [tc_num_2 ... tc_num_n] to cos
Parameters
tc_num_x     Traffic class value. Value range varies by switch platform.
cos_value     Cass of service (CoS) value. Value ranges from 0 to 7.
Default Inbound Traffic Class to CoS Map
displays the default traffic class to CoS map for each platform.
Table 27-38  Default Traffic Class to CoS Rewrite Value Map
Traffic Class
0
1
2
3
4
5
6
7
CoS Rewrite Value (Arad and /Jericho)
1
0
2
3
4
5
6
7
CoS Rewrite Value (FM6000)
1
0
2
3
4
5
6
7
CoS Rewrite Value (Helix)
1
0
2
3
4
5
6
7
CoS Rewrite Value (Petra)
1
0
2
3
4
5
6
7
CoS Rewrite Value (Trident and Tomahawk)
1
0
2
3
4
5
6
7
CoS Rewrite Value (Trident-II)
1
0
2
3
4
5
6
7
Example
This command assigns the CoS of two to traffic classes 1, 3, and 5.
switch(config)#qos map traffic-class 1 3 5 to cos 2
switch(config)#
qos map traffic-class to dscp
The qos map traffic-class to dscp command associates a Differentiated Services Code Point (DSCP) value to a list of traffic classes. Multiple commands create a complete traffic class to DSCP map. The switch uses this map in DSCP rewrite operations to fill the DSCP field in outbound packets. This map is applicable to CoS trusted ports and untrusted ports but disabled by default on these ports. DSCP rewrite is disabled on DSCP trusted ports. The show qos maps command displays the traffic class to DSCP map.
The no qos traffic-class to dscp and default qos traffic-class to dscp commands restore the specified traffic class values to their default DSCP settings by removing the corresponding qos map traffic-class to dscp command from running-config.
Command Mode
Global Configuration
Command Syntax
qos map traffic-class tc_num_1 [tc_num_2 ... tc_num_n] to dscp dscp_value
no qos map traffic-class tc_num_1 [tc_num_2 ... tc_num_n] to dscp
default qos map traffic-class tc_num_1 [tc_num_2 ... tc_num_n] to dscp
Parameters
tc_num_x     Traffic class value. Value range varies by switch platform.
dscp_value     Differentiated services code point (DSCP) value. Value ranges from 0 to 63.
Default Inbound Traffic Class to DSCP Map
displays the default traffic class to DSCP map for each platform.
Table 27-39  Default Traffic Class to DSCP Rewrite Value Map
Traffic Class
0
1
2
3
4
5
6
7
DSCP Rewrite Value (FM6000)
8
0
16
24
32
40
48
56
DSCP Rewrite Value (Helix)
8
0
16
24
32
40
48
56
DSCP Rewrite Value (Trident and Tomahawk)
8
0
16
24
32
40
48
56
DSCP Rewrite Value (Trident-II)
8
0
16
24
32
40
48
56
Example
This command assigns the DSCP value of 17 to traffic classes 1, 2, and 4.
switch(config)#qos map traffic-class 1 2 4 to dscp 17
switch(config)#
qos map traffic-class to mc-tx-queue
The qos map traffic-class to mc-tx-queue command associates a multicast transmit queue to a list of traffic classes. Multiple commands create a complete traffic class to mc-tx-queue map. The switch uses this map to route outbound packets to transmit queues, which in turn schedules their transmission from the switch. The show qos maps command displays the traffic class to multicast transmit queue map.
The no qos traffic-class to mc-tx-queue and default qos traffic-class to mc-tx-queue commands restore the default traffic class to multicast transmit queue map for the specified traffic class values by removing the corresponding qos map traffic-class to mc-tx-queue command from running-config.
Command Mode
Global Configuration
Command Syntax
qos map traffic-class tc_num_1 [tc_num_2 ... tc_num_n] to mc-tx-queue mtq_value
no qos map traffic-class tc_num_1 [tc_num_2 ... tc_num_n] to mc-tx-queue
default qos map traffic-class tc_num_1 [tc_num_2 ... tc_num_n] to mc-tx-queue
Parameters
tc_num_x     Traffic class value. Value ranges from 0 to 7.
mtq_value     Multicast transmit queue number. Value ranges from 0 to 3.
Default Inbound Traffic Class to Multicast Transmit Queue Map
displays the default traffic class to multicast transmit queue map for Trident and Tomahawk platform switches
Table 27-40  Default Traffic Class to Multicast Transmit Queue Map
Traffic Class
0
1
2
3
4
5
6
7
Multicast Transmit Queue (Trident and Tomahawk)
0
0
1
1
2
2
3
3
Related Commands
qos map traffic-class to uc-tx-queue (Trident and Tomahawk) associates traffic classes to a multicast transmit queue.
qos map traffic-class to tx-queue (all other platforms) associates traffic classes to a transmit queue.
Example
This command maps traffic classes 0, 4, and 5 to mc-tx-queue 2.
switch(config)#qos map traffic-class 0 4 5 to mc-tx-queue 2
switch(config)#
qos map traffic-class to tx-queue
The qos map traffic-class to tx-queue command associates a transmit queue (tx-queue) to a list of traffic classes. Multiple commands create a complete traffic to tx-queue map. The switch uses this map to route outbound packets to transmit queues, which in turn schedules their transmission from the switch. The show qos maps command displays the transmit queue to traffic class map.
The no qos traffic-class to tx-queue and default qos traffic-class to tx-queue commands restore the specified traffic class values to their default transmit queue settings by removing the corresponding qos map traffic-class to tx-queue command from running-config.
Command Mode
Global Configuration
Command Syntax
qos map traffic-class tc_num_1 [tc_num_2 ... tc_num_n] to tx-queue txq_value
no qos map traffic-class tc_num_1 [tc_num_2 ... tc_num_n] to tx-queue
default qos map traffic-class tc_num_1 [tc_num_2 ... tc_num_n] to tx-queue
Parameters
tc_num_x     Traffic class value. Value range varies by platform.
txq_value     Transmit queue value. Value range varies by platform.
Restrictions
FM6000: When priority flow control (PFC) is enabled, traffic classes are mapped to their corresponding transmit queues, regardless of existing qos map traffic-class to tx-queue statements.
Arad, Jericho, and Petra: Traffic class 7 always maps to transmit queue 7. This association is not editable.
Default Inbound Traffic Class to Transmit Queue Map
displays the transmit queue to traffic class map.
Table 27-41  Default Traffic Class to Transmit Queue Map
Traffic Class
0
1
2
3
4
5
6
7
Transmit Queue (Arad /Jericho)
0
1
2
3
4
5
6
7
Transmit Queue (FM6000)
0
1
2
3
4
5
6
7
Transmit Queue (Helix)
0
1
2
3
4
5
6
7
Transmit Queue (Petra)
0
1
2
3
4
5
6
7
Transmit Queue (Trident-II)
0
1
2
3
4
5
6
7
Related Commands
qos map traffic-class to mc-tx-queue (Trident and Tomahawk) associates traffic classes to a unicast transmit queue.
qos map traffic-class to uc-tx-queue (Trident and Tomahawk) associates traffic classes to a multicast transmit queue.
Example
This command maps traffic classes 0, 4, and 5 to tx-queue 4.
switch(config)#qos map traffic-class 0 4 5 to tx-queue 4
switch(config)#
qos map traffic-class to uc-tx-queue
The qos map traffic-class to uc-tx-queue command associates a unicast transmit queue to a list of traffic classes. Multiple commands create a complete traffic class to unicast transmit queue map. The switch uses this map to route outbound packets to transmit queues, which in turn schedules their transmission from the switch. The show qos maps command displays the traffic class to unicast transmit queue map.
The no qos traffic-class to uc-tx-queue and default qos traffic-class to uc-tx-queue commands restore the default traffic class to unicast transmit queue map for the specified traffic class values by removing the corresponding qos map traffic-class to uc-tx-queue command from running-config.
Command Mode
Global Configuration
Command Syntax
qos map traffic-class tc_num_1 [tc_num_2 ... tc_num_n] to uc-tx-queue utq_value
no qos map traffic-class tc_num_1 [tc_num_2 ... tc_num_n] to uc-tx-queue
default qos map traffic-class tc_num_1 [tc_num_2 ... tc_num_n] to uc-tx-queue
Parameters
tc_num_x     Traffic class value. Value ranges from 0 to 7.
utq_value     Unicast transmit queue number. Value ranges from 0 to 7.
Default Inbound Traffic Class to Unicast Transmit Queue Map
displays the default traffic class to Unicast transmit queue map for Trident and Tomahawk platform switches.
Table 27-42  Default Traffic Class to Unicast Transmit Queue Map
Traffic Class
0
1
2
3
4
5
6
7
Unicast Transmit Queue (Trident and Tomahawk)
0
1
2
3
4
5
6
7
Related Commands
qos map traffic-class to mc-tx-queue (Trident and Tomahawk) associates traffic classes to a unicast transmit queue.
qos map traffic-class to tx-queue (all other platforms) associates traffic classes to a transmit queue.
Example
This command maps traffic classes 0, 4, and 5 to unicast transmit queue 4.
switch(config)#qos map traffic-class 0 4 5 to uc-tx-queue 4
switch(config)#
qos profile
The qos profile command places the switch in QoS profile configuration mode and for the specified profile and creates the profile if it does not already exist. QoS profiles are used to apply the same QoS configuration to multiple interfaces.
The no qos profile and default qos profile command deletes the QoS profile from the running configuration.
The exit command returns the switch to global configuration mode.
Command Mode
Global Configuration
Command Syntax
qos profile profile_name
no qos profile profile_name
default qos profile profile_name
Parameter
profile_name     QoS profile name.
Note Commands use a subset of the listed fields. Available subset depends on the specified parameter. Use CLI syntax assistance to view options for specific parameter when creating a QoS profile.
Example
This command places the switch in QoS profile configuration mode for policy map policy map “TP” and creates the policy map if it does not already exist.
switch(config)#qos profile TP
switch(config-qos-profile-TP)#
Related Commands
qos random-detect ecn global-buffer (Helix)
The qos random-detect ecn global-buffer command enables ECN marking for globally shared packet memory and specifies minimum and maximum queue threshold sizes. Hosts can advertise their ECN capabilities in the ToS DiffServ field’s two least significant bits:
00     Non ECN Capable transport.
10     ECN Capable transport.
01     ECN Capable transport.
11     Congestion encountered.
Congestion is determined by comparing average queue size with queue thresholds. Average queue size is calculated through a formula based on the previous average and current queue size. Packets are marked based on this average size and the specified thresholds:
Average queue size below minimum threshold: Packets are queued normally.
Average queue size above maximum threshold: Packets are marked congestion encountered.
Average queue size between minimum and maximum thresholds. Packets are queued or marked congestion encountered. The proportion of marked packets varies linearly with average queue size:
0% are marked when average queue size is less than or equal to minimum threshold.
100% are marked when average queue size is greater than or equal to maximum threshold.
When transmitted packets are marked Non ECN Capable, congestion packets are dropped, not marked.
The no qos random-detect ecn global-buffer and default qos random-detect ecn global-buffer commands disables ECN marking for the shared buffer by removing the qos random-detect ecn global-buffer command from running-config.
Command Mode
Global Configuration
Command Syntax
qos random-detect ecn global-buffer minimum-threshold MIN maximum-threshold MAX
no qos random-detect ecn global-buffer
default qos random-detect ecn global-buffer
Guidelines
Packet memory is divided into 46080 208-byte cells, whose allocation is managed by the memory management unit (MMU). The MMU tracks the cells that each entity uses and determines the number of cells that can be allocated to an entity.
Related Commands
random-detect ecn (Helix) enables ECN marking for a unicast transmit queue.
Parameters
MIN and MAX parameters must use the same data unit.
MIN     Minimum threshold. Options include:
<1 to 19456> segments     208-byte segments units
<1 to 4> mbytes     Megabyte units
<1 to 4046> kbytes     Kilobyte units
<1 to 4046848> bytes    Byte units
MAX     Maximum threshold. Options include:
<1 to 46080> segments     208-byte segments units
<1 to 4> mbytes     Megabyte units
<1 to 4046> kbytes     Kilobyte units
<1 to 4046848> bytes    Byte units
Examples
This command enables ECN marking of unicast packets from the global data pool and sets the minimum and maximum thresholds at 20 and 500 segments.
switch(config)#qos random-detect ecn global-buffer minimum-threshold 20 segments maximum-threshold 500 segments
switch(config)#
This command disables ECN marking of unicast packets from the global data pool
switch(config)#no qos random-detect ecn global-buffer
switch(config)#
qos random-detect ecn global-buffer (Trident and Tomahawk)
The qos random-detect ecn global-buffer command enables ECN marking for globally shared packet memory and specifies minimum and maximum queue threshold sizes. Hosts can advertise their ECN capabilities in the ToS DiffServ field’s two least significant bits:
00     Non ECN Capable transport.
10     ECN Capable transport.
01     ECN Capable transport.
11     Congestion encountered.
Congestion is determined by comparing average queue size with queue thresholds. Average queue size is calculated through a formula based on the previous average and current queue size. Packets are marked based on this average size and the specified thresholds:
Average queue size below minimum threshold: Packets are queued normally.
Average queue size above maximum threshold: Packets are marked congestion encountered.
Average queue size between minimum and maximum thresholds. Packets are queued or marked congestion encountered. The proportion of marked packets varies linearly with average queue size:
0% are marked when average queue size is less than or equal to minimum threshold.
100% are marked when average queue size is greater than or equal to maximum threshold.
When transmitted packets are marked Non ECN Capable, congestion packets are dropped, not marked.
The no qos random-detect ecn global-buffer and default qos random-detect ecn global-buffer commands disables ECN marking for the shared buffer by removing the qos random-detect ecn global-buffer command from running-config.
Command Mode
Global Configuration
Command Syntax
qos random-detect ecn global-buffer minimum-threshold MIN maximum-threshold MAX
no qos random-detect ecn global-buffer
default qos random-detect ecn global-buffer
Guidelines
Packet memory is divided into 46080 208-byte cells, whose allocation is managed by the memory management unit (MMU). The MMU tracks the cells that each entity uses and determines the number of cells that can be allocated to an entity.
Related Commands
random-detect ecn (Trident and Tomahawk) enables ECN marking for a unicast transmit queue.
Parameters
MIN and MAX parameters must use the same data unit.
MIN     Minimum threshold. Options include:
<1 to 46080> segments     208-byte segments units
<1 to 9> mbytes     Megabyte units
<1 to 9584> kbytes     Kilobyte units
<1 to 9584640> bytes    Byte units
MAX     Maximum threshold. Options include:
<1 to 46080> segments     208-byte segments units
<1 to 9> mbytes     Megabyte units
<1 to 9584> kbytes     Kilobyte units
<1 to 9584640> bytes    Byte units
Examples
This command enables ECN marking of unicast packets from the global data pool and sets the minimum and maximum thresholds at 20 and 500 segments.
switch(config)#qos random-detect ecn global-buffer minimum-threshold 20 segments maximum-threshold 500 segments
switch(config)#
This command disables ECN marking of unicast packets from the global data pool
switch(config)#no qos random-detect ecn global-buffer
switch(config)#
qos rewrite cos
The qos rewrite cos command enables the rewriting of the CoS field for outbound tagged packets that were received on DSCP trusted ports and untrusted ports. CoS rewrite is always disabled on CoS trusted ports. The CoS value that is written into the packet is based on the data stream’s traffic class. CoS rewriting is active by default.
The no qos rewrite cos command disables CoS rewriting on the switch. The default qos rewrite cos command restores the default setting of enabling CoS rewriting by removing the no qos rewrite cos command from running-config.
Command Mode
Global Configuration
Command Syntax
qos rewrite cos
no qos rewrite cos
default qos rewrite cos
Related Commands
qos map traffic-class to cos configures the traffic class to CoS rewrite map.
Example
This command enables CoS rewrite.
switch(config)#qos rewrite cos
switch(config)#
qos rewrite dscp
The qos rewrite dscp command enables the rewriting of the DSCP field for outbound tagged packets that were received on CoS trusted ports and untrusted ports. DSCP rewrite is always disabled on DSCP trusted ports. The DSCP value that is written into the packet is based on the data stream’s traffic class. DSCP rewriting is disabled by default.
The no qos rewrite dscp and default qos rewrite dscp commands disable DSCP rewriting on the switch by removing the no qos rewrite dscp command from running-config.
Command Mode
Global Configuration
Command Syntax
qos rewrite dscp
no qos rewrite dscp
default qos rewrite dscp
Related Commands
qos map traffic-class to dscp configures the traffic class to DSCP rewrite map.
Example
This command enables DSCP rewrite.
switch(config)#qos rewrite dscp
switch(config)#
qos trust
The qos trust command configures the quality of service port trust mode for the configuration mode interface. Trust-enabled ports classify traffic by examining the traffic’s CoS or DSCP value. Port trust mode default setting is cos for switched interfaces and dscp for routed interfaces.
The default qos trust command restores the default trust mode on the configuration mode interface by removing the corresponding qos trust or no qos trust statement from running-config.
The no qos trust command performs the following:
no qos trust places the port in untrusted mode.
no qos trust cos removes the corresponding qos trust cos statement.
no qos trust dscp removes the corresponding qos trust dscp statement.
Command Mode
Interface-Ethernet Configuration
Interface-Port-Channel Configuration
Command Syntax
qos trust MODE
no qos trust [MODE]
default qos trust
Parameters
MODE     trust mode assigned to the port. Options include:
cos     enables cos trust mode.
dscp     enables dscp trust mode.
no qos trust enables untrusted mode on the port.
Examples
This command configures trust mode of dscp for Ethernet interface 5.
switch(config)#interface Ethernet 7
switch(config-if-Et7)#qos trust dscp
switch(config-if-Et7)#show active
interface Ethernet7
   qos trust dscp
switch(config-if-Et7)#
This command configures trust mode of untrusted for Port Channel interface 23.
switch(config)#interface port-channel 23
switch(config-if-Po23)#no qos trust
switch(config-if-Po23)#show active
interface Port-Channel23
   no qos trust
switch(config-if-Po23)#
random-detect ecn (Arad/Jericho)
The random-detect ecn command enables ECN marking for the configuration mode unicast transmit queue and specifies threshold queue sizes. Hosts can advertise their ECN capabilities in the ToS DiffServ field’s two least significant bits:
00     Non ECN Capable transport.
10     ECN Capable transport.
01     ECN Capable transport.
11     Congestion encountered.
Congestion is determined by comparing average queue size with queue thresholds. Average queue size is calculated through a formula based on the previous average and current queue size. Packets are marked based on this average size and the specified thresholds:
Average queue size below minimum threshold: Packets are queued normally.
Average queue size above maximum threshold: Packets are marked congestion encountered.
Average queue size between minimum and maximum thresholds. Packets are queued or marked congestion encountered. The proportion of marked packets varies linearly with average queue size:
0% are marked when average queue size is less than or equal to minimum threshold.
100% are marked when average queue size is greater than or equal to maximum threshold.
When transmitted packets are marked Non ECN Capable, congestion packets are dropped, not marked.
The no random-detect ecn and default qos random-detect ecn commands disables ECN marking for the shared buffer by removing the qos random-detect ecn command from running-config.
Command Mode
Tx-Queue configuration
Command Syntax
random-detect ecn minimum-threshold MIN maximum-threshold MAX
no random-detect ecn
default random-detect ecn
Parameters
MIN and MAX parameters must use the same data unit.
MIN     Minimum threshold. Options include:
<1 to 256> mbytes     Megabyte units
<1 to 256000> kbytes     Kilobyte units
<1 to 256000000> bytes    Byte units
MAX     Maximum threshold. Options include:
<1 to 256> mbytes     Megabyte units
<1 to 256000> kbytes     Kilobyte units
<1 to 256000000> bytes    Byte units
Related Commands
tx-queue (Arad/Jericho) places the switch in tx-queue configuration mode.
Examples
These commands enable ECN marking of unicast packets from unicast transmit queue 4 of Ethernet interface 3/5/1, setting thresholds at 128 kbytes and 1280 kbytes.
switch(config)#interface ethernet 3/5/1
switch(config-if-Et3/5/1)#tx-queue 4
switch(config-if-Et3/5/1-txq-4)#random-detect ecn minimum-threshold 128 kbytes maximum-threshold 1280 kbyte
switch(config-if-Et3/5/1-txq-4)#show active
interface Ethernet3/5/1
   tx-queue 4
      random-detect ecn minimum-threshold 128 kbytes maximum-threshold 1280 kbytes
switch(config-if-Et3/5/1-txq-4)#
random-detect ecn (Helix)
The random-detect ecn command enables ECN marking for the configuration mode unicast transmit queue and specifies threshold queue sizes. Hosts can advertise their ECN capabilities in the ToS DiffServ field’s two least significant bits:
00     Non ECN Capable transport.
10     ECN Capable transport.
01     ECN Capable transport.
11     Congestion encountered.
Congestion is determined by comparing average queue size with queue thresholds. Average queue size is calculated through a formula based on the previous average and current queue size. Packets are marked based on this average size and the specified thresholds:
Average queue size below minimum threshold: Packets are queued normally.
Average queue size above maximum threshold: Packets are marked congestion encountered.
Average queue size between minimum and maximum thresholds. Packets are queued or marked congestion encountered. The proportion of marked packets varies linearly with average queue size:
0% are marked when average queue size is less than or equal to minimum threshold.
100% are marked when average queue size is greater than or equal to maximum threshold.
When transmitted packets are marked Non ECN Capable, congestion packets are dropped, not marked.
Average queue length is tracked for transmit queues and the global pool independently. When either entity reaches its maximum threshold, all subsequent packets are marked.
The no random-detect ecn and default random-detect ecn commands disable ECN marking on the configuration mode queue, deleting the corresponding random-detect ecn command from running-config.
Command Mode
Tx-Queue configuration
Command Syntax
random-detect ecn minimum-threshold MIN maximum-threshold MAX
no random-detect ecn
default random-detect ecn
Related Commands
tx-queue (Helix) places the switch in tx-queue configuration mode.
qos random-detect ecn global-buffer (Helix) enables ECN marking for globally shared packet memory.
Parameters
MIN and MAX parameters must use the same data unit.
MIN     Minimum threshold. Options include:
<1 to 46080> segments     208-byte segments units
<1 to 9> mbytes     Megabyte units
<1 to 9584> kbytes     Kilobyte units
<1 to 9584640> bytes    Byte units
MAX     Maximum threshold. Options include:
<1 to 46080> segments     208-byte segments units
<1 to 9> mbytes     Megabyte units
<1 to 9584> kbytes     Kilobyte units
<1 to 9584640> bytes    Byte units
Examples
These commands enable ECN marking of unicast packets from transmit queue 4 of Ethernet interface 15, setting thresholds at 10 and 100 segments.
switch(config)#interface ethernet 15
switch(config-if-Et15)#uc-tx-queue 4
switch(config-if-Et15-txq-4)#random-detect ecn minimum-threshold 10 segments maximum-threshold 100 segments
switch(config-if-Et15-txq-4)#show active
interface Ethernet15
   tx-queue 4
      random-detect ecn minimum-threshold 10 segments maximum-threshold 100 segments
switch(config-if-Et15-txq-4)#exit
switch(config-if-Et15)
This command disables ECN marking of unicast packets from transmit queue 4 of Ethernet interface 15.
switch(config-if-Et15-txq-4)#no random-detect ecn
switch(config-if-Et15-txq-4)#show active
interface Ethernet15
switch(config-if-Et15-txq-4)#exit
switch(config-if-Et15)#
random-detect ecn (Trident and Tomahawk)
The random-detect ecn command enables ECN marking for the configuration mode unicast transmit queue and specifies threshold queue sizes. Hosts can advertise their ECN capabilities in the ToS DiffServ field’s two least significant bits:
00     Non ECN Capable transport.
10     ECN Capable transport.
01     ECN Capable transport.
11     Congestion encountered.
Congestion is determined by comparing average queue size with queue thresholds. Average queue size is calculated through a formula based on the previous average and current queue size. Packets are marked based on this average size and the specified thresholds:
Average queue size below minimum threshold: Packets are queued normally.
Average queue size above maximum threshold: Packets are marked congestion encountered.
Average queue size between minimum and maximum thresholds. Packets are queued or marked congestion encountered. The proportion of marked packets varies linearly with average queue size:
0% are marked when average queue size is less than or equal to minimum threshold.
100% are marked when average queue size is greater than or equal to maximum threshold.
When transmitted packets are marked Non ECN Capable, congestion packets are dropped, not marked.
Average queue length is tracked for transmit queues and the global pool independently. When either entity reaches its maximum threshold, all subsequent packets are marked.
The no random-detect ecn and default random-detect ecn commands disable ECN marking on the configuration mode queue, deleting the corresponding random-detect ecn command from running-config.
Command Mode
Uc-Tx-Queue configuration
Command Syntax
random-detect ecn minimum-threshold MIN maximum-threshold MAX
no random-detect ecn
default random-detect ecn
Related Commands
uc-tx-queue places the switch in uc-tx-queue configuration mode.
qos random-detect ecn global-buffer (Trident and Tomahawk) enables ECN marking for globally shared packet memory.
Parameters
MIN and MAX parameters must use the same data unit.
MIN     Minimum threshold. Options include:
<1 to 46080> segments     208-byte segments units
<1 to 9> mbytes     Megabyte units
<1 to 9584> kbytes     Kilobyte units
<1 to 9584640> bytes    Byte units
MAX     Maximum threshold. Options include:
<1 to 46080> segments     208-byte segments units
<1 to 9> mbytes     Megabyte units
<1 to 9584> kbytes     Kilobyte units
<1 to 9584640> bytes    Byte units
Examples
These commands enable ECN marking of unicast packets from unicast transmit queue 4 of Ethernet interface 15, setting thresholds at 10 and 100 segments.
switch(config)#interface ethernet 15
switch(config-if-Et15)#uc-tx-queue 4
switch(config-if-Et15-uc-txq-4)#random-detect ecn minimum-threshold 10 segments maximum-threshold 100 segments
switch(config-if-Et15-uc-txq-4)#show active
interface Ethernet15
   uc-tx-queue 4
      random-detect ecn minimum-threshold 10 segments maximum-threshold 100 segments
switch(config-if-Et15-uc-txq-4)#exit
switch(config-if-Et15)#
This command disables ECN marking of unicast packets from unicast transmit queue 4 of Ethernet interface 15.
switch(config-if-Et15-uc-txq-4)#no random-detect ecn
switch(config-if-Et15-uc-txq-4)#show active
interface Ethernet15
switch(config-if-Et15-uc-txq-4)#exit
switch(config-if-Et15)#
service-policy type qos input
The service-policy type qos input command applies the specified policy map to a QoS profile. The profile is then applied to an interface in interface configuration mode using the service-profile command.
The no service-policy type qos and default service-policy type qos command deletes the policy map from the profile.
The exit command returns the switch to global configuration mode.
Command Mode
QoS Profile Configuration
Command Syntax
service-policy type qos input policy_map_name
no service-policy type qos input policy_map_name
default service-policy type qos input policy_map_name
Parameter
policy_map_name     QoS policy map name.
Example
This command applies the policy map PM-1 to the QoS profile TP.
switch(config-qos-profile-TP)#service-policy type qos input PM-1
switch(config-qos-profile-TP)#
 
Related Commands
service-profile
The service-profile command applies the QoS profile to the configuration mode interface.
The no service-profile and the default service-profile command removes the QoS profile from the interface.
The exit command returns the switch to global configuration mode.
Command Mode
Interface-Ethernet Configuration
Interface-Port-Channel Configuration
Command Syntax
service-profile profile_name
no service-profile profile_name
default service-profile profile_name
Parameter
profile_name     QoS profile name.
Example
This commands applies the QoS profile TP to Ethernet interface 13.
switch(config)#interface ethernet 13
switch(config-if-Et13)#service-profile TP
hardware access-list qos resource sharing vlan in
The hardware access-list qos resource sharing vlan in command enables the ACL based QoS resources sharing on a VLAN interface.
The no hardware access-list qos resource sharing vlan in disables the ACL based QoS resources sharing on a VLAN interface. By default this function is disabled.
Command Mode
Global Configuration
Command Syntax
hardware access-list qos resource sharing vlan in
no hardware access-list qos resource sharing vlan in
Example
This commands enables the the ACL based QoS resources sharing on a VLAN interface.
switch(config)#hardware access-list qos resource sharing vlan in
shape rate (Interface – Arad/Jericho)
The shape rate command specifies the maximum bandwidth for outbound traffic on the configuration mode interface, also known as queue shaping. The shape rate for individual transmit queues is configured by the shape rate (Tx-queue – Arad/Jericho) command. By default, outbound transmission rate is not bounded by a shape rate.
The no shape rate and default shape rate commands remove the shape rate bandwidth limit on the configuration mode interface by deleting the corresponding shape rate command from running-config.
Command Mode
Interface-Ethernet Configuration
Interface-Port-Channel Configuration
Command Syntax
shape rate byte_limit [kbps]
no shape rate
default shape rate
Parameters
byte_limit     shape rate applied to interface (Kbps). Value ranges from 162 to 100000000.
Example
This command configures a port shape rate of 5 Gbps on Ethernet interface 3/5/1.
switch(config)#interface ethernet 3/5/1
switch(config-if-Et3/5/1)#shape rate 5000000
switch(config-if-Et3/5/1)#show qos interfaces ethernet 3/5/1
Ethernet3/5/1:
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
   Port shaping rate: 5000012 / 5000000 kbps
 
  Tx    Bandwidth       Shape Rate        Priority  ECN
Queue  (percent)        (units)
   -----------------------------------------------------
   7      - / -        - / -    (  -  )    SP / SP    D
   6      - / -        - / -    (  -  )    SP / SP    D
   5      - / -        - / -    (  -  )    SP / SP    D
   4      - / -        - / -    (  -  )    SP / SP    D
   3      - / -        - / -    (  -  )    SP / SP    D
   2      - / -        - / -    (  -  )    SP / SP    D
   1      - / -        - / -    (  -  )    SP / SP    D
   0      - / -        - / -    (  -  )    SP / SP    D
 
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
switch(config-if-Et3/5/1)#
shape rate (Interface – FM6000)
The shape rate command specifies the maximum bandwidth for outbound traffic on the configuration mode interface, also known as queue shaping. The shape rate for individual transmit queues is configured by the shape rate (Tx-queue – FM6000) command. By default, outbound transmission rate is not bounded by a shape rate.
The no shape rate and default shape rate commands remove the shape rate bandwidth limit on the configuration mode interface by deleting the corresponding shape rate command from running-config.
Command Mode
Interface-Ethernet Configuration
Interface-Port-Channel Configuration
Command Syntax
shape rate byte_limit [kbps]
no shape rate
default shape rate
Parameters
byte_limit     shape rate applied to interface (Kbps). Value ranges from 7000 to 10000000.
Guidelines
Enabling port shaping on an FM6000 interface disables queue shaping internally. Disabling port shaping restores queue shaping as specified in running-config.
Example
This command configures a port shape rate of 5 Gbps on Ethernet interface 5.
switch(config)#interface ethernet 5
switch(config-if-Et5)#shape rate 5000000
switch(config-if-Et5)#
shape rate (Interface – Helix)
The shape rate command specifies the maximum bandwidth for outbound traffic on the configuration mode interface, also known as queue shaping. The shape rate for individual transmit queues is configured by the shape rate (Tx-queue – Helix) command. By default, outbound transmission rate is not bounded by a shape rate.
The no shape rate and default shape rate commands remove the shape rate bandwidth limit on the configuration mode interface by deleting the corresponding shape rate command from running-config.
Command Mode
Interface-Ethernet Configuration
Interface-Port-Channel Configuration
Command Syntax
shape rate DATA_LIMIT
no shape rate
default shape rate
Parameters
DATA_LIMIT     shape rate applied to interface. Value range varies with data unit:
<8 to 40000000>      8 to 40,000,000 kbytes per second.
<8 to 40000000>kbps      8 to 40,000,000 kbytes per second.
<8 to 60000000>pps      8 to 60,000,000 packets per second.
Guidelines
Shaping rates of at least 8 kbps are supported. At shaping rates smaller than 1 Mbps, granularity and rounding errors may skew the actual shaping rate by 20% from the specified rate.
Example
This command configures a port shape rate of 5 Gbps on Ethernet interface 17.
switch(config)#interface ethernet 17
switch(config-if-Et17)#shape rate 5000000 kbps
switch(config-if-Et17)#show qos interface ethernet 17/3
Ethernet17:
   Trust Mode: COS
   Default COS: 0
   Default DSCP: 0
 
   Port shaping rate: 5000000 / 5000000 kbps
 
  Tx       Bandwidth                 Shape Rate        Priority
Queue     Guaranteed (units)         (units)
   ------------------------------------------------------------
   7        - / -    (  -  )       - / -    (  -  )    SP / SP
   6        - / -    (  -  )       - / -    (  -  )    SP / SP
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
switch(config-if-Et17)#
shape rate (Interface – Petra)
The shape rate command specifies the maximum bandwidth for outbound traffic on the configuration mode interface, also known as queue shaping. The shape rate for individual transmit queues is configured by the shape rate (Tx-queue – Petra) command. By default, outbound transmission rate is not bounded by a shape rate.
The no shape rate and default shape rate commands remove the shape rate bandwidth limit on the configuration mode interface by deleting the corresponding shape rate command from running-config.
Command Mode
Interface-Ethernet Configuration
Interface-Port-Channel Configuration
Command Syntax
shape rate data_limit [kbps]
no shape rate
default shape rate
Parameters
data_limit     shape rate applied to interface (Kbps). Value ranges from 100 to 10000000.
Guidelines
The following port shaping rates are supported:
1G ports: above 100 kbps.
10G ports: above 7900 kbps.
Commands that specify a smaller shape rate disable port shaping on the interface.
Example
This command configures a port shape rate of 5 Gbps on Ethernet interface 3/3.
switch(config)#interface ethernet 3/3
switch(config-if-Et3/3)#shape rate 5000000
switch(config-if-Et3/3)#show active
interface Ethernet3/3
   shape rate 5000000
switch(config-if-Et3/3)#
shape rate (Interface – Trident and Tomahawk)
The shape rate command specifies the maximum bandwidth for outbound traffic on the configuration mode interface, also known as queue shaping. The shape rate for individual transmit queues is configured by the shape rate (Tx-queue – Trident and Tomahawk) command. By default, outbound transmission rate is not bounded by a shape rate.
The no shape rate and default shape rate commands remove the shape rate bandwidth limit on the configuration mode interface by deleting the corresponding shape rate command from running-config.
Command Mode
Interface-Ethernet Configuration
Interface-Port-Channel Configuration
Command Syntax
shape rate DATA_LIMIT
no shape rate
default shape rate
Parameters
DATA_LIMIT     shape rate applied to interface. Value range varies with data unit:
<8 to 40000000>      8 to 40,000,000 kbytes per second.
<8 to 40000000>kbps      8 to 40,000,000 kbytes per second.
<8 to 60000000>pps      8 to 60,000,000 packets per second.
Guidelines
Shaping rates of at least 8 kbps are supported. At shaping rates smaller than 1 Mbps, granularity and rounding errors may skew the actual shaping rate by 20% from the specified rate.
Example
This command configures a port shape rate of 5 Gbps on Ethernet interface 5.
switch(config)#interface ethernet 5
switch(config-if-Et5)#shape rate 5000000
switch(config-if-Et5)#
shape rate (Interface – Trident-II)
The shape rate command specifies the maximum bandwidth for outbound traffic on the configuration mode interface, also known as queue shaping. The shape rate for individual transmit queues is configured by the shape rate (Tx-queue – Trident-II) command. By default, outbound transmission rate is not bounded by a shape rate.
The no shape rate and default shape rate commands remove the shape rate bandwidth limit on the configuration mode interface by deleting the corresponding shape rate command from running-config.
Command Mode
Interface-Ethernet Configuration
Interface-Port-Channel Configuration
Command Syntax
shape rate DATA_LIMIT
no shape rate
default shape rate
Parameters
DATA_LIMIT     shape rate applied to interface. Value range varies with data unit:
<8 to 40000000>      8 to 40,000,000 kbytes per second.
<8 to 40000000>kbps      8 to 40,000,000 kbytes per second.
<8 to 60000000>pps      8 to 60,000,000 packets per second.
Guidelines
Shaping rates of at least 8 kbps are supported. At shaping rates smaller than 1 Mbps, granularity and rounding errors may skew the actual shaping rate by 20% from the specified rate.
Example
This command configures a port shape rate of 5 Gbps on Ethernet interface 17/3.
switch(config)#interface ethernet 17/3
switch(config-if-Et17/3)#shape rate 5000000 kbps
switch(config-if-Et17/3)#show qos interface ethernet 17/3
Ethernet17/3:
   Trust Mode: COS
   Default COS: 0
   Default DSCP: 0
 
   Port shaping rate: 5000000 / 5000000 kbps
 
  Tx       Bandwidth                 Shape Rate        Priority
Queue     Guaranteed (units)         (units)
   ------------------------------------------------------------
   7        - / -    (  -  )       - / -    (  -  )    SP / SP
   6        - / -    (  -  )       - / -    (  -  )    SP / SP
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
switch(config-if-Et17/3)#
shape rate (Tx-queue – Arad/Jericho)
The shape rate command specifies the maximum bandwidth for outbound traffic on the transmit queue, also known as queue shaping. The shape rate for interfaces is configured by the shape rate (Interface – Arad/Jericho) command. By default, the configured outbound transmission rate is not bounded by a transmit queue shape rate.
Shaping rates greater than 50000 kbps are supported. At lower shaping rates (less than 10 Mbps), granularity and rounding errors may skew the actual shaping rate by 20% from the specified rate.
The no shape rate and default shape rate commands remove the shape rate bandwidth limit on the configuration mode queue by deleting the corresponding shape rate command from running-config.
Command Mode
Tx-Queue Configuration
Command Syntax
shape rate byte_limit [kbps]
no shape rate
default shape rate
Parameters
byte_limit     shape rate applied to interface (Kbps). Value ranges from 50000 to 100000000.
Related Commands
tx-queue (Arad/Jericho) places the switch in tx-queue configuration mode.
Example
These commands configure a shape rate of 1 Gbps on transmit queues 3 and 4 of Ethernet interface 3/4/1.
switch(config)#interface ethernet 3/4/1
switch(config-if-Et3/4/1)#tx-queue 4
switch(config-if-Et3/4/1-txq-4)#shape rate 1000000 kbps
switch(config-if-Et3/4/1-txq-4)#tx-queue 3
switch(config-if-Et3/4/1-txq-3)#shape rate 1000000 kbps
switch(config-if-Et3/4/1-txq-3)#show qos interface ethernet 3/4/1
Ethernet3/4/1:
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
   Port shaping rate: disabled
 
  Tx    Bandwidth       Shape Rate        Priority  ECN
Queue  (percent)        (units)
   -----------------------------------------------------
   7      - / -        - / -    (  -  )    SP / SP    D
   6      - / -        - / -    (  -  )    SP / SP    D
   5      - / -        - / -    (  -  )    SP / SP    D
   4      - / -      999 / 1000 ( Mbps )   SP / SP    D
   3      - / -      999 / 1000 ( Mbps )   SP / SP    D
   2      - / -        - / -    (  -  )    SP / SP    D
   1      - / -        - / -    (  -  )    SP / SP    D
   0      - / -        - / -    (  -  )    SP / SP    D
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
switch(config-if-Et3/4/1-txq-3)#
shape rate (Tx-queue – FM6000)
The shape rate command specifies the maximum bandwidth for outbound traffic on the transmit queue, also known as queue shaping. The shape rate for interfaces is configured by the shape rate (Interface – FM6000) command. By default, the configured outbound transmission rate is not bounded by a transmit queue shape rate.
Queue shaping on an FM6000 port is supported only when port shaping is not enabled on the interface. Enabling port shaping on a port disables queue shaping internally. Disabling port shaping restores queue shaping as specified by running-config.
Shaping rates greater than 460 kbps are supported. At lower shaping rates (less than 10 Mbps), granularity and rounding errors may skew the actual shaping rate by 20% from the specified rate.
The no shape rate and default shape rate commands remove the shape rate bandwidth limit on the transmit queue by deleting the corresponding shape rate command from running-config.
Command Mode
Tx-Queue Configuration
Command Syntax
shape rate byte_limit [kbps]
no shape rate
default shape rate
Parameters
byte_limit     shape rate applied to interface (Kbps). Value ranges from 464 to 10000000.
Related Commands
tx-queue (FM6000) places the switch in tx-queue configuration mode
shape rate (Interface – FM6000) configures the shape rate for a configuration mode interface.
Example
These commands configure a shape rate of 1 Gbps (1,000,000 Kbps) on transmit queues 3 and 4 of Ethernet interface 19.
switch(config)#interface ethernet 19
switch(config-if-Et19)#tx-queue 4
switch(config-if-Et19-txq-4)#shape rate 1000000
switch(config-if-Et19-txq-4)#tx-queue 3
switch(config-if-Et19-txq-3)#shape rate 1000000
switch(config-if-Et19-txq-3)#show qos interface ethernet 19
Ethernet19:
   Trust Mode: COS
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
   Tx-Queue   Bandwidth    Shape Rate     Priority
              (percent)       (Kbps)
   -----------------------------------------------
          6         N/A     disabled        strict
          5         N/A     disabled        strict
          4         N/A      1000000        strict
          3          25      1000000   round-robin
          2          25     disabled   round-robin
          1          25     disabled   round-robin
          0          25     disabled   round-robin
 
switch(config-if-Et19-txq-3)#
shape rate (Tx-queue – Helix)
The shape rate command specifies the maximum bandwidth for outbound traffic on the transmit queue, also known as queue shaping. The shape rate for interfaces is configured by the shape rate (Interface – Helix) command. By default, the configured outbound transmission rate is not bounded by a transmit queue shape rate.
The no shape rate and default shape rate commands remove the shape rate bandwidth limit on the configuration mode transmit queue by deleting the corresponding shape rate command from running-config.
Command Mode
Tx-Queue Configuration
Command Syntax
shape rate byte_limit [kbps]
no shape rate
default shape rate
Parameters
DATA_LIMIT     shape rate applied to the queue. Value range varies with data unit:
<8 to 40000000>      8 to 40,000,000 kbytes per second.
<8 to 40000000>kbps      8 to 40,000,000 kbytes per second.
<8 to 60000000>pps      8 to 60,000,000 packets per second.
Restrictions
Queue shaping is not supported in cut-through mode.
Related Commands
tx-queue (Helix) places the switch in tx-queue configuration mode.
shape rate (Interface – Helix) configures the shape rate for a configuration mode interface.
Example
These commands configure a shape rate of 1 Gbps (1,000,000 Kbps) on transmit queues 3 and 4 of Ethernet interface 17/3.
switch(config)#interface ethernet 17/3
switch(config-if-Et17/3)#tx-queue 4
switch(config-if-Et17/3-txq-4)#shape rate 1000000 kbps
switch(config-if-Et17/3-txq-4)#tx-queue 3
switch(config-if-Et17/3-txq-3)#shape rate 1000000 kbps
switch(config-if-Et17/3-txq-3)#show qos interface ethernet 17/3
Ethernet17/3:
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
  Tx       Bandwidth                 Shape Rate        Priority
Queue     Guaranteed (units)         (units)
   ------------------------------------------------------------
   7        - / -    (  -  )       - / -    (  -  )    SP / SP
   6        - / -    (  -  )       - / -    (  -  )    SP / SP
   5        - / -    (  -  )       - / -    (  -  )    SP / SP
   4        - / -    (  -  )       1 / 1    ( Gbps )   SP / SP
   3        - / -    (  -  )       1 / 1    ( Gbps )   SP / SP
   2        - / -    (  -  )       - / -    (  -  )    SP / SP
   1        - / -    (  -  )       - / -    (  -  )    SP / SP
   0        - / -    (  -  )       - / -    (  -  )    SP / SP
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
switch(config-if-Et17/3-txq-3)#
shape rate (Tx-queue – Petra)
The shape rate command specifies the maximum bandwidth for outbound traffic on the configuration mode transmit queue, also known as queue shaping. The shape rate for interfaces is configured by the shape rate (Interface – Petra) command. By default, the configured outbound transmission rate is not bounded by a transmit queue shape rate.
Queue shaping applies only to unicast traffic. Shaping rates of at least 162 Kbps are supported.
The no shape rate and default shape rate commands remove the shape rate bandwidth limit on the configuration mode queue by deleting the corresponding shape rate command from running-config.
Command Mode
Tx-Queue Configuration
Command Syntax
shape rate DATA_LIMIT
no shape rate
default shape rate
Parameters
DATA_LIMIT     shape rate applied to the queue. Value range varies with data unit:
<8 to 40000000>      8 to 40,000,000 kbytes per second.
<8 to 40000000>kbps      8 to 40,000,000 kbytes per second.
<8 to 60000000>pps      8 to 60,000,000 packets per second.
Shaping rates greater than 460 kbps are supported. At lower shaping rates (less than 10 Mbps), granularity and rounding errors may skew the actual shaping rate by 20% from the specified rate.
Related Commands
tx-queue (Petra) places the switch in tx-queue configuration mode
shape rate (Interface – Petra) configures the shape rate for a configuration mode interface.
Example
These commands configure a shape rate of 1 Gbps (1,000,000 Kbps) on transmit queues 3 and 4 of Ethernet interface 3/28.
switch(config)#interface ethernet 3/28
switch(config-if-Et3/28)#tx-queue 4
switch(config-if-Et3/28-txq-4)#shape rate 1000000
switch(config-if-Et3/28-txq-4)#tx-queue 3
switch(config-if-Et3/28-txq-3)#shape rate 1000000
switch(config-if-Et3/28-txq-3)#show qos interface ethernet 3/28
Ethernet3/28:
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
   Tx-Queue   Bandwidth    Shape Rate     Priority
              (percent)       (Kbps)
   -----------------------------------------------
          7         N/A     disabled        strict
          6         N/A     disabled        strict
          5         N/A     disabled        strict
          4         N/A      1000000        strict
          3          25      1000000   round-robin
          2          25     disabled   round-robin
          1          25     disabled   round-robin
          0          25     disabled   round-robin
 
switch(config-if-Et3/28-txq-3)#
shape rate (Tx-queue – Trident and Tomahawk)
The shape rate command specifies the maximum bandwidth for outbound traffic on the configuration mode transmit queue, also known as queue shaping. The shape rate for interfaces is configured by the shape rate (Interface – Trident and Tomahawk) command. By default, the configured outbound transmission rate is not bounded by a transmit queue shape rate.
The no shape rate and default shape rate commands remove the shape rate limit from the configuration mode transmit queue by deleting the corresponding shape rate command from running-config.
Command Mode
Mc-Tx-Queue configuration
Uc-Tx-Queue configuration
Command Syntax
shape rate DATA_LIMIT
no shape rate
default shape rate
Parameters
DATA_LIMIT     shape rate applied to the queue. Value range varies with data unit:
<8 to 40000000>      8 to 40,000,000 kbytes per second.
<8 to 40000000>kbps      8 to 40,000,000 kbytes per second.
<8 to 60000000>pps      8 to 60,000,000 packets per second.
Related Commands
mc-tx-queue places the switch in mc-tx-queue configuration mode.
uc-tx-queue places the switch in uc-tx-queue configuration mode.
shape rate (Interface – Trident and Tomahawk) configures the shape rate for a configuration mode interface.
Guidelines
Shaping rates of at least 8 kbps are supported. At shaping rates smaller than 1 Mbps, granularity and rounding errors may skew the actual shaping rate by 20% from the specified rate.
When two queues source traffic from the same traffic class and the higher priority queue is shaped, that queue consumes all internal buffers, starving the lower priority queue even if bandwidth is available.
Example
These commands configure a shape rate of 1 Gbps (1,000,000 Kbps) on unicast transmit queues 3 and multicast transmit 4 of Ethernet interface 7.
switch(config)#interface ethernet 7
switch(config-if-Et7)#uc-tx-queue 3
switch(config-if-Et7-uc-txq-3)#shape rate 1000000
switch(config-if-Et7-uc-txq-3)#mc-tx-queue 2
switch(config-if-Et7-mc-txq-2)#shape rate 1000000
switch(config-if-Et7-mc-txq-2)#show qos interface ethernet 7
Ethernet7:
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
   Tx-Queue   Bandwidth    Shape Rate     Priority   Priority Group
              (percent)       (Kbps)
   ----------------------------------------------------------------
        UC7         N/A     disabled        strict                1
        UC6         N/A     disabled        strict                1
        MC3         N/A     disabled        strict                1
        UC5         N/A     disabled        strict                0
        UC4         N/A     disabled        strict                0