28.11 IPv4 Commands
IP Routing and Address Commands
IPv4 DHCP Relay
IPv4 DHCP Snooping
IPv4 Multicast Counters
IPv4 NAT
ARP Table
arp
VRF Commands
Trident Forwarding Table Commands
IPv4 GRE Tunneling Commands
tunnel
agent SandL3Unicast terminate
The agent SandL3Unicast terminate command restarts the platform layer 3 agent to ensure IPv4 routes are optimized.
Command Mode
Global Configuration
Command Syntax
agent SandL3Unicast terminate
Related Commands
ip hardware fib optimize enables IPv4 route scale.
show platform arad ip route shows resources for all IPv4 routes in hardware. Routes that use the additional hardware resources will appear with an asterisk.
show platform arad ip route summary shows hardware resource usage of IPv4 routes.
Example
This configuration command restarts the platform layer 3 agent to ensure IPv4 routes are optimized.
switch(config)#agent SandL3Unicast terminate
SandL3Unicast was terminated
Restarting the platform layer 3 agent results in deletion of all IPv4 routes, which are re-added to the hardware.
arp
The arp command adds a static entry to an Address Resolution Protocol (ARP) cache. The switch uses ARP cache entries to correlate 32-bit IP addresses to 48-bit hardware addresses.
The no arp and default arp commands remove the ARP cache entry with the specified IP address. When multiple VRFs contain ARP cache entries for identical IP addresses, each entry can only be removed individually.
Command Mode
Global Configuration
Command Syntax
arp [VRF_INSTANCE] ipv4_addr mac_addr arpa
no arp [VRF_INSTANCE] ipv4_addr
default arp [VRF_INSTANCE] ipv4_addr
Parameters
VRF_INSTANCE     specifies the VRF instance being modified.
<no parameter>     changes are made to the default VRF.
vrf vrf_name     changes are made to the specified user-defined VRF.
ipv4_addr     IPv4 address of ARP entry.
mac_addr     local data-link (hardware) address (48-bit dotted hex notation – H.H.H).
Examples
This command adds a static entry to the ARP cache in the default VRF.
switch(config)#arp 172.22.30.52 0025.900e.c63c arpa
switch(config)#
This command adds the same static entry to the ARP cache in the VRF named “purple.”
switch(config)#arp vrf purple 172.22.30.52 0025.900e.c63c arpa
switch(config)#
arp aging timeout
The arp aging timeout command specifies the duration of dynamic address entries in the Address Resolution Protocol (ARP) cache for addresses learned through the configuration mode interface. The default duration is 14400 seconds (four hours).
The arp aging timeout and default arp aging timeout commands restores the default ARP aging timeout for addresses learned on the configuration mode interface by deleting the corresponding arp aging timeout command from running-config.
Command Mode
Interface-Ethernet Configuration
Interface-Loopback Configuration
Interface-Management Configuration
Interface-Port-channel Configuration
Interface-VLAN Configuration
Command Syntax
arp aging timeout arp_time
no arp aging timeout
default arp aging timeout
Parameters
arp_time      ARP aging timeout period (seconds). Values range from 60 to 65535. Default value is 14400.
Examples
This command specifies an ARP cache duration of 7200 seconds (two hours) for dynamic addresses added to the ARP cache that were learned through VLAN 200.
switch(config)#interface vlan 200
switch(config-if-Vl200)#arp aging timeout 7200
switch(config-if-Vl200)#show active
interface Vlan200
   arp timeout 7200
switch(config-if-Vl200)#
arp cache persistent
The arp cache persistent command restores the dynamic entries in the Address Resolution Protocol (ARP) cache after reboot.
The no arp cache persistent and default arp cache persistent commands remove the ARP cache persistent configuration from the running-config.
Command Mode
Global Configuration
Command Syntax
arp cache persistent
no arp cache persistent
default arp cache persistent
Example
This command restores the ARP cache after reboot.
switch(config)#arp cache persistent
switch(config)#
arp gratuitous accept
The arp gratuitous accept command configures the configuration mode interface to accept gratuitous ARP request packets received on that interface. Accepted gratuitous ARP requests are then learned by the ARP table.
The no and default forms of the command prevent the interface from accepting gratuitous ARP requests. Configuring gratuitous ARP acceptance on an L2 interface has no effect.
Command Mode
Interface-Ethernet Configuration
Interface-VLAN Configuration
Interface Port-channel Configuration
Command Syntax
arp gratuitous accept
no arp gratuitous accept
default arp gratuitous accept
Example
These commands configure Ethernet interface 2/1 to accept gratuitous ARP request packets.
switch (config)# interface ethernet 2/1
switch (config-if-Et2/1)#arp gratuitous accept
switch (config-if-Et2/1)#
 
clear arp-cache
The clear arp-cache command refreshes dynamic entries in the Address Resolution Protocol (ARP) cache. Refreshing the ARP cache updates current ARP table entries and removes expired ARP entries not yet deleted by an internal, timer-driven process.
The command, without arguments, refreshes ARP cache entries for all enabled interfaces. With arguments, the command refreshes cache entries for the specified interface. Executing clear arp-cache for all interfaces can result in extremely high CPU usage while the tables are resolving.
Command Mode
Privileged EXEC
Command Syntax
clear arp-cache [VRF_INSTANCE][INTERFACE_NAME]
Parameters
VRF_INSTANCE     specifies the VRF instance for which arp data is refreshed.
<no parameter>     specifies the context-active VRF.
vrf vrf_name     specifies name of VRF instance. System default VRF is specified by default.
INTERFACE_NAME     interface upon which ARP cache entries are refreshed. Options include:
<no parameter>     All ARP cache entries.
interface ethernet e_num     ARP cache entries of specified Ethernet interface.
interface loopback l_num     ARP cache entries of specified loopback interface.
interface management m_num     ARP cache entries of specified management interface.
interface port-channel p_num     ARP cache entries of specified port-channel Interface.
interface vlan v_num     ARP cache entries of specified VLAN interface.
interface vxlan vx_num     VXLAN interface specified by vx_num.
Related Commands
cli vrf specifies the context-active VRF.
Example
These commands display the ARP cache before and after ARP cache entries are refreshed.
switch#show arp
Address         Age (min)  Hardware Addr   Interface
172.22.30.1             0  001c.730b.1d15  Management1
172.22.30.118           0  001c.7301.6015  Management1
 
switch#clear arp-cache
 
switch#show arp
Address         Age (min)  Hardware Addr   Interface
172.22.30.1             0  001c.730b.1d15  Management1
switch#
clear arp
The clear arp command removes the specified dynamic ARP entry for the specified IP address from the Address Resolution Protocol (ARP) table.
Command Mode
Privileged EXEC
Command Syntax
clear arp [VRF_INSTANCE] ipv4_addr
Parameters
VRF_INSTANCE     specifies the VRF instance for which arp data is removed.
<no parameter>     specifies the context-active VRF.
vrf vrf_name     specifies name of VRF instance. System default VRF is specified by default.
ipv4_addr     IPv4 address of dynamic ARP entry.
Related Commands
cli vrf specifies the context-active VRF.
Example
These commands display the ARP table before and after the removal of dynamic ARP entry for IP address 172.22.30.52.
switch#show arp
Address         Age (min)  Hardware Addr   Interface
172.22.30.1             0  001c.730b.1d15  Management1
172.22.30.52            0  0025.900e.c468  Management1
172.22.30.53            0  0025.900e.c63c  Management1
172.22.30.133           0  001c.7304.3906  Management1
switch#clear arp 172.22.30.52
switch#show arp
Address         Age (min)  Hardware Addr   Interface
172.22.30.1             0  001c.730b.1d15  Management1
172.22.30.53            0  0025.900e.c63c  Management1
172.22.30.133           0  001c.7304.3906  Management1
switch#
clear arp inspection statistics
The clear arp inspection statistics command clears ARP inspection statistics.
Command Mode
EXEC
Command Syntax
clear arp inspection statistics
Related Commands
Examples
This command clears ARP inspection statistics.
switch(config)#clear arp inspection statistics
switch(config)#
clear ip dhcp relay counters
The clear ip dhcp relay counters command resets the DHCP relay counters. The configuration mode determines which counters are reset:
Interface configuration: command clears the counter for the configuration mode interface.
Command Mode
Privileged EXEC
Command Syntax
clear ip dhcp relay counters [INTERFACE_NAME]
Parameters
INTERFACE_NAME     entity for which counters are cleared. Options include:
<no parameter>     clears counters for the switch and for all interfaces.
interface ethernet e_num     clears counters for the specified Ethernet interface.
interface loopback l_num     clears counters for the specified loopback interface.
interface port-channel p_num     clears counters for the specified port-channel Interface.
interface vlan v_num     clears counters for the specified VLAN interface.
Examples
These commands clear the DHCP relay counters for VLAN 1045 and shows the counters before and after the clear command.
switch#show ip dhcp relay counters
 
          |  Dhcp Packets  |
Interface | Rcvd Fwdd Drop |         Last Cleared
----------|----- ---- -----|---------------------
  All Req |  376  376    0 | 4 days, 19:55:12 ago
All Resp |  277  277    0 |
          |                |
Vlan1001 |  207  148    0 | 4 days, 19:54:24 ago
Vlan1045 |  376  277    0 | 4 days, 19:54:24 ago
 
switch#clear ip dhcp relay counters interface vlan 1045
 
          |  Dhcp Packets  |
Interface | Rcvd Fwdd Drop |         Last Cleared
----------|----- ---- -----|---------------------
  All Req |  380  380    0 | 4 days, 21:19:17 ago
All Resp |  281  281    0 |
          |                |
Vlan1000 |  207  148    0 | 4 days, 21:18:30 ago
Vlan1045 |    0    0    0 |          0:00:07 ago
These commands clear all DHCP relay counters on the switch.
switch(config-if-Vl1045)#exit
switch(config)#clear ip dhcp relay counters
switch(config)#show ip dhcp relay counters
 
          |  Dhcp Packets  |
Interface | Rcvd Fwdd Drop | Last Cleared
----------|----- ---- -----|-------------
  All Req |    0    0    0 |  0:00:03 ago
All Resp |    0    0    0 |
          |                |
Vlan1000 |    0    0    0 |  0:00:03 ago
Vlan1045 |    0    0    0 |  0:00:03 ago
clear ip dhcp snooping counters
The clear ip dhcp snooping counters command resets the DHCP snooping packet counters.
Command Mode
Privileged EXEC
Command Syntax
clear ip dhcp snooping counters [COUNTER_TYPE]
Parameters
COUNTER_TYPE     The type of counter that the command resets. Options include:
<no parameter>     counters for each VLAN.
debug     aggregate counters and drop cause counters.
Example
This command clears the DHCP snooping counters for each VLAN.
switch#clear ip dhcp snooping counters
switch#show ip dhcp snooping counters
 
     | Dhcp Request Pkts | Dhcp Reply Pkts |
Vlan |  Rcvd  Fwdd  Drop | Rcvd Fwdd  Drop | Last Cleared
-----|------ ----- ------|----- ---- ------|-------------
100 |     0     0     0 |    0    0     0 |  0:00:10 ago
 
switch#
This command clears the aggregate DHCP snooping counters.
switch#clear ip dhcp snooping counters debug
switch#show ip dhcp snooping counters debug
 
Counter                       Snooping to Relay Relay to Snooping
----------------------------- ----------------- -----------------
Received                                      0                 0
Forwarded                                     0                 0
Dropped - Invalid VlanId                      0                 0
Dropped - Parse error                         0                 0
Dropped - Invalid Dhcp Optype                 0                 0
Dropped - Invalid Info Option                 0                 0
Dropped - Snooping disabled                   0                 0
 
Last Cleared:  0:00:08 ago
switch#
clear ip multicast count
The clear ip multicast count command clears all counters associated with the multicast traffic.
Command Mode
Gobal Configuration
Command Syntax
clear ip multicast count [group_address [source_address]]
Parameters
<no parameters>     clears all counts of the multicast route traffic
group_address     clears the multicast traffic count of the specified group address
source_address     clears the multicast traffic count of the specified group and source addresses
Guidelines
This command functions only when the ip multicast count command is enabled.
Examples
This command clears all counters associated with the multicast traffic.
switch(config)#clear ip multicast count
This command clears the multicast traffic count of the specified group address.
switch(config)#clear ip multicast count 16.39.24.233
clear ip nat flow translation
The clear ip nat flow translation command clears all or the specified NAT table entries.
Command Mode
Privileged EXEC
Command Syntax
clear ip nat flow translation [HOST_ADDR [DEST_ADDR]] [INTF] [PROT_TYPE]
Parameters
DEST_ADDR immediately follows HOST_ADDR. All other parameters, including HOST_ADDR, may be placed in any order.
HOST_ADDR     Host address to be modified. Options include:
<no parameter>     All packets with specified destination address are cleared.
address local_ipv4     IPv4 address.
address local_ipv4   local_port     IPv4 address and port (port value ranges from 1 to 65535).
DEST_ADDR     Destination address of translated packet. Destination address can be entered only when the HOST_ADDR is specified. Options include:
<no parameter>     All packets with specified destination address are cleared.
global_ipv4     IPv4 address.
global_ipv4   global_port     IPv4 address and port (port value ranges from 1 to 65535).
INTF    Route source. Options include:
<no parameter>     All packets with specified destination address are cleared.
interface ethernet e_num     Ethernet interface specified by e_num.
interface loopback l_num     Loopback interface specified by l_num.
interface management m_num     Management interface specified by m_num.
interface port-channel p_num     Port-channel interface specified by p_num.
interface vlan v_num     VLAN interface specified by v_num.
PROT_TYPE     Filters packets based on protocol type. Options include:
<no parameter>     All packets with specified destination address are cleared.
tcp     TCP packets with specified destination address are cleared.
udp     UDP packets with specified destination address are cleared.
Example
This command clears all dynamic entries from the NAT translation table
switch#clear ip nat flow translation
switch#
This command clears a specific NAT IP address 172.22.30.52.
switch#clear ip nat flow translation address 172.22.30.52
switch#
This command clears the inside entry that maps the private address 10.10.10.3 to Internet address 172.22.30.52.
switch#clear ip nat flow translation address 172.22.30.52 10.10.10.3
switch#
cli vrf
The cli vrf command specifies the context-active VRF. The context-active VRF determines the default VRF that VRF-context aware commands use when displaying routing table data.
Command Mode
Privileged EXEC
Command Syntax
cli vrf [VRF_ID]
Parameters
VRF_ID     Name of VRF assigned as the current VRF scope. Options include:
vrf_name     Name of user-defined VRF.
default     System-default VRF.
Guidelines
VRF-context aware commands include:
Related Commands
show routing-context vrf displays the context-active VRF.
Example
These commands specify magenta as the context-active VRF, then display the context-active VRF.
switch#cli vrf magenta
switch#show routing-context vrf
Current VRF routing-context is magenta
switch#
description (VRF)
The description command adds a text string to the configuration mode VRF. The string has no functional impact on the VRF.
The no description and default description commands remove the text string from the configuration mode VRF by deleting the corresponding description command from running-config.
Command Mode
VRF Configuration
Command Syntax
description label_text
no description
default description
Parameters
label_text     character string assigned to the VRF configuration.
Related Commands
vrf instance places the switch in VRF configuration mode.
Examples
These commands add description text to the magenta VRF.
switch(config)#vrf instance magenta
switch(config-vrf-magenta)#description This is the first vrf
switch(config-vrf-magenta)#show active
vrf instance magenta
   description This is the first vrf
switch(config-vrf-magenta)#
ip address
The ip address command configures the IPv4 address and connected subnet on the configuration mode interface. Each interface can have one primary address and multiple secondary addresses.
The no ip address and default ip address commands remove the IPv4 address assignment from the configuration mode interface. Entering the command without specifying an address removes the primary and all secondary addresses from the interface. The primary address cannot be deleted until all secondary addresses are removed from the interface.
Removing all IPv4 address assignments from an interface disables IPv4 processing on that port.
Command Mode
Interface-Ethernet Configuration
Interface-Loopback Configuration
Interface-Management Configuration
Interface-Port-channel Configuration
Interface-VLAN Configuration
Command Syntax
ip address ipv4_subnet [PRIORITY]
no ip address [ipv4_subnet] [PRIORITY]
default ip address [ipv4_subnet] [PRIORITY]
Parameters
ipv4_subnet     IPv4 and subnet address (CIDR or address-mask notation). Running-config stores value in CIDR notation.
PRIORITY     interface priority. Options include:
<no parameter>     the address is the primary IPv4 address for the interface.
secondary     the address is the secondary IPv4 address for the interface.
Guidelines
The ip address command is supported on routable interfaces.
Example
This command configures an IPv4 address for VLAN 200.
switch(config)#interface vlan 200
switch(config-if-Vl200)#ip address 10.0.0.1/24
switch(config-if-Vl200)#
ip arp inspection limit
The ip arp inspection limit command err-disables the interface if the incoming ARP rate exceeds the configured value rate limit the incoming ARP packets on an interface.
Command Mode
EXEC
Command Syntax
[no | default] ip arp inspection limit [RATE <pps>] [BURST_INTERVAL <sec> | none]
Parameters
RATE     specifies the ARP inspection limit rate in packets per second.
<pps>     ARP inspection limit rate packets per second.
BURST_INTERVAL     specifies the ARP inspection limit burst interval.
<sec>     burst interval second.
Related Commands
Examples
This command configures the rate limit of incoming ARP packets to errdisable the interface when the incoming ARP rate exceeds the configured value, sets the rate to 512 (which is the upper limit for the number of invalid ARP packets allowed per second), and sets the burst consecutive interval over which the interface is monitored for a high ARP rate to 11 seconds.
switch(config)#ip arp inspection limit rate 512 burst interval 11
switch(config)#
This command displays verification of the interface specific configuration.
switch(config)#interface Ethernet 3 / 1
switch(config)#ip arp inspection limit rate 20 burst interval 5
switch(config)#interface Ethernet 3 / 3
switch(config)#ip arp inspection trust
switch(config)#show ip arp inspection interfaces
 Interface      Trust State  Rate (pps) Burst Interval
 -------------  -----------  ---------- --------------
 Et3/1          Untrusted    20         5
 Et3/3          Trusted      None       N/A
 
switch(config)#
ip arp inspection logging
The ip arp inspection logging command enables logging of incoming ARP packets on the interface if the rate exceeds the configured value.
Command Mode
EXEC
Command Syntax
[no | default] ip arp inspection logging [RATE <pps>] [BURST_INTERVAL <sec> | none]
Parameters
RATE     specifies the ARP inspection limit rate in packets per second.
<pps>     ARP inspection limit rate packets per second.
BURST_INTERVAL     specifies the ARP inspection limit burst interval.
<sec>     burst interval second.
Related Commands
Example
This command enables logging of incoming ARP packets when the incoming ARP rate exceeds the configured value on the interface, sets the rate to 2048 (which is the upper limit for the number of invalid ARP packets allowed per second), and sets the burst consecutive interval over which the interface is monitored for a high ARP rate to 15 seconds.
switch(config)#ip arp inspection logging rate 2048 burst interval 15
switch(config)#
ip arp inspection trust
The ip arp inspection trust command configures the trust state of an interface. By default, all interfaces are untrusted.
Command Mode
EXEC
Command Syntax
[no | default] ip arp inspection trust
Related Commands
Examples
This command configures the trust state of an interface.
switch(config)#ip arp inspection trust
switch(config)#
This command configures the trust state of an interface to untrusted.
switch(config)#no ip arp inspection trust
switch(config)#
This command configures the trust state of an interface to its default (untrusted).
switch(config)#default ip arp inspection trust
switch(config)#
ip arp inspection vlan
The ip arp inspection vlan command enables ARP inspection. ARP requests and responses on untrusted interfaces are intercepted on specified VLANs, and intercepted packets are verified to have valid IP-MAC address bindings. All invalid ARP packets are dropped. On trusted interfaces, all incoming ARP packets are processed and forwarded without verification. By default, ARP inspection is disabled on all VLANs.
Command Mode
EXEC
Command Syntax
ip arp inspection vlan [LIST]
Parameters
LIST     specifies the VLAN interface number.
Related Commands
Examples
This command enables ARP inspection on VLANs 1 through 150.
switch(config)#ip arp inspection vlan 1 - 150
switch(config)#
This command disables ARP inspection on VLANs 1 through 150.
switch(config)#no ip arp inspection vlan 1 - 150
switch(config)#
This command sets the ARP inspection default to VLANs 1 through 150.
switch(config)#default ip arp inspection vlan 1 - 150
switch(config)#
These commands enable ARP inspection on multiple VLANs 1 through 150 and 200 through 250.
switch(config)#ip arp inspection vlan 1-150,200-250
switch(config)#
ip dhcp relay all-subnets
The ip dhcp relay all-subnets command configures the DHCP smart relay status on the configuration mode interface. DHCP smart relay supports forwarding DHCP requests with a client’s secondary IP addresses in the gateway address field. Enabling DHCP smart relay on an interface requires that DHCP relay is also enabled on that interface.
By default, an interface assumes the global DHCP smart relay setting as configured by the ip dhcp relay all-subnets default command. The ip dhcp relay all-subnets command, when configured, takes precedence over the global smart relay setting.
The no ip dhcp relay all-subnets command disables DHCP smart relay on the configuration mode interface. The default ip dhcp relay all-subnets command restores the interface’s to the default DHCP smart relay setting, as configured by the ip dhcp relay all-subnets default command, by removing the corresponding ip dhcp relay all-subnets or no ip dhcp relay all-subnets statement from running-config.
Command Mode
Interface-Ethernet Configuration
Interface-Port-channel Configuration
Interface-VLAN Configuration
Command Syntax
ip dhcp relay all-subnets
no ip dhcp relay all-subnets
default ip dhcp relay all-subnets
Examples
This command enables DHCP smart relay on VLAN interface 100.
switch(config)#interface vlan 100
switch(config-if-Vl100)#ip helper-address 10.4.4.4
switch(config-if-Vl100)#ip dhcp relay all-subnets
switch(config-if-Vl100)#show ip dhcp relay
DHCP Relay is active
DHCP Relay Option 82 is disabled
DHCP Smart Relay is enabled
Interface: Vlan100
  DHCP Smart Relay is enabled
  DHCP servers: 10.4.4.4
switch(config-if-Vl100)#
This command disables DHCP smart relay on VLAN interface 100.
switch(config-if-Vl100)#no ip dhcp relay all-subnets
switch(config-if-Vl100)#show active
interface Vlan100
   no ip dhcp relay all-subnets
   ip helper-address 10.4.4.4
switch(config-if-Vl100)#show ip dhcp relay
DHCP Relay is active
DHCP Relay Option 82 is disabled
DHCP Smart Relay is enabled
Interface: Vlan100
  DHCP Smart Relay is disabled
  DHCP servers: 10.4.4.4
switch(config-if-Vl100)#
This command enables DHCP smart relay globally, configures VLAN interface 100 to use the global setting, then displays the DHCP relay status
switch(config)#ip dhcp relay all-subnets default
switch(config)#interface vlan 100
switch(config-if-Vl100)#ip helper-address 10.4.4.4
switch(config-if-Vl100)#default ip dhcp relay
switch(config-if-Vl100)#show ip dhcp relay
DHCP Relay is active
DHCP Relay Option 82 is disabled
DHCP Smart Relay is enabled
Interface: Vlan100
  Option 82 Circuit ID: 333
  DHCP Smart Relay is enabled
  DHCP servers: 10.4.4.4
switch(config-if-Vl100)#
ip dhcp relay all-subnets default
The ip dhcp relay all-subnets default command configures the global DHCP smart relay setting. DHCP smart relay supports forwarding DHCP requests with a client’s secondary IP addresses in the gateway address field. The default global DHCP smart relay setting is disabled.
The global DHCP smart relay setting is applied to all interfaces for which an ip dhcp relay all-subnets statement is not configured. Enabling DHCP smart relay on an interface requires that DHCP relay is also enabled on that interface.
The no ip dhcp relay all-subnets default and default ip dhcp relay all-subnets default commands restore the global DHCP smart relay default setting of disabled by removing the ip dhcp relay all-subnets default command from running-config.
Command Mode
Global Configuration
Command Syntax
ip dhcp relay all-subnets default
no ip dhcp relay all-subnets default
default ip dhcp relay all-subnets default
Related Commands
ip helper-address enables the DHCP relay agent on a configuration mode interface.
ip dhcp relay all-subnets enables the DHCP smart relay agent on a configuration mode interface.
Example
This command configures the global DHCP smart relay setting to enabled.
switch(config)#ip dhcp relay all-subnets default
switch(config)#
ip dhcp relay always-on
The ip dhcp relay always-on command enables the switch DHCP relay agent on the switch regardless of the DHCP relay agent status on any interface. By default, the DHCP relay agent is enabled only if at least one routable interface is configured with an ip helper-address statement.
The no ip dhcp relay always-on and default ip dhcp relay always-on commands remove the ip dhcp relay always-on command from running-config.
Command Mode
Global Configuration
Command Syntax
ip dhcp relay always-on
no ip dhcp relay always-on
default ip dhcp relay always-on
Related Commands
These commands implement DHCP relay agent.
Example
This command enables the DHCP relay agent.
switch(config)#ip dhcp relay always-on
switch(config)#
ip dhcp relay information option (Global)
The ip dhcp relay information option command configures the switch to attach tags to DHCP requests before forwarding them to the DHCP servers designated by ip helper-address commands. The ip dhcp relay information option circuit-id command specifies the tag contents for packets forwarded by the interface that it configures.
The no ip dhcp relay information option and default ip dhcp relay information option commands restore the switch’s default setting of not attaching tags to DHCP requests by removing the ip dhcp relay information option command from running-config.
Command Mode
Global Configuration
Command Syntax
ip dhcp relay information option
no ip dhcp relay information option
default ip dhcp relay information option
Related Commands
These commands implement DHCP relay agent.
Example
This command enables the attachment of tags to DHCP requests that are forwarded to DHCP server addresses.
switch(config)#ip dhcp relay information option
switch(config)#
ip dhcp relay information option circuit-id
The ip dhcp relay information option circuit-id command specifies the content of tags that the switch attaches to DHCP requests before they are forwarded from the configuration mode interface to DHCP server addresses specified by ip helper-address commands. Tags are attached to outbound DHCP requests only if the information option is enabled on the switch ( ip dhcp relay information option circuit-id. The default value for each interface is the name and number of the interface.
The no ip dhcp relay information option circuit-id and default ip dhcp relay information option circuit-id commands restore the default content setting for the configuration mode interface by removing the corresponding command from running-config.
Command Mode
Interface-Ethernet Configuration
Interface-Loopback Configuration
Interface-Management Configuration
Interface-Port-channel Configuration
Interface-VLAN Configuration
Command Syntax
ip dhcp relay information option circuit-id id_label
no ip dhcp relay information option circuit-id
default ip dhcp relay information option circuit-id
Parameters
id_label     Tag content. Format is alphanumeric characters (maximum 15 characters).
Related Commands
Example
This command configures x-1234 as the tag content for packets send from VLAN 200.
switch(config)#interface vlan 200
switch(config-if-Vl200)#ip dhcp relay information option circuit-id x-1234
switch(config-if-Vl200)#
ip dhcp snooping
The ip dhcp snooping command enables DHCP snooping globally on the switch. DHCP snooping is a set of layer 2 processes that can be configured on LAN switches and used with DHCP servers to control network access to clients with specific IP/MAC addresses. The switch supports Option-82 insertion, which is a DHCP snooping process that allows relay agents to provide remote-ID and circuit-ID information to DHCP reply and request packets. DHCP servers use this information to determine the originating port of DHCP requests and associate a corresponding IP address to that port. DHCP servers use port information to track host location and IP address usage by authorized physical ports.
DHCP snooping uses the information option (Option-82) to include the switch MAC address (router-ID) along with the physical interface name and VLAN number (circuit-ID) in DHCP packets. After adding the information to the packet, the DHCP relay agent forwards the packet to the DHCP server as specified by the DHCP protocol.
DHCP snooping on a specified VLAN requires all of these conditions to be met:
DHCP snooping is globally enabled.
Insertion of option-82 information in DHCP packets is enabled.
DHCP snooping is enabled on the specified VLAN.
DHCP relay is enabled on the corresponding VLAN interface.
The no ip dhcp snooping and default ip dhcp snooping commands disables global DHCP snooping by removing the ip dhcp snooping command from running-config.
Command Mode
Global Configuration
Command Syntax
ip dhcp snooping
no ip dhcp snooping
default ip dhcp snooping
Related Commands
ip dhcp snooping information option enables insertion of option-82 snooping data.
ip helper-address enables the DHCP relay agent on a configuration mode interface.
Example
This command globally enables snooping on the switch, displaying DHCP snooping status prior and after invoking the command.
switch(config)#show ip dhcp snooping
DHCP Snooping is disabled
switch(config)#ip dhcp snooping
switch(config)#show ip dhcp snooping
DHCP Snooping is enabled
DHCP Snooping is not operational
DHCP Snooping is configured on following VLANs:
  None
DHCP Snooping is operational on following VLANs:
  None
Insertion of Option-82 is disabled
switch(config)#
ip dhcp snooping information option
The ip dhcp snooping information option command enables the insertion of option-82 DHCP snooping information in DHCP packets on VLANs where DHCP snooping is enabled. DHCP snooping is a layer 2 switch process that allows relay agents to provide remote-ID and circuit-ID information to DHCP reply and request packets. DHCP servers use this information to determine the originating port of DHCP requests and associate a corresponding IP address to that port.
DHCP snooping uses information option (Option-82) to include the switch MAC address (router-ID) along with the physical interface name and VLAN number (circuit-ID) in DHCP packets. After adding the information to the packet, the DHCP relay agent forwards the packet to the DHCP server through DHCP protocol processes.
DHCP snooping on a specified VLAN requires all of these conditions to be met:
DHCP snooping is globally enabled.
Insertion of option-82 information in DHCP packets is enabled.
DHCP snooping is enabled on the specified VLAN.
DHCP relay is enabled on the corresponding VLAN interface.
When global DHCP snooping is not enabled, the ip dhcp snooping information option command persists in running-config without any operational effect.
The no ip dhcp snooping information option and default ip dhcp snooping information option commands disable the insertion of option-82 DHCP snooping information in DHCP packets by removing the ip dhcp snooping information option statement from running-config.
Command Mode
Global Configuration
Command Syntax
ip dhcp snooping information option
no ip dhcp snooping information option
default ip dhcp snooping information option
Related Commands
ip dhcp snooping globally enables DHCP snooping.
ip helper-address enables the DHCP relay agent on a configuration mode interface.
Example
These commands enable DHCP snooping on DHCP packets from ports on snooping-enabled VLANs. DHCP snooping was previously enabled on the switch.
switch(config)#ip dhcp snooping information option
switch(config)#show ip dhcp snooping
DHCP Snooping is enabled
DHCP Snooping is operational
DHCP Snooping is configured on following VLANs:
  100
DHCP Snooping is operational on following VLANs:
  100
Insertion of Option-82 is enabled
  Circuit-id format: Interface name:Vlan ID
  Remote-id: 00:1c:73:1f:b4:38 (Switch MAC)
switch(config)#
ip dhcp snooping vlan
The ip dhcp snooping vlan command enables DHCP snooping on specified VLANs. DHCP snooping is a layer 2 process that allows relay agents to provide remote-ID and circuit-ID information in DHCP packets. DHCP servers use this data to determine the originating port of DHCP requests and associate a corresponding IP address to that port. DHCP snooping is configured on a global and VLAN basis.
VLAN snooping on a specified VLAN requires each of these conditions:
DHCP snooping is globally enabled.
Insertion of option-82 information in DHCP packets is enabled.
DHCP snooping is enabled on the specified VLAN.
DHCP relay is enabled on the corresponding VLAN interface.
When global DHCP snooping is not enabled, the ip dhcp snooping vlan command persists in running-config without any operational affect.
The no ip dhcp snooping information option and default ip dhcp snooping information option commands disable DHCP snooping operability by removing the ip dhcp snooping information option statement from running-config.
Command Mode
Global Configuration
Command Syntax
ip dhcp snooping vlan v_range
no ip dhcp snooping vlan v_range
default ip dhcp snooping vlan v_range
Parameters
v_range     VLANs upon which snooping is enabled. Formats include a number, a number range, or a comma-delimited list of numbers and ranges. Numbers range from 1 to 4094.
Related Commands
ip dhcp snooping globally enables DHCP snooping.
ip dhcp snooping information option enables insertion of option-82 snooping data.
ip helper-address enables the DHCP relay agent on a configuration mode interface.
Example
These commands enable DHCP snooping globally, DHCP on VLAN interface100, and DHCP snooping on VLAN 100.
switch(config)#ip dhcp snooping
switch(config)#ip dhcp snooping information option
switch(config)#ip dhcp snooping vlan 100
switch(config)#interface vlan 100
switch(config-if-Vl100)#ip helper-address 10.4.4.4
switch(config-if-Vl100)#show ip dhcp snooping
DHCP Snooping is enabled
DHCP Snooping is operational
DHCP Snooping is configured on following VLANs:
  100
DHCP Snooping is operational on following VLANs:
  100
Insertion of Option-82 is enabled
  Circuit-id format: Interface name:Vlan ID
  Remote-id: 00:1c:73:1f:b4:38 (Switch MAC)
switch(config)#
ip hardware fib ecmp resilience
The ip hardware fib ecmp resilience command enables resilient ECMP for the specified IP address prefix and configures a fixed number of next hop entries in the hardware ECMP table for that prefix. In addition to specifying the maximum number of next hop addresses that the table can contain for the prefix, the command includes a redundancy factor that allows duplication of each next hop address. The fixed table space for the address is the maximum number of next hops multiplied by the redundancy factor.
Resilient ECMP is useful when it is not desirable for routes to be rehashed due to link flap, as when ECMP is being used for load balancing.
The no ip hardware fib ecmp resilience and default ip hardware fib ecmp resilience commands restore the default hardware ECMP table management by removing the ip hardware fib ecmp resilience command from running-config.
Command Mode
Global Configuration
Command Syntax
ip hardware fib ecmp resilience net_addr capacity nhop_max redundancy duplicates
no ip hardware fib ecmp resilience net_addr
default ip hardware fib ecmp resilience net_addr
Parameters
net_addr     IP address prefix managed by command. (CIDR or address-mask).
nhop_max     Maximum number of nexthop addresses for specified IP address prefix. Value range varies by platform:
Helix: <2 to 64>
Trident: <2 to 32>
Trident II: <2 to 64>
duplicates     Specifies the redundancy factor. Value ranges from 1 to 128.
Example
This command configures a hardware ECMP table space of 24 entries for the IP address 10.14.2.2/24. A maximum of six next-hop addresses can be specified for the IP address. When the table contains six next-hop addresses, each appears in the table four times. When the table contains fewer than six next-hop addresses, each is duplicated until the 24 table entries are filled.
switch(config)#ip hardware fib ecmp resilience 10.14.2.2/24 capacity 6 redundancy 4
switch(config)#
ip hardware fib optimize
The ip hardware fib optimize command enables IPv4 route scale. The platform layer 3 agent is restarted to ensure IPv4 routes are optimized with the agent SandL3Unicast terminate command for the configuration mode interface.
Command Mode
Global Configuration
Command Syntax
ip hardware fib optimize exact-match prefix-length <prefix-length>
<optional: prefix-length>
no ip hardware fib optimize exact-match prefix-length <prefix-length>
<optional: prefix-length>
Parameters
prefix-length     The length of the prefix equal to 12, 16, 20, 24, 28, or 32. One additional prefix-length limited to the prefix-length of 32 is optional.
Related Commands
agent SandL3Unicast terminate enables restarting the layer 3 agent to ensure IPv4 routes are optimized.
show platform arad ip route shows resources for all IPv4 routes in hardware. Routes that use the additional hardware resources will appear with an asterisk.
show platform arad ip route summary shows hardware resource usage of IPv4 routes.
Examples
This configuration command allows configuring prefix lengths 12 and 32.
switch(config)#ip hardware fib optimize exact-match prefix-length 12 32
! Please restart layer 3 forwarding agent to ensure IPv4 routes are optimized
One of the two prefixes in this command is a prefix-length of 32, which is required in the instance where there are two prefixes. For this command to take effect, the platform layer 3 agent must be restarted.
This configuration command restarts the platform layer 3 agent to ensure IPv4 routes are optimized.
switch(config)#agent SandL3Unicast terminate
SandL3Unicast was terminated
Restarting the platform layer 3 agent results in deletion of all IPv4 routes, which are re-added to the hardware.
This configuration command allows configuring prefix lengths 32 and 16.
switch(config)#ip hardware fib optimize exact-match prefix-length 32 16
! Please restart layer 3 forwarding agent to ensure IPv4 routes are optimized
One of the two prefixes in this command is a prefix-length of 32, which is required in the instance where there are two prefixes. For this command to take effect, the platform layer 3 agent must be restarted.
This configuration command restarts the platform layer 3 agent to ensure IPv4 routes are optimized.
switch(config)#agent SandL3Unicast terminate
SandL3Unicast was terminated
Restarting the platform layer 3 agent results in deletion of all IPv4 routes, which are re-added to the hardware.
This configuration command allows configuring prefix length 24.
switch(config)#ip hardware fib optimize exact-match prefix-length 24
! Please restart layer 3 forwarding agent to ensure IPv4 routes are optimized
In this instance, there is only one prefix-length, so a prefix-length of 32 is not required. For this command to take effect, the platform layer 3 agent must be restarted.
This configuration command restarts the platform layer 3 agent to ensure IPv4 routes are optimized.
switch(config)#agent SandL3Unicast terminate
SandL3Unicast was terminated
Restarting the platform layer 3 agent results in deletion of all IPv4 routes, which are re-added to the hardware.
This configuration command allows configuring prefix length 32.
switch(config)#ip hardware fib optimize exact-match prefix-length 32
! Please restart layer 3 forwarding agent to ensure IPv4 routes are optimized
For this command to take effect, the platform layer 3 agent must be restarted.
This configuration command restarts the platform layer 3 agent to ensure IPv4 routes are optimized.
switch(config)#agent SandL3Unicast terminate
SandL3Unicast was terminated
Restarting the platform layer 3 agent results in deletion of all IPv4 routes, which are re-added to the hardware.
Example
This configuration command disables configuring prefix lengths 12 and 32.
switch(config)#no ip hardware fib optimize exact-match prefix-length 12 32
! Please restart layer 3 forwarding agent to ensure IPv4 routes are not optimized
One of the two prefixes in this command is a prefix-length of 32, which is required in the instance where there are two prefixes. For this command to take effect, the platform layer 3 agent must be restarted.
ip helper-address
The ip helper-address command enables the DHCP relay agent on the configuration mode interface and specifies a forwarding address for DHCP requests. An interface that is configured with multiple helper-addresses forwards DHCP requests to all specified addresses.
The no ip helper-address and default ip helper-address commands remove the corresponding ip helper-address command from running-config. Commands that do not specify an IP helper-address remove all helper-addresses from the interface.
Command Mode
Interface-Ethernet Configuration
Interface-Port-channel Configuration
Interface-VLAN Configuration
Command Syntax
ip helper-address ipv4_addr [vrf vrf_name] [source-address ipv4_addr | source-interface INTERFACES]
no ip helper-address [ipv4_addr]
default ip helper-address [ipv4_addr]
Parameters
vrf vrf_name     specify the user-defined VRF for DHCP server.
ipv4_addr     specify the DHCP server address accessed by interface.
source-address ipv4_addr     specify the source IPv4 address to communicate with DHCP server.
source-interface INTERFACES     specify the source interface to communicate with DHCP server. Options include:
Ethernet eth_num     specify the Ethernet interface number.
Loopback lpbck_num     specify the loopback interface number. Value ranges from 0 to 1000.
Management mgmt_num     specify the management interface number. Accepted values are 1 and 2.
Port-Channel {int_num | sub_int_num}     specify the port-channel interface or subinterface number. Value of interface ranges from 1 to 2000. Value of sub-interface ranges from 1 to 4094.
Tunnel tnl_num     specify the tunnel interface number. Value ranges from 0 to 255.
VLAN vlan_num     specify the Ethernet interface number. Value ranges from 1 to 4094.
Related Commands
Guidelines
If the source-address parameter is specified, then the DHCP client receives an IPv4 address from the subnet of source IP address. The source-address must be one of the configured addresses on the interface.
Examples
This command enables DHCP relay on the VLAN interface 200; and configure the switch to forward DHCP requests received on this interface to the server at 10.10.41.15.
switch(config)#interface vlan 200
switch(config-if-Vl200)#ip helper-address 10.10.41.15
switch(config-if-Vl200)#show active
interface Vlan200
   ip helper-address 10.10.41.15
switch(config-if-Vl200)#
This command enables DHCP relay on the interface Ethernet 1/2; and configures the switch to use 2.2.2.2 as the source IP address when relaying IPv4 DHCP messages to the server at 1.1.1.1.
switch(config)#interface ethernet 1/2
switch(config-if-Et1/2)#ip helper-address 1.1.1.1 source-address 2.2.2.2
switch(config-if-Et1/2)#
ip icmp redirect
The ip icmp redirect command enables the transmission of ICMP redirect messages. Routers send ICMP redirect messages to notify data link hosts of the availability of a better route for a specific destination.
The no ip icmp redirect disables the switch from sending ICMP redirect messages.
Command Mode
Global Configuration
Command Syntax
ip icmp redirect
no ip icmp redirect
default ip icmp redirect
Example
This command disables the redirect messages.
switch(config)#no ip icmp redirect
switch(config)#show running-config
<-------OUTPUT OMITTED FROM EXAMPLE--------> 
!
no ip icmp redirect
ip routing
!
<-------OUTPUT OMITTED FROM EXAMPLE-------->
switch(config)#
ip load-sharing
The ip load-sharing command provides the hash seed to an algorithm that the switch uses to distribute data streams among multiple equal-cost routes to an individual IPv4 subnet.
In a network topology using Equal-Cost Multipath routing, all switches performing identical hash calculations may result in hash polarization, leading to uneven load distribution among the data paths. Hash polarization is avoided when switches use different hash seeds to perform different hash calculations.
The no ip load-sharing and default ip load-sharing commands return the hash seed to the default value of zero by removing the ip load-sharing command from running-config.
Command Mode
Global Configuration
Command Syntax
ip load-sharing HARDWARE seed
no ip load-sharing HARDWARE
default ip load-sharing HARDWARE
Parameters
HARDWARE     The ASIC switching device. The available option depend on the switch platform. Verify available options with the CLI ? command.
arad     
fm6000     
petraA     
trident     
seed     The hash seed. Value range varies by switch platform. The default value on all platforms is 0.
when HARDWARE=arad     seed ranges from 0 to 2.
when HARDWARE=fm6000     seed ranges from 0 to 39.
when HARDWARE=petraA     seed ranges from 0 to 2.
when HARDWARE=trident     seed ranges from 0 to 5.
Example
This command sets the IPv4 load sharing hash seed to one on FM6000 platform switches.
switch(config)#ip load-sharing fm6000 1
switch(config)#
ip local-proxy-arp
The ip local-proxy-arp command enables local proxy ARP (Address Resolution Protocol) on the configuration mode interface. When local proxy ARP is enabled, ARP requests received on the configuration mode interface will return an IP address even when the request comes from within the same subnet.
The no ip local-proxy-arp and default ip local-proxy-arp commands disable local proxy ARP on the configuration mode interface by removing the corresponding ip local-proxy-arp command from running-config.
Command Mode
Interface-Ethernet Configuration
Interface-Loopback Configuration
Interface-Management Configuration
Interface-Port-channel Configuration
Interface-VLAN Configuration
Command Syntax
ip local-proxy-arp
no ip local-proxy-arp
default ip local-proxy-arp
Example
These commands enable local proxy ARP on VLAN interface 140.
switch(config)#interface vlan 140
switch(config-if-Vl140)#ip local-proxy-arp
switch(config-if-Vl140)#show active
interface Vlan140
   ip local-proxy-arp
switch(config-if-Vl140)#
ip multicast count
The ip multicast count command enables the IPv4 multicast route traffic counter of group and source addresses in either bytes or packets.
The no ip multicast count command deletes all multicast counters including the routes of group and source addresses.
The no ip multicast count group_address source_address command removes the current configuration of the specified group and source addresses. It does not delete the counter because the wildcard is still active.
The default ip multicast count command reverts the current counter configuration of multicast route to the default state.
Command Mode
Global Configuration
Command Syntax
ip multicast count [group_address [source_address] | bytes | packets]
no ip multicast count [group_address [source_address] | bytes | packets]
default ip multicast count [group_address [source_address] | bytes | packets]
Parameters
group_address     configures the multicast route traffic count of the specified group address
source_address     configures the multicast route traffic count of the specified group and source addresses
bytes     configures the multicast route traffic count to bytes
packets     configures the multicast route traffic count to packets
Guidelines
This command is supported on the FM6000 platform only.
Examples
This command configures the multicast route traffic count to bytes.
switch(config)#ip multicast count bytes
This command configures the multicast route traffic count of the specified group and source addresses.
switch(config)#ip multicast count 10.50.30.23 45.67.89.100
This command deletes all multicast counters including the routes of group and source addresses.
switch(config)#no ip multicast count
This command reverts the current multicast route configuration to the default state.
switch(config)#default ip multicast count
ip nat destination static
The ip nat destination static command enables NAT of a specified destination address for the configuration mode interface. This command installs hardware translation entries for forward and reverse unicast traffic. When the rule specifies a multicast group, the command does not install the reverse path in hardware. The command may include an access control list to filter packets for translation.
When configuring twice NAT, an arbitrary NAT group number is used to associate the source NAT and destination NAT rules. This number must be the same in both rules.
The no ip nat destination static and default ip nat destination static commands disables NAT translation of the specified destination address by removing the corresponding ip nat destination static command from running_config.
Command Mode
Interface-Ethernet Configuration
Interface-Port-channel Configuration
Interface-VLAN Configuration
Command Syntax
ip nat destination static ORIGINAL [FILTER] TRANSLATED [PROT_TYPE] [group group_number]
no ip nat destination static ORIGINAL [FILTER] TRANSLATED [PROT_TYPE] [group group_number]
default ip nat destination static ORIGINAL [FILTER] TRANSLATED [PROT_TYPE] [group group_number]
Parameters
ORIGINAL     Destination address to be modified. Options include:
local_ipv4     IPv4 address.
local_ipv4   local_port     IPv4 address and port (port value ranges from 1 to 65535).
FILTER     Access control list that filters packets. Options include:
<no parameter>     All packets with specified destination address are cleared.
access-list list_name     List that specifies the packets that are cleared. Not supported when configuring twice NAT.
TRANSLATED     Destination address of translated packet. Options include:
global_ipv4     IPv4 address.
global_ipv4   global_port     IPv4 address and port (port value ranges from 1 to 65535). When configuring twice NAT, source and destination NAT rules must either both specify a port translation or both not specify a port translation.
PROT_TYPE     Filters packets based on protocol type. Options include:
<no parameter>     All packets with specified destination address are cleared.
protocol tcp     TCP packets with specified destination address are cleared.
protocol udp     UDP packets with specified destination address are cleared.
group group_number     Used only when configuring twice NAT, the NAT group number associates a source NAT rule with a destination NAT rule on the same interface. The group number (values range from 1 to 255) is arbitrary, but must be the same in both rules.
Example
These commands configure VLAN 201 to translate destination address 10.24.1.10 to 168.32.14.15.
switch(config)#interface vlan 201
switch(config-if-Vl201)#ip nat destination static 10.24.1.10 168.32.14.15
switch(config-if-Vl201)#
These commands configure VLAN 201 to translate the source address 10.24.1.10 to 168.32.14.15 for all packets with IP destination addresses in the 168.10.1.1/32 subnet.
switch(config)#ip access-list ACL2
switch(config-acl-ACL2)#permit ip 168.10.1.1/32 any
switch(config-acl-ACL2)#exit
switch(config)#interface vlan 201
switch(config-if-Vl201)#ip nat destination static 10.24.1.10 access-list ACL2 168.32.14.15
switch(config-if-Vl201)#
These commands configure Ethernet interface 2 to translate the local source address 10.24.1.10 to the global source address 168.32.14.15, and to translate the local destination address 10.68.104.3 to the global destination address 168.25.10.7 for all packets moving through the interface. The use of NAT group 3 is arbitrary, but must be the same in both rules.
switch(config)#interface ethernet 2
switch(config-if-Et2)#ip nat source static 10.24.1.10 168.32.14.15 group 3
switch(config-if-Et2)#ip nat destination static 10.68.104.3 168.25.10.7 group 3
 
ip nat pool
The ip nat pool command identifies a pool of addresses using start address, end address, and either netmask or prefix length. If its starting IP address and ending IP address are the same, there is only one address in the address pool.
The no ip nat pool removes the ip nat pool command from running_config.
Command Mode
Global Configuration
Command Syntax
ip nat pool pool_name [ADDRESS_SPAN] SUBNET_SIZE
no ip nat pool pool_name
default ip nat pool pool_name
Parameters
pool_name     name of the IP address pool.
ADDRESS_SPAN     Options include:
start_addr     The first IP address in the address pool (IPv4 addresses in dotted decimal notation).
end_addr     The last IP address in the address pool. (IPv4 addresses in dotted decimal notation).
SUBNET_SIZE     this functions as a sanity check to ensure it is not a network or broadcast network. Options include:
netmask ipv4_addr     The netmask of the address pool’s network (dotted decimal notation).
prefix-length <0 to 32>     The number of bits of the netmask (of the address pool’s network) that are ones (how many bits of the address indicate network).
Examples
This command configures the pool of addresses using start address, end address, and prefix length of 24.
switch(config)#ip nat pool poo1 10.15.15.15 10.15.15.25 prefix-length 24
switch(config)
This command removes the pool of addresses.
switch(config)# no ip nat pool poo1 10.15.15.15 10.15.15.25 prefix-length 24
switch(config)
ip nat source dynamic
The ip nat source dynamic command enables NAT of a specified source address for packets sent and received on the configuration mode interface. This command installs hardware translation entries for forward and reverse traffic. When the rule specifies a multicast group, the command does not install the reverse path in hardware. The command may include an access control list to filter packets for translation.
The no ip nat source dynamic and default ip nat source dynamic commands disables NAT translation of the specified destination address by removing the corresponding ip nat source dynamic command from running_config.
Note Ethernet and Port-channel interfaces should be configured as routed ports.
Command Mode
Interface-Ethernet Configuration
Interface-Port-channel Configuration
Interface-VLAN Configuration
Command Syntax
ip nat source dynamic access-list acl_name POOL_TYPE
no ip nat source dynamic access-list acl_name
default ip nat source dynamic access-list acl_name
Parameters
acl_name     Access control list that controls the internal network addresses eligible for NAT.
POOL_TYPE     Options include:
overload     Translates multiple local addresses to a single global address. When overloading is enabled, conversations using the same IP address are distinguished by their TCP or UDP port number.
pool pool_name    The name of the IP address pool. The pool is defined using the ip nat pool command.
The pool option is required even if the pool has just one address. NAT uses that one address for all of the translations.
pool_fullcone    Enables full cone NAT where all requests from the same internal IP address and port are mapped to the same external IP address and port.
Example
This command configures the dynamic NAT source address and sets the NAT overload for pool P2.
switch(config)#interface ethernet 3/1
switch(config-if-Et3/1)#ip nat source dynamic access-list ACL2 pool p2
switch#
This command disables the NAT source translation on interface Ethernet 3/1.
switch(config)#interface ethernet 3/1
switch(config-if-Et3/1)# no ip nat source dynamic access-list ACL2
switch(config-if-Et3/1)#
ip nat source static
The ip nat source static command enables NAT of a specified source address for the configuration mode interface. This command installs hardware translation entries for forward and reverse unicast traffic. When the rule specifies a multicast group, the command does not install the reverse path in hardware. The command may include an access control list to filter packets for translation.
When configuring twice NAT, an arbitrary NAT group number is used to associate the source NAT and destination NAT rules. This number must be the same in both rules.
The no ip nat source static and default ip nat source static commands disables NAT translation of the specified source address by removing the corresponding ip nat source command from running_config.
Command Mode
Interface-Ethernet Configuration
Interface-Port-channel Configuration
Interface-VLAN Configuration
Command Syntax
ip nat source static ORIGINAL [FILTER] TRANSLATED [PROT_TYPE] [group group_number]
no ip nat source static ORIGINAL [FILTER] TRANSLATED [PROT_TYPE] [group group_number]
default ip nat source static ORIGINAL [FILTER] TRANSLATED [PROT_TYPE] [group group_number]
Parameters
ORIGINAL     Source address to be modified. Options include:
original_ipv4     IPv4 address.
original_ipv4    original_port     IPv4 address and port (port value ranges from 1 to 65535).
FILTER     Access control list that filters packets. Options include:
<no parameter>     All packets with specified source address are cleared.
access-list list_name     List that specifies the packets that are cleared. Not supported when configuring twice NAT.
TRANSLATED     Source address of translated packet. Options include:
translated_ipv4     IPv4 address.
translated_ipv4   translated_port     IPv4 address and port (port value ranges from 1 to 65535). When configuring twice NAT, source and destination NAT rules must either both specify a port translation or both not specify a port translation.
PROT_TYPE     Filters packets based on protocol type. Options include:
<no parameter>     All packets with specified source address are cleared.
protocol tcp     TCP packets with specified source address are cleared.
protocol udp     UDP packets with specified source address are cleared.
group group_number     Used only when configuring twice NAT, the NAT group number associates a source NAT rule with a destination NAT rule on the same interface. The group number (values range from 1 to 255) is arbitrary, but must be the same in both rules.
Restrictions
If ORIGINAL includes a port, TRANSLATED must also include a port.
If ORIGINAL does not include a port, TRANSLATED cannot include a port.
Example
These commands configure VLAN 101 to translate source address 10.24.1.10 to 168.32.14.15.
switch(config)#interface vlan 101
switch(config-if-Vl101)#ip nat source static 10.24.1.10 168.32.14.15
switch(config-if-Vl101)#
These commands configure VLAN 100 to translate the source address 10.24.1.10 to 168.32.14.15 for all packets with IP destination addresses in the 168.10.1.1/32 subnet.
switch(config)#ip access-list ACL1
switch(config-acl-ACL1)#permit ip any 168.10.1.1/32
switch(config-acl-ACL1)#exit
switch(config)#interface vlan 101
switch(config-if-Vl101)#ip nat source static 10.24.1.10 access-list ACL1 168.32.141.15
switch(config-if-Vl101)#
These commands configure Ethernet interface 2 to translate the local source address 10.24.1.10 to the global source address 168.32.14.15, and to translate the local destination address 10.68.104.3 to the global destination address 168.25.10.7 for all packets moving through the interface. The use of NAT group 3 is arbitrary, but must be the same in both rules.
switch(config)#interface ethernet 2
switch(config-if-Et2)#ip nat source static 10.24.1.10 168.32.14.15 group 3
switch(config-if-Et2)#ip nat destination static 10.68.104.3 168.25.10.7 group 3
ip nat translation counters
The ip nat translation counters command enables the feature to count packets that are translated by static and twice NAT rules in hardware. Once this feature is enabled, all current rules in hardware and new rules that are configured after running this command receive policers for counting packets.
The no ip nat translation counters and default ip nat translation counters commands disable the packet counter feature for static and twice NAT connections.
Command Mode
Global Configuration
Command Syntax
ip nat translation counters
no ip nat translation counters
default ip nat translation counters
Guidelines
The ip nat translation counters command is supported on the DCS-7150 series switches only. This command is solely intended to debug static and twice NAT translation failures in hardware. Disable this feature after completing troubleshooting. If this feature remains enabled even when the count of static connections exceed 275, it can cause unpredictable behavior including restart of FocalPointV2 agent. The restart of FocalPointV2 agent results in traffic disruption.
Example
The ip nat translation counters command enables the packet counter feature for static and twice NAT connections. Using the show ip nat translation hardware detail and show ip nat translation twice hardware detail commands, you can verify the packet count.
switch(config)#ip nat translation counters
switch(config)#show ip nat translation hardware detail
Source IP           Destination IP      Translated IP     TGT Type Intf   Proto     Packets    Packets Reply
------------------------------------------------------------------------------------------------------------
192.168.10.2:0      -                    20.1.10.2:0      SRC STAT Vl2640 -           2              1
192.168.110.2:0     -                    20.1.110.2:0     SRC STAT Vl2640 -           2              1
switch(config)#show ip nat translation twice hardware detail
Source IP      Destination IP   Translated        Translated       Intf       Group    Packets   Packets
                                  Src IP            Dst IP                    Proto              Reply
---------------------------------------------------------------------------------------------------------
192.16.50.2:0   10.1.50.2:0      20.1.50.2:0       10.1.60.2:0     Vl2922 2     -         2        1
19.16.150.2:0   10.1.150.2:0     20.1.150.2:0      10.1.160.2:0    Vl2922 12    -         2
ip nat translation low-mark
The ip nat translation low-mark command configures the minimum threshold that triggers the resumption of programming new NAT translation connections.
The ip nat translation max-entries command specifies the maximum number of NAT translation connections that can be stored. When this limit is reached, new connections are dropped instead of being programmed in hardware or software. At this point no new connections will be programmed until the number of stored entries drop below the configured low-mark, expressed as a percentage of the max-entries value. The default low mark value is 90%.
The no ip nat translation low-mark and default ip nat translation low-mark commands restores the default low-mark value by removing the ip nat translation low-mark command from running_config.
Command Mode
Global Configuration
Command Syntax
ip nat translation low-mark threshold
no ip nat translation low-mark
default ip nat translation low-mark
Parameters
threshold     Percentage of maximum connection entries. Value ranges from 1 to 99. Default is 90.
Examples
This command globally sets the translation low mark of 93%.
switch(config)#ip nat translation low-mark 93
switch(config)#
ip nat translation max-entries
The ip nat translation max-entries command specifies maximum number of NAT translation connections. After this threshold is reached, new connections are dropped until the number of programmed connections is reduced below the level specified by the ip nat translation low-mark command.
The no ip nat translation max-entries and default ip nat translation max-entries commands removes the maximum connection limit and resets the parameter value to zero by removing the ip nat translation max-entries command from running_config.
Command Mode
Global Configuration
Command Syntax
ip nat translation max-entries connections
no ip nat translation max-entries
default ip nat translation max-entries
Parameters
connections     The maximum number of NAT translation connections. Value ranges from 0 to 4294967295. Default value is 0, which removes the connection limit.
Examples
This command limits the number of NAT translation connections the switch can store to 3000.
switch(config)#ip nat translation max-entries 3000
switch(config)#
ip nat translation tcp-timeout
The ip nat translation tcp-timeout command specifies the translation timeout period for translation table entries. The timeout period specifies the interval during which the switch will attempt to reuse an existing TCP translation for devices specified by table entries.
The no ip nat translation tcp-timeout and default ip nat translation tcp-timeout commands reset the timeout to its default by removing the corresponding ip nat translation tcp-timeout command from running_config.
Command Mode
Global Configuration
Command Syntax
ip nat translation tcp-timeout period
no ip nat translation tcp-timeout
default ip nat translation tcp-timeout
Parameters
period     Time-out period in seconds for port translations. Value ranges from 0 to 4294967295. Default value is 86400 (24 hours).
Examples
This command sets the TCP timeout for translations to 600 seconds.
switch(config)# ip nat translation tcp-timeout 600
switch(config)#
This command removes the TCP translation timeout.
switch(config)# no ip nat translation tcp-timeout
switch(config)#
ip nat translation udp-timeout
The ip nat translation udp-timeout command specifies the translation timeout period for translation table entries. The timeout period specifies the interval the switch attempts to establish a UDP connection with devices specified by table entries.
The no ip nat translation udp-timeout and default ip nat translation udp-timeout commands disables NAT translation of the specified destination address by removing the corresponding ip nat translation udp-timeout command from running_config.
Command Mode
Global Configuration
Command Syntax
ip nat translation udp-timeout period
no ip nat translation udp-timeout
default ip nat translation udp-timeout
Parameters
period      Value ranges from 0 to 4294967295. Default value is 300 (5 minutes).
Examples
This command globally sets the timeout for UDP to 800 seconds.
switch(config)# ip nat translation udp-timeout 8 00
This command removes the timeout for UDP.
switch(config)# no ip nat translation udp-timeout
ip proxy-arp
The ip proxy-arp command enables proxy ARP on the configuration mode interface. Proxy ARP is disabled by default.
The no ip proxy-arp and default ip proxy-arp commands disable proxy ARP on the configuration mode interface by removing the corresponding ip proxy-arp command from running-config.
Command Mode
Interface-Ethernet Configuration
Interface-Loopback Configuration
Interface-Management Configuration
Interface-Port-channel Configuration
Interface-VLAN Configuration
Command Syntax
ip proxy-arp
no ip proxy-arp
default ip proxy-arp
Examples
This command enables proxy ARP on Ethernet interface 4.
switch(config)#interface ethernet 4
switch(config-if-Et4)#ip proxy-arp
switch(config-if-Et4)#
ip route
The ip route command creates a static route. The destination is a network segment; the nexthop address is either an IPv4 address or a routable port. When multiple routes exist to a destination prefix, the route with the lowest administrative distance takes precedence.
By default, the administrative distance assigned to static routes is 1. Assigning a higher administrative distance to a static route configures it to be overridden by dynamic routing data. For example, a static route with an administrative distance value of 200 is overridden by OSPF intra-area routes, which have a default administrative distance of 110.
Tags are used by route maps to filter routes. The default tag value on static routes is 0.
Multiple routes with the same destination and the same administrative distance comprise an Equal Cost Multi-Path (ECMP) route. The switch attempts to spread outbound traffic equally through all ECMP route paths. All paths comprising an ECMP are assigned identical tag values; commands that change the tag value of a path change the tag value of all paths in the ECMP.
The no ip route and default ip route commands delete the specified static route by removing the corresponding ip route command from running-config. Commands that do not list a nexthop address remove all ip route statements with the specified destination from running-config. If an ip route statement exists for the same IP address in multiple VRFs, each must be removed separately. All static routes in a user-defined VRF are deleted when the VRF is deleted.
Command Mode
Global Configuration
Command Syntax
ip route [VRF_INSTANCE] dest_net NEXTHOP [DISTANCE] [TAG_OPTION] [RT_NAME]
no ip route [VRF_INSTANCE] dest_net [NEXTHOP] [DISTANCE]
default ip route [VRF_INSTANCE] dest_net [NEXTHOP] [DISTANCE]
Parameters
VRF_INSTANCE     Specifies the VRF instance being modified.
<no parameter>     Changes are made to the default VRF.
vrf vrf_name     Changes are made to the specified VRF.
dest_net     Destination IPv4 subnet (CIDR or address-mask notation).
NEXTHOP    Location or access method of next hop device. Options include:
ipv4_addr     An IPv4 address.
null0     Null0 interface.
ethernet e_num     Ethernet interface specified by e_num.
loopback l_num     Loopback interface specified by l_num.
management m_num     Management interface specified by m_num.
port-channel p_num     Port-channel interface specified by p_num.
vlan v_num     VLAN interface specified by v_num.
vxlan vx_num     VXLAN interface specified by vx_num.
DISTANCE     Administrative distance assigned to route. Options include:
<no parameter>      Route assigned default administrative distance of one.
<1-255>     The administrative distance assigned to route.
TAG_OPTION     static route tag. Options include:
<no parameter>      Assigns default static route tag of 0.
tag t_value      Static route tag value. t_value ranges from 0 to 4294967295.
RT_NAME     Associates descriptive text to the route. Options include:
<no parameter>      No text is associated with the route.
name descriptive_text     The specified text is assigned to the route.
Related Commands
ip route nexthop-group command creates a static route that specifies a Nexthop Group to determine the Nexthop address.
Example
This command creates a static route in the default VRF.
switch(config)#ip route 172.17.252.0/24 vlan 2000
switch(config)#
ip routing
The ip routing command enables IPv4 routing. When IPv4 routing is enabled, the switch attempts to deliver inbound packets to destination IPv4 addresses by forwarding them to interfaces or next hop addresses specified by the forwarding table.
The no ip routing and default ip routing commands disable IPv4 routing by removing the ip routing command from running-config. When IPv4 routing is disabled, the switch attempts to deliver inbound packets to their destination MAC addresses. When this address matches the switch’s MAC address, the packet is delivered to the CPU. IP packets with IPv4 destinations that differ from the switch’s address are typically discarded. The delete-static-routes option removes static entries from the routing table.
IPv4 routing is disabled by default.
Command Mode
Global Configuration
Command Syntax
ip routing [VRF_INSTANCE]
no ip routing [DELETE_ROUTES] [VRF_INSTANCE]
default ip routing [DELETE_ROUTES] [VRF_INSTANCE]
Parameters
DELETE_ROUTES     Resolves routing table static entries when routing is disabled.
<no parameter>     Routing table retains static entries.
delete-static-routes     Static entries are removed from the routing table.
VRF_INSTANCE     specifies the VRF instance being modified.
<no parameter>     changes are made to the default VRF.
vrf vrf_name     changes are made to the specified user-defined VRF.
Example
This command enables IPv4 routing.
switch(config)#ip routing
switch(config)#
ip source binding
IP source guard (IPSG) is supported on Layer 2 Port-Channels, not member ports. The IPSG configuration on port channels supersedes the configuration on the physical member ports. Hence, source IP MAC binding entries should be configured on port channels. When configured on a port channel member port, IPSG does not take effect until this port is deleted from the port channel configuration.
Note IP source bindings are also used by static ARP inspection.
The no ip source binding and default ip source binding commands exclude parameters from IPSG filtering, and set the default for ip source binding.
Command Mode
Interface-Ethernet Configuration
Command Syntax
ip source binding [IP_ADDRESS] [MAC_ADDRESS] vlan [VLAN_RANGE] interface [INTERFACE]
no ip source binding [IP_ADDRESS] [MAC_ADDRESS] vlan [VLAN_RANGE] interface [INTERFACE]
default ip source binding [IP_ADDRESS] [MAC_ADDRESS] vlan [VLAN_RANGE] interface [INTERFACE]
Parameters
IP_ADDRESS     Specifies the IP ADDRESS.
MAC_ADDRESS     Specifies the MAC ADDRESS.
VLAN_RANGE     Specifies the VLAN ID range.
INTERFACE     Specifies the Ethernet interface.
Related Commands
Example
This command configures source IP-MAC binding entries to IP address 10.1.1.1, MAC address 0000.aaaa.1111, VLAN ID 4094, and Ethernet interface 36.
switch(config)#ip source binding 10.1.1.1 0000.aaaa.1111 vlan 4094 interface ethernet 36
switch(config)#
ip verify
The ip verify command configures Unicast Reverse Path Forwarding (uRPF) for inbound IPv4 packets on the configuration mode interface. uRPF verifies the accessibility of source IP addresses in packets that the switch forwards.
uRPF defines two operational modes: strict mode and loose mode.
Strict mode: uRPF verifies that a packet is received on the interface that its routing table entry specifies for its return packet.
Loose mode: uRPF validation does not consider the inbound packet’s ingress interface only that there is a valid return path.
The no ip verify and default ip verify commands disable uRPF on the configuration mode interface by deleting the corresponding ip verify command from running-config.
Command Mode
Interface-Ethernet Configuration
Interface-Loopback Configuration
Interface-Management Configuration
Interface-Port-Channel Configuration
Interface-VLAN Configuration
Command Syntax
ip verify unicast source reachable-via RPF_MODE
no ip verify unicast
default ip verify unicast
Parameters
RPF_MODE     Specifies the uRPF mode. Options include:
any     Loose mode.
rx     Strict mode.
rx allow-default     Strict mode. All inbound packets are forwarded if a default route is defined.
Guidelines
The first IPv4 uRPF implementation briefly disrupts IPv4 unicast routing. Subsequent ip verify commands on any interface do not disrupt IPv4 routing.
Example
This command enables uRPF loose mode on VLAN interface 17.
switch(config)#interface vlan 17
switch(config-if-Vl17)#ip verify unicast source reachable-via any
switch(config-if-Vl17)#show active
interface Vlan17
   ip verify unicast source reachable-via any
switch(config-if-Vl17)#
This command enables uRPF strict mode on VLAN interface 18.
switch(config)#interface vlan 18
switch(config-if-Vl18)#ip verify unicast source reachable-via rx
switch(config-if-Vl18)#show active
interface Vlan18
   ip verify unicast source reachable-via rx
switch(config-if-Vl18)#
ip verify source
The ip verify source command configures IP source guard (IPSG) applicable only to Layer 2 ports. When configured on Layer 3 ports, IPSG does not take effect until this interface is converted to Layer 2.
IPSG is supported on Layer 2 Port-Channels, not member ports. The IPSG configuration on port channels supersedes the configuration on the physical member ports. Hence, source IP MAC binding entries should be configured on port channels. When configured on a port channel member port, IPSG does not take effect until this port is deleted from the port channel configuration.
The no ip verify source and default ip verify source commands exclude VLAN IDs from IPSG filtering, and set the default for ip verify source.
Command Mode
Interface-Ethernet Configuration
Command Syntax
ip verify source vlan [VLAN_RANGE]
no ip verify source [VLAN_RANGE]
default ip verify source
Parameters
VLAN_RANGE     Specifies the VLAN ID range.
Related Commands
Example
This command excludes VLAN IDs 1 through 3 from IPSG filtering. When enabled on a trunk port, IPSG filters the inbound IP packets on all allowed VLANs. IP packets received on VLANs 4 through 10 on Ethernet 36 will be filtered by IPSG, while those received on VLANs 1 through 3 are permitted.
switch(config)#no ip verify source vlan 1-3
switch(config)#interface ethernet 36
switch(config-if-Et36)#switchport mode trunk
switch(config-if-Et36)#switchport trunk allowed vlan 1-10
switch(config-if-Et36)#ip verify source
switch(config-if-Et36)#
platform trident forwarding-table partition
The platform trident forwarding-table partition command provides a shared table memory for L2, L3 and algorithmic LPM entries that can be partitioned in different ways.
Instead of having fixed-size tables for L2 MAC entry tables, L3 IP forwarding tables, and Longest Prefix Match (LPM) routes, the tables can be unified into a single shareable forwarding table.
Important! Changing the Unified Forwarding Table mode causes the forwarding agent to restart, briefly disrupting traffic forwarding on all ports.
The no platform trident forwarding-table partition and default platform trident forwarding-table partition commands remove the  platform trident forwarding-table partition command from running-config.
Command Mode
Global Configuration
Command Syntax
platform trident forwarding-table partition SIZE
no platform trident forwarding-table partition
default platform trident forwarding-table partition
Parameters
SIZE      Size of partition. Options include:
0      288k l2 entries, 16k host entries, 16k lpm entries
1      224k l2 entries, 80k host entries, 16k lpm entries
2      160k l2 entries, 144k host entries, 16k lpm entries
3      96k l2 entries, 208k host entries, 16k lpm entries
Default value is 2 (160k l2 entries, 144k host entries, 16k lpm entries).
Example
This command sets the single shareable forwarding table to option 2 that supports 160k L2 entries, 144k host entries, and 16k LPM entries.
switch(config)#platform trident forwarding-table partition 2
switch(config)
This command sets the single shareable forwarding table to option 3 that supports 96k L2 entries, 208k host entries, and 16k LPM entries. Since the switch was previously configured to option 2, you’ll see a warning notice before the changes are implemented.
#switch(config)# platform trident forwarding-table partition 3
Warning: StrataAgent will restart immediately
platform trident routing-table partition
The platform trident routing-table partition command manages the partition sizes for the hardware LPM table that stores IPv6 routes of varying sizes.
An IPv6 route of length /64 (or shorter) requires half the hardware resources of an IPv6 route that is longer than /64. The switch installs routes of varying lengths in different table partitions. This command specifies the size of these partitions to optimize table usage.
Important! Changing the routing table partition mode causes the forwarding agent to restart, briefly disrupting traffic forwarding on all ports
The no platform trident routing-table partition and default platform trident routing-table partition commands restore the default partitions sizes by removing the platform trident routing-table partition command from running-config.
Command Mode
Global Configuration
Command Syntax
platform trident routing-table partition SIZE
no platform trident routing-table partition
default platform trident routing-table partition
Parameters
SIZE      Size of partition. Options include:
1      16k IPv4 entries, 6k IPv6 (/64 and smaller) entries, 1k IPv6 (any prefix length)
2      16k IPv4 entries, 4k IPv6 (/64 and smaller) entries, 2k IPv6 (any prefix length)
3      16k IPv4 entries, 2k IPv6 (/64 and smaller) entries, 3k IPv6 (any prefix length)
Default value is 2 (16k IPv4 entries, 4k IPv6 (/64 and smaller) entries, 2k IPv6 (any prefix length).
Restrictions
Partition allocation cannot be changed from the default setting when uRPF is enabled for IPv6 traffic.
Example
This command sets the shareable routing table to option 1 that supports 6K prefixes equal to or shorter than /64 and 1K prefixes longer than /64.
switch(config)#platform trident routing-table partition 1
switch(config)
rd (VRF configuration mode)
The rd command issued in VRF Configuration Mode is a legacy command supported for backward compatibility. To configure a route distinguisher (RD) for a VRF, use the rd (Router-BGP VRF and VNI Configuration Modes) command.
Note Legacy RDs that were assigned to a VRF in VRF Configuration Mode will still appear in show vrf outputs if an RD has not been configured in Router-BGP VRF Configuration Mode, but they no longer have an effect on the system.
rib fib policy
The rib fib policy command enables FIB policy for a particular VRF under router general configuration mode.The FIB policy can be configured to advertise only specific RIB routes and exclude all other routes.
For example, a FIB policy can be configured that will not place routes associated with a specific origin in the routing table. These routes will not be used to forward data packets and these routes are not advertised by the routing protocol to neighbors.
The no rib fib policy and default rib fib policy commands restore the switch to its default state by removing the corresponding rib fib policy command from running-config.
Command Mode
Router General Configuration
Command Syntax
rib <ipv4|ipv6> fib policy <name>
no rib <ipv4|ipv6> fib policy <name>
default rib <ipv4|ipv6> fib policy <name>
Parameters
ipv4     IPv4 configuration commands.
ipv6     IPv6 configuration commands.
name     Route map name.
Example
The following example enables FIB policy for IPv4 in the default VRF, using the route map, map1.
Switch(config)#router general
Switch(config-router-general)#vrf default
Switch(config-router-general-vrf-default)#rib ipv4 fib policy map1
show arp
The show arp command displays all ARP tables. This command differs from the show ip arp command in that it shows MAC bindings for all protocols, whereas show ip arp only displays MAC address – IP address bindings. Addresses are displayed as their host name by including the resolve argument.
Command Mode
EXEC
Command Syntax
show arp [VRF_INST][FORMAT][HOST_ADD][HOST_NAME][INTF][MAC_ADDR][DATA]
Parameters
The VRF_INST and FORMAT parameters are always listed first and second. The DATA parameter is always listed last. All other parameters can be placed in any order.
VRF_INST     specifies the VRF instance for which data is displayed.
<no parameter>     context-active VRF.
vrf vrf_name     specifies name of VRF instance. System default VRF is specified by default.
FORMAT     Display format of host address. Options include:
<no parameter>     entries associate hardware address with an IPv4 address.
resolve     entry associate hardware address with a host name (if it exists).
HOST_ADD     IPv4 address by which routing table entries are filtered. Options include:
<no parameter>     routing table entries are not filtered by host address.
ipv4_addr     table entries matching specified IPv4 address.
HOST_NAME     Host name by which routing table entries are filtered. Options include:
<no parameter>     routing table entries are not filtered by host name.
host hostname     entries matching hostname (text).
INTF     interfaces for which command displays status.
<no parameter>     Routing table entries are not filtered by interface.
interface ethernet e_num     Routed Ethernet interface specified by e_num.
interface loopback l_num     Routed loopback interface specified by l_num.
interface management m_num     Routed management interface specified by m_num.
interface port-channel p_num     Routed port channel Interface specified by p_num.
interface vlan v_num     VLAN interface specified by v_num.
interface vxlan vx_num     VXLAN interface specified by vx_num.
MAC_ADDR     MAC address by which routing table entries are filtered. Options include:
<no parameter>     Routing table entries are not filtered by interface MAC address.
mac_address mac_address     entries matching mac_address (dotted hex notation – H.H.H).
DATA     Detail of information provided by command. Options include:
<no parameter>     Routing table entries.
summary     Summary of ARP table entries.
summary total     Number of ARP table entries.
Related Commands
cli vrf specifies the context-active VRF.
Example
This command displays the ARP table.
switch>show arp
Address         Age (min)  Hardware Addr   Interface
172.22.30.1             0  001c.730b.1d15  Management1
172.22.30.133           0  001c.7304.3906  Management1
switch>
show ip
The show ip command displays IPv4 routing, IPv6 routing, IPv4 multicast routing, and VRRP status on the switch.
Command Mode
EXEC
Command Syntax
show ip
Example
This command displays IPv4 routing status.
switch>show ip
 
IP Routing : Enabled
IP Multicast Routing : Disabled
VRRP: Configured on 0 interfaces
 
IPv6 Unicast Routing : Enabled
IPv6 ECMP Route support : False
IPv6 ECMP Route nexthop index: 5
IPv6 ECMP Route num prefix bits for nexthop index: 10
 
switch>
show ip arp
The show ip arp command displays ARP cache entries that map an IPv4 address to a corresponding MAC address. The table displays addresses by their host names when the command includes the resolve argument.
Command Mode
EXEC
Command Syntax
show ip arp [VRF_INST][FORMAT][HOST_ADD][HOST_NAME][INTF][MAC_ADDR][DATA]
Parameters
The VRF_INST and FORMAT parameters are always listed first and second. The DATA parameter is always listed last. All other parameters can be placed in any order.
VRF_INST     specifies the VRF instance for which data is displayed.
<no parameter>     context-active VRF.
vrf vrf_name     specifies name of VRF instance. System default VRF is specified by default.
FORMAT     Display format of host address. Options include:
<no parameter>     entries associate hardware address with an IPv4 address.
resolve     entry associate hardware address with a host name (if it exists).
HOST_ADDR     IPv4 address by which routing table entries are filtered. Options include:
<no parameter>     routing table entries are not filtered by host address.
ipv4_addr     table entries matching specified IPv4 address.
HOST_NAME     Host name by which routing table entries are filtered. Options include:
<no parameter>     routing table entries are not filtered by host name.
host hostname     entries matching hostname (text).
INTERFACE_NAME     interfaces for which command displays status.
<no parameter>     Routing table entries are not filtered by interface.
interface ethernet e_num     Routed Ethernet interface specified by e_num.
interface loopback l_num     Routed loopback interface specified by l_num.
interface management m_num     Routed management interface specified by m_num.
interface port-channel p_num     Routed port channel Interface specified by p_num.
interface vlan v_num     VLAN interface specified by v_num.
interface vxlan vx_num     VXLAN interface specified by vx_num.
MAC_ADDR     MAC address by which routing table entries are filtered. Options include:
<no parameter>     Routing table entries are not filtered by interface MAC address.
mac_address mac_address     entries matching mac_address (dotted hex notation – H.H.H).
DATA     Detail of information provided by command. Options include:
<no parameter>     Routing table entries.
summary     Summary of ARP table entries.
summary total     Number of ARP table entries.
Related Commands
cli vrf specifies the context-active VRF.
Examples
This command displays ARP cache entries that map MAC addresses to IPv4 addresses.
switch>show ip arp
Address         Age (min)  Hardware Addr   Interface
172.25.0.2              0  004c.6211.021e  Vlan101, Port-Channel2
172.22.0.1              0  004c.6214.3699  Vlan1000, Port-Channel1
172.22.0.2              0  004c.6219.a0f3  Vlan1000, Port-Channel1
172.22.0.3              0  0045.4942.a32c  Vlan1000, Ethernet33
172.22.0.5              0  f012.3118.c09d  Vlan1000, Port-Channel1
172.22.0.6              0  00e1.d11a.a1eb  Vlan1000, Ethernet5
172.22.0.7              0  004f.e320.cd23  Vlan1000, Ethernet6
172.22.0.8              0  0032.48da.f9d9  Vlan1000, Ethernet37
172.22.0.9              0  0018.910a.1fc5  Vlan1000, Ethernet29
172.22.0.11             0  0056.cbe9.8510  Vlan1000, Ethernet26
switch>
This command displays ARP cache entries that map MAC addresses to IPv4 addresses. Host names assigned to IP addresses are displayed in place of the address.
switch>show ip arp resolve
Address         Age (min)  Hardware Addr   Interface
green-vl101.new         0  004c.6211.021e  Vlan101, Port-Channel2
172.22.0.1              0  004c.6214.3699  Vlan1000, Port-Channel1
orange-vl1000.n         0  004c.6219.a0f3  Vlan1000, Port-Channel1
172.22.0.3              0  0045.4942.a32c  Vlan1000, Ethernet33
purple.newcompa         0  f012.3118.c09d  Vlan1000, Port-Channel1
pink.newcompany         0  00e1.d11a.a1eb  Vlan1000, Ethernet5
yellow.newcompa         0  004f.e320.cd23  Vlan1000, Ethernet6
172.22.0.8              0  0032.48da.f9d9  Vlan1000, Ethernet37
royalblue.newco         0  0018.910a.1fc5  Vlan1000, Ethernet29
172.22.0.11             0  0056.cbe9.8510  Vlan1000, Ethernet26
switch>
show ip arp inspection vlan
The show ip arp inspection vlan command displays the configuration and operation state of ARP inspection. For a VLAN range specified, only VLANs with ARP inspection enabled will be displayed. If no VLAN is specified, all VLANs with ARP inspection enabled are displayed. The operation state turns to Active when hardware is ready to trap ARP packets for inspection.
Command Mode
EXEC
Command Syntax
show ip arp inspection vlan [LIST]
Parameters
LIST     specifies the VLAN interface number.
Related Commands
Example
This command displays the configuration and operation state of ARP inspection for VLANs 1 through 150.
switch(config)#show ip arp inspection vlan 1 - 150
VLAN 1
----------
Configuration
: Enabled
Operation State : Active
VLAN 2
----------
Configuration
: Enabled
Operation State : Active
{...}
VLAN 150
----------
Configuration
: Enabled
Operation State : Active
 
switch(config)#
show ip arp inspection statistics
The show ip arp inspection statistics command displays the statistics of inspected ARP packets. For a VLAN specified, only VLANs with ARP inspection enabled will be displayed. If no VLAN is specified, all VLANs with ARP inspection enabled are displayed.
Command Mode
EXEC
Command Syntax
show ip arp inspection statistics [vlan [VID] | [INTERFACE] interface <intf_slot/intf_port>]
Parameters
VID     specifies the VLAN interface ID.
INTERFACE     specifies the interface (e.g., Ethernet).
<intf_slot>     interface slot.
<intf_port>     interface port.
INTF     specifies the VLAN interface slot and port.
Related Commands
Examples
This command display statistics of inspected ARP packets for VLAN 10.
switch(config)#show ip arp inspection statistics vlan 10
Vlan : 10
--------------
ARP
Req Forwarded = 20
ARP Res Forwarded = 20
ARP Req Dropped = 1
ARP Res Dropped = 1
Last invalid ARP:
Time: 10:20:30 ( 5 minutes ago )
Reason: Bad IP/Mac match
Received on: Ethernet 3/1
Packet:
  Source MAC: 00:01:00:01:00:01
  Dest MAC: 00:02:00:02:00:02
  ARP Type: Request
  ARP Sender MAC: 00:01:00:01:00:01
  ARP Sender IP: 1.1.1
 
switch(config)#
This command displays ARP inspection statistics for Ethernet interface 3/1.
switch(config)#show ip arp inspection statistics ethernet interface 3/1
Interface : 3/1
--------
ARP Req Forwarded = 10
ARP Res Forwarded = 10
ARP Req Dropped = 1
ARP Res Dropped = 1
 
Last invalid ARP:
Time: 10:20:30 ( 5 minutes ago )
Reason: Bad IP/Mac match
Received on: VLAN 10
Packet:
  Source MAC: 00:01:00:01:00:01
  Dest MAC: 00:02:00:02:00:02
  ARP Type: Request
  ARP Sender MAC: 00:01:00:01:00:01
  ARP Sender IP: 1.1.1
 
switch(config)#
show ip dhcp relay
The show ip dhcp relay command displays the DHCP relay agent configuration status on the switch.
Command Mode
EXEC
Command Syntax
show ip dhcp relay
Example
This command displays the DHCP relay agent configuration status.
switch>show ip dhcp relay
DHCP Relay is active
DHCP Relay Option 82 is disabled
DHCP Smart Relay is enabled
Interface: Vlan100
  DHCP Smart Relay is disabled
  DHCP servers: 10.4.4.4
switch>
show ip dhcp relay counters
The show ip dhcp relay counters command displays the number of DHCP packets received, forwarded, or dropped on the switch and on all interfaces enabled as DHCP relay agents.
Command Mode
EXEC
Command Syntax
show ip dhcp relay counters
Example
This command displays the IP DHCP relay counter table.
switch>show ip dhcp relay counters
 
          |  Dhcp Packets  |
Interface | Rcvd Fwdd Drop |         Last Cleared
----------|----- ---- -----|---------------------
  All Req |  376  376    0 | 4 days, 19:55:12 ago
All Resp |  277  277    0 |
          |                |
Vlan1000 |    0    0    0 | 4 days, 19:54:24 ago
Vlan1036 |  376  277    0 | 4 days, 19:54:24 ago
 
switch>
show ip dhcp snooping
The show ip dhcp snooping command displays the DHCP snooping configuration.
Command Mode
EXEC
Command Syntax
show ip dhcp snooping
Related Commands
ip dhcp snooping globally enables DHCP snooping.
ip dhcp snooping vlan enables DHCP snooping on specified VLANs.
ip dhcp snooping information option enables insertion of option-82 snooping data.
ip helper-address enables the DHCP relay agent on a configuration mode interface.
Example
This command displays the switch’s DHCP snooping configuration.
switch>show ip dhcp snooping
DHCP Snooping is enabled
DHCP Snooping is operational
DHCP Snooping is configured on following VLANs:
  100
DHCP Snooping is operational on following VLANs:
  100
Insertion of Option-82 is enabled
  Circuit-id format: Interface name:Vlan ID
  Remote-id: 00:1c:73:1f:b4:38 (Switch MAC)
switch>
show ip dhcp snooping counters
The show ip dhcp snooping counters command displays counters that track the quantity of DHCP request and reply packets that the switch receives. Data is either presented for each VLAN or aggregated for all VLANs with counters for packets dropped.
Command Mode
EXEC
Command Syntax
show ip dhcp snooping counters [COUNTER_TYPE]
Parameters
COUNTER_TYPE     The type of counter that the command resets. Formats include:
<no parameter>     command displays counters for each VLAN.
debug     command displays aggregate counters and drop cause counters.
Example
This command displays the number of DHCP packets sent and received on each VLAN.
switch>show ip dhcp snooping counters
 
     | Dhcp Request Pkts | Dhcp Reply Pkts |
Vlan |  Rcvd  Fwdd  Drop | Rcvd Fwdd  Drop | Last Cleared
-----|------ ----- ------|----- ---- ------|-------------
100 |     0     0     0 |    0    0     0 |  0:35:39 ago
 
switch>
This command displays the number of DHCP packets sent on the switch.
switch>show ip dhcp snooping counters debug
 
Counter                       Snooping to Relay Relay to Snooping
----------------------------- ----------------- -----------------
Received                                      0                 0
Forwarded                                     0                 0
Dropped - Invalid VlanId                      0                 0
Dropped - Parse error                         0                 0
Dropped - Invalid Dhcp Optype                 0                 0
Dropped - Invalid Info Option                 0                 0
Dropped - Snooping disabled                   0                 0
 
Last Cleared:  3:37:18 ago
switch>
show ip dhcp snooping hardware
The show ip dhcp snooping hardware command displays internal hardware DHCP snooping status on the switch.
Command Mode
EXEC
Command Syntax
show ip dhcp snooping hardware
Example
This command DHCP snooping hardware status.
switch>show ip dhcp snooping hardware
DHCP Snooping is enabled
DHCP Snooping is enabled on following VLANs:
    None
    Vlans enabled per Slice
        Slice:  FixedSystem
        None
switch>
show ip interface
The show ip interface command displays the status of specified interfaces that are configured as routed ports. The command provides the following information:
Interface description
Internet address
Broadcast address
Address configuration method
Proxy-ARP status
MTU size
Command Mode
EXEC
Command Syntax
show ip interface [INTERFACE_NAME][VRF_INST]
Parameters
INTERFACE_NAME     interfaces for which command displays status.
<no parameter>     all routed interfaces.
ipv4_addr     Neighbor IPv4 address.
ethernet e_range     Routed Ethernet interfaces specified by e_range.
loopback l_range     Routed loopback interfaces specified by l_range.
management m_range     Routed management interfaces specified by m_range.
port-channel p_range     Routed port channel Interfaces specified by p_range.
vlan v_range     VLAN interfaces specified by v_range.
vxlan vx_range     VXLAN interfaces specified by vx_range.
VRF_INST     specifies the VRF instance for which data is displayed.
<no parameter>     context-active VRF.
vrf vrf_name     specifies name of VRF instance. System default VRF is specified by default.
Example
This command displays IP status of configured VLAN interfaces numbered between 900 and 910.
switch>show ip interface vlan 900-910
! Some interfaces do not exist
Vlan901 is up, line protocol is up (connected)
  Description: ar.pqt.mlag.peer
  Internet address is 170.23.254.1/30
  Broadcast address is 255.255.255.255
  Address determined by manual configuration
  Proxy-ARP is disabled
  MTU 9212 bytes
Vlan903 is up, line protocol is up (connected)
  Description: ar.pqt.rn.170.23.254.16/29
  Internet address is 170.23.254.19/29
  Broadcast address is 255.255.255.255
  Address determined by manual configuration
  Proxy-ARP is disabled
  MTU 9212 bytes
This command displays the configured TCP maximum segment size (MSS) ceiling value of 1436 bytes for an Ethernet interface 25.
switch>show ip interface ethernet 25
Ethernet25 is up, line protocol is up (connected)
  Internet address is 10.1.1.1/24
  Broadcast address is 255.255.255.255
  IPv6 Interface Forwarding : None
  Proxy-ARP is disabled
  Local Proxy-ARP is disabled
  Gratuitous ARP is ignored
  IP MTU 1500 bytes
  IPv4 TCP MSS egress ceiling is 1436 bytes
show ip interface brief
Use the show ip interface brief command output to display the status summary of the specified interfaces that are configured as routed ports. The command provides the following information for each specified interface:
IP address
Operational status
Line protocol status
MTU size
Command Mode
EXEC
Command Syntax
show ip interface [INTERFACE_NAME][VRF_INST] brief
Parameters
INTERFACE_NAME     interfaces for which command displays status.
<no parameter>     all routed interfaces.
ipv4_addr     Neighbor IPv4 address.
ethernet e_range     Routed Ethernet interfaces specified by e_range.
loopback l_range     Routed loopback interfaces specified by l_range.
management m_range     Routed management interfaces specified by m_range.
port-channel p_range     Routed port channel Interfaces specified by p_range.
vlan v_range     VLAN interfaces specified by v_range.
vxlan vx_range     VXLAN interface range specified by vx_range.
VRF_INST     specifies the VRF instance for which data is displayed.
<no parameter>     context-active VRF.
vrf vrf_name     specifies name of VRF instance. System default VRF is specified by default.
Example
This command displays the summary status of VLAN interfaces 900-910
switch>show ip interface vlan 900-910 brief
! Some interfaces do not exist
Interface              IP Address         Status     Protocol         MTU
Vlan901                170.33.254.1/30    up         up              9212
Vlan902                170.33.254.14/29   up         up              9212
Vlan905                170.33.254.17/29   up         up              1500
Vlan907                170.33.254.67/29   up         up              9212
Vlan910                170.33.254.30/30   up         up              9212
show ip nat access-list interface
The show ip nat acl interface command displays the access control lists (ACLs) that are configured as source NAT or destination NAT filters. The display indicates ACL rules that do not comply with these NAT requirements:
Source IP address is any.
Destination IP address may use any mask size.
Source port matching is not allowed.
Protocol matching is not allowed.
Command Mode
EXEC
Command Syntax
show ip nat access-list [INTF] [LISTS]
Parameters
INTF    Filters NAT statements by interface. Options include:
<no parameter>     includes all statements on all interfaces.
interface ethernet e_num     Statements on specified Ethernet interface.
interface loopback l_num     Statements on specified Loopback interface.
interface management m_num     Statements on specified Management interface.
interface port-channel p_num     Statements on specified Port-Channel Interface.
interface vlan v_num     Statements on specified VLAN interface.
interface vxlan vx_num     Statements on specified VXLAN interface.
LISTS     ACLs displayed by command. Options include:
<no parameter>     all ACLs.
acl_name      Specifies individual ACL.
Example
These commands display the NAT command usage of the ACL1 and ACL2 access control lists.
switch>show ip nat acl ACL1
acl ACL1
        (0.0.0.0/0, 168.10.1.1/32)
Interfaces using this ACL for Nat:
        Vlan100
 
switch>show ip nat acl ACL2
acl ACL2
        (168.10.1.1/32, 0.0.0.0/0)
Interfaces using this ACL for Nat:
        Vlan201
switch>
show ip nat pool
The show ip nat pool command displays the configuration of the address pool.
Command Mode
EXEC
Command Syntax
show ip nat pool POOL_SET
Parameters
pool_name     The name of the pool.
POOL_SET     Options include:
<no parameter>     all configured port channels.
pool_name     The name of the pool.
Example
This command displays all the address pools configured on the switch.
switch#show ip nat pool
Pool                 StartIp               EndIp                 Prefix
p1                   10.15.15.15           10.15.15.25           24
p2                   10.10.15.15           10.10.15.25           22
p3                   10.12.15.15           10.12.15.25           12
switch#
These commands display specific information for the address pools configured on the switch.
switch#show ip nat pool p1
Pool                 StartIp               EndIp                 Prefix
p1                   4.1.1.1               4.1.1.2               24
                     1.1.1.1               1.1.1.2               24
                     3.1.1.1               3.1.1.2               24
switch#show ip nat pool p2
Pool                 StartIp               EndIp                 Prefix
p2                   10.1.1.1              10.1.1.2              16
switch#
show ip nat translation
The show ip nat translation command displays configured NAT statements in the switch hardware.
Command Mode
EXEC
Command Syntax
show ip nat translation [address | address-only | destination | detail | dynamic | hardware | interface | kernel | max-entries | source | static | summary | twice]
Command position of all parameters are interchangeable.
Parameters
<no parameter>     displays all NAT connections installed in software.
address ipv4_addr     displays NAT connections of the specified IPv4 host address.
address-only ipv4_addr      displays address-only NAT connections of the specified IPv4 host address.
destination     displays destination NAT connections installed in software.
detail     displays detailed output of all NAT connections.
dynamic     displays dynamic NAT connections.
hardware     displays NAT connections installed in hardware.
interface   Filters NAT connections by interface. Options include:
interface ethernet e_num     displays NAT connections of the specified ethernet interface.
interface port-channel p_num     displays NAT connections of the specified port-channel interface.
interface vlan v_num     displays NAT connections of the specified VLAN interface.
kernel     displays NAT connections installed in kernel.
max-entries      displays the configured NAT connection limits of a hardware.
source     displays source NAT connections installed in software.
static     displays static NAT connections.
summary     displays summary of all NAT connections.
twice     displays twice NAT connections.
Example
This command displays all configured NAT translations.
switch>show ip nat translation
Source IP            Destination IP        Translated IP         TGT Type Intf
--------------------------------------------------------------------------------
192.168.1.10:62822   172.22.22.40:53       172.17.254.161:62822  SRC DYN Vl3925
192.152.1.10:20342   172.22.22.40:80       172.17.254.161:22222  SRC STAT  Vl3945
switch#
This command displays NAT connections of the specified ethernet interface.
switch>show ip nat translation dynamic interface Ethernet 26
Source IP             Destination IP        Translated IP         TGT Type Intf
--------------------------------------------------------------------------------
192.168.1.2:8080      10.1.1.5:600          20.1.1.5:8080         SRC DYN  Et26
This command displays the configured NAT connection limits of a hardware.
switch>show ip nat translation max-entries
Global connection limit                                 100
Global connection limit low mark                  90(90%)
Hosts connection limit                                   20
Hosts connection limit low mark                   18(90%)
Total number of connections                        1
Host                  Max-Entries           Low-Mark              Connections
----------------------------------------------------------------------------------------------------
10.1.1.1              10                    9(90%)                0
 
show ip nat synchronization peer
The show ip nat synchronization peer command displays the detailed status of a peer device.
Command Mode
EXEC
Command Syntax
show ip nat synchronization peer
Example
This command displays details of a peer device with an IP address of 11.11.11.0 and interface Vlan1111 that is used to connect to the peer device.
switch#show ip nat synchronization peer
Description : Value
Peer : 11.11.11.0
Connection Port : 4532
Connection Source : 0.0.0.0
Kernel Interface : vlan1111
Local Interface : Vlan1111
Established Time : 1969-12-31 16:00:00
Connection Attempts : 0
Oldest Supported Version : 1
Newest Supported Version : 1
Version Compatible : True
Connection State : connected
Shutdown State : False
Status Mount State : mountMounted
Version Mount State : mountMounted
Recover Mount State : mountMounted
Reboot Mount State : mountMounted
show ip nat synchronization advertised-translations
The show ip nat synchronization advertised-translations command displays the detailed status of devices that are advertised to a peer device.
Command Mode
EXEC
Command Syntax
show ip nat synchronization advertised-translations
Example
This command displays details of devices that are advertised to a peer device.
switch#show ip nat synchronization advertised-translations
Source IP    Destination IP     Translated IP              TGT  Type Intf
-------------------------------------------------------------------------------
61.0.0.15:6661    100.0.0.2:80     192.170.230.171:6661    SRC  DYN  Et5
61.0.0.41:2245    100.0.0.2:80     192.170.230.170:2245    SRC  DYN  Et5
61.0.0.48:22626   100.0.0.2:80     192.170.230.169:22626   SRC  DYN  Et5
61.0.0.41:22601   100.0.0.2:80     192.170.230.170:22601   SRC  DYN  Et5
61.0.0.41:16798   100.0.0.2:80     192.170.230.170:16798   SRC  DYN  Et5
61.0.0.18:22605   100.0.0.2:80     192.170.230.177:22605   SRC  DYN  Et5
61.0.0.16:2256    100.0.0.2:80     192.170.230.166:2256    SRC  DYN  Et5
show ip nat synchronization discovered-translations
The show ip nat synchronization discovered-translations command displays details of what has been advertised from a peer device.
Command Mode
EXEC
Command Syntax
show ip nat synchronization discovered-translations
Example
This command displays details of devices that are advertised to a peer device.
switch#show ip nat synchronization discovered-translations
Source IP       Destination IP    Translated IP            TGT  Type Intf
-------------------------------------------------------------------------------
61.0.2.229:63     100.0.0.2:63     170.24.86.180:63        SRC  DYN  Et5
61.0.15.51:63     100.0.0.2:63     170.24.73.90:63         SRC  DYN  Et5
61.0.6.68:63      100.0.0.2:63     170.24.110.128:63       SRC  DYN  Et5
61.0.7.163:63     100.0.0.2:63     170.24.104.35:63        SRC  DYN  Et5
show ip route
The show ip route command displays routing table entries that are in the Forwarding Information Base (FIB), including static routes, routes to directly connected networks, and dynamically learned routes. Multiple equal-cost paths to the same prefix are displayed contiguously as a block, with the destination prefix displayed only on the first line.
The show running-config command displays configured commands not in the FIB.
Command Mode
EXEC
Command Syntax
show ip route [VRF_INSTANCE][ADDRESS][ROUTE_TYPE][INFO_LEVEL][PREFIX]
Parameters
The VRF_INSTANCE and ADDRESS parameters are always listed first and second, respectively. All other parameters can be placed in any order.
VRF_INSTANCE     specifies the VRF instance for which data is displayed.
<no parameter>     context-active VRF.
vrf vrf_name     specifies name of VRF instance. System default VRF is specified by default.
ADDRESS     Filters routes by IPv4 address or subnet.
<no parameter>     all routing table entries.
ipv4_addr     routing table entries matching specified address.
ipv4_subnet     routing table entries matching specified subnet (CIDR or address-mask).
ROUTE_TYPE    Filters routes by specified protocol or origin. Options include:
<no parameter>     all routing table entries.
aggregate     entries for BGP aggregate routes.
bgp     entries added through BGP protocol.
connected     entries for routes to networks directly connected to the switch.
isis     entries added through ISIS protocol.
kernel     entries appearing in Linux kernel but not added by EOS software.
ospf     entries added through OSPF protocol.
rip     entries added through RIP protocol.
static     entries added through CLI commands.
vrf     displays routes in a VRF.
INFO_LEVEL     Filters entries by next hop connection. Options include:
<no parameter>     filters routes whose next hops are directly connected.
detail     displays all routes.
PREFIX     filters routes by prefix.
<no parameter>     specific route entry that matches the ADDRESS parameter.
longer-prefixes     all subnet route entries in range specified by ADDRESS parameter.
Related Commands
cli vrf specifies the context-active VRF.
Example
This command displays IPv4 routes learned through BGP.
switch>show ip route bgp
Codes: C - connected, S - static, K - kernel,
       O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
       E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
       N2 - OSPF NSSA external type2, B I - iBGP, B E - eBGP,
       R - RIP, A - Aggregate
 
B E    170.44.48.0/23 [20/0] via 170.44.254.78
B E    170.44.50.0/23 [20/0] via 170.44.254.78
B E    170.44.52.0/23 [20/0] via 170.44.254.78
B E    170.44.54.0/23 [20/0] via 170.44.254.78
B E    170.44.254.112/30 [20/0] via 170.44.254.78
B E    170.53.0.34/32 [1/0] via 170.44.254.78
B I    170.53.0.35/32 [1/0] via 170.44.254.2
                             via 170.44.254.13
                             via 170.44.254.20
                             via 170.44.254.67
                             via 170.44.254.35
                             via 170.44.254.98
This command displays the unicast IP routes installed in the system.
switch# show ip route
VRF name: default
Codes: C - connected, S - static, K - kernel,
O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type2, B I - iBGP, B E - eBGP,
R - RIP, I - ISIS, A B - BGP Aggregate, A O - OSPF Summary,
NG - Nexthop Group Static Route
 
Gateway of last resort is not set
C 10.1.0.0/16 is directly connected, Vlan2659
C 10.2.0.0/16 is directly connected, Vlan2148
C 10.3.0.0/16 is directly connected, Vlan2700
S 172.17.0.0/16 [1/0] via 172.24.0.1, Management1
S 172.18.0.0/16 [1/0] via 172.24.0.1, Management1
S 172.19.0.0/16 [1/0] via 172.24.0.1, Management1
S 172.20.0.0/16 [1/0] via 172.24.0.1, Management1
S 172.22.0.0/16 [1/0] via 172.24.0.1, Management1
C 172.24.0.0/18 is directly connected, Management1
This command displays the leaked routes from a source VRF.
switch#show ip route vrf VRF2 20.0.0.0/8
...
S L      20.0.0.0/8 [1/0] (source VRF VRF1) via 10.1.2.10, Ethernet1
 
show ip route age
The show ip route age command displays the time when the route for the specified network was present in the routing table. It does not account for the changes in parameters like metric, next-hop etc.
Command Mode
EXEC
Command Syntax
show ip route ADDRESS age
Parameters
ADDRESS     Filters routes by IPv4 address or subnet.
ipv4_addr     routing table entries matching specified address.
ipv4_subnet     routing table entries matching specified subnet (CIDR or address-mask).
Example
This command shows the amount of time since the last update to ip route 172.17.0.0/20.
switch>show ip route 172.17.0.0/20 age
Codes: C - connected, S - static, K - kernel,
       O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
       E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
       N2 - OSPF NSSA external type2, B I - iBGP, B E - eBGP,
       R - RIP, I - ISIS, A - Aggregate
 
B E    172.17.0.0/20 via 172.25.0.1, age 3d01h
switch>
show ip route gateway
The show ip route gateway command displays IP addresses of all gateways (next hops) used by active routes.
Command Mode
EXEC
Command Syntax
show ip route [VRF_INSTANCE] gateway
Parameters
VRF_INSTANCE     specifies the VRF instance for which data is displayed.
<no parameter>     context-active VRF.
vrf vrf_name     specifies name of VRF instance. System default VRF is specified by default.
Related Commands
cli vrf specifies the context-active VRF.
Example
This command displays next hops used by active routes.
switch>show ip route gateway
The following gateways are in use:
   172.25.0.1 Vlan101
   172.17.253.2 Vlan3000
   172.17.254.2 Vlan3901
   172.17.254.11 Vlan3902
   172.17.254.13 Vlan3902
   172.17.254.17 Vlan3903
   172.17.254.20 Vlan3903
   172.17.254.66 Vlan3908
   172.17.254.67 Vlan3908
   172.17.254.68 Vlan3908
   172.17.254.29 Vlan3910
   172.17.254.33 Vlan3911
   172.17.254.35 Vlan3911
   172.17.254.105 Vlan3912
   172.17.254.86 Vlan3984
   172.17.254.98 Vlan3992
   172.17.254.99 Vlan3992
switch>
show ip route host
The show ip route host command displays all host routes in the host forwarding table. Host routes are those whose destination prefix is the entire address (mask = 255.255.255.255 or prefix = /32). Each entry includes a code of the route’s purpose:
F      static routes from the FIB.
R     routes defined because the IP address is an interface address.
B      broadcast address.
A      routes to any neighboring host for which the switch has an ARP entry.
Command Mode
EXEC
Command Syntax
show ip route [VRF_INSTANCE] host
Parameters
VRF_INSTANCE     specifies the VRF instance for which data is displayed.
<no parameter>     context-active VRF.
vrf vrf_name     specifies name of VRF instance. System default VRF is specified by default.
Related Commands
cli vrf specifies the context-active VRF.
Example
This command displays all host routes in the host forwarding table.
switch>show ip route host
R - receive B - broadcast F - FIB, A - attached
 
F   127.0.0.1 to cpu
B   172.17.252.0 to cpu
A   172.17.253.2 on Vlan2000
R   172.17.253.3 to cpu
A   172.17.253.10 on Vlan2000
B   172.17.253.255 to cpu
B   172.17.254.0 to cpu
R   172.17.254.1 to cpu
B   172.17.254.3 to cpu
B   172.17.254.8 to cpu
A   172.17.254.11 on Vlan2902
R   172.17.254.12 to cpu
 
F   172.26.0.28 via 172.17.254.20 on Vlan3003
                via 172.17.254.67 on Vlan3008
                via 172.17.254.98 on Vlan3492
                via 172.17.254.2 on Vlan3601
                via 172.17.254.13 on Vlan3602
via 172.17.253.2 on Vlan3000
F   172.26.0.29 via 172.25.0.1 on Vlan101
F   172.26.0.30 via 172.17.254.29 on Vlan3910
F   172.26.0.32 via 172.17.254.105 on Vlan3912
switch>
show ip route match tag
The show ip route match tag command displays the route tag assigned to the specified IPv4 address or subnet. Route tags are added to static routes for use by route maps.
Command Mode
EXEC
Command Syntax
show ip route [VRF_INSTANCE] ADDRESS match tag
Parameters
VRF_INSTANCE     specifies the VRF instance for which data is displayed.
<no parameter>     context-active VRF.
vrf vrf_name     specifies name of VRF instance. System default VRF is specified by default.
ADDRESS     displays routes of specified IPv4 address or subnet.
ipv4_addr     routing table entries matching specified IPv4 address.
ipv4_subnet     routing table entries matching specified IPv4 subnet (CIDR or address-mask).
Example
This command displays the route tag for the specified subnet.
switch>show ip route 172.17.50.0/23 match tag
Codes: C - connected, S - static, K - kernel,
       O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
       E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
       N2 - OSPF NSSA external type2, B I - iBGP, B E - eBGP,
       R - RIP, I L1 - IS-IS level 1, I L2 - IS-IS level 2,
       O3 - OSPFv3, A B - BGP Aggregate, A O - OSPF Summary,
       NG - Nexthop Group Static Route, V - VXLAN Control Service,
       DH - DHCP client installed default route, M - Martian
 
O E2   172.17.50.0/23 tag 0
 
switch>
show ip route summary
The show ip route summary command displays the number of routes, categorized by destination prefix, in the routing table.
Command Mode
EXEC
Command Syntax
show ip route [VRF_INSTANCE] summary
Parameters
VRF_INSTANCE     specifies the VRF instance for which data is displayed.
<no parameter>     context-active VRF.
vrf vrf_name     specifies name of VRF instance. System default VRF is specified by default.
Example
This command displays a summary of the routing table contents.
switch>show ip route summary
Route Source         Number Of Routes
-------------------------------------
connected                   15
static                       0
ospf                        74
  Intra-area: 32 Inter-area:33 External-1:0 External-2:9
  NSSA External-1:0 NSSA External-2:0
bgp                          7
  External: 6 Internal: 1
internal                    45
attached                    18
aggregate                    0
switch>
 
show ip verify source
The show ip verify source command displays the IP source guard (IPSG) configuration, operational states, and IP-MAC binding entries for the configuration mode interface.
Command Mode
EXEC
Command Syntax
show ip verify source [VLAN | DETAIL]
Parameters
VLAN     displays all VLANs configured in no ip verify source vlan.
DETAIL     displays all source IP-MAC binding entries configured for IPSG.
Related Commands
Example
This command verifies the IPSG configuration and operational states.
switch(config)#show ip verify source
Interface       Operational State
--------------- ------------------------
Ethernet1       IP source guard enabled
Ethernet2       IP source guard disabled
Example
This command displays all VLANs configured in no ip verify source vlan. Hardware programming errors, e.g.,VLAN classification failed, are indicated in the operational state. If an error occurs, this VLAN will be considered as enabled for IPSG. Traffic on this VLAN will still be filtered by IPSG.
switch(config)#show ip verify source vlan
IPSG disabled on VLANS: 1-2
VLAN            Operational State
--------------- ------------------------
1               IP source guard disabled
2               Error: vlan classification failed
Example
This command displays all source IP-MAC binding entries configured for IPSG. A source binding entry is considered active if it is programmed in hardware. IP traffic matching any active binding entry will be permitted. If a source binding entry is configured on an interface or a VLAN whose operational state is IPSG disabled, this entry will not be installed in the hardware, in which case an “IP source guard disabled” state will be shown. If a port channel has no member port configured, binding entries configured for this port channel will not be installed in hardware, and a “Port-Channel down” state will be shown.
switch(config)#show ip verify source detail
Interface       IP Address    MAC Address      VLAN   State
--------------- ------------- ---------------- ------ ------------------------
Ethernet1       10.1.1.1      0000.aaaa.1111   5      active
Ethernet1       10.1.1.5      0000.aaaa.5555   1      IP source guard disabled
Port-Channel1   20.1.1.1      0000.bbbb.1111   4      Port-Channel down
show platform arad ip route
The show platform arad ip route command shows resources for all IPv4 routes in hardware. Routes that use the additional hardware resources will appear with an asterisk.
Command Mode
EXEC
Command Syntax
show platform arad ip route
Example
This command displays the platform unicast forwarding routes. In this example, the ACL label field in the following table is 4094 by default for all routes. If an IPv4 egress RACL is applied to an SVI, all routes corresponding to that VLAN will have an ACL label value. In this case, the ACL Label field value is 2.
switch# show platform arad ip route
Tunnel Type: M(mpls), G(gre)
-------------------------------------------------------------------------------|                                Routing Table                                       |               |
|------------------------------------------------------------------------------
|VRF|   Destination    |      |                    |     | Acl   |                 | ECMP| FEC | Tunnel
| ID|   Subnet         | Cmd  |       Destination  | VID | Label |  MAC / CPU Code |Index|Index|T Value
-------------------------------------------------------------------------------
|0  |0.0.0.0/8          |TRAP | CoppSystemL3DstMiss|0    | - | ArpTrap | - |1031 | -
|0  |10.1.0.0/16        |TRAP | CoppSystemL3DstMiss|2659 | - | ArpTrap | - |1030 | -
|0  |10.2.0.0/16        |TRAP | CoppSystemL3DstMiss|2148 | - | ArpTrap | - |1026 | -
|0  |172.24.0.0/18      |TRAP | CoppSystemL3DstMiss|0    | - | ArpTrap | - |1032 | -
|0  |0.0.0.0/0          |TRAP | CoppSystemL3LpmOver|0    | - | SlowReceive | - |1024 | -
|0  |10.1.0.0/32*       |TRAP | CoppSystemIpBcast  |0    | - | BcastReceive | - |1027 | -
|0  |10.1.0.1/32*       |TRAP | CoppSystemIpUcast  |0    | - | Receive | - |32766| -
|0  |10.1.255.1/32*     |ROUTE| Po1                |2659 |4094 | 00:1f:5d:6b:ce:45 | - |1035 | -
|0  |10.1.255.255/32*   |TRAP | CoppSystemIpBcast  |0    | - | BcastReceive | - |1027 | -
|0  |10.3.0.0/32*       |TRAP | CoppSystemIpBcast  |0    | - | BcastReceive | - |1027 | -
|0  |10.3.0.1/32*       |TRAP | CoppSystemIpUcast  |0    | - | Receive | - |32766| -
|0  |10.3.255.1/32*     |ROUTE| Et18               |2700 |2 | 00:1f:5d:6b:00:01 | - |1038 | -
...........................................................
Related Commands
agent SandL3Unicast terminate enables restarting the layer 3 agent to ensure IPv4 routes are optimized.
ip hardware fib optimize enables IPv4 route scale.
show platform arad ip route summary shows hardware resource usage of IPv4 routes.
Examples
This command shows resources for all IPv4 routes in hardware. Routes that use the additional hardware resources will appear with an asterisk.
switch(config)#show platform arad ip route
Tunnel Type: M(mpls), G(gre)
* - Routes in LEM
------------------------------------------------------------------------------------------------
|                              Routing Table                                      |             |
|------------------------------------------------------------------------------------------------
|VRF|  Destination   |     |                   |    |Acl  |                 |ECMP | FEC | Tunnel
|ID |    Subnet      | Cmd |    Destination    |VID |Label| MAC / CPU Code  |Index|Index|T Value
------------------------------------------------------------------------------------------------
|0  |0.0.0.0/8       |TRAP |CoppSystemL3DstMiss|0   | -   |ArpTrap          |  -  |1030 |   -  
|0  |100.1.0.0/32    |TRAP |CoppSystemIpBcast  |0   | -   |BcastReceive     |  -  |1032 |   -  
|0  |100.1.0.0/32    |TRAP |CoppSystemIpUcast  |0   | -   |Receive          |  -  |32766|   -  
|0  |100.1.255.255/32|TRAP |CoppSystemIpBcast  |0   | -   |BcastReceive     |  -  |1032 |   -  
|0  |200.1.255.255/32|TRAP |CoppSystemIpBcast  |0   | -   |BcastReceive     |  -  |1032 |   -  
|0  |200.1.0.0/16    |TRAP |CoppSystemL3DstMiss|1007| -   |ArpTrap          |  -  |1029 |   -  
|0  |0.0.0.0/0       |TRAP |CoppSystemL3LpmOver|0   | -   |SlowReceive      |  -  |1024 |   -  
|0  |4.4.4.0/24*     |ROUTE|Et10               |1007| -   |00:01:00:02:00:03|  -  |1033 |   -  
|0  |10.20.30.0/24*  |ROUTE|Et9                |1006| -   |00:01:00:02:00:03|  -  |1027 |   -
 
switch(config)#
 
show platform arad ip route summary
The show platform arad ip route summary command shows hardware resource usage of IPv4 routes.
Command Mode
EXEC
Command Syntax
show platform arad ip route summary
Related Commands
agent SandL3Unicast terminate enables restarting the layer 3 agent to ensure IPv4 routes are optimized.
ip hardware fib optimize enables IPv4 route scale.
show platform arad ip route shows resources for all IPv4 routes in hardware. Routes that use the additional hardware resources will appear with an asterisk.
Example
This command shows hardware resource usage of IPv4 routes.
switch(config)#show platform arad ip route summary
Total number of VRFs: 1
Total number of routes: 25
Total number of route-paths: 21
Total number of lem-routes: 4
 
switch(config)#
 
show platform trident forwarding-table partition
The show platform trident forwarding-table partition command displays the size of the L2 MAC entry tables, L3 IP forwarding tables, and Longest Prefix Match (LPM) routes.
Command Mode
Privileged EXEC
Command Syntax
show platform trident forwarding-table partition
Example
This command shows the Trident forwarding table information.
switch(config)#show platform trident forwarding-table partition
L2 Table Size: 96k
L3 Host Table Size: 208k
LPM Table Size: 16k
switch(config)#
show rib route ip
The show rib route ip command displays a list of IPv4 Routing Information Base (RIB) routes.
Command Mode
EXEC
Command Syntax
show rib route ip [vrf vrf_name] [PREFIX] [ROUTE TYPE]
Parameters
vrf vrf_name      displays RIB routes from the specified VRF.
PREFIX           displays routes filtered by the specified IPv4 information. Options include:
ip_address      displays RIB routes filtered by the specified IPv4 address.
ip_subnet_mask      displays RIB routes filtered by the specified IPv4 address and subnet mask.
ip_prefix      displays RIB routes filtered by the specified IPv4 prefix.
ROUTE TYPE       displays routes filtered by the specified route type. Options include:
bgp      displays RIB routes filtered by BGP.
connected      displays RIB routes filtered by connected routes.
dynamicPolicy      displays RIB routes filtered by dynamic policy routes.
host      displays RIB routes filtered by host routes.
isis      displays RIB routes filtered by ISIS routes.
ospf      displays RIB routes filtered by OSPF routes.
ospf3      displays RIB routes filtered by OSPF3 routes.
reserved      displays RIB routes filtered by reserved routes.
route-input      displays RIB routes filtered by route-input routes.
static      displays RIB routes filtered by static routes.
vrf      displays routes in a VRF.
vrf-leak      displays leaked routes in a VRF.
Examples
This command displays IPv4 RIB static routes.
switch#show rib route ip static
VRF name: default, VRF ID: 0xfe, Protocol: static
Codes: C - Connected, S - Static, P - Route Input
       B - BGP, O - Ospf, O3 - Ospf3, I - Isis
       > - Best Route, * - Unresolved Nexthop
       L - Part of a recursive route resolution loop
>S    10.80.0.0/12 [1/0]
         via 172.30.149.129 [0/1]
            via Management1, directly connected
>S    172.16.0.0/12 [1/0]
         via 172.30.149.129 [0/1]
            via Management1, directly connected
switch#
This command displays IPv4 RIB connected routes.
switch#show rib route ip connected
VRF name: default, VRF ID: 0xfe, Protocol: connected
Codes: C - Connected, S - Static, P - Route Input
       B - BGP, O - Ospf, O3 - Ospf3, I - Isis
       > - Best Route, * - Unresolved Nexthop
       L - Part of a recursive route resolution loop
>C    10.1.0.0/24 [0/1]
         via 10.1.0.102, Ethernet1
>C    10.2.0.0/24 [0/1]
         via 10.2.0.102, Ethernet2
>C    10.3.0.0/24 [0/1]
         via 10.3.0.102, Ethernet3
switch#
This command displays routes leaked through VRF leak agent.
switch#show rib route ip vrf VRF2 vrf-leak
VRF: VRF2, Protocol: vrf-leak
...
>VL    20.0.0.0/8 [1/0] source VRF: VRF1
         via 10.1.2.10 [0/0] type ipv4
            via 10.1.2.10, Ethernet1
 
show rib route <ipv4 | ipv6> fib policy excluded
The show rib route <ipv4 | ipv6> fib policy excluded command displays the RIB routes filtered by FIB policy. The fib policy exclude option displays the RIB routes that have been excluded from being programmed into FIB, by FIB policy.
Command Mode
EXEC
Command Syntax
show rib route <ipv4 | ipv6> fib policy excluded
Example
The following example displays the RIB routes excluded by the FIB policy using the fib policy excluded option of the show rib route <ipv4 | ipv6> command.
Switch#show rib route ipv6 fib policy excluded
Switch#show rib route ip bgp fib policy excluded
VRF name: default, VRF ID: 0xfe, Protocol: bgp
Codes: C - Connected, S - Static, P - Route Input
       B - BGP, O - Ospf, O3 - Ospf3, I - Isis
       > - Best Route, * - Unresolved Nexthop
       L - Part of a recursive route resolution loop
>B    10.1.0.0/24 [200/0]
         via 10.2.2.1 [115/20] type tunnel
            via 10.3.5.1, Ethernet1
         via 10.2.0.1 [115/20] type tunnel
            via 10.3.4.1, Ethernet2
            via 10.3.6.1, Ethernet3
>B    10.1.0.0/24 [200/0]
         via 10.2.2.1 [115/20] type tunnel
            via 10.3.5.1, Ethernet1
         via 10.2.0.1 [115/20] type tunnel
            via 10.3.4.1, Ethernet2
            via 10.3.6.1, Ethernet3
 
show routing-context vrf
The show routing-context vrf command displays the context-active VRF. The context-active VRF determines the default VRF that VRF-context aware commands use when displaying routing table data from a specified VRF.
Command Mode
EXEC
Command Syntax
show routing-context vrf
Related Commands
cli vrf specifies the context-active VRF.
Example
This command displays the context-active VRF.
switch>show routing-context vrf
Current VRF routing-context is PURPLE
switch>
show vrf
The show vrf command displays the VRF name, RD, supported protocols, state and included interfaces for the specified VRF or for all VRFs on the switch.
Command Mode
EXEC
Command Syntax
show vrf [VRF_INSTANCE]
Parameters
VRF_INSTANCE     specifies the VRF instance to display.
<no parameter>     information is displayed for all VRFs.
vrf vrf_name     information is displayed for the specified user-defined VRF.
Example
This command displays information for the VRF named “purple.”
switch>show vrf purple
   Vrf          RD              Protocols       State         Interfaces
------------ --------------- --------------- ---------------- --------------
   purple       64496:237       ipv4            no routing    Vlan42, Vlan43
 
switch>
tcp mss ceiling
The tcp mss ceiling command configures the maximum segment size (MSS) limit in the TCP header on the configuration mode interface and enables TCP MSS clamping.
The no tcp mss ceiling and the default tcp mss ceiling commands remove any MSS ceiling limit previously configured on the interface.
Caution Configuring a TCP MSS ceiling on any Ethernet or tunnel interface enables TCP MSS clamping on the switch as a whole. Without hardware support, clamping routes all TCP SYN packets through software, even on interfaces where no TCP MSS ceiling has been configured. This significantly limits the number of TCP sessions the switch can establish per second, and can potentially cause packet loss if the CPU traffic exceeds control plane policy limits.
Command Mode
Interface-Ethernet Configuration
Subinterface-Ethernet Configuration
Interface-Port-channel Configuration
Subinterface-Port-channel Configuration
Interface-Tunnel Configuration
Interface-VLAN Configuration
Command Syntax
tcp mss ceiling {ipv4 segment size | ipv6 segment size} {egress | ingress}
no tcp mss ceiling
default tcp mss ceiling
Parameters
ipv4 segment size     The IPv4 segment size value in bytes. Values range from 64 to 65515.
ipv6 segment size     The IPv6 segment size value in bytes. Values range from 64 to 65495. This option is not supported on Sand platform switches (Qumran-MX, Qumran-AX, Jericho, Jericho+).
egress     The TCP SYN packets that are forwarded from the interface to the network.
ingress     The TCP SYN packets that are received from the network to the interface. Not supported on Sand platform switches.
Guidelines
On Sand platform switches (Qumran-MX, Qumran-AX, Jericho, Jericho+), this command works only for egress, and is supported only on IPv4 unicast packets entering the switch.
Clamping can only be configured in one direction per interface and works only on egress on Sand platform switches.
To configure ceilings for both IPv4 and IPv6 packets, both configurations must be included in a single command; re-issuing the command overwrites any previous settings.
Clamping configuration has no effect on GRE transit packets.
Example
These commands configure Ethernet interface 5 as a routed port, then specify a maximum MSS ceiling value of 1458 bytes in TCP SYN packets exiting that port. This enables TCP MSS clamping on the switch.
switch(config)#interface ethernet 5
switch(config-if-Et5)#no switchport
switch(config-if-Et5)#tcp mss ceiling ipv4 1458 egress
switch(config-if-Et5)#
vrf (Interface mode)
The vrf command adds the configuration mode interface to the specified VRF. You must create the VRF first, using the vrf instance command.
The no vrf and default vrf commands remove the configuration mode interface from the specified VRF by deleting the corresponding vrf command from running-config.
All forms of the vrf command remove all IP addresses associated with the configuration mode interface.
Command Mode
Interface-Ethernet Configuration
Interface-Loopback Configuration
Interface-Management Configuration
Interface-Port-channel Configuration
Interface-VLAN Configuration
Command Syntax
vrf vrf_name
no vrf [vrf_name]
default vrf [vrf_name]
Parameters
vrf_name     name of configured VRF.
Examples
These commands add the configuration mode interface (VLAN 20) to the VRF named “purple”.
switch(config)#interface vlan 20
switch(config-if-Vl20)#vrf purple
switch(config-if-Vl20)#
These commands remove the configuration mode interface from VRF “purple”.
switch(config)#interface vlan 20
switch(config-if-Vl20)#no vrf purple
switch(config-if-Vl20)#
 
vrf instance
The vrf instance command places the switch in VRF configuration mode for the specified VRF. If the named VRF does not exist, this command creates it. The number of user-defined VRFs supported varies by platform.
To add an interface to the VRF once it is created, use the vrf (Interface mode) command.
The no vrf instance and default vrf instance commands delete the specified VRF instance by removing the corresponding vrf instance command from running-config. This also removes all IP addresses associated with interfaces that belong to the deleted VRF.
The exit command returns the switch to global configuration mode.
Command Mode
Global Configuration
Command Syntax
vrf instance vrf_name
no vrf instance vrf_name
default vrf instance vrf_name
Parameters
vrf_name     Name of VRF being created, deleted or configured. The names “main” and “default” are reserved.
Example
This command creates a VRF named “purple” and places the switch in VRF configuration mode for that VRF.
switch(config)#vrf instance purple
switch(config-vrf-purple)#
interface tunnel
The interface tunnel command places the switch in interface-tunnel configuration mode.
Interface-tunnel configuration mode is not a group change mode; running-config is changed immediately after commands are executed.
The no interface tunnel command deletes the specified interface tunnel configuration.
The exit command returns the switch to the global configuration mode.
Command Mode
Global Configuration
Command Syntax
interface tunnel <number>
no interface tunnel <number>
Parameter
number     Tunnel interface number. Values range from 0 to 255.
Example
This command places the switch in interface-tunnel configuration mode for tunnel interface 10.
switch(config)#interface tunnel 10
switch(config-if-Tu10)#
tunnel
The tunnel command configures options for protocol-over-protocol tunneling. Because interface-tunnel configuration mode is not a group change mode, running-config is changed immediately after commands are executed. The exit command does not affect the configuration.
The no tunnel command deletes the specified tunnel configuration.
Command Mode
Interface-tunnel Configuration
Command Syntax
tunnel <options>
no tunnel <options>
Parameters
options     Specifies the various tunneling options as listed below.
destination     destination address of the tunnel.
ipsec     secures the tunnel with the IPsec address.
key     sets the tunnel key.
mode     tunnel encapsulation method.
path-mtu-discovery     enables the Path MTU discovery on tunnel.
source     source of the tunnel packets.
tos     sets the IP type of service value.
ttl     sets time to live value.
underlay     tunnel underlay.
Example
These commands place the switch in interface-tunnel configuration mode for tunnel interface 10 and with GRE tunnel configured on the interfaces specified.
switch(config)#ip routing
switch(config)#interface Tunnel 10
switch(config-if-Tu10)#tunnel mode gre
switch(config-if-Tu10)#ip address 192.168.1.1/24
switch(config-if-Tu10)#tunnel source 10.1.1.1
switch(config-if-Tu10)#tunnel destination 10.1.1.2
switch(config-if-Tu10)#tunnel path-mtu-discovery
switch(config-if-Tu10)#tunnel tos 10
switch(config-if-Tu10)#tunnel ttl 10
show interface tunnel
The show interface tunnel command displays the interface tunnel information.
Command Mode
EXEC
Command Syntax
show interface tunnel <number>
Parameter
number     Specifies the tunnel interface number.
Example
This command displays tunnel interface configuration information for tunnel interface 10.
switch#show interface tunnel 10
 
Tunnel10 is up, line protocol is up (connected)
Hardware is Tunnel, address is 0a01.0101.0800
Internet address is 192.168.1.1/24
Broadcast address is 255.255.255.255
Tunnel source 10.1.1.1, destination 10.1.1.2
Tunnel protocol/transport GRE/IP
   Key disabled, sequencing disabled
   Checksumming of packets disabled
Tunnel TTL 10, Hardware forwarding enabled
Tunnel TOS 10
Path MTU Discovery
Tunnel transport MTU 1476 bytes
Up 3 seconds
show platform fap eedb ip-tunnel gre interface tunnel
The show platform fap eedb ip-tunnel gre interface tunnel command verifies the tunnel encapsulation programming for the tunnel interface.
Command Mode
EXEC
Command Syntax
show platform fap eedb ip-tunnel gre interface tunnel <number>
Parameter
number     Specifies the tunnel interface number.
Examples
These commands verify the tunnel encapsulation programming for the tunnel interface 10.
switch#show platform fap eedb ip-tunnel gre interface tunnel 10
 
----------------------------------------------------------------------------
|                                                  Jericho0                                        |
|                                 GRE Tunnel Egress Encapsulation DB                               |
|--------------------------------------------------------------------------|
| Bank/ | OutLIF | Next   | VSI  | Encap | TOS  | TTL | Source | Destination| OamLIF| OutLIF | Drop|
| Offset|        | OutLIF | LSB  | Mode  |      |     | IP     | IP         | Set   | Profile|     |
|--------------------------------------------------------------------------|
| 3/0   | 0x6000 | 0x4010 | 0    | 2     | 10   | 10  | 10.1.1.1 | 10.1.1.2 | No    | 0      | No  |
 
switch#show platform fap eedb ip-tunnel
-------------------------------------------------------------------------------
|                                                  Jericho0                                     |
|                                     IP Tunnel Egress Encapsulation DB                         |
|------------------------------------------------------------------------------
| Bank/ | OutLIF | Next   | VSI | Encap| TOS | TTL | Src | Destination | OamLIF | OutLIF  | Drop|
| Offset|        | OutLIF | LSB | Mode | Idx | Idx | Idx | IP          | Set    | Profile |     |
|------------------------------------------------------------------------------
| 3/0   | 0x6000 | 0x4010 | 0   | 2    | 9   | 0   | 0   | 10.1.1.2    | No     | 0       | No  |
show tunnel fib static interface gre
The show tunnel fib static interface gre command displays the forwarding information base (FIB) information for a static interface GRE tunnel.
Command Mode
EXEC
Command Syntax
show tunnel fib static interface gre <number>
Parameter
number     Specifies the tunnel index number.
Example
This command display the interface tunnel configuration with GRE configured.
switch#show tunnel fib static interface gre 10
 
Type 'Static Interface', index 10, forwarding Primary
   via 10.6.1.2, 'Ethernet6/1'
      GRE, destination 10.1.1.2, source 10.1.1.1, ttl 10, tos 0xa
show platform fap tcam summary
The show platform fap tcam summary command displays information about the TCAM bank that is allocated for GRE packet termination lookup.
Command Mode
EXEC
Command Syntax
show platform fap tcam summary
Example
This command verifies if the TCAM bank is allocated for GRE packet termination lookup.
switch#show platform fap tcam summary
 
Tcam Allocation (Jericho0)
   Bank                   Used By    Reserved By
---------- ------------------------- -----------
      0               dbGreTunnel              -