|
Table Of Contents
aesa embedded-number left-justified
A Commands
The commands shown in this chapter apply to the Catalyst 8540 MSR, Catalyst 8510 MSR, and LightStream 1010 ATM switch routers. Where an entire command or certain attributes of a command have values specific to a particular switch or switch router, an exception is indicated by the following callouts:
•Catalyst 8540 MSR
•Catalyst 8510 MSR and LightStream 1010
Note Commands that are identical to those documented in the Cisco IOS software documentation have been removed from this chapter.
Note Commands that no longer function as expected in ATM environments have also been removed from this chapter.
Refer to Appendix D of this command reference for a detailed list of commands that have been removed, changed or replaced.
access-list (extended)
Currently, this command only supports the IP host. To define an extended IP access list, use the extended version of the access-list global configuration command. To remove the access lists, use
the no form of this command.access-list access-list-number [dynamic list-name [timeout value]] {deny | permit} protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [log| log-input]
no access-list access-list-number
For ICMP, you can also use the following syntax:
access-list access-list-number [dynamic list-name [timeout value]] {deny | permit} icmp source
source-wildcard destination destination-wildcard [icmp-type [icmp-code] | icmp-message] [precedence precedence] [tos tos] [log | log-input]For TCP, you can also use the following syntax:
access-list access-list-number [dynamic list-name [timeout value]] {deny | permit} tcp source
source-wildcard [operator port [port]] destination destination-wildcard [operator port [port]] [established] [precedence precedence] [tos tos] [log | log-input]For UDP, you can also use the following syntax:
access-list access-list-number [dynamic list-name [timeout value]] {deny | permit} udp source source-wildcard [operator port [port]] destination destination-wildcard [operator port [port]] [precedence precedence] [tos tos] [log | log-input]
Syntax Description
access-list-number
Number of an access list. This is a decimal number from 100 through 199.
list-name
Name of a dynamic access list.
deny
Denies access if the conditions are matched.
permit
Permits access if the conditions are matched.
protocol
Name or number of an Internet protocol. It can be one of the keywords eigrp, gre, icmp, igmp, igrp ip, ipinip, nos, ospf, tcp, udp, or an integer in the range 0 through 255 representing an IP protocol number. To match any Internet protocol, including ICMP, TCP, and UDP, use the keyword ip. Some protocols allow further qualifiers described below.
source
Number of the network or host from which the packet is being sent. There are three ways to specify the source:
Use a 32-bit quantity in 4-part dotted-decimal format.
Use the keyword any as an abbreviation for a source and source-wildcard
of 0.0.0.0 255.255.255.255.Use host source as an abbreviation for a source and source-wildcard of
source 0.0.0.0.source-wildcard
Wildcard bits to be applied to source. There are three ways to specify the source wildcard:
Use a 32-bit quantity in 4-part dotted-decimal format. Place ones in the bit positions you want to ignore.
Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255.
Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0.
destination
Number of the network or host to which the packet is being sent. There are three ways to specify the destination:
Use a 32-bit quantity in 4-part dotted-decimal format.
Use the keyword any as an abbreviation for the destination and destination-wildcard of 0.0.0.0 255.255.255.255.
Use host destination as an abbreviation for a destination and destination-wildcard of destination 0.0.0.0.
destination-wildcard
Wildcard bits to be applied to the destination. There are three ways to specify the destination wildcard:
Use a 32-bit quantity in 4-part dotted-decimal format. Place ones in the bit positions you want to ignore.
Use the keyword any as an abbreviation for a destination and destination-wildcard of 0.0.0.0 255.255.255.255.
Use host destination as an abbreviation for a destination and destination-wildcard of destination 0.0.0.0.
precedence precedence
Packets can be filtered by precedence level, as specified by a number from
0 to 7, or by name, as listed in the section "Usage Guidelines."tos tos
Packets can be filtered by type of service level, as specified by a number
from 0 to 15, or by name, as listed in the section "Usage Guidelines."icmp-type
ICMP packets can be filtered by ICMP message type. The type is a number
from 0 to 255.icmp-code
ICMP packets which are filtered by ICMP message type can also be filtered by the ICMP message code. The code is a number from 0 to 255.
icmp-message
ICMP packets can be filtered by an ICMP message type name or ICMP
message type and code name. The possible names are listed in the section
"Usage Guidelines."igmp-type
IGMP packets can be filtered by IGMP message type or message name.
A message type is a number from 0 to 15. IGMP message names are listed in the section "Usage Guidelines."operator
Compares source or destination ports. Possible operands include lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range).
If the operator is positioned after the source and source-wildcard, it must match the source port.
If the operator is positioned after the destination and destination-wildcard, it must match the destination port.
The range operator requires two port numbers. All other operators require one port number.
port
The decimal number or name of a TCP or UDP port. A port number is a number from 0 to 65535. TCP and UDP port names are listed in the section "Usage Guidelines."
TCP port names can only be used when filtering TCP. UDP port names can only be used when filtering UDP.
established
For the TCP protocol only; indicates an established connection. A match occurs if the TCP datagram has the ACK or RST bits set. The nonmatching case is that of the initial TCP datagram to form a connection.
log
Causes an informational logging message about the packet that matches the entry to be sent to the console. (The level of messages logged to the console is controlled by the logging console command.)
The message includes the access list number; whether the packet was permitted or denied; the protocol, whether it was TCP, UDP, ICMP or a number; and, if appropriate, the source and destination addresses and source and destination port numbers. The message is generated for the first packet that matches the entry and then at 5-minute intervals, including the number of packets permitted or denied in the prior 5-minute interval.
log-input
Log matches against this entry, including input interface.
Defaults
An extended access list defaults to a list that denies everything. An extended access list is terminated by an implicit deny statement.
Command Modes
Global configuration
Command History
Usage Guidelines
You can use access lists to control the transmission of packets on an interface, control virtual terminal line access, and restrict contents of routing updates. The switch stops checking the extended access list after a match occurs.
Fragmented IP packets, other than the initial fragment, are immediately accepted by any extended IP access list. Extended access lists used to control virtual terminal line access or restrict contents of routing updates must not match against the TCP source port, the type of service value, or the packet's precedence.
Note After an access list is created initially, any subsequent additions (possibly entered from the terminal) are placed at the end of the list. In other words, you cannot selectively add or remove access list command lines from a specific access list.
The following is a list of precedence names:
•critical
•flash
•flash-override
•immediate
•internet
•network
•priority
•routine
The following is a list of TOS names:
•max-reliability
•max-throughput
•min-delay
•min-monetary-cost
•normal
The following is a list of ICMP message-type names and ICMP message-type and code names:
•administratively-prohibited
•alternate-address
•conversion-error
•dod-host-prohibited
•dod-net-prohibited
•echo
•echo-reply
•general-parameter-problem
•host-isolated
•host-precedence-unreachable
•host-redirect
•host-tos-redirect
•host-tos-unreachable
•host-unknown
•host-unreachable
•information-reply
•information-request
•log in-put
•mask-reply
•mask-request
•mobile-redirect
•net-redirect
•net-tos-redirect
•net-tos-unreachable
•net-unreachable
•network-unknown
•no-room-for-option
•option-missing
•packet-too-big
•parameter-problem
•port-unreachable
•precedence
•precedence-unreachable
•protocol-unreachable
•reassembly-timeout
•redirect
•router-advertisement
•router-solicitation
•source-quench
•source-route-failed
•time-exceeded
•timestamp-reply
•timestamp-request
•tos
•traceroute
•ttl-exceeded
•unreachable
The following is a list of TCP port names that can be used instead of port numbers. Refer to the current Assigned Numbers RFC to find a reference to these protocols. Port numbers corresponding to these protocols can also be found by entering a ? in the place of a port number.
•bgp
•chargen
•cmd
•daytime
•discard
•domain
•echo
•exec
•finger
•ftp
•ftp-data
•gopher
•hostname
•ident
•irc
•klogin
•kshell
•lpd
•nntp
•pop2
•pop3
•smtp
•sunrpc
•syslog
•tacacs-ds
•talk
•telnet
•time
•uucp
•whois
•www
The following is a list of UDP port names that can be used instead of port numbers. Refer to the current Assigned Numbers RFC to find a reference to these protocols. Port numbers corresponding to these protocols can also be found by entering a ? in the place of a port number.
•biff
•bootpc
•bootps
•discard
•dns
•dnsix
•echo
•mobile-ip
•nameserver
•netbios-dgm
•netbios-ns
•ntp
•rip
•snmp
•snmptrap
•sunrpc
•syslog
•tacacs-ds
•talk
•tftp
•time
•who
•xdmcp
Examples
In the following example, serial interface 0 is part of a Class B network with the address 128.88.0.0, and the mail host's address is 128.88.1.2. The keyword established is used only for the TCP protocol to indicate an established connection. A match occurs if the TCP datagram has the ACK or RST bits set, which indicate that the packet belongs to an existing connection.
Switch(config)#
access-list 102 permit tcp 0.0.0.0 255.255.255.255 128.88.0.0 0.0.255.255 established access-list 102 permit tcp 0.0.0.0 255.255.255.255 128.88.1.2 0.0.0.0 eq 25 interface serial 0 ip access-group 102 in
The following example also permits DNS packets and ICMP echo and echo reply packets.
Switch(config)# access-list 102 permit tcp any 128.88.0.0 0.0.255.255 established
Switch(config)# access-list 102 permit tcp any host 128.88.1.2 eq smtp
Switch(config)# access-list 102 permit tcp any any eq domain
Switch(config)# access-list 102 permit udp any any eq domain
Switch(config)# access-list 102 permit icmp any any echo
Related Commands
access-template
To create a temporary access list entry to the connected switch, use the access-template EXEC command.
access-template {access-list-number | dynamic-name} temp-list source-addr dest-addr
timeout minutesSyntax Description
Command Modes
EXEC
Command History
Usage Guidelines
This command provides a way to enable the lock-and-key access feature.
You should always define either an absolute timeout (with the timeout keyword in this command)
or an idle timeout (with the timeout keyword in the access-class command). Otherwise, the dynamic access list remains, even after the user has terminated the session.Examples
In the following example, IP access is enabled on incoming packets in which the source address is 171.69.1.129 and the destination address is 172.21.52.12. All other source and destination pairs are discarded.
Switch# access-template 101 payroll host 171.69.1.129 host 172.21.52.12 timeout 2
Related Commands
Command DescriptionUsed to define an extended IP access list.
Cisco IOS command removed from this manual. Refer to Appendix D.
Cisco IOS command removed from this manual. Refer to Appendix D.
administrative-weight
To configure the mode of default administrative weight assignment for PNNI interfaces, use the administrative-weight ATM router PNNI configuration command. To return to the default value,
use the no form of this command.administrative-weight {linespeed | uniform}
no administrative-weight
Syntax Description
linespeed
The default value of the administrative weight is based on the linespeed or MaxCR of an interface.
uniform
Assigns the weight of 5040 to interfaces that were not configured.
Defaults
uniform
Command Modes
ATM router configuration
Command History
Usage Guidelines
Administrative weight is used as the primary routing metric to minimize use of network resources.
In the absence of other constraints, this causes PNNI routing to minimize the number of hops. Basing administrative weight on linespeed allows path selection to prefer paths along higher bandwidth interfaces. Higher speed links have lower administrative weights and are preferred during routing.
The value set in this command becomes the default for the atm pnni admin-weight command.For more information, refer to the ATM Switch Router Software Configuration Guide.
Examples
The following script shows how to access the administrative-weight ATM router PNNI configuration command.
Switch# configure terminal
Switch(config)# atm router pnni
Switch(config-atm-router)# administrative-weight uniform
Related Commands
aesa embedded-number left-justified
To enable the automatic conversion of E.164AESA prefixes into left-justified encoding format, use the aesa embedded-number left-justified command.
aesa embedded-number left-justified
Syntax Description
Defaults
None.
Command Modes
Interface configuration
Command History
Usage Guidelines
The aesa embedded-number left-justified command causes the conversion of all reachable address prefixes with the E.164 Authority and Format Identifier (AFI), including reachable address prefixes advertised by remote PNNI nodes, routes learned by ILMI, and reachable address prefixes installed by the switch router automatically. This affects the atm route, auto-summary, summary-address, show atm route, and show atm pnni summary commands. The atm address, atm prefix, and show atm addresses commands are not affected because they do not use PNNI address prefixes.
Examples
The following example shows how to configure the switch router to convert the E.164 AESA prefixes to PNNI 2.0 format, beginning in global configuration mode:
Switch#
configure terminal
Switch(config)
# atm router pnni
Switch(config-atm-router)#
aesa embedded-number left-justifiedRelated Commands
Command DescriptionDisplays the configuration of the automatic conversion of E.164AESA prefixes into left-justified encoding format.
aggregation-mode
To specify the mode that is used to calculate the combined metrics from multiple lower-level PNNI links into individual aggregated links to be advertised by this node, use the aggregation-mode PNNI node configuration command.
aggregation-mode {link | node} {abr | cbr | ubr | vbr-rt | vbr-nrt | all} {aggressive | best-link}
Syntax Description
Defaults
best-link for all service categories
Command Modes
PNNI node configuration
Command History
Usage Guidelines
In the PNNI hierarchy, link aggregation is used to represent several parallel links between two peer groups as a single higher-level link. The aggregation modes control how the metrics for the higher level links are derived from the individual parallel links that have the same aggregation token.
Examples
The following example shows how to enter PNNI node configuration mode and specify a node.
Switch# configure terminal
Switch(config)# atm router pnni
Switch(config-atm-router)# node 1
Switch(config-pnni-node)#
The following example shows how to specify aggressive mode aggregation for the VBR-RT service category on links.
Switch(config-pnni-node)# aggregation-mode link vbr-rt aggressive
Related Commands
Command DescriptionUsed to show the PNNI nodal aggregation tables for a complex node.
Used to specify the type of PNNI LGN representation.
arp (global)
To add a permanent entry in the ARP cache, use the arp global configuration command. To remove
an entry from the ARP cache, use the no form of this command.arp ip-address hardware-address type interface-type card/subcard/port [alias]
no arp ip-address hardware-address type interface-type card/subcard/port [alias]
Syntax Description
Defaults
No entries are permanently installed in the ARP cache.
Command Modes
Global configuration
Command History
Usage Guidelines
The switch uses ARP cache entries to translate 32-bit IP addresses into 48-bit hardware addresses.
Because most hosts support dynamic resolution, you generally do not need to specify static ARP cache entries.
Examples
The following is an example of a static ARP entry for a typical Ethernet host.
Switch(config)# arp 192.31.7.19 0800.0900.1834 arpa
Related Commands
arp (interface)
To control the interface-specific handling of IP address resolution into 48-bit Ethernet, use the
arp interface configuration command. To disable an encapsulation type, use the no form of
this command.arp {arpa | frame-relay | probe | snap}
no arp {arpa | frame-relay | probe | snap}
Syntax Description
arpa
Standard Ethernet-style ARP (RFC 826).
frame-relay
ARP for a Frame Relay interface.
probe
HP Probe protocol for IEEE-802.3 networks.
snap
ARP packets conforming to RFC 1042.
Defaults
Standard Ethernet-style ARP
Command Modes
Interface configuration
Command History
Usage Guidelines
Arguments to the arp command are not mutually exclusive. Each command enables or disables a specific type of ARP. For example, if you enter the arp arpa command followed by the arp probe command, the switch sends three packets (two for probe and one for arpa) each time it needs to discover a MAC address.
The arp probe command allows the switch to use the Probe protocol (in addition to ARP) whenever attempting to resolve an IEEE-802.3 or Ethernet local data interface address. The subset of Probe that performs address resolution is called Virtual Address Request and Reply. Using Probe, the switch communicates transparently with Hewlett-Packard IEEE-802.3 hosts using this type of data encapsulation.
Note All interfaces that use Probe must be explicitly configured for arp probe.
The show ima interface EXEC command displays the type of ARP being used on a particular interface. To remove all nonstatic entries from the ARP cache, use the clear atm pnni privileged EXEC command.
associate (Catalyst 8540 MSR)
To logically associate two slots within one switch router for redundancy, use the associate command. To disable slot associations, use the no form of this command.
associate slot slot_one slot_two
no associate slot slot_one slot_two
Syntax Description
slot_one
Sets first slot to become associated. Valid range is from 0 to 12.
slot_two
Sets second slot to be associated with first slot. Valid range is from 0 to 12.
Defaults
Slots are not associated.
Command Modes
Redundancy configuration
Command History
Usage Guidelines
Features such as APS (Automatic Protection Switching) utilize logical slot information for the purpose of processor route switchover. Both associated slots must use the same type of interface module. Only slots {0,2}, {1,3}, {9,11}, {10,12} can be associated.
Examples
The following example shows how to associate two separate slots within one switch.
Switch(config)# redundancy
Switch(config-r)# associate slot 10 12
Associate slot command accepted for slots 10 and 12Related Commands
auto-summary
To allow default summary addresses to be generated based on the switch's ATM address, use the auto-summary PNNI node configuration command. To disable generation of default summary addresses, use the no form of this command.
auto-summary
no auto-summary
Syntax Description
This command has no arguments or keywords.
Defaults
Enabled
Command Modes
PNNI node configuration
Command History
Usage Guidelines
By default, lowest level PNNI nodes advertise 13-byte summary address prefixes based on the switch address or addresses. The summary address prefix or prefixes cover all end system addresses determined via ILMI address registration from the ILMI address prefix or prefixes, based on each switch's address. They do not cover end-system addresses determined via ILMI address registration from per-interface ILMI address prefixes (configured using the atm pvc command).
Using the no form of the auto-summary command causes PNNI to advertise all end-system addresses separately (unless other summary addresses matching the end system addresses were configured).
Higher level PNNI nodes (LGNs) have a single default address configured. The length of that summary for any LGN is equal to the level of the child peer group, and its value is equal to the first level bits of the child peer group identifier.
For more information, refer to the ATM Switch Router Software Configuration Guide.
Examples
The following example shows how to access the auto-summary node-level subcommand.
Switch# configure terminal
Switch(config)# atm router pnni
Switch(config-atm-router)# node 1
Switch(config-pnni-node)# auto-summary
Related Commands
Posted: Mon Oct 4 20:18:00 PDT 2004
All contents are Copyright © 1992--2004 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.