|
|
This chapter describes the function and displays the syntax for IP services commands. For more information about defaults and usage guidelines, see the corresponding chapter of the Network Protocols Command Reference, Part 1.
To restrict incoming and outgoing connections between a particular virtual terminal line (into a Cisco device) and the addresses in an access list, use the access-class line configuration command. To remove access restrictions, use the no form of this command.
access-class access-list-number {in | out}| access-list-number | Number of an access list. This is a decimal number from 1 to 199. |
| in | Restricts incoming connections between a particular Cisco device and the addresses in the access list. |
| out | Restricts outgoing connections between a particular Cisco device and the addresses in the access list. |
To define an extended IP access list, use the extended version of the access-list global configuration command. To remove the access lists, use the no form of this command.
access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny | permit}| access-list-number | Number of an access list. This is a decimal number from 100 to 199. |
| dynamic dynamic-name | (Optional) Identifies this access list as a dynamic access list. Refer to lock-and-key access documented in the "Configuring Traffic Filters" chapter in the Security Configuration Guide. |
| timeout minutes | (Optional) Specifies the absolute length of time (in minutes) that a temporary access list entry can remain in a dynamic access list. The default is an infinite length of time and allows an entry to remain permanently. Refer to lock-and-key access documented in the "Configuring Traffic Filters" chapter in the Security Configuration Guide. |
| deny | Denies access if the conditions are matched. |
| permit | Permits access if the conditions are matched. |
| protocol | Name or number of an IP protocol. It can be one of the keywords eigrp, gre, icmp, igmp, igrp, ip, ipinip, nos, ospf, tcp, or udp, or an integer in the range 0 to 255 representing an IP protocol number. To match any Internet protocol (including ICMP, TCP, and UDP) use the keyword ip. Some protocols allow further qualifiers described below. |
| source | Number of the network or host from which the packet is being sent. There are three alternative ways to specify the source:
|
|
source-wildcard | Wildcard bits to be applied to source. There are three alternative ways to specify the source wildcard:
|
|
destination | Number of the network or host to which the packet is being sent. There are three alternative ways to specify the destination:
|
|
destination-wildcard | Wildcard bits to be applied to the destination. There are three alternative ways to specify the destination wildcard:
|
|
precedence precedence | (Optional) Packets can be filtered by precedence level, as specified by a number from 0 to 7 or by name as listed in the section "Usage Guidelines." |
| tos tos | (Optional) Packets can be filtered by type of service level, as specified by a number from 0 to 15 or by name as listed in the section "Usage Guidelines." |
| icmp-type | (Optional) ICMP packets can be filtered by ICMP message type. The type is a number from 0 to 255. |
| icmp-code | (Optional) ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code. The code is a number from 0 to 255. |
| icmp-message | (Optional) ICMP packets can be filtered by an ICMP message type name or ICMP message type and code name. The possible names are found in the section "Usage Guidelines." |
| igmp-type | (Optional) IGMP packets can be filtered by IGMP message type or message name. A message type is a number from 0 to 15. IGMP message names are listed in the section "Usage Guidelines." |
| operator | (Optional) Compares source or destination ports. Possible operands include lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range).
If the operator is positioned after the source and source-wildcard, it must match the source port. If the operator is positioned after the destination and destination-wildcard, it must match the destination port. The range operator requires two port numbers. All other operators require one port number. |
| port | (Optional) The decimal number or name of a TCP or UDP port. A port number is a number from 0 to 65535. TCP port names are listed in the section "Usage Guidelines." TCP port names can only be used when filtering TCP. UDP port names are listed in the section "Usage Guidelines." UDP port names can only be used when filtering UDP.
TCP port names can only be used when filtering TCP. UDP port names can only be used when filtering UDP. |
| established | (Optional) For the TCP protocol only: Indicates an established connection. A match occurs if the TCP datagram has the ACK or RST bits set. The nonmatching case is that of the initial TCP datagram to form a connection. |
| log | (Optional) Causes an informational logging message about the packet that matches the entry to be sent to the console. (The level of messages logged to the console is controlled by the logging console command.)
The message includes the access list number, whether the packet was permitted or denied; the protocol, whether it was TCP, UDP, ICMP or a number; and, if appropriate, the source and destination addresses and source and destination port numbers. The message is generated for the first packet that matches, and then at 5-minute intervals, including the number of packets permitted or denied in the prior 5-minute interval. |
To define a standard IP access list, use the standard version of the access-list global configuration command. To remove a standard access lists, use the no form of this command.
access-list access-list-number {deny | permit} source [source-wildcard]| access-list-number | Number of an access list. This is a decimal number from 1 to 99. |
| deny | Denies access if the conditions are matched. |
| permit | Permits access if the conditions are matched. |
| source | Number of the network or host from which the packet is being sent. There are two alternative ways to specify the source:
|
|
source-wildcard | (Optional) Wildcard bits to be applied to the source. There are two alternative ways to specify the source wildcard:
|
To clear the counters of an access list, use the clear access-list counters EXEC command.
clear access-list counters {access-list-number | name}| access-list-number | Access list number from 0 to 1199 for which to clear the counters. |
| name | Name of an IP access list. The name cannot contain a space or quotation mark, and must begin with an alphabetic character to avoid ambiguity with numbered access lists. |
To clear the active or checkpointed database when IP accounting is enabled, use the clear ip accounting EXEC command.
clear ip accounting [checkpoint]| checkpoint | (Optional) Clears the checkpointed database. |
To clear all statistics being collected on Director Response Protocol (DRP) requests and replies, use the clear ip drp EXEC command.
clear ip drpTo clear TCP statistics, use the clear tcp statistics EXEC command.
clear tcp statisticsTo set conditions for a named IP access list, use the deny access-list configuration command. To remove a deny condition from an access list, use the no form of this command.
deny source [source-wildcard]| source | Number of the network or host from which the packet is being sent. There are two alternative ways to specify the source:
|
|
source-wildcard | (Optional) Wildcard bits to be applied to the source. There are two alternative ways to specify the source wildcard:
|
|
protocol | Name or number of an IP protocol. It can be one of the keywords eigrp, gre, icmp, igmp, igrp, ip, ipinip, nos, ospf, tcp, or udp, or an integer in the range 0 to 255 representing an IP protocol number. To match any Internet protocol (including ICMP, TCP, and UDP), use the keyword ip. Some protocols allow further qualifiers described later. |
| source | Number of the network or host from which the packet is being sent. There are three alternative ways to specify the source:
|
|
source-wildcard | Wildcard bits to be applied to source. There are three alternative ways to specify the source wildcard:
|
|
destination | Number of the network or host to which the packet is being sent. There are three alternative ways to specify the destination:
|
|
destination-wildcard | Wildcard bits to be applied to the destination. There are three alternative ways to specify the destination wildcard:
|
|
precedence precedence | (Optional) Packets can be filtered by precedence level, as specified by a number from 0 to 7 or by name as listed in the section "Usage Guidelines." |
| tos tos | (Optional) Packets can be filtered by type of service level, as specified by a number from 0 to 15 or by name as listed in the "Usage Guidelines" section of the access-list (extended) command. |
| icmp-type | (Optional) ICMP packets can be filtered by ICMP message type. The type is a number from 0 to 255. |
| icmp-code | (Optional) ICMP packets which are filtered by ICMP message type can also be filtered by the ICMP message code. The code is a number from 0 to 255. |
| icmp-message | (Optional) ICMP packets can be filtered by an ICMP message type name or ICMP message type and code name. The possible names are found in the "Usage Guidelines" section of the access-list (extended) command. |
| igmp-type | (Optional) IGMP packets can be filtered by IGMP message type or message name. A message type is a number from 0 to 15. IGMP message names are listed in the "Usage Guidelines" section of the access-list (extended) command. |
| operator | (Optional) Compares source or destination ports. Possible operands include lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range).
If the operator is positioned after the source and source-wildcard, it must match the source port. If the operator is positioned after the destination and destination-wildcard, it must match the destination port. The range operator requires two port numbers. All other operators require one port number. |
| port | (Optional) The decimal number or name of a TCP or UDP port. A port number is a number from 0 to 65535. TCP and UDP port names are listed in the "Usage Guidelines" section of the access-list (extended) command. TCP port names can only be used when filtering TCP. UDP port names can only be used when filtering UDP. |
| established | (Optional) For the TCP protocol only: Indicates an established connection. A match occurs if the TCP datagram has the ACK or RST bits set. The nonmatching case is that of the initial TCP datagram to form a connection. |
| log | (Optional) Causes an informational logging message about the packet that matches the entry to be sent to the console. (The level of messages logged to the console is controlled by the logging console command.)
The message includes the access list number, whether the packet was permitted or denied; the protocol, whether it was TCP, UDP, ICMP or a number; and, if appropriate, the source and destination addresses and source and destination port numbers. The message is generated for the first packet that matches, and then at 5-minute intervals, including the number of packets permitted or denied in the prior 5-minute interval. |
To define a named, dynamic, IP access list, use the dynamic access-list configuration command. To remove the access lists, use the no form of this command.
dynamic dynamic-name [timeout minutes] {deny | permit} protocol source source-wildcard| dynamic-name | Identifies this access list as a dynamic access list. Refer to lock-and-key access documented in the "Configuring Traffic Filters" chapter in the Security Configuration Guide. |
| timeout minutes | (Optional) Specifies the absolute length of time (in minutes) that a temporary access list entry can remain in a dynamic access list. The default is an infinite length of time and allows an entry to remain permanently. Refer to lock-and-key access documented in the "Configuring Traffic Filters" chapter in the Security Configuration Guide. |
| deny | Denies access if the conditions are matched. |
| permit | Permits access if the conditions are matched. |
| protocol | Name or number of an IP protocol. It can be one of the keywords eigrp, gre, icmp, igmp, igrp, ip, ipinip, nos, ospf, tcp, or udp, or an integer in the range 0 to 255 representing an IP protocol number. To match any Internet protocol (including ICMP, TCP, and UDP), use the keyword ip. Some protocols allow further qualifiers described later. |
| source | Number of the network or host from which the packet is being sent. There are three alternative ways to specify the source:
|
|
source-wildcard | Wildcard bits to be applied to source. There are three alternative ways to specify the source wildcard:
|
|
destination | Number of the network or host to which the packet is being sent. There are three alternative ways to specify the destination:
|
|
destination-wildcard | Wildcard bits to be applied to the destination. There are three alternative ways to specify the destination wildcard:
|
|
precedence precedence | (Optional) Packets can be filtered by precedence level, as specified by a number from 0 to 7 or by name as listed in the section "Usage Guidelines." |
| tos tos | (Optional) Packets can be filtered by type of service level, as specified by a number from 0 to 15 or by name as listed in the section "Usage Guidelines." |
| icmp-type | (Optional) ICMP packets can be filtered by ICMP message type. The type is a number from 0 to 255. |
| icmp-code | (Optional) ICMP packets which are filtered by ICMP message type can also be filtered by the ICMP message code. The code is a number from 0 to 255. |
| icmp-message | (Optional) ICMP packets can be filtered by an ICMP message type name or ICMP message type and code name. The possible names are found in the section "Usage Guidelines." |
| igmp-type | (Optional) IGMP packets can be filtered by IGMP message type or message name. A message type is a number from 0 to 15. IGMP message names are listed in the section "Usage Guidelines." |
| operator | (Optional) Compares source or destination ports. Possible operands include lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range).
If the operator is positioned after the source and source-wildcard, it must match the source port. If the operator is positioned after the destination and destination-wildcard, it must match the destination port. The range operator requires two port numbers. All other operators require one port number. |
| port | (Optional) The decimal number or name of a TCP or UDP port. A port number is a number from 0 to 65535. TCP and UDP port names are listed in the "Usage Guidelines" section of the access-list (extended) command. TCP port names can only be used when filtering TCP. UDP port names can only be used when filtering UDP. |
| established | (Optional) For the TCP protocol only: Indicates an established connection. A match occurs if the TCP datagram has the ACK or RST bits set. The nonmatching case is that of the initial TCP datagram to form a connection. |
| log | (Optional) Causes an informational logging message about the packet that matches the entry to be sent to the console. (The level of messages logged to the console is controlled by the logging console command.)
The message includes the access list number, whether the packet was permitted or denied; the protocol, whether it was TCP, UDP, ICMP or a number; and, if appropriate, the source and destination addresses and source and destination port numbers. The message is generated for the first packet that matches, and then at 5-minute intervals, including the number of packets permitted or denied in the prior 5-minute interval. |
To control access to an interface, use the ip access-group interface configuration command. To remove the specified access group, use the no form of this command.
ip access-group {access-list-number | name}{in | out}| access-list-number | Number of an access list. This is a decimal number from 1 to 199. |
| name | Name of an IP access list as specified by an ip access-list command. |
| in | Filters on inbound packets. |
| out | Filters on outbound packets. |
To define an IP access list by name, use the ip access-list global configuration command. To remove a named IP access lists, use the no form of this command.
ip access-list {standard | extended} name| standard | Specifies a standard IP access list. |
| extended | Specifies an extended IP access list. |
| name | Name of the access list. Names cannot contain a space or quotation mark, and must begin with an alphabetic character to prevent ambiguity with numbered access lists. |
To enable IP accounting on an interface, use the ip accounting interface configuration command. To disable IP accounting, use the no form of this command.
ip accounting [access-violations]| access-violations | (Optional) Enables IP accounting with the ability to identify IP traffic that fails IP access lists. |
To define filters to control the hosts for which IP accounting information is kept, use the ip accounting-list global configuration command. To remove a filter definition, use the no form of this command.
ip accounting-list ip-address wildcard| ip-address | IP address in dotted-decimal format. |
| wildcard | Wildcard bits to be applied to ip-address. |
To set the maximum number of accounting entries to be created, use the ip accounting-threshold global configuration command. To restore the default number of entries, use the no form of this command.
ip accounting-threshold threshold| threshold | Maximum number of entries (source and destination address pairs) that the Cisco IOS software accumulates. |
To control the number of transit records that are stored in the IP accounting database, use the ip accounting-transits global configuration command. To return to the default number of records, use the no form of this command.
ip accounting-transits count| count | Number of transit records to store in the IP accounting database. |
To control the sources of Director Response Protocol (DRP) queries to the DRP Server Agent, use the ip drp access-group global configuration command. To remove the access list, use the no form of this command.
ip drp access-group access-list-number| access-list-number | Number of a standard IP access list in the range 1 to 99. |
To configure authentication on the DRP Server Agent for DistributedDirector, use the ip drp authentication key-chain global configuration command. To remove the key chain, use the no form of this command.
ip drp authentication key-chain name-of-chain| name-of-chain | Name of the key chain containing one or more authentication keys. |
To enable the Director Response Protocol (DRP) Server Agent that works with DistributedDirector, use the ip drp server global configuration command. To disable the DRP Server Agent, use the no form of this command.
ip drp serverTo have the Cisco IOS software respond to Internet Control Message Protocol (ICMP) mask requests by sending ICMP Mask Reply messages, use the ip mask-reply interface configuration command. To disable this function, use the no form of this command.
ip mask-replyTo set the maximum transmission unit (MTU) size of IP packets sent on an interface, use the ip mtu interface configuration command. To restore the default MTU size, use the no form of this command.
ip mtu bytes| bytes | MTU in bytes. |
To allow the Cisco IOS software to handle IP datagrams with source routing header options, use the ip source-route global configuration command. To have the software discard any IP datagram containing a source-route option, use the no form of this command.
ip source-routeTo alter the TCP maximum read size for Telnet or rlogin, use the ip tcp chunk-size global configuration command. To restore the default value, use the no form of this command.
ip tcp chunk-size characters| characters | Maximum number of characters that Telnet or rlogin can read in one read instruction. The default value is 0, which Telnet and rlogin interpret as the largest possible 32-bit positive number. |
To specify the total number of header compression connections that can exist on an interface, use the ip tcp compression-connections interface configuration command. To restore the default, use the no form of this command.
ip tcp compression-connections number| number | Number of connections the cache supports. It can be a number from 3 to 256. |
To enable TCP header compression, use the ip tcp header-compression interface configuration command. To disable compression, use the no form of this command.
ip tcp header-compression [passive]| passive | (Optional) Compresses outgoing TCP packets only if incoming TCP packets on the same interface are compressed. If you do not specify the passive keyword, the Cisco IOS software compresses all traffic. |
To enable Path MTU Discovery for all new TCP connections from the router, use the ip tcp path-mtu-discovery interface configuration command. To disable the feature, use the no form of this command.
ip tcp path-mtu-discovery [age-timer {minutes | infinite}]| age-timer minutes | (Optional) Time interval (in minutes) after which TCP re-estimates the Path MTU with a larger maximum segment size (MSS). The maximum is 30 minutes; the default is 10 minutes. |
| infinite | (Optional) Turns off the age-timer. |
To alter the maximum TCP outgoing queue per connection, use the ip tcp queuemax global configuration command. To restore the default value, use the no form of this command.
ip tcp queuemax packets| packets | Outgoing queue size of TCP packets. The default value is 5 segments if the connection has a TTY associated with it. If there is no TTY associated with it, the default value is 20 segments. |
To enable TCP selective acknowledgment, use the ip tcp selective-ack global configuration command. To disable TCP selective acknowledgment, use the no form of this command.
ip tcp selective-ackTo set a period of time the Cisco IOS software waits while attempting to establish a TCP connection before it times out, use the ip tcp synwait-time global configuration command. To restore the default time, use the no form of this command.
ip tcp synwait-time seconds| seconds | Time in seconds the software waits while attempting to establish a TCP connection. It can be an integer from 5 to 300 seconds. The default is 30 seconds. |
To enable TCP timestamp, use the ip tcp timestamp global configuration command. To disable TCP timestamp, use the no form of this command.
ip tcp timestampTo alter the TCP window size, use the ip tcp window-size global configuration command. To restore the default value, use the no form of this command.
ip tcp window-size bytes| bytes | Window size in bytes. The maximum is 65535 bytes. The default value is 2144 bytes. |
To enable the generation of ICMP Unreachable messages, use the ip unreachables interface configuration command. To disable this function, use the no form of this command.
ip unreachablesTo set conditions for a named IP access list, use the permit access-list configuration command. To remove a condition from an access list, use the no form of this command.
permit source [source-wildcard]| source | Number of the network or host from which the packet is being sent. There are two alternative ways to specify the source:
|
|
source-wildcard | (Optional) Wildcard bits to be applied to the source. There are two alternative ways to specify the source wildcard:
|
|
protocol | Name or number of an IP protocol. It can be one of the keywords eigrp, gre, icmp, igmp, igrp, ip, ipinip, nos, ospf, tcp, or udp, or an integer in the range 0 to 255 representing an IP protocol number. To match any Internet protocol (including ICMP, TCP, and UDP), use the keyword ip. Some protocols allow further qualifiers described later. |
| source | Number of the network or host from which the packet is being sent. There are three alternative ways to specify the source:
|
|
source-wildcard | Wildcard bits to be applied to source. There are three alternative ways to specify the source wildcard:
|
|
destination | Number of the network or host to which the packet is being sent. There are three alternative ways to specify the destination:
|
|
destination-wildcard | Wildcard bits to be applied to the destination. There are three alternative ways to specify the destination wildcard:
|
|
precedence precedence | (Optional) Packets can be filtered by precedence level, as specified by a number from 0 to 7 or by name as listed in the section "Usage Guidelines." |
| tos tos | (Optional) Packets can be filtered by type of service level, as specified by a number from 0 to 15 or by name as listed in the "Usage Guidelines" section of the access-list (extended) command. |
| icmp-type | (Optional) ICMP packets can be filtered by ICMP message type. The type is a number from 0 to 255. |
| icmp-code | (Optional) ICMP packets which are filtered by ICMP message type can also be filtered by the ICMP message code. The code is a number from 0 to 255. |
| icmp-message | (Optional) ICMP packets can be filtered by an ICMP message type name or ICMP message type and code name. The possible names are found in the "Usage Guidelines" section of the access-list (extended) command. |
| igmp-type | (Optional) IGMP packets can be filtered by IGMP message type or message name. A message type is a number from 0 to 15. IGMP message names are listed in the "Usage Guidelines" section of the access-list (extended) command. |
| operator | (Optional) Compares source or destination ports. Possible operands include lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range).
If the operator is positioned after the source and source-wildcard, it must match the source port. If the operator is positioned after the destination and destination-wildcard, it must match the destination port. The range operator requires two port numbers. All other operators require one port number. |
| port | (Optional) The decimal number or name of a TCP or UDP port. A port number is a number from 0 to 65535. TCP and UDP port names are listed in the "Usage Guidelines" section of the access-list (extended) command. TCP port names can only be used when filtering TCP. UDP port names can only be used when filtering UDP. |
| established | (Optional) For the TCP protocol only: Indicates an established connection. A match occurs if the TCP datagram has the ACK or RST bits set. The nonmatching case is that of the initial TCP datagram to form a connection. |
| log | (Optional) Causes an informational logging message about the packet that matches the entry to be sent to the console. (The level of messages logged to the console is controlled by the logging console command.)
The message includes the access list number, whether the packet was permitted or denied; the protocol, whether it was TCP, UDP, ICMP or a number; and, if appropriate, the source and destination addresses and source and destination port numbers. The message is generated for the first packet that matches, and then at 5-minute intervals, including the number of packets permitted or denied in the prior 5-minute interval. |
To display the contents of current access lists, use the show access-lists privileged EXEC command.
show access-lists [access-list-number | name]| access-list-number | (Optional) Access list number to display. The range is 0 to 1199. The system displays all access lists by default. |
| name | (Optional) Name of the IP access list to display. |
To display the contents of all current IP access lists, use the show ip access-list EXEC command.
show ip access-list [access-list-number | name]| access-list-number | (Optional) Number of the IP access list to display. This is a decimal number from 1 to 199. |
| name | (Optional) Name of the IP access list to display. |
To display the active accounting or checkpointed database or to display access list violations, use the show ip accounting EXEC command.
show ip accounting [checkpoint] [output-packets | access-violations]To display information about the DRP Server Agent for DistributedDirector, use the show ip drp EXEC command.
show ip drpTo display statistics about TCP header compression, use the show ip tcp header-compression EXEC command.
show ip tcp header-compressionTo display statistics about IP traffic, use the show ip traffic EXEC command.
show ip trafficTo display Hot Standby Router Protocol (HSRP) information, use the show standby EXEC command.
show standby [type number [group]] [brief]| type number | (Optional) Interface type and number for which output is displayed. |
| group | (Optional) Group number on the interface for which output is displayed. |
| brief | (Optional) A single line of output summarizes each standby group. |
To display TCP statistics, use the show tcp statistics EXEC command.
show tcp statisticsTo configure an authentication string for the Hot Standby Router Protocol (HSRP), use the standby authentication interface configuration command. To delete an authentication string, use the no form of this command.
standby [group-number] authentication string| group-number | (Optional) Group number on the interface to which this authentication string applies. |
| string | Authentication string. It can be up to eight characters in length. The default string is cisco. |
To activate the Hot Standby Router Protocol (HSRP), use the standby ip interface configuration command. To disable HSRP, use the no form of this command.
standby [group-number] ip [ip-address [secondary]]| group-number | (Optional) Group number on the interface for which HSRP is being activated. Default is 0. |
| ip-address | (Optional) IP address of the Hot Standby Router interface. |
| secondary | (Optional) Indicates the IP address is a secondary Hot Standby Router interface. Useful on interfaces with primary and secondary addresses; you can configure primary and secondary HSRP addresses. |
To configure Hot Standby Router Protocol (HSRP) priority, preemption, and preemption delay, use the standby interface configuration command. To restore the default values, use the no form of this command.
standby [group-number] priority priority [preempt [delay delay]]| group-number | (Optional) Group number on the interface to which the other arguments in this command apply. |
| priority priority | (Optional) Priority value that prioritizes a potential Hot Standby router. The range is 1 to 255; the default is 100. |
| preempt | (Optional) The router is configured to preempt, which means that when the local router has a Hot Standby priority higher than the current active router, the local router should attempt to assume control as the active router. If preempt is not configured, the local router assumes control as the active router only if it receives information indicating that there is no router currently in the active state (acting as the designated router). |
| delay delay | (Optional) Time in seconds. The delay argument causes the local router to postpone taking over the active role for delay seconds since that router was last restarted. The range is 0 to 3600 seconds (1 hour). The default is 0 seconds (no delay). |
To configure the time between hellos and the time before other routers declare the active Hot Standby or standby router to be down, use the standby timers interface configuration command. To restore the timers to their default values, use the no form of this command.
standby [group-number] timers hellotime holdtime| group-number | (Optional) Group number on the interface to which the timers apply. The default is 0. |
| hellotime | Hello interval in seconds. This is an integer from 1 to 255. The default is 3 seconds. |
| holdtime | Time in seconds before the active or standby router is declared to be down. This is an integer from 1 to 255. The default is 10 seconds. |
To configure an interface so that the Hot Standby priority changes based on the availability of other interfaces, use the standby track interface configuration command. To remove the tracking, use the no form of this command.
standby [group-number] track type number [interface-priority]| group-number | (Optional) Group number on the interface to which the tracking applies. |
| type | Interface type (combined with interface number) that will be tracked. |
| number | Interface number (combined with interface type) that will be tracked. |
| interface-priority | (Optional) Amount by which the Hot Standby priority for the router is decremented (or incremented) when the interface goes down (or comes back up). The default value is 10. |
To configure Hot Standby Router Protocol (HSRP) to use the interface's burned-in address as its virtual MAC address, instead of the preassigned MAC address (on Ethernet and FDDI) or the functional address (on Token Ring), use the standby use-bia interface configuration command. To restore the default virtual MAC address, use the no form of this command.
standby use-biaTo assign a transmit interface to a receive-only interface, use the transmit-interface interface configuration command. To return to normal duplex Ethernet interfaces, use the no form of this command.
transmit-interface type number| type | Transmit interface type to be linked with the (current) receive-only interface. |
| number | Transmit interface number to be linked with the (current) receive-only interface. |
|
|