A10 Thunder Vlan Bridging + VRRP

NETWORK CONFIGURATION GUIDE
A10 Thunder Series and AX Series

ACOS 4.1.0
29 March 2016
2016 A10 Networks, Inc. Confidential and Proprietary - All Rights Reserved
Information in this document is subject to change without notice.
Patent Protection
A10 Networks products are protected by patents in the U.S. and elsewhere. The following website is provided to satisfy the virtual patent marking provisions of various jurisdictions including the virtual patent marking provisions of the America Invents Act. A10 Networks' products, including all Thunder Series products, are protected by one or more of U.S. patents and patents pending listed at:
https://www.a10networks.com/company/legal-notices/a10-virtual-patent-marking.
Trademarks
The A10 logo, A10 Harmony, A10 Lightning, A10 Networks, A10 Thunder, aCloud, ACOS, Affinity, aFleX, aFlow, aGalaxy, aGAPI, aVCS, AX,
aXAPI, IDsentrie, IP-to-ID, SSL Insight, SSLi, Thunder, Thunder TPS, UASG, and vThunder are trademarks or registered trademarks of A10
Networks, Inc. in the United States and other countries. All other trademarks are property of their respective owners.
Confidentiality
This document contains confidential materials proprietary to A10 Networks, Inc. This document and information and ideas herein may
not be disclosed, copied, reproduced or distributed to anyone outside A10 Networks, Inc. without prior written consent of
A10 Networks, Inc.
A10 Networks Inc. Software License and End User Agreement

Software for all A10 Networks products contains trade secrets of A10 Networks and its subsidiaries and Customer agrees to treat Software as confidential information.
Anyone who uses the Software does so only in compliance with the terms of the End User License Agreement (EULA), provided later in
this document or available separately. Customer shall not:
1. reverse engineer, reverse compile, reverse de-assemble or otherwise translate the Software by any means
2. sublicense, rent or lease the Software.
Disclaimer
This document does not create any express or implied warranty about A10 Networks or about its products or services, including but not
limited to fitness for a particular use and non-infringement. A10 Networks has made reasonable efforts to verify that the information
contained herein is accurate, but A10 Networks assumes no responsibility for its use. All information is provided "as-is." The product
specifications and features described in this publication are based on the latest information available; however, specifications are subject to change without notice, and certain features may not be available upon initial product release. Contact A10 Networks for current
information regarding its products or services. A10 Networks products and services are subject to A10 Networks standard terms and
conditions.
Environmental Considerations
Some electronic components may possibly contain dangerous substances. For information on specific component types, please contact the manufacturer of that component. Always consult local authorities for regulations regarding proper disposal of electronic components in your area.
Further Information
For additional information about A10 products, terms and conditions of delivery, and pricing, contact your nearest A10 Networks location, which can be found by visiting www.a10networks.com.
Table of Contents
Layer 2 Networking ....................................................................................................................... 1

Link Trunking ............................................................................................................................................... 3
Overview ............................................................................................................................................................... 3
Trunk Parameters................................................................................................................................................ 4
Interface-Level Parameters for Trunks .......................................................................................................................................... 4
Port-Threshold Parameters ................................................................................................................................................................. 5
LACP Parameters ....................................................................................................................................................................................... 5
Global LACP Parameter ................................................................................................................................................................ 5
Interface-Level LACP Parameters .......................................................................................................................................... 6
Unidirectional Link Detection .................................................................................................................................................. 6
Static Trunk Configuration .............................................................................................................................. 7

Use the GUI to Configure a Static Trunk ..................................................................................................................................... 7
Configure the Trunk ....................................................................................................................................................................... 7
Configuring the Minimum Port Threshold ...................................................................................................................... 8
Use the CLI to Configure a Static Trunk ...................................................................................................................................... 8
Dynamic Trunk Configuration ....................................................................................................................... 9

Use the GUI to Configure an LACP Trunk ................................................................................................................................... 9
Configuring the LACP System Priority ..............................................................................................................................10
Configuring the Minimum Port Threshold ....................................................................................................................10
Verifying Port Threshold Configuration in the GUI ...................................................................................................10
Use the CLI to Configure an LACP Trunk ..................................................................................................................................11
Configuring Each Interface .....................................................................................................................................................11
Configuring LACP System Priority .......................................................................................................................................12
Configuring Interface-Level Parameters on an LACP Trunk ...............................................................................12
LACP Passthrough ............................................................................................................................................13

Configuration ............................................................................................................................................................................................14
Displaying LACP Information ..........................................................................................................................................................16
Clearing LACP Statistics ......................................................................................................................................................................18
Link Layer Discovery Protocol ..............................................................................................................19

Overview of LLDP .............................................................................................................................................19
Configure LLDP .................................................................................................................................................20
Use the GUI to Configure LLDP ......................................................................................................................................................20
Use the CLI to Configure LLDP .......................................................................................................................................................21
page 1 | Document No.: 410-NET-001 - 3/29/2016
A10 Thunder Series and AX SeriesNetwork Configuration Guide

Contents
Virtual LAN Support ................................................................................................................................23

VLAN Overview .................................................................................................................................................23
Default VLAN (VLAN 1) ........................................................................................................................................................................23
Virtual Ethernet Interfaces .................................................................................................................................................................24
Maximum Number of Supported Virtual Ethernet Interfaces ....................................................................................24
Example of Tagged and Untagged Ports .................................................................................................................................24
VLAN-to-VLAN Bridging .................................................................................................................................26

Overview of VLAN-to-VLAN Bridging .........................................................................................................................................26
VLAN-to-VLAN Bridging Configuration Notes ......................................................................................................................28
VLAN-to-VLAN Bridging Configuration Examples ..............................................................................................................28
CLI Example Transparent Mode .......................................................................................................................................28
CLI Example Routed Mode with VRRP-A ....................................................................................................................29
Layer 3 Networking ....................................................................................................................... 1

Dynamic Host Configuration Protocol (DHCP) ................................................................................ 3
Overview of DHCP.............................................................................................................................................. 3
Enable DHCP ........................................................................................................................................................ 4
Configure DHCP Relays .................................................................................................................................... 4
Overview of DHCP Relays .................................................................................................................................................................... 4
Configure DHCP Relays ......................................................................................................................................................................... 5
Use the GUI to Configure a DHCP Relay ........................................................................................................................... 5
Use the CLI to Configure a DHCP Relay ............................................................................................................................. 5
Routing Protocols .......................................................................................................................... 1

Open Shortest Path First (OSPF) ........................................................................................................... 3
Support for Multiple OSPFv2 and OSPFv3 Processes............................................................................ 3
Support for OSPFv2 and OSPFv3 on the Same Interface or Link ...................................................... 3
OSPF MIB Support.............................................................................................................................................. 3
OSPF Configuration Example......................................................................................................................... 4
Interface Configuration ......................................................................................................................................................................... 4
Global OSPF Parameters ....................................................................................................................................................................... 5
Clearing Specific OSPF Neighbors ................................................................................................................................................. 5
OSPF Logging ...................................................................................................................................................... 7

Configuring Router Logging for OSPF ......................................................................................................................................... 7
Enable output options ................................................................................................................................................................. 8
Set severity level and facility .................................................................................................................................................... 8
Enable debug options to generate output ..................................................................................................................... 9
Intermediate System to Intermediate System (IS-IS) ...................................................................13

Basic IS-IS Example Topology.......................................................................................................................13
Document No.: 410-NET-001 - 3/29/2016 | page 2

Contents
Configuring IS-IS...............................................................................................................................................14
Verifying Your IS-IS Configuration ..............................................................................................................14
Border Gateway Protocol (BGP) ..........................................................................................................15

BGP Route Redistributions............................................................................................................................15
Using Route Maps to Permit or Deny Updates ......................................................................................15
Using Route Maps for Traffic Engineering...............................................................................................16
Route Selection Based on Local Preference............................................................................................17
Globally-Enabled Default Route Origination..........................................................................................18
Equal-Cost Multi-path ECMP Support.......................................................................................................18
Route-Map High Availability for Interior Gateway Protocols ...........................................................20
Route-Map High Availability Overview .....................................................................................................................................21
VRRP-A VRID Group Matching ........................................................................................................................................................21
Bidirectional Forwarding Detection ..................................................................................................25

BFD Parameters.................................................................................................................................................25
Configuring BFD ...............................................................................................................................................26
Static Route Support ............................................................................................................................................................................26
Configuring BFD Parameters for BGP ................................................................................................................................27
Displaying BFD Information ....................................................................................................................................................27
Disable BFD .......................................................................................................................................................................................28
Configure BFD with OSPF (for IPv4) .............................................................................................................................................28
Sample Configuration ................................................................................................................................................................29
Configure BFD with OSPF (for IPv6) .............................................................................................................................................29
Configure BFD with IS-IS (for IPv4) ...............................................................................................................................................31
Configure BFD with IS-IS (for IPv6) ...............................................................................................................................................32
Configure BFD with BGP ....................................................................................................................................................................33
Configuring Static BFD ........................................................................................................................................................................34
IPv4 Static BFD (Global) .............................................................................................................................................................34
IPv6 Static BFD (Global) .............................................................................................................................................................34
IPv6 Static BFD (Link-Local) .....................................................................................................................................................34
Configuring BFD Intervals .................................................................................................................................................................34
Global Interval Configuration ................................................................................................................................................34
Interface Interval Configuration ...........................................................................................................................................35
Enable Authentication .........................................................................................................................................................................35
Authentication Per interface ..................................................................................................................................................35
Authentication Per Neighbor (for BGP only) ................................................................................................................35
Enable Echo and Demand function ............................................................................................................................................35

Contents
Enable the Echo Function ........................................................................................................................................................35

Enable the Echo Function Per Interface ..........................................................................................................................36
Enable Demand Mode ...............................................................................................................................................................36
Asynchronous Mode ...................................................................................................................................................................36
Viewing BFD Status..........................................................................................................................................36
Internet Group Multicast Protocol (IGMP) Queries ......................................................................37

In Routed Mode .............................................................................................................................................................................37
In Non-Routed Mode ..................................................................................................................................................................38
Configuring IGMP Membership Queries ..................................................................................................................................38
Use the GUI to Configure IGMP Membership Queries ...........................................................................................38
Use the CLI to Configure IGMP Membership Queries ............................................................................................38
Command Line Interface Reference ....................................................................................... 1

Config Commands: Interface ................................................................................................................. 3
access-list ......................................................................................................................................................................................................... 6
bfd ........................................................................................................................................................................................................................ 6
cpu-process .................................................................................................................................................................................................... 8
disable ................................................................................................................................................................................................................ 8
duplexity ........................................................................................................................................................................................................... 9
enable ................................................................................................................................................................................................................ 9
flow-control ................................................................................................................................................................................................. 10
icmp-rate-limit ........................................................................................................................................................................................... 10
icmpv6-rate-limit ..................................................................................................................................................................................... 11
ip address ...................................................................................................................................................................................................... 12
ip address dhcp ........................................................................................................................................................................................ 13
ip allow-promiscuous-vip ................................................................................................................................................................... 13
ip cache-spoofing-port ........................................................................................................................................................................ 14
ip control-apps-use-mgmt-port ..................................................................................................................................................... 14
ip default-gateway .................................................................................................................................................................................. 15
ip helper-address ..................................................................................................................................................................................... 16
ip igmp ........................................................................................................................................................................................................... 17
ip nat ................................................................................................................................................................................................................ 19
ip ospf ............................................................................................................................................................................................................. 20
ip rip authentication .............................................................................................................................................................................. 22
ip rip receive version .............................................................................................................................................................................. 23
ip rip receive-packet .............................................................................................................................................................................. 23
ip rip send version ................................................................................................................................................................................... 23
ip rip send-packet .................................................................................................................................................................................... 23
ip rip split-horizon ................................................................................................................................................................................... 24
ip router isis | ipv6 router isis ............................................................................................................................................................ 24
ip slb-partition-redirect ........................................................................................................................................................................ 24
ip stateful-firewall .................................................................................................................................................................................... 25
ipv6 (on management interface) ................................................................................................................................................... 25
ipv6 access-list ........................................................................................................................................................................................... 26
ipv6 address ................................................................................................................................................................................................ 26
ipv6 enable .................................................................................................................................................................................................. 27

Contents
ipv6 nat inside ............................................................................................................................................................................................ 27
ipv6 nat outside ........................................................................................................................................................................................ 27
ipv6 ndisc router-advertisement .................................................................................................................................................... 28
ipv6 ospf cost ............................................................................................................................................................................................. 30
ipv6 ospf dead-interval ........................................................................................................................................................................ 30
ipv6 ospf hello-interval ......................................................................................................................................................................... 31
ipv6 ospf mtu-ignore ............................................................................................................................................................................. 31
ipv6 ospf neighbor .................................................................................................................................................................................. 31
ipv6 ospf network .................................................................................................................................................................................... 32
ipv6 ospf priority ...................................................................................................................................................................................... 32
ipv6 ospf retransmit-interval ............................................................................................................................................................. 33
ipv6 ospf transmit-delay ...................................................................................................................................................................... 33
ipv6 rip split-horizon .............................................................................................................................................................................. 33
ipv6 router isis ............................................................................................................................................................................................ 34
ipv6 router ospf ......................................................................................................................................................................................... 34
ipv6 router rip ............................................................................................................................................................................................ 34
ipv6 stateful-firewall ............................................................................................................................................................................... 35
isis authentication ................................................................................................................................................................................... 35
isis bfd ............................................................................................................................................................................................................. 36
isis circuit-type ........................................................................................................................................................................................... 36
isis csnp-interval ....................................................................................................................................................................................... 37
isis hello .......................................................................................................................................................................................................... 37
isis hello-interval ....................................................................................................................................................................................... 38
isis hello-interval-minimal .................................................................................................................................................................. 38
isis hello-multiplier .................................................................................................................................................................................. 39
isis lsp-interval ............................................................................................................................................................................................ 39
isis mesh-group ........................................................................................................................................................................................ 40
isis metric ...................................................................................................................................................................................................... 40
isis network .................................................................................................................................................................................................. 41
isis password ............................................................................................................................................................................................... 41
isis priority ..................................................................................................................................................................................................... 42
isis restart-hello-interval ....................................................................................................................................................................... 42
isis retransmit-interval ........................................................................................................................................................................... 43
isis wide-metric ......................................................................................................................................................................................... 43
l3-vlan-fwd-disable ................................................................................................................................................................................. 44
lldp enable ................................................................................................................................................................................................... 44
lldp notification ......................................................................................................................................................................................... 45
lldp tx-dot1-tlvs ......................................................................................................................................................................................... 45
lldp tx-tlvs ..................................................................................................................................................................................................... 45
load-interval ................................................................................................................................................................................................ 45
lw-4o6 ............................................................................................................................................................................................................. 46
media-type-copper ................................................................................................................................................................................ 46
monitor .......................................................................................................................................................................................................... 46
mtu ................................................................................................................................................................................................................... 48
name ................................................................................................................................................................................................................ 48
ports-threshold ......................................................................................................................................................................................... 49
remove-vlan-tag ....................................................................................................................................................................................... 50
snmp-server ................................................................................................................................................................................................ 50
trunk-group ................................................................................................................................................................................................. 51
Config Commands: VLAN ......................................................................................................................53

Contents
name ................................................................................................................................................................................................................ 53
router-interface ......................................................................................................................................................................................... 54
tagged ............................................................................................................................................................................................................ 55
untagged ...................................................................................................................................................................................................... 55
Config Commands: IP .............................................................................................................................57

ip access-list ................................................................................................................................................................................................ 58
ip address ...................................................................................................................................................................................................... 61
ip anomaly-drop ....................................................................................................................................................................................... 62
ip as-path ...................................................................................................................................................................................................... 63
ip community-list ..................................................................................................................................................................................... 63
ip default-gateway .................................................................................................................................................................................. 64
ip dns ............................................................................................................................................................................................................... 65
ip extcommunity-list .............................................................................................................................................................................. 65
ip frag buff .................................................................................................................................................................................................... 66
ip frag max-reassembly-sessions ................................................................................................................................................... 66
ip frag timeout ........................................................................................................................................................................................... 66
ip icmp disable .......................................................................................................................................................................................... 67
ip mgmt-traffic .......................................................................................................................................................................................... 67
ip nat alg pptp ........................................................................................................................................................................................... 68
ip nat icmp ................................................................................................................................................................................................... 69
ip nat inside source ................................................................................................................................................................................ 70
ip nat pool .................................................................................................................................................................................................... 71
ip nat pool-group .................................................................................................................................................................................... 72
ip nat range-list ......................................................................................................................................................................................... 73
ip nat template logging ....................................................................................................................................................................... 74
ip nat translation ...................................................................................................................................................................................... 76
ip nat-global reset-idle-tcp-conn .................................................................................................................................................. 77
ip prefix-list .................................................................................................................................................................................................. 77
ip route ........................................................................................................................................................................................................... 80
ip tcp syn-cookie threshold ............................................................................................................................................................... 81
Config Commands: IPv6 ........................................................................................................................83

ipv6 access-list ........................................................................................................................................................................................... 84
ipv6 address ................................................................................................................................................................................................ 86
ipv6 default-gateway ............................................................................................................................................................................. 86
ipv6 frag timeout ..................................................................................................................................................................................... 87
ipv6 icmpv6 disable ............................................................................................................................................................................... 88
ipv6 nat icmpv6 respond-to-ping ................................................................................................................................................. 88
ipv6 nat inside source list ................................................................................................................................................................... 88
ipv6 nat pool ............................................................................................................................................................................................... 89
ipv6 nat pool-group ............................................................................................................................................................................... 89
ipv6 neighbor ............................................................................................................................................................................................. 90
ipv6 ospf display route single-line ................................................................................................................................................ 91
ipv6 prefix-list sequence-number ................................................................................................................................................. 91
ipv6 route ...................................................................................................................................................................................................... 92
Config Commands: Router RIP .........................................................................................................95

Enabling RIP........................................................................................................................................................95

Contents
Enabling RIP for IPv4 .............................................................................................................................................................................95

Enabling RIP for IPv6 .............................................................................................................................................................................96
Interface-level RIP Commands ....................................................................................................................96

IPv4 RIP Configuration Commands............................................................................................................96
cisco-metric-behavior ........................................................................................................................................................................... 97
default-information originate .......................................................................................................................................................... 97
default-metric ............................................................................................................................................................................................ 97
distance .......................................................................................................................................................................................................... 98
distribute-list ............................................................................................................................................................................................... 98
maximum-prefix .....................................................................................................................................................................................100
neighbor ......................................................................................................................................................................................................100
network ........................................................................................................................................................................................................101
offset-list ......................................................................................................................................................................................................102
passive-interface .....................................................................................................................................................................................102
recv-buffer-size ........................................................................................................................................................................................103
redistribute .................................................................................................................................................................................................104
route ...............................................................................................................................................................................................................106
timers .............................................................................................................................................................................................................106
version ..........................................................................................................................................................................................................107
IPv6 RIP Configuration Commands......................................................................................................... 107

aggregate-address ................................................................................................................................................................................108
cisco-metric-behavior .........................................................................................................................................................................108
default-information originate ........................................................................................................................................................108
default-metric ..........................................................................................................................................................................................108
distribute-list .............................................................................................................................................................................................109
neighbor ......................................................................................................................................................................................................111
offset-list ......................................................................................................................................................................................................111
recv-buffer-size ........................................................................................................................................................................................112
redistribute .................................................................................................................................................................................................112
route ...............................................................................................................................................................................................................114
route-map ..................................................................................................................................................................................................115
timers .............................................................................................................................................................................................................116
RIP Show Commands................................................................................................................................... 116

show ip rip database ...........................................................................................................................................................................117
show ipv6 rip database ......................................................................................................................................................................118
RIP Clear Commands.................................................................................................................................... 119

clear ip rip route .....................................................................................................................................................................................120
clear ipv6 rip route ................................................................................................................................................................................120
Config Commands: Router OSPF ................................................................................................. 121

Enabling OSPF ................................................................................................................................................ 121
Configuration Commands Applicable to OSPFv2 or OSPFv3........................................................ 122
abr-type .......................................................................................................................................................................................................122
area area-id default-cost ....................................................................................................................................................................123
area area-id range ..................................................................................................................................................................................123
area area-id stub .....................................................................................................................................................................................124

Contents
area area-id virtual-link .......................................................................................................................................................................124
auto-cost reference bandwidth ....................................................................................................................................................125
bfd ...................................................................................................................................................................................................................125
clear ................................................................................................................................................................................................................126
default-metric ..........................................................................................................................................................................................127
distribute-internal ..................................................................................................................................................................................127
ha-standby-extra-cost .........................................................................................................................................................................129
log-adjacency-changes ......................................................................................................................................................................129
max-concurrent-dd ..............................................................................................................................................................................130
redistribute .................................................................................................................................................................................................131
router-id .......................................................................................................................................................................................................134
timers spf exp ...........................................................................................................................................................................................135
Configuration Commands Applicable to OSPFv2 Only ................................................................... 135

area area-id authentication .............................................................................................................................................................136
area area-id filter-list .............................................................................................................................................................................136
area area-id multi-area-adjacency ...............................................................................................................................................136
area area-id nssa .....................................................................................................................................................................................137
area area-id shortcut ............................................................................................................................................................................138
compatible rfc1583 ..............................................................................................................................................................................138
distance ........................................................................................................................................................................................................139
distribute-list .............................................................................................................................................................................................140
host ipaddr area ......................................................................................................................................................................................141
maximum-area ........................................................................................................................................................................................141
neighbor ......................................................................................................................................................................................................143
network ........................................................................................................................................................................................................143
ospf abr-type ............................................................................................................................................................................................144
ospf router-id ............................................................................................................................................................................................144
overflow database .................................................................................................................................................................................145
summary-address ..................................................................................................................................................................................146
Configuration Commands Applicable to OSPFv3 Only ................................................................... 146

OSPF Show Commands............................................................................................................................... 146
show {ip | ipv6} ospf .............................................................................................................................................................................146
show ip ospf border-routers ...........................................................................................................................................................148
show ip ospf database ........................................................................................................................................................................148
show ipv6 ospf database ..................................................................................................................................................................150
show {ip | ipv6} ospf interface ........................................................................................................................................................151
show {ip | ipv6} ospf neighbor .......................................................................................................................................................152
show ip ospf redistributed ...............................................................................................................................................................153
show {ip | ipv6} ospf route ................................................................................................................................................................155
show ipv6 ospf topology ..................................................................................................................................................................156
show {ip | ipv6} ospf virtual-links ..................................................................................................................................................156
Config Commands: Router IS-IS ................................................................................................... 159

IS-IS Configuration Commands ................................................................................................................ 159
address-family ..........................................................................................................................................................................................160

Contents
adjacency-check .....................................................................................................................................................................................161
area-password .........................................................................................................................................................................................161
authentication .........................................................................................................................................................................................162
bfd ...................................................................................................................................................................................................................163
distance ........................................................................................................................................................................................................163
domain-password .................................................................................................................................................................................164
ha-standby-extra-cost .........................................................................................................................................................................164
ignore-lsp-errors .....................................................................................................................................................................................165
is-type ............................................................................................................................................................................................................165
lsp-gen-interval .......................................................................................................................................................................................166
lsp-refresh-interval ................................................................................................................................................................................166
max-lsp-lifetime ......................................................................................................................................................................................166
metric-style ................................................................................................................................................................................................167
net ...................................................................................................................................................................................................................168
protocol-topology .................................................................................................................................................................................169
redistribute .................................................................................................................................................................................................170
set-overload-bit ......................................................................................................................................................................................172
spf-interval-exp .......................................................................................................................................................................................173
summary-address ..................................................................................................................................................................................174
IS-IS Show Commands................................................................................................................................. 174

show ip isis [tag] route .......................................................................................................................................................................175
show ipv6 isis [tag] route ..................................................................................................................................................................175
show ipv6 isis [tag] topology .........................................................................................................................................................176
show isis counter ...................................................................................................................................................................................176
show isis [tag] database .....................................................................................................................................................................177
show isis interface .................................................................................................................................................................................178
show isis [tag] topology ....................................................................................................................................................................180
Config Commands: Router BGP .................................................................................................... 181

Enabling BGP................................................................................................................................................... 182
BGP Configuration Commands ................................................................................................................ 183
Commands at the Global Configuration Level .................................................................................................................183
bgp disable-advertisement .............................................................................................................................................................183
bgp extended-asn-cap .......................................................................................................................................................................183
bgp nexthop-trigger ............................................................................................................................................................................184
Commands at the BGP Router Configuration Level ......................................................................................................184

address-family ..........................................................................................................................................................................................186
aggregate-address ................................................................................................................................................................................188
auto-summary .........................................................................................................................................................................................188
bgp always-compare-med ..............................................................................................................................................................188
bgp bestpath ............................................................................................................................................................................................189
bgp dampening .....................................................................................................................................................................................189
bgp default ................................................................................................................................................................................................190
bgp deterministic-med ......................................................................................................................................................................190
bgp enforce-first-as ..............................................................................................................................................................................190
bgp fast-external-failover ..................................................................................................................................................................191

Contents
bgp log-neighbor-changes .............................................................................................................................................................191
bgp nexthop-trigger-count ............................................................................................................................................................191
bgp router-id ............................................................................................................................................................................................191
bgp scan-time ..........................................................................................................................................................................................192
distance ........................................................................................................................................................................................................192
maximum-paths .....................................................................................................................................................................................193
neighbor neighbor-id activate ......................................................................................................................................................194
neighbor neighbor-id advertisement-interval ....................................................................................................................194
neighbor neighbor-id allowas-in .................................................................................................................................................195
neighbor neighbor-id as-origination-interval ......................................................................................................................195
neighbor neighbor-id capability ..................................................................................................................................................196
neighbor neighbor-id collide-established .............................................................................................................................196
neighbor neighbor-id default-originate ..................................................................................................................................197
neighbor neighbor-id description ..............................................................................................................................................197
neighbor neighbor-id disallow-infinite-holdtime .............................................................................................................198
neighbor neighbor-id distribute-list ..........................................................................................................................................198
neighbor neighbor-id dont-capability-negotiate .............................................................................................................199
neighbor neighbor-id ebgp-multihop .....................................................................................................................................199
neighbor neighbor-id enforce-multihop ................................................................................................................................199
neighbor neighbor-id fall-over ......................................................................................................................................................200
neighbor neighbor-id filter-list ......................................................................................................................................................200
neighbor neighbor-id maximum-prefix ..................................................................................................................................200
neighbor neighbor-id next-hop-self .........................................................................................................................................201
neighbor neighbor-id override-capability .............................................................................................................................202
neighbor neighbor-id passive .......................................................................................................................................................202
neighbor neighbor-id password ..................................................................................................................................................203
neighbor neighbor-id peer-group ..............................................................................................................................................204
neighbor neighbor-id prefix-list ...................................................................................................................................................204
neighbor neighbor-id remote-as .................................................................................................................................................205
neighbor neighbor-id remove-private-as ..............................................................................................................................205
neighbor neighbor-id route-map ...............................................................................................................................................206
neighbor neighbor-id send-community ................................................................................................................................206
neighbor neighbor-id shutdown ................................................................................................................................................207
neighbor neighbor-id soft-reconfiguration ..........................................................................................................................207
neighbor neighbor-id strict-capability-match .....................................................................................................................208
neighbor neighbor-id timers ..........................................................................................................................................................208
neighbor neighbor-id unsuppress-map .................................................................................................................................209
neighbor neighbor-id update-source ......................................................................................................................................209
neighbor neighbor-id weight ........................................................................................................................................................210
network ........................................................................................................................................................................................................210
redistribute .................................................................................................................................................................................................211
synchronization ......................................................................................................................................................................................213
timers .............................................................................................................................................................................................................213
BGP Show Commands................................................................................................................................. 213

show ip bgp ipv4addr .........................................................................................................................................................................215
show bgp ipv6addr ..............................................................................................................................................................................215
show [ip] bgp ipv4 {multicast | unicast} ...................................................................................................................................216
show bgp ipv4 neighbors ................................................................................................................................................................218
show bgp ipv4 prefix-list ...................................................................................................................................................................218

Contents
show bgp ipv4 quote-regexp ........................................................................................................................................................218
show bgp ipv4 summary ..................................................................................................................................................................219
show bgp ipv6 .........................................................................................................................................................................................219
show bgp nexthop-tracking ...........................................................................................................................................................220
show bgp nexthop-tree-details ....................................................................................................................................................221
show ip bgp attribute-info ..............................................................................................................................................................221
show ip bgp cidr-only .........................................................................................................................................................................221
show [ip] bgp community ...............................................................................................................................................................221
show ip bgp community-info ........................................................................................................................................................222
show [ip] bgp community-list .......................................................................................................................................................222
show [ip] bgp dampening ...............................................................................................................................................................222
show [ip] bgp filter-list ........................................................................................................................................................................222
show [ip] bgp inconsistent-as .......................................................................................................................................................223
show [ip] bgp neighbors ..................................................................................................................................................................223
show bgp nexthop-tracking ...........................................................................................................................................................224
show bgp nexthop-tree-details ....................................................................................................................................................224
show [ip] bgp paths .............................................................................................................................................................................224
show [ip] bgp prefix-list .....................................................................................................................................................................225
show [ip] bgp quote-regexp ..........................................................................................................................................................225
show [ip] bgp regexp ..........................................................................................................................................................................225
show [ip] bgp route-map .................................................................................................................................................................225
show ip bgp scan ..................................................................................................................................................................................225
show [ip] bgp summary ....................................................................................................................................................................226
show ip bgp view ..................................................................................................................................................................................226
BGP Clear Commands.................................................................................................................................. 226

clear [ip] bgp {* | AS-num} ................................................................................................................................................................227
clear [ip] bgp ipv4addr .......................................................................................................................................................................227
clear [ip] bgp ipv6addr .......................................................................................................................................................................228
clear [ip] bgp external .........................................................................................................................................................................228
clear [ip] bgp ipv4 ..................................................................................................................................................................................229
clear [ip] bgp ipv6 ..................................................................................................................................................................................229
clear [ip] bgp peer-group .................................................................................................................................................................231
clear [ip] bgp view .................................................................................................................................................................................231

Contents
Part I
Layer 2 Networking
This section contains the following:

Link Trunking on page 3
Link Layer Discovery Protocol on page 19
Virtual LAN Support on page 23
Link Trunking
This chapter describes how to configure trunk links on the ACOS device.
The following topics are covered:
Overview
Trunk Parameters
Static Trunk Configuration
Dynamic Trunk Configuration
LACP Passthrough
Overview
The ACOS device supports aggregation of multiple Ethernet data ports into logical links, called trunks. Trunks can enhance
performance by providing higher throughput and greater link reliability.
Higher throughput is provided by the aggregate throughput of the individual links in the trunk. Greater link reliability is provided by the multiple links in the trunk. If an individual port in the trunk goes down, the trunk link continues to operate using
the remaining up ports in the trunk.
You can configure the following types of trunks:
Static trunks You can configure up to 16 static trunks. Each trunk can contain 2-8 Ethernet data ports. On the A10
Thunder Series 6430(S) device, up to 16 port members can be configured per static or dynamic trunk.
Dynamic trunks You can enable Link Aggregation Control Protocol (LACP) on Ethernet data interfaces, to make
those interfaces candidate members of dynamically configured trunks. You can configure up to 16 dynamic trunks
with a maximum of 8 Ethernet data member ports per trunk.
Link Aggregation Control Protocol (LACP) dynamically creates trunk links. The ACOS implementation of LACP is based
on the 802.3ad IEEE specification. You can configure a maximum of 16 LACP trunks on an ACOS device. An interface can
belong to a single LACP trunk.
Interface parameters for a trunk apply collectively to the entire trunk, as a single interface. For example, IP addresses and
other IP parameters apply to the entire trunk as a single interface.

Trunk Parameters
Trunk Parameters
This section describes the parameter that can be configured for a trunk:
Interface-Level Parameters for Trunks
Port-Threshold Parameters
LACP Parameters
Unidirectional Link Detection
Interface-Level Parameters for Trunks

After you add a trunk to the configuration, you can configure the trunk as an Ethernet data interface. The following interfacelevel parameters can be configured on trunk interfaces.
Trunk Interface Name You can assign a name to the trunk, in addition to the numeric ID you specify when you create the trunk. The name can be 1-63 characters in length, can contain numbers, upper case and lower case characters, and must not include the following symbols: ~!@#$%^&*()_+|}{:<>?
IPv4 and IPv6 parameters You can assign one or more IPv4 and IPv6 addresses, and configure other IP-related
parameters such as IP helper or IPv6 neighbor discovery.
Dynamic routing You can configure interface-level OSPF and IS-IS parameters.
Access list (ACL) You can filter incoming traffic based on source and destination IPv4 or IPv6 address and protocol
port, as well as additional parameters such as ICMP type and code or VLAN ID.
ICMP rate limiting You can enable protection against distributed denial-of-service (DDoS) attacks such as Smurf
attacks, which consist of floods of spoofed broadcast ping messages.
Layer 3 forwarding Layer 3 forwarding is enabled by default. You can disable it.
If you want to allow Layer 3 forwarding except between VLANs, a separate option allows you to disable Layer 3 forwarding between VLANs.
Port threshold Minimum number of individual member ports that must be Up in order for the trunk to be Up. (See
Port-Threshold Parameters on page 5.)
NOTE:
The disable and enable commands at the interface configuration level for the trunk
control Layer 3 forwarding on the trunk but do not completely disable the trunk. To control all forwarding on the trunk, use the disable or enable command at the trunk
configuration level instead.
For more information about these commands, see the Config Commands: Interface chapter of the Command Line Interface
Reference.

Trunk Parameters
Port-Threshold Parameters
By default, a trunks status remains UP so long as at least one of its member ports is up. You can change the ports threshold
of a trunk to 2-8 ports.
If the number of up ports falls below the configured threshold, the ACOS device automatically disables the trunks member
ports. The ports are disabled in the running-config. The ACOS device also generates a log message and an SNMP trap, if
these services are enabled.
NOTE:
After the feature has disabled the members of the trunk group, the ports are not automatically re-enabled. The ports must be re-enabled manually after the issue that caused
the ports to go down has been resolved.
In some situations, a timer is used to delay the ports-threshold action. The configured port threshold is not enforced until the
timer expires. The ports-threshold timer for a trunk is used in the following situations:
When a member of the trunk links up.
A port is added to or removed from the trunk.
The port threshold for the trunk is configured during runtime. (If the threshold is set in the startup-config, the timer is
not used.)
LACP Parameters
By default, a trunks status remains Up so long as at least one of its member ports is up. You can change the ports threshold
of a trunk to 2-8 ports.
Since a trunk comprises of several member links, if the number of operational members of a trunk goes below the configured threshold value, the remaining member links are automatically marked as blocked and the trunk is considered non-operational. When the down link is functional again, the remaining links that were marked blocked are also operational
again, making the trunk available for use.
NOTE:
If you administratively disable the LACP feature from members of the trunk group, the
links are not automatically re-enabled. The links must be re-enabled manually after the
issue that caused the links to go down has been resolved.
The following LACP parameters are configurable.
Global LACP Parameter

LACP system priority Specifies the LACP priority of the ACOS device. In cases where LACP settings on the local
device (the ACOS device) and the remote device at the other end of the link differ, the settings on the device with the
higher priority are used.
You can specify 1-65535. A low priority number indicates a high priority value. The highest priority is 1 and the lowest
priority is 65535. The default is 32768.

Trunk Parameters
Interface-Level LACP Parameters

In addition to the interface-level parameters you can configure on static trunk interfaces, LACP trunk interfaces have the following parameters:
LACP trunk ID ID of a dynamic trunk. Adding an interface to an LACP trunk makes that interface a candidate for
membership in the trunk. During negotiation with the other side of the link, LACP selects the interfaces to actively
participate in the link. When you add an interface, you must specify whether LACP will run in active or passive mode
on the interface. Active mode initiates link formation with the other end of the link. Passive mode waits for the other
end of the link to initiate link formation. The admin key must match on all interfaces in the trunk. The value can be 14096.
LACP port priority Priority of the interface for selection as an active member of a link. If the LACP trunk has more
candidate members than are allowed by the device at the other end of the link, LACP selects the interfaces with the
highest port priority values as the active interfaces. The other interfaces are standbys, and are used only if an active
interface goes down. You can specify 1-65535. A low priority number indicates a high priority value. The highest priority is 1 and the lowest priority is 65535. The default is 32768.
LACP timeout Aging timeout for LACP data units from the other end of the LACP link. You can specify short (3 seconds) or long (90 seconds). The default is long.
Mode Indicate whether you want LACP to operate in Active or Passive Mode. The Active mode initiates link formation with the other end of the link. In this case, the ACOS device will send the LACP frame to its link partner. Passive
mode waits for the other end of the link to initiate link formation. In this case, the ACOS device will only send an LACP
frame if it receives an LACP frame from the link partner.
Admin Key The admin key must match on all interfaces in the trunk. The value can be 10000-65535.
Unidirectional Link Detection (UDLD) UDLD checks the links in LACP trunks to ensure that both the send and
receive sides of each link are operational. UDLD can only be configured on the single port LACP trunk. UDLD is not
supported on multilink LACP trunks. (For more information, see Unidirectional Link Detection on page 6.)
Unidirectional Link Detection

When UDLD is enabled, the UDLD uses LACP protocol packets as heartbeat messages. If an LACP link on the ACOS device
does not receive an LACP protocol packet within a specified timeout, LACP blocks traffic on the port. This corrects the problem by forcing the devices connected by the non-operational link to use other, fully operational links.
A link that is blocked by LACP can still receive LACP protocol packets but blocks all other traffic.
UDLD is disabled by default on LACP trunk links. You can enable UDLD on individual LACP trunk interfaces.
Heartbeat Timeout
The local port waits for a configurable timeout to receive an LACP protocol packet from the remote port. If an LACP protocol
packet does not arrive before the timeout expires, LACP disables the local port. You can set the timeout to 1-60 seconds
(slow timeout) or 100-1000 milliseconds (fast timeout). The default is 1 second.
If the remote port begins sending LACP protocol packets again, LACP on the local port re-enables the port.

Requirements
To operate properly, UDLD must be supported and enabled on both devices that are using LACP trunk links.
It is recommended to use auto-negotiation on each end of the link to establish the mode (half duplex or full duplex). Autonegotiation helps ensure link bidirectionality at Layer 1, while UDLD helps at Layer 2.

This section provides steps for configuring a static trunk:
Use the GUI to Configure a Static Trunk
Use the CLI to Configure a Static Trunk
An overview of the procedure for creating a trunk:
1. Add individual Ethernet data ports to the trunk.
2. Configure the trunk as a single interface.
Use the GUI to Configure a Static Trunk

To configure a static trunk on an Ethernet interface:
1. Configure the Trunk
2. Configuring the Minimum Port Threshold
Configure the Trunk

1. Hover over Network in the navigation bar, and select Interface.
2. Check the menu bar to be sure youre on the LAN page.
3. Click Edit in the Actions column for an Ethernet interface.
4. Find the Trunk Group section and click the plus sign (+) icon to expand it.
a. Indicate a Trunk Number from 1-4096.
b. Select Static in the Trunk Type field.
5. Repeat as needed to configure trunk on additional Ethernet interfaces.

6. Click Update button.
Configuring the Minimum Port Threshold

To configure the trunks port threshold and port threshold timer:
1. Click Trunk on the menu bar.
2. Click Edit in the Actions column for the trunk interface.
3. In the General fields section, do the following:
a. In the Port Threshold field, specify a value of 2-8.
b. In the Port Threshold Timer field, indicate a timer value from 1-300 seconds.
4. Click Update Trunk.
Use the CLI to Configure a Static Trunk

To configure a static trunk, use the commands in this section.
1. Change the CLI to the configuration level for the interface.
ACOS(config)# interface ethernet 1
ACOS(config-if:ethernet:1)#
2. Assign the interface to the trunk, using the following command:

ACOS(config-if:ethernet:1)# trunk-group 7
AOCS(config-if:ethernet:1-trunk-group:7)#
You must repeat this series of commands for each interface you want to add to a trunk.
The following commands configure trunk 7 with ports 1and 2, and verify the configuration:
ACOS(config-if:ethernet:1-trunk-group:7)# exit
ACOS(config-if:ethernet:1)# exit

ACOS(config-if:ethernet:2-trunk-group:7)# show trunk
Trunk ID
: 7
Member Count: 2
Trunk Name
: None
Trunk Status
: Up
Trunk Type
: Static
Members
: 1
Cfg Status
: Enb Enb
Oper Status
: Up
Ports-Threshold
: None
Working Lead
: 2
2
Up
ACOS(config)#
Configuring Interface-Level Trunk Parameters

The following commands access the interface configuration level for the trunk and assign a name, an IPv6 address along
with port threshold parameters to the trunk interface:
ACOS(config)# interface trunk 7
ACOS(config-if:trunk:7)# name exampletrunk7
ACOS(config-if:trunk:7)# ipv6 address 2001:db8::7/32
ACOS(config-if:trunk:7)# ports-threshold 2
ACOS(config-if:trunk:7)# ports-threshold-timer 100

This section provides steps for configuring a dynamic trunk:
Use the GUI to Configure an LACP Trunk
Use the CLI to Configure an LACP Trunk
Use the GUI to Configure an LACP Trunk

To configure an LACP trunk:
1. Navigate to Network >> Interfaces >> LAN.
2. Click Edit in the Actions column for the Ethernet.
3. Scroll down and click Trunk Group to reveal trunk configuration options.
4. Enter the Trunk ID.

5. To configure the LACP trunk without uni-directional detection:
a. Specify LACP as the type for the Trunk Type.
6. Click the checkbox for Uni-directional Detection:
a. Specify LACP-UDLD for the Trunk Type.
b. Choose Slow or Fast for UDLD Timeout. If you select Slow, specify a UDLD timeout of 1-60 seconds. If you select Fast,
specify a UDLD timeout of 100-1000ms.
7. Specify Active or Passive mode in the Mode field.
8. Specify an Admin Key.
9. Choose a Timeout value of Long or Short.
10. Specify the LACP priority in the Port Priority field.
11. Click Update.
Configuring the LACP System Priority

To configure the LACP system priority, follow these steps:
1. Hover over Network in the navigation bar, and select LACP.
2. You can specify an LACP system priority of 1-65535. The default priority setting is 2.
3. Click OK.
Configuring the Minimum Port Threshold

To configure the port threshold parameters for LACP trunks, do the following:
NOTE:
These steps assume that you have already created an LACP dynamic trunk. See Use the
GUI to Configure an LACP Trunk.
1. Navigate to Network >> Interfaces >> Trunk.

2. Click Edit in the Actions column for an existing LACP Trunk 1. The Create Trunk window appears.
3. In the Ports Threshold section, enter a value from 2-8.
4. In the Port Threshold Timer field, indicate a timer value from 1-300 seconds.
5. Click Update Trunk.
Verifying Port Threshold Configuration in the GUI

To verify your LACP configuration of the Port Threshold and the Port Threshold Timer, do the following:
1. Navigate to Network >> Interfaces >> Trunk.

2. The configured trunks table appears.
3. The Ports Threshold field displays the configured ports threshold.
4. The Timer field displays the configured port threshold timer.
Use the CLI to Configure an LACP Trunk

To configure a dynamic, use the commands in this section.
Configuring Each Interface

1. Change the CLI to the configuration level for the interface.
2. Assign the interface to the LACP trunk, using the following command:
ACOS(config-if:ethernet:1)# trunk-group 4 lacp
ACOS(config-if:ethernet:1-trunk-group:4)#
3. (Optional) Specify the LACP priority of the interface, using the following command:
ACOS(config-if:ethernet:1-trunk-group:4)# port-priority 100
You can specify 1-65535. The default is 32768.

4. (Optional) Specify the aging timeout for LACP data units from the other end of the LACP link, using the following command:
ACOS(config-if:ethernet:1-trunk-group:4)# timeout short
You can specify short (3 seconds) or long (90 seconds). The default is long.
5. (Optional) Specify the UDLD aging timeout, using the following command:
ACOS(config-if:ethernet:1-trunk-group:4)# udld timeout slow 1
You can specify fast (100-1000 milliseconds) or slow (1-60 seconds). The default is slow 1.

6. (Optional) Configure ports-threshold settings. Specify the minimum number of ports that must remain up, using the
ports-threshold command at the LACP trunk configuration level of the CLI:
ACOS(config-if:trunk:4)# ports-threshold 2 timer 100 do-auto-recovery
ACOS(config-if:trunk:4)# exit
ACOS(config)#
You can specify 2-8 ports.

You can set the ports-threshold timer to 1-300 seconds. The default is 10 seconds. The do-auto-recovery option in this
command enables automatic recovery of the trunk when the required number of ports come back up. If you omit this
option, the trunk remains disabled until you re-enable it.
Configuring LACP System Priority

1. (Optional) Set the LACP system priority, using the following command at the global configuration level of the CLI:
ACOS(config)# lacp system-priority 32768
You can specify 1-65535. The default is 32768.
Configuring Interface-Level Parameters on an LACP Trunk

To configure interface-level parameters for the trunk, use the following command to access the interface configuration level
for the trunk.
1. Change the CLI to the configuration level for the trunk interface.
ACOS(config-if:trunk:4)#
2. For a list of the commands applicable at this level. (For information, see the CLI Reference.)
vThunder(config-if:trunk:4)# ?
access-list
Apply ACL rules to incoming packets on this interface
bfd
Configure BFD (Bidirectional Forwarding Detection)
clear
Clear or Reset Functions
do
To run exec commands in config mode
end
Exit from configure mode
exit
Exit from configure mode or sub mode
icmp-rate-limit
Limit ICMP traffic to this interface
icmpv6-rate-limit
Limit ICMPv6 traffic to this interface
ip
Global IP configuration subcommands
ipv6
Global IPv6 configuration subcommands
isis
ISIS
l3-vlan-fwd-disable Disable L3 forwarding between VLANs
lw-4o6
Configure LW-4over6 interface
mtu
Interface mtu
name
Name for the interface
no
Negate a command or set its defaults
ports-threshold
Threshold for the minimum number of ports that need to
be UP for the trunk to remain UP

LACP Passthrough
show
Show Running System Information
snmp-server
SNMP trap source
write
Write Configuration
enable
Enable
disable
Disable
vThunder(config-if:trunk:4)#
NOTE:
The commands listed at this level depend on the device model and the ACOS software
release.
For more information about these commands, see the Config Commands: Interface chapter of the Command Line Interface
Reference.
LACP Passthrough
LACP passthrough allows the ACOS device to forward traffic on one trunk that originated on another trunk that is down. With
this feature, if an LACP trunk goes down, the other trunk is used to continue connectivity for the traffic.
This feature can be useful in topologies that use LACP and where multiple ACOS devices connect to the server farm. In this
type of topology, if the ACOS device acts as a proxy for client-server traffic, LACP passthrough can help prevent sessions from
being dropped following failover from one LACP trunk to another.
FIGURE 1
LACP Passthrough - Example Topology
LACP passthrough creates a tunnel from one LACP trunk to another through the ACOS device. One end of the tunnel is connected to clients and the other end of the tunnel is connected to the servers.
In this example, two ACOS devices are connected through redundant device pairs to clients and servers. Two VLANs are
used, 210 and 220. Each ACOS device has trunk interfaces in both VLANs:

LACP Passthrough
VLAN 210 contains the following trunks:
Trunk 1 (Ethernet ports 6 and 10) connected to clients
Trunk 3 (Ethernet ports 5 and 9) connected to servers
Similarly, VLAN 220 contains the following trunks:
Trunk 2 (Ethernet ports 8 and 12) connected to clients
Trunk 4 (Ethernet ports 7 and 11) connected to servers
On each ACOS device, the following LACP tunnels are configured:
Ethernet ports 5 and 6
Link monitoring is configured to automatically disable all interfaces on a trunk if any of its ports goes down.
Without LACP passthrough, if trunk 1 goes down, existing client connections on that trunk stop working. This occurs even if
the client traffic begins to arrive on trunk 2. With LACP configured as described above, the ACOS device continues service for
the client-server sessions without interruption.
Notes
The current release supports LACP passthrough only on untagged VLAN ports. Tagged ports are not supported in this
release.
Each LACP passthrough tunnel can contain two Ethernet data ports. These ports must be in the same VLAN and use
the same Virtual Ethernet (VE) interface. On of the ports must be connected to the clients. The other port must be
connected to the servers.
This feature requires use of the link monitoring and automatic disable feature to bring all of a trunks ports down if any
of its ports goes down. (See Link Monitoring in the System Configuration and Administration Guide.)
Similarly, the nexthop devices that connect the ACOS device to the clients and servers must be configured to bring a
trunk down when any of its member ports goes down.
Configuration
This example configures LACP passthrough for the physical interfaces in VLAN 210 in Figure 1.
The following commands configure LACP parameters on the ports:
ACOS(config-if:ethernet:6-trunk-group:1)# admin-key 10001
ACOS(config-if:ethernet:6-trunk-group:1)# mode active

LACP Passthrough
ACOS(config-if:ethernet:6-trunk-group:1)# timeout long
ACOS(config-if:ethernet:10-trunk-group:1)# admin-key 10001
ACOS(config-if:ethernet:5)# trunk-group 3lacp
ACOS(config-if:ethernet:5-trunk-group:3)# timeout short
ACOS(config-if:ethernet:9)# trunk-group 3lacp
ACOS(config)#
The following commands configure LACP passthrough between interfaces 6 and 5, and between interfaces 10 and 9:
ACOS(config)# lacp-passthrough ethernet 6 ethernet 5
ACOS(config)# lacp-passthrough ethernet 10 ethernet 9

LACP Passthrough
Displaying LACP Information

To view LACP information, use the various show lacp commands. For more information, refer to the Command Line Interface Reference.
The following command shows the LACP system ID:
ACOS# show lacp sys-id
System 0064,00-1f-a0-01-d4-f0
The following command shows LACP statistics:

ACOS# show lacp counter
Traffic statistics
Port
LACPDUs
Sent
Recv
Marker
Sent
Pckt err
Recv
Sent
Recv
Aggregator po5 1000000

ethernet 1
81
81
ethernet 2
81
81

ethernet 6
233767
233765
In this example, LACP has dynamically created two trunks, 5 and 10. Trunk 5 contains ports 1 and 2. Trunk 10 contains port 6.
The following command shows details about the LACP admin keys:
ACOS# show lacp trunk admin-key-list-details
% Admin Key: 1
bandwidth: 0
mtu: 1500
duplex mode: 0
hardware type: 2
type: 0
additional parameter: 10001
ref count: 2
% Admin Key: 2
bandwidth: 1
mtu: 1500
duplex mode: 0
hardware type: 2
type: 0
ref count: 451
% Admin Key: 3
bandwidth: 1

LACP Passthrough
mtu: 16436
duplex mode: 0
hardware type: 1
type: 0
ref count: 14
% Admin Key: 4
bandwidth: 1
mtu: 1500
duplex mode: 0
hardware type: 2
type: 0
ref count: 6
The following command shows summary trunk information:

ACOS# show lacp trunk summary
Admin Key: 0005 - Oper Key 0005
Link: ethernet 1 (3) sync: 1
The following command shows information for trunk 5:

ACOS# show lacp trunk 5
Aggregator po5 1000000 Admin Key: 0005 - Oper Key 0005 Partner LAG: 0x0064,00-1f-a0-01-dc60 Partner Oper Key 0005
The following command shows detailed information for all LACP trunks:
ACOS# show lacp trunk detail
Mac address: 00:1f:a0:02:1e:48
Receive link count: 1 - Transmit link count: 0
Individual: 0 - Ready: 1
Partner LAG- 0x0064,00-1f-a0-01-dc-60

LACP Passthrough
Mac address: 00:1f:a0:02:1e:4d
Receive link count: 1 - Transmit link count: 0
Individual: 0 - Ready: 1
Partner LAG- 0x8000,00-1f-a0-10-19-66
The following command shows LACP information for Ethernet data port 1:
ACOS# show lacp trunk port ethernet 1
LACP link info: ethernet 1 - 3
LAG ID: 0x8000,00-1f-a0-02-1e-48
Partner oper LAG ID: 0x8000,00-1f-a0-01-dc-60
Actor priority: 0x8000 (32768)
Admin key: 0x0005 (5) Oper key: 0x0005 (5)
Physical admin key:(1)
Receive machine state : Current
Periodic Transmission machine state : Slow periodic
Mux machine state : Collecting/Distributing
Oper state: ACT:1 TIM:0 AGG:1 SYN:1 COL:1 DIS:1 DEF:0 EXP:0
Partner oper state: ACT:1 TIM:0 AGG:1 SYN:1 COL:1 DIS:1 DEF:0 EXP:0
Partner link info: admin port 0
Partner oper port: 3
Partner admin LAG ID: 0x0000-00:00:00:00:0000
Admin state: ACT:1 TIM:0 AGG:1 SYN:0 COL:0 DIS:0 DEF:1 EXP:0
Partner admin state: ACT:0 TIM:0 AGG:1 SYN:0 COL:0 DIS:0 DEF:1 EXP:0
Partner system priority - admin:0x8000 - oper:0x0064
Aggregator ID: 1000000
Clearing LACP Statistics

To clear LACP statistics counters, use the clear lacp command. For more information, refer to the Command Line Interface
Reference.
Link Layer Discovery Protocol
The Link Layer Discovery Protocol (LLDP) enables network devices to advertise their identity, capabilities, and neighbors on
the network. This feature is based on the IEEE 802.1AB standard and the standard MIB called LLDP-V2-MIB.
For more information, refer to the following URLs:
http://www.mibdepot.com/cgi-bin/getmib3.cgi?win=mib_a&i=1&n=IP-MIB&r=vmware&f=LLDP-V2MIB.mib&v=v2&t=def
http://www.ieee802.org/1/files/public/MIBs/LLDP-V2-MIB-200906080000Z.txt
This chapter contains the following topics:
Overview of LLDP
Configure LLDP
Overview of LLDP
LLDP allows ACOS devices to discover directly-connected LAN neighbors and allows these neighbors to discover the ACOS
devices. Configure LLDP only in the shared partition.
Use the LLDP protocol to assist in the following ways:
To discover remote networks.
To facilitate port association.
To help identify which port a switch or a host is connected to.
To help design and troubleshoot network topologies.
Since the LLDP protocol can transmit or receive information on system capabilities, but cannot request specific information
from an LLDP agent or acknowledge receipt of information, it is called a one-way protocol.
NOTE:
This feature does not support aXAPI.
The Link Layer Discovery Protocol Data Unit (LLDPDU) contains several elements of variable lengths that comprise the LLCP
frame. They carry information on the type, length, and value fields (TLVs), where type identifies the kind of information that is
transmitted, length contains the string of octets, and value is the actual content that is being transmitted. The mandatory
information that is transmitted identifies the TLV for the chassis ID, the port ID, the Time to Live, and the end of the LLDP data
packet. It can also contain zero or more optional TLVs. For the duration of an operational port, the chassis ID and the port ID
information will remain the same.

Configure LLDP
A Time to Live TLV or a non-zero TLV informs the receiving LLDP agent to discard the LLDP data packet after the indicated
time expires. A zero TLV directs the receiving LLDP agent to discard the LLDP packet immediately. As the name suggests, the
End of LLDP data packet indicates that completion of the LLDP packet.
Configure LLDP
This section describes how to configure LLDP:
Use the GUI to Configure LLDP
Use the CLI to Configure LLDP
Use the GUI to Configure LLDP

To configure this feature using the GUI:
1. To enable the LLDP feature globally:
a. Navigate to Network >> Interfaces >> LLDP.
b. Select the Enable checkbox in the Enable field.
c. Optionally, enable RX using the Rx field.
d. Optionally, enable TX using the Tx field.
2. To enable LLDP on the interface:
a. Navigate to Network >> Interfaces >> LAN.
b. Click Edit in the Actions column for the interface.
c. Click LLDP to expand additional configuration options.
d. Select the Rt Enable field.
e. Optionally, select the Rx field.
f.
Optionally, select the Tx field.

Configure LLDP
Use the CLI to Configure LLDP

To enable the LLDP feature via the CLI, enable the feature from the global level:
ACOS(config)# lldp enable rx tx
The example below shows how to enable LLDB on an interface (Ethernet 2):
ACOS(config-if:ethernet:2)# lldp enable rx tx
The following example shows your LLDP configuration:

ACOS(config)# show run | inc lldp
lldp enable rx tx
lldp notification interval 20
lldp tx interval 10
lldp tx fast-count 2
lldp tx fast-interval 2
The following example shows your LLDP interface configuration:

ACOS(config)# show run int eth 1
interface ethernet 1
ip address 7.1.1.169 255.255.255.0
lldp enable rx tx
lldp notification enable

Configure LLDP
Virtual LAN Support
This chapter describes support for VLAN and for VLAN-to-VLAN bridging.
VLAN Overview
VLAN-to-VLAN Bridging
VLAN Overview
A VLAN is a Layer 2 broadcast domain. MAC-layer broadcast traffic can be flooded within the VLAN but does not cross to
other VLANs. For traffic to go from one VLAN to another, it must be routed.
You can segment the ACOS device into multiple VLANs. Each Ethernet data port can be a member of one or more VLANs,
depending on whether the port is tagged or untagged:
Tagged Tagged ports can be members of multiple VLANs. The port can recognize the VLAN to which a packet
belongs based on the VLAN tag included in the packet.
Untagged Untagged ports can belong to only a single VLAN. By default, all Ethernet data ports are untagged members of VLAN 1.
NOTE:
A tagged port is a physical port to which a tagged VLAN is bound, while an untagged
port is a physical port to which an untagged VLAN is bound. See the Example of Tagged
and Untagged Ports section for how these ports are configured.
Default VLAN (VLAN 1)

By default, all the ACOS devices Ethernet data ports are members of a single virtual LAN (VLAN), VLAN 1.
On a new or unconfigured ACOS device, as soon as you configure an IP address on any individual Ethernet data port or trunk
interface, Layer 2 forwarding on VLAN 1 is disabled.
When Layer 2 forwarding on VLAN 1 is disabled, broadcast, multicast, and unknown unicast packets are dropped instead of
being forwarded. Learning is also disabled on the VLAN. However, packets for the ACOS device itself (for example, LACP or
OSPF) are not dropped.
To re-enable Layer 2 forwarding on VLAN 1, use the following command at the global configuration level of the CLI:
ACOS(config)# vlan-global enable-def-vlan-l2-forwarding

VLAN Overview
NOTE:
Configuring an IP address on an individual Ethernet interface indicates you are deploying in routed mode (also called gateway mode). If you deploy in transparent mode
instead, in which the ACOS device has a single IP address for all data interfaces, Layer 2
forwarding is left enabled by default on VLAN 1.
Virtual Ethernet Interfaces

On ACOS devices deployed in routed mode (Layer 3 mode), you can configure IP addresses on VLANs. To configure an IP
address on a VLAN, add a Virtual Ethernet (VE) interface to the VLAN, then assign the IP address to the VE.
Each VLAN can have one VE. The VE ID must be the same as the VLAN ID. For example, VLAN 2 can have VE 2, VLAN 3 can
have VE 3, and so on.
Maximum Number of Supported Virtual Ethernet Interfaces

For all FTA models: 128 VEs on a single port*
For non-FTA models: 128 VEs on a single port
For L3V partitions (both FTA and non-FTA models): 32 VEs on a single port
Example of Tagged and Untagged Ports

In the following example, two physical Ethernet ports are enabled. The first Ethernet port (interface ethernet 1) will be
configured as a tagged port with two network interfaces, while the second Ethernet port (interface ethernet 7) will be
configured as an untagged port with one network interface.
1. Enable the physical Ethernet ports:
ACOS(config-if:ethernet:1)# enable
2. Configure VLAN 10. Bind Ethernet port 1 to a tagged VLAN 10. The 802.1Q tag is 10. Bind a network interface to the
tagged port:
*.
An exception is model AX 5200, which supports 384.

VLAN Overview
ACOS(config) #vlan 10
ACOS(config-vlan:10)# tagged ethernet 1
ACOS(config-vlan:10)# router-interface ve 10
ACOS(config-vlan:10)# exit
3. Configure VLAN 11. Bind Ethernet port 1 to a tagged VLAN 11. The 802.1Q tag is 11. Bind a network interface to the
tagged port:
ACOS(config)# vlan 11
4. Configure VLAN 5. Bind Ethernet port 7 to an untagged VLAN 5. Bind a network interface to the untagged port:
ACOS(config-vlan:5)# untagged ethernet 7
5. Show the VLAN configuration:

ACOS# show config vlan
...
vlan 5
untagged ethernet 7
router-interface ve 5
!
vlan 10
tagged ethernet 1
!
vlan 11
tagged ethernet 1
!
6. Show the VLANs:

ACOS# show vlan
Total VLANs: 4
VLAN 1, Name [DEFAULT VLAN]:
Untagged Ethernet Ports:
2
3
Tagged Ethernet Ports:
None
Untagged Logical Ports:
None

Tagged Logical Ports:
None
VLAN 5, Name [None]:

7
None
None
None
Router Interface:
ve 5
VLAN 10, Name [none]:

None
1
None
None
Router Interface:
VLAN 11, Name [none]:
Router Interface:
ve 10
None
1
None
None
ve 11
This section contains the following topics:
Overview of VLAN-to-VLAN Bridging
VLAN-to-VLAN Bridging Configuration Notes
VLAN-to-VLAN Bridging Configuration Examples
Overview of VLAN-to-VLAN Bridging

VLAN-to-VLAN bridging allows an ACOS device to selectively bridge traffic among multiple VLANs. The ACOS device selectively forwards packets from one VLAN to another based on the VLAN-to-VLAN bridging configuration on the ACOS device.
This feature allows the traffic flow between VLANs to be tightly controlled through the ACOS device without the need to
reconfigure the hosts in the separate VLANs.
VLAN-to-VLAN bridging is useful in cases where reconfiguring the hosts on the network either into the same VLAN, or into
different IP subnets, is not desired or is impractical.

You can configure a bridge VLAN group to forward one of the following types of traffic:
IP traffic only (the default) This option includes typical traffic between end hosts, such as ARP requests and
responses.
This option does not forward multicast packets.
All traffic This option forwards all types of traffic.
Figure 2 shows an example topology of VLAN-to-VLAN bridging:
FIGURE 2
VLAN-to-VLAN Bridging (with VRRP-A)
In this example, the ACOS devices are bridging traffic between VLAN 4 and VLAN 5.

VLAN-to-VLAN Bridging Configuration Notes

VLAN-to-VLAN bridging is supported on ACOS devices deployed in transparent mode (Layer 2) or in gateway mode (Layer 3).
Each VLAN to be bridged must be configured on the ACOS device. The normal rules for tagging apply:
If an interface belongs to only one VLAN, the interface can be untagged.
If the interface belongs to more than one VLAN, the interface must be tagged.
Each VLAN can belong to only a single bridge VLAN group.
Each bridge VLAN group can have a maximum of 8 member VLANs. Traffic from any VLAN in the group is bridged to all other
VLANs in the group. The total number of bridge VLAN groups on the system (including those in L3V partitions) cannot
exceed 255.
If the ACOS device is deployed in gateway mode, a Virtual Ethernet (VE) interface is required in the bridge VLAN group.
VLAN-to-VLAN Bridging Configuration Examples

To configure VLAN-to-VLAN bridging:
1. Configure each of the VLANs to be bridged. In each VLAN, add the ACOS devices interfaces to the VLAN.
2. Configure a bridge VLAN group. Add the VLANs to the group.
If the ACOS device is deployed in routed mode, add a Virtual Ethernet (VE) interface to the group.
Optionally, you can assign a name to the group. You also can change the types of traffic to be bridged between VLANs
in the group.
3. If the ACOS device is deployed in routed mode, configure an IP address on the VE to place the ACOS device in the same
subnet as the bridged VLANs.
CLI Example Transparent Mode

The commands in this section configure an ACOS device deployed in transparent mode to forward IP traffic between VLANs
2 and 3.
The following commands configure the VLANs:
The following commands configure the bridge VLAN group:

ACOS(config)# bridge-vlan-group 1
ACOS(config-bridge-vlan-group:1)# vlan 2 to 3
ACOS(config-bridge-vlan-group:1)# exit
CLI Example Routed Mode with VRRP-A

VLAN-to-VLAN bridging can also be configured with VRRP-A by specifying a VRID under the bridge VLAN configuration.
Using the topology defined in Figure 2:
Only the active device in the VRID will respond to ARP requests from devices in the bridged VLAN.
The active VRRP-A device forwards any traffic passing through the bridge VLAN (destined for 10.1.1.1), and processes
any traffic destined for the bridge VLAN VE IP address (10.1.1.2).
The standby VRRP-A device drops any traffic passing through the bridge VLAN (destined for 10.1.1.1), but will processes any traffic destined for the bridge VLAN VE IP address (10.1.1.2).
On a failover, the new active device will forward any traffic passing through the bridge VLAN (destined for 10.1.1.3).
The commands in this section configure the topology shown in Figure 2; two ACOS devices deployed in routed mode to forward IP traffic between VLANs 4 and 5 on IP subnet 10.10.1.x.
Configure VRRP-A, for Device 1:
ACOS1(config)# vrrp-a common
ACOS1(config-common)# device-id 1
ACOS1(config-common)# set-id 1
ACOS1(config-common)# enable
ACOS1(config-common)# exit
ACOS1(config)# vrrp-a l3-inline-mode
ACOS1(config)# vrrp-a restart-port-list
ACOS1(config-restart-port-list)# ethernet 7 to 8
ACOS1(config-restart-port-list)# exit
ACOS1(config)# vrrp-a vrid-lead lead
ACOS1(config-vrid-lead:lead)# partition shared vrid 0
ACOS1(config-vrid-lead:lead)# exit
ACOS1(config)#
Enabling l3-inline-mode and restart-port-list in the configuration are mandatory for VLAN-to-VLAN bridging
with VRRP-A. All interfaces which are part of the bridge VLAN group must be included in the restart-port-list.
The vrid-lead configuration is used for L3V partitions to follow the vrid-lead of the shared partition. Since only one VRID
can be configured in a given partition when l3-inline-mode is enabled, all L3V partitions will end up following same VRID
of the shared partition.
To configure the vrid-lead in an L3V partition (for example, partition p1):
ACOS[p1](config-vrid:0)# vrrp-a vrid 0

ACOS[p1](config-vrid:0)# follow vrid-lead lead
ACOS[p1](config-vrid:0)#
Configure VRRP-A for Device 2:

ACOS2(config)# vrrp-a common
ACOS2(config-common)# device-id 2
ACOS2(config-common)# set-id 1
ACOS2(config-common)# enable
ACOS2(config-common)# exit
ACOS2(config)# vrrp-a l3-inline-mode
ACOS2(config)# vrrp-a restart-port-list
ACOS2(config-restart-port-list)# ethernet 2 to 3
ACOS2(config-restart-port-list)# exit
ACOS2(config)# vrrp-a vrid-lead lead
ACOS2(config-vrid-lead:lead)# partition shared vrid 0
ACOS2(config-vrid-lead:lead)# exit
ACOS2(config)#
On each ACOS device, the following commands configure the VLANs (example shown for Device 1):
ACOS1(config)# vlan 4
ACOS1(config-vlan:4)# tagged ethernet 2
ACOS1(config-vlan:4)# exit
ACOS1(config)# vlan 5
ACOS1(config-vlan:5)# tagged ethernet 3
ACOS1(config-vlan:5)# exit
On each ACOS device, the following commands configure the bridge VLAN group, which includes a VE (example shown for
Device 1):
ACOS1(config)# bridge-vlan-group 1
ACOS1(config-bridge-vlan-group:1)# vlan 4 to 5
ACOS1(config-bridge-vlan-group:1)# router-interface ve 4
ACOS1(config-bridge-vlan-group:1)# exit
On ACOS device 1, The following commands assign an IP address to the VE:

ACOS1(config)# interface ve 4
ACOS1(config-if:ve:4)# ip address 10.1.1.2 /24
ACOS1(config-if:ve:4)# exit
On ACOS device 2, The following commands assign an IP address to the VE:

ACOS2(config)# interface ve 4
ACOS2(config-if:ve:4)# ip address 10.1.1.3 /24
ACOS2(config-if:ve:4)# exit

Part II
Layer 3 Networking

Dynamic Host Configuration Protocol (DHCP) on page 3
Dynamic Host Configuration Protocol (DHCP)
This chapter contains the following topics:

Overview of DHCP
Enable DHCP
Configure DHCP Relays
Overview of DHCP
Dynamic Host Configuration Protocol (DHCP) is a mechanism commonly used by clients to auto-discover their addressing
and other configuration information when connected to a network. On ACOS devices, DHCP configuration supports IP
address, subnet masks, default gateway, and classless static routes (option 121) from the DHCP server.
You can enable use of DHCP to dynamically configure IP addresses on the following types of interfaces:
Management interface A single IP address can be assigned.
Ethernet data interfaces Multiple IP addresses can be assigned.
Virtual ethernet interfaces Multiple IP addresses can be assigned.
Trunk interfaces Multiple IP addresses can be assigned.
Virtual servers and IP NAT pools are also able to use the DHCP-assigned address of a given data interface. If this option is
enabled, ACOS updates the VIP or pool address any time the specified data interfaces IP address is changed by DHCP.
Notes
DHCP can be enabled on an interface only if that interface does not already have any statically assigned IP addresses.
On ACOS devices deployed in gateway (Layer 3) mode, Ethernet data interfaces can have multiple IP addresses. An
interface can have a combination of dynamically assigned addresses (by DHCP) and statically configured addresses.
However, if you plan to use both methods of address configuration, static addresses can be configured only after you
finish using DHCP to dynamically configure addresses. To use DHCP in this case, you must first delete all the statically
configured IP addresses from the interface.
On vThunder models, if single-IP mode is used, DHCP can be enabled only at the physical interface level.
On devices deployed in Transparent (Layer 2) mode:
you can enable DHCP on the management interface and at the global level.
The VIP address and pool NAT address (if used) should match the global data IP address of the device. Make sure to
enable this option when configuring the VIP or pool.

Enable DHCP
Enable DHCP
Using the GUI
1. Hover over Network in the navigation bar, and select Interface from the drop-down menu.
2. Depending on the type of interface on which to configure this feature, select LAN, Virtual Ethernet or Trunk from the
menu bar.
3. Click Edit in the actions column for the interface on which to configure this feature.
4. Expand the IP section to reveal additional configuration options.
5. Select the checkbox in the DHCP field.
6. Click Update.
Using the CLI

To enable DHCP on an interface, use the ip address dhcp command at the configuration level for the interface:
ACOS(config-if:ethernet:1)# ip address dhcp

Overview of DHCP Relays
Overview of DHCP Relays

This section describes DHCP relay support and how to configure it.
You can configure the ACOS device to relay DHCP traffic between DHCP clients and DHCP servers located in different VLANs
or subnets.
DHCP relay is supported only for the standard DHCP protocol ports:
Boot protocol server (BOOTPS) UDP port 67
Boot protocol client (BOOTPC) UDP port 68
DHCP relay service is supported for IPv4 and IPv6.

DHCP is a Client-Server protocol and relies on broadcast communication between the client and server for packet
exchanges. Accordingly, the clients and the servers must be in the same broadcast domain (Layer 2 VLAN) for this to work,
since Layer 3 routers typically do not forward broadcasts. However, in most deployments it is not practical to have a DHCP
server in each Layer 2 VLAN. Instead, it is typical to use a common DHCP server for all VLANs and subnets in the network.
Notes
In the current release, the helper-address feature provides service for DHCP packets only.
The interface on which the helper address is configured must have an IP address.
The helper address can not be the same as the IP address on any interface or an IP address used for SLB.

To enable DHCP communication between different VLANs or subnets, you can use a DHCP relay. A DHCP relay acts as a
mediator between the DHCP client and the DHCP server when they are not in the same broadcast domain.
To configure the ACOS device as a DHCP relay, configure the DHCP server IP address as a helper address on the IP interface
connected to DHCP clients. The ACOS device intercepts broadcast DHCP packets sent by clients on the interface configured
with the helper address.
The ACOS device then places the receiving interfaces IP address (not the helper address) in the relay gateway address field,
and forwards the DHCP packet to the server. When the DHCP server replies, the ACOS device forwards the response to the
client.
Use the GUI to Configure a DHCP Relay

To configure a helper address for the IP interface connected to the DHCP clients:
menu bar.
5. Specify an IP address for the IP Helper Address field.
6. Click Add.
7. You can add up to 2 helper addresses per interface.
8. Click Update.
Use the CLI to Configure a DHCP Relay

The following commands configure two helper addresses. The helper address for DHCP server 100.100.100.1 is configured
on Ethernet interface 1 and on Virtual Ethernet (VE) interfaces 5 and 7. The helper address for DHCP server 20.20.20.102 is
configured on VE 9.

NOTE:
You can configure up to 2 IP helper addresses per Ethernet interface.

ACOS(config-if:ethernet:1)# ip helper-address 100.100.100.1
ACOS(config)# interface ve 5
ACOS(config-if:ve:5)# ip helper-address 100.100.100.1
ACOS(config-if:ve:5)# exit
Use the show ip helper-address command shows summary DHCP relay information:
ACOS(config)# show ip helper-address
Interface
Helper-Address
RX
TX
No-Relay
Drops
---------
--------------
------------
------------
------------
------------
eth1
100.100.100.1
ve5
100.100.100.1
1669
1668
1668
1668
ve7
ve8
100.100.100.1
ve9
20.20.20.102
Use the detail parameter to view additional detailed DHCP relay information:
ACOS# show ip helper-address detail
IP Interface: eth1
-----------Helper-Address: 100.100.100.1
Packets:
RX: 0
BootRequest Packets : 0
BootReply Packets
: 0
TX: 0
BootReply Packets
: 0
No-Relay: 0
Drops:
Invalid BOOTP Port
: 0
Invalid IP/UDP Len
: 0
Invalid DHCP Oper
: 0
Exceeded DHCP Hops
: 0

Invalid Dest IP
: 0
Exceeded TTL
: 0
No Route to Dest
: 0
Dest Processing Err : 0

IP Interface: ve5
-----------Helper-Address: 100.100.100.1
Packets:
RX: 16
BootReply Packets
: 0
TX: 14
BootReply Packets
: 14
No-Relay: 0
Drops:
Invalid BOOTP Port
: 0
Invalid IP/UDP Len
: 0
Invalid DHCP Oper
: 0
Exceeded DHCP Hops
: 0
Invalid Dest IP
: 0
Exceeded TTL
: 0
No Route to Dest
: 2

IP Interface: ve7
-----------Helper-Address: None
Packets:
RX: 14
BootReply Packets
: 14
TX: 14
BootReply Packets
: 0
No-Relay: 0
Drops:
Invalid BOOTP Port
: 0
Invalid IP/UDP Len
: 0
Invalid DHCP Oper
: 0
Exceeded DHCP Hops
: 0
Invalid Dest IP
: 0
Exceeded TTL
: 0

No Route to Dest
: 0
Descriptions for the fields in both outputs are available in the Command Line Interface Reference.
The following command clears the DHCP relay counters:
ACOS# clear ip helper-address statistics
Part III
Routing Protocols

Open Shortest Path First (OSPF) on page 3
Intermediate System to Intermediate System (IS-IS) on page 13
Border Gateway Protocol (BGP) on page 15
Bidirectional Forwarding Detection on page 25
Internet Group Multicast Protocol (IGMP) Queries on page 37
Open Shortest Path First (OSPF)
The ACOS device supports the following OSPF versions:

OSPFv2 for IPv4
OSPFv3 for IPv6
This chapter provides configuration examples. For detailed CLI syntax information, see the Command Line Interface Reference.
NOTE:
It is recommended to set a fixed router-ID for all dynamic routing protocols you plan to
use on the ACOS device, to prevent router-ID changes caused by VRRP-A failover.
Support for Multiple OSPFv2 and OSPFv3 Processes

The ACOS device supports up to 65535 OSPFv2 processes on a single ACOS device. Only a single OSPFv2 process can run on
a given interface.
Each IPv6 link can run up to 65535 OSPFv3 processes, on the same link.
Each OSPF process is completely independent of the other OSPF processes on the device. They do not share any information
directly. However, you can configure redistribution of routes between them.
Support for OSPFv2 and OSPFv3 on the Same Interface or

Link
You can configure OSPFv2 and OSPFv3 on the same interface or link. OSPFv2 configuration commands affect only the IPv4
routing domain, while OSPFv3 configuration commands affect only the IPv6 routing domain.
OSPF MIB Support

The following OSPF MIBs are supported:
RFC 1850 OSPFv2 Management Information Base
draft-ietf-ospf-ospfv3-mib-08 OSPFv3 Management Information Base

OSPF Configuration Example

The configuration excerpts in this example configure OSPFv2 and OSPFv3 on an ACOS device.
Interface Configuration
The following commands configure two physical Ethernet data interfaces. Each interface is configured with an IPv4 address
and an IPv6 address. Each interface also is added to OSPF area 0 (the backbone area).
The link-state metric (OSPF cost) of Ethernet 2 is set to 30, which is higher than the default, 10. Based on the cost difference,
OSPF routes through Ethernet 1 will be favored over OSPF route through Ethernet 2, because the OSPF cost of Ethernet 1 is
lower.
ip address 2.2.10.1 255.255.255.0
ipv6 address 5f00:1:2:10::1/64
ipv6 router ospf area 0 tag 1
!
ip address 3.3.3.1 255.255.255.0
ipv6 address 5f00:1:2:20::1/64
ip ospf cost 25
The following commands configure two Virtual Ethernet (VE) interfaces. On VE 3, an IPv4 address is configured. On VE 4, an
IPv4 address and an IPv6 address are configured.
OSPFv2 authentication is configured on VE 3, and the OSPF cost is set to 20.
On VE 4, the OSPF cost is set to 15.
interface ve 3
ip address 1.1.1.2 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 abc
ip ospf cost 20
!
interface ve 4
ip address 1.1.60.2 255.255.255.0
ipv6 address 5f00:1:1:60::2/64
ip ospf cost 15

Global OSPF Parameters

The following commands configure global settings for OSPFv2 process 2. The router ID is set to 2.2.2.2. Subnets 1.1.x.x,
2.2.10.x, and 3.3.3.x are added to the backbone area. Redistribution is enabled for static routes, routes to VIPs, IP source NAT
addresses, and floating IP addresses. In addition, an extra VRRP-A priority cost is configured, and the SPF timer is changed.
router ospf 2
ospf router-id 2.2.2.2
ha-standby-extra-cost 25
timers spf exp 500 50000
redistribute static metric 5 metric-type 1
redistribute vip metric 500 metric-type 1
redistribute ip-nat
redistribute floating-ip metric-type 1
network 1.1.0.0 0.0.255.255 area 0
network 2.2.10.0 0.0.0.255 area 0
network 3.3.3.0 0.0.0.255 area 0
The following commands configure global settings for OSPFv3 process 1. The router ID is set to 3.3.3.3. A stub area is added,
redistribution is enabled, and the SPF timer is changed.
router ipv6 ospf 1
router-id 3.3.3.3
redistribute static metric 5 metric-type 1
redistribute ip-nat
redistribute floating-ip
area 1 stub
timers spf exp 500 50000
Clearing Specific OSPF Neighbors

The OSPF feature provides the option to clear all or specific OSPF neighbors.
You can clear neighbors by specifying various filters:
clear ip ospf [process-id]
{
process |
neighbor {all | neighbor-id | interface {interface-ip-address [neighbor-ip-address]}}
}
clear ipv6 ospf [process-tag]
{
process |
neighbor {all | neighbor-id | interface-name [neighbor-id]}
}
The options listed in the syntax stand for following:

process-idSpecifies the IPv4 OSPFv2 process to run on the device, and can be 1-65535.
process-tagSpecifies the IPv6 OSPFv3 process to run on the IPv6 link, and can be 1-65535.
neighbor-id Specified the router-id of the OSPF device.
neighbor-ip-address Specifies the IP address of the interface for the neighboring device.
interface-ip-address Specifies the IP address of the interface of the device on which the OSPF neighbor exists.
Using OSPFv2, the CLI enables you to indicate an interface IP Address of the ACOS device. Using OSPFv3, the CLI enables you
to specify the interface name for a specific neighbor.
Use the following commands to effect changes to clear OSPF neighbor information:
The following command clears all OSPF neighbors:
clear ip ospf [process-id] neighbor all
To clear all neighbors to a specific router:

clear ip ospf [process-id] neighbor neighbor-router-id
To clear all neighbors on an IPv4 interface:

clear ip ospf [process-id] neighbor interface interface-ip-address
To clear a neighbor on a specified interface to a specified router:

clear ip ospf [process-id] neighbor interface interface-ip-address neighbor-router-id
To clear all IPv6 neighbors:

clear ipv6 ospf [process-tag] neighbor all
To clear all neighbors to a specific router:

clear ipv6 ospf [process-tag] neighbor neighbor-router-id
To clear all neighbors on a specified interface:

clear ipv6 ospf [process-tag] neighbor interface-name
To clear all neighbors on a specified interface to a specific router:

clear ipv6 ospf [process-tag] neighbor interface-name neighbor-router-id
Configuration Examples
The following command clears all OSPFv2 neighbors:
ACOS(config)#clear ip ospf neighbor all
The following command clears all neighbors to a specific router:

ACOS(config)#clear ip ospf neighbor 192.1.1.1

OSPF Logging
The following command clears all neighbors on an interface:
ACOS(config)#clear ip ospf neighbor interface 10.1.1.10
The following command clears a neighbor on a specified interface to a specified router:

ACOS(config)#clear ip ospf neighbor interface 10.1.1.10 192.1.1.10

ACOS(config)#clear ipv6 ospf 5 neighbor all

ACOS(config)#clear ipv6 ospf neighbor 192.1.1.1
The following command clears all OSPFv3 neighbors on a specified

interface:
ACOS(config)#clear ipv6 ospf neighbor ethernet 1
The following command clears all neighbors on a specified interface to a specific router:
ACOS(config)#clear ipv6 ospf neighbor ethernet 1 192.1.1.1
OSPF Logging
Router logging is disabled by default. You can enable router logging to one or more of the following destinations:
CLI terminal (stdout)
Local logging buffer
Local file
External log servers
NOTE:
Log file settings are retained across reboots but debug settings are not.
NOTE:
Enabling debug settings that produce lots of output, or enabling all debug settings, is
not recommend for normal operation.
Configuring Router Logging for OSPF

To configure router logging for OSPF:
1. Enable output options.
2. Set severity level and facility.
3. Enable debug options to generate output.

OSPF Logging
For additional syntax information, including show and clear commands for router logging, see the Command Line Interface
Reference.
Enable output options

To enable output to the terminal, use the following command at the global configuration level of the CLI:
router log stdout
To enable output to the local logging buffer, use the following command at the global configuration level of the CLI:
router log syslog
To enable output to a local file, use the following command at the global configuration level of the CLI:
[no] router log file {name string | per-protocol | rotate num | size Mbytes}
To enable output to a remote log server, use the following command at the global configuration level of the CLI:
logging host ipaddr [ipaddr...] [port protocol-port]
Up to 10 remote logging servers are supported.
Set severity level and facility

The default severity level for router logging is 7 (debugging). The default facility is local0.
To change set the severity level for messages output to the terminal, use the following command at the global configuration
level of the CLI:
logging monitor severity-level
The severity-level can be one of the following:

0 or emergency
1 or alert
2 or critical
3 or error
4 or warning
5 or notification
6 or information
7 or debugging
To change the severity level for messages output to the local logging buffer, use the following command at the global configuration level of the CLI:
logging buffered severity-level

OSPF Logging
To change the severity level for messages output to external log servers, use the following command at the global configuration level of the CLI:
logging syslog severity-level
To change the severity level for messages output to a file, use the following command at the global configuration level of the
CLI:
router log trap severity-level
To change the facility, use the following command at the global configuration level of the CLI:
logging facility facility-name
The facility-name can be one of the following:

local0
local1
local2
local3
local4
local5
local6
local7
Enable debug options to generate output

To enable debugging for OSPF, use the following commands at the global configuration level or Privileged EXEC level of the
CLI:
debug a10 [ipv6] ospf
debug
[ipv6] ospf type
The ipv6 option enables debugging for OSPFv3. Without the ipv6 option, debugging is enabled for OSPFv2.
The type specifies the types of OSPF information to log, and can be one or more of the following:
all Enables debugging for all information types listed below.
events Enables debugging for OSPF events.
ifsm Enables debugging for the OSPF Interface State Machine (IFSM).
lsa Enables debugging for OSPF Link State Advertisements (LSAs).
nfsm Enables debugging for the OSPF Neighbor State Machine (NFSM).
nsm Enables debugging for the Network Services Module (NSM). The NSM deals with use of ACLs, route maps,
interfaces, and other network parameters.
packet Enables debugging for OSPF packets.

OSPF Logging
route Enables debugging for OSPF routes.
For each level, both debug commands are required.
CLI Example
The following commands configure OSPFv2 logging to a local file.
ACOS(config)#router log file name ospf-log
ACOS(config)#router log file per-protocol
ACOS(config)#router log file size 100
ACOS(config)#debug a10 ospf all
ACOS(config)#debug ospf packet
These commands create a router log file named ospf-log. The per-protocol option will log messages for each routing
protocol separately. The log file will hold a maximum 100 MB of data, after which the messages will be saved in a backup and
the log file will be cleared.
The following command displays the contents of the local router log file:
ACOS(config)#show router log file ospfd
2010/04/21 09:57:20 OSPF: IFSM[ve 3:1.1.1.2]: Hello timer expire
2010/04/21 09:57:20 OSPF: SEND[Hello]: To 224.0.0.5 via ve
3:1.1.1.2,
length
64
2010/04/21 09:57:20 OSPF:
----------------------------------------------------2010/04/21 09:57:20 OSPF: Header
2010/04/21 09:57:20 OSPF:
Version 2
2010/04/21 09:57:20 OSPF:
Type 1 (Hello)
2010/04/21 09:57:20 OSPF:
Packet Len 48
2010/04/21 09:57:20 OSPF:
Router ID 2.2.2.2
2010/04/21 09:57:20 OSPF:
Area ID 0.0.0.0
2010/04/21 09:57:20 OSPF:
Checksum 0x0
2010/04/21 09:57:20 OSPF:
Instance ID 0
2010/04/21 09:57:20 OSPF:
AuType 2
2010/04/21 09:57:20 OSPF:
Cryptographic Authentication
2010/04/21 09:57:20 OSPF:
Key ID 1
2010/04/21 09:57:20 OSPF:
Auth Data Len 16
2010/04/21 09:57:20 OSPF:
Sequence number 1271830931
2010/04/21 09:57:20 OSPF: Hello

2010/04/21 09:57:20 OSPF:
NetworkMask 255.255.255.0
2010/04/21 09:57:20 OSPF:
HelloInterval 10
2010/04/21 09:57:20 OSPF:
Options 0x2 (-|-|-|-|-|-|E|-)
2010/04/21 09:57:20 OSPF:
RtrPriority 1
2010/04/21 09:57:20 OSPF:
RtrDeadInterval 40

OSPF Logging
2010/04/21 09:57:20 OSPF:
DRouter 1.1.1.200
2010/04/21 09:57:20 OSPF:
BDRouter 1.1.1.2
2010/04/21 09:57:20 OSPF:
# Neighbors 1
2010/04/21 09:57:20 OSPF:
Neighbor 31.31.31.31
2010/04/21 09:57:20 OSPF:

----------------------------------------------------2010/04/21 09:57:21 OSPF: IFSM[ethernet 2:3.3.3.1]: Hello timer
expire
2010/04/21 09:57:21 OSPF: SEND[Hello]: To 224.0.0.5 via ethernet
2:3.3.3.1,
length 48
2010/04/21 09:57:21 OSPF:
----------------------------------------------------2010/04/21 09:57:21 OSPF: Header
2010/04/21 09:57:21 OSPF:
Version 2
2010/04/21 09:57:21 OSPF:
Type 1 (Hello)
2010/04/21 09:57:21 OSPF:
Packet Len 48
2010/04/21 09:57:21 OSPF:
Router ID 2.2.2.2
2010/04/21 09:57:21 OSPF:
Area ID 0.0.0.0
2010/04/21 09:57:21 OSPF:
Checksum 0x49eb
2010/04/21 09:57:21 OSPF:
Instance ID 0
2010/04/21 09:57:21 OSPF:
AuType 0
2010/04/21 09:57:21 OSPF: Hello

2010/04/21 09:57:21 OSPF:
NetworkMask 255.255.255.0
2010/04/21 09:57:21 OSPF:
HelloInterval 10
2010/04/21 09:57:21 OSPF:
Options 0x2 (-|-|-|-|-|-|E|-)
2010/04/21 09:57:21 OSPF:
RtrPriority 1
2010/04/21 09:57:21 OSPF:
RtrDeadInterval 40
2010/04/21 09:57:21 OSPF:
DRouter 3.3.3.2
2010/04/21 09:57:21 OSPF:
BDRouter 3.3.3.1
2010/04/21 09:57:21 OSPF:
# Neighbors 1
2010/04/21 09:57:21 OSPF:

...
Neighbor 81.81.81.81

OSPF Logging
Intermediate System to Intermediate System (IS-IS)
This chapter describes how to integrate your ACOS device in an IS-IS network environment.
This chapter provides IS-IS configuration examples. For detailed CLI syntax information, see Config Commands: Router ISIS on page 159.
NOTE:
The following topics are covered in this chapter:

Basic IS-IS Example Topology
Configuring IS-IS
Verifying Your IS-IS Configuration
Basic IS-IS Example Topology

The example topology in Figure 1 shows the ACOS device in a level-1 IS-IS topology.
FIGURE 1
ACOS Device in a Basic IS-IS Topology
A10 Thunder SeriesNetwork Configuration Guide

Configuring IS-IS
Configuring IS-IS
To configure IS-IS in the sample topology (Figure 1), first enable IS-IS in the ACOS device, enabling it to send Hello packets to
other IS-IS devices in the same area:
ACOS(config)# router isis
ACOS(config-isis)# net 47.0000.0000.0000.0001.00
ACOS(config-isis)# is-type level-1
ACOS(config-isis)# redistribute vip only-flagged level-1
ACOS(config-isis)# exit
ACOS(config)#
The router isis command places you in IS-IS configuration mode. The net command configures the IS-IS instance on the
ACOS device to be in the same area as the upstream router (in this case, 47.0000 as the area-id and 0000.0000.0001 as the
system-id). The ACOS device must have the same area-id as the one configured on the router in order for it to bring up level1 adjacencies.
The is-type command configures this instance as a level-1 instance; the same is accomplished by making sure the area-id in
the net command matches the area-id on the router.
The redistribute command allows the VIP to the server farm to be advertised as a route in this IS-IS area.
NOTE:
If you are configuring IS-IS for IPv6, you should also add the metric-style wide command in your basic configuration.
Next, configure IS-IS on the individual interfaces. To configure IS-IS on an interface, use the interface command to access
the configuration level for the interface, then use the ip router isis | ipv6 router isis commands. Below is an example to enable
IS-IS for IPv4:
ACOS(config-if:ethernet:1)# ip address 10.1.1.10 /24
ACOS(config-if:ethernet:1)# ip router isis
To enable IS-IS for IPv6, use IPv6 commands. For example:

ACOS(config-if:ethernet:1)# ipv6 address 2000::1/64
ACOS(config-if:ethernet:1)# ipv6 router isis
Verifying Your IS-IS Configuration

To view IS-IS settings, use the commands described in IS-IS Show Commands on page 174.
Border Gateway Protocol (BGP)
The ACOS device supports BGP4+ for both IPv4 and IPv6.
This chapter provides configuration examples. For detailed CLI syntax information, see the Command Line Interface Reference.
NOTE:

BGP Route Redistributions
Using Route Maps to Permit or Deny Updates
Using Route Maps for Traffic Engineering
Route Selection Based on Local Preference
Globally-Enabled Default Route Origination
Equal-Cost Multi-path ECMP Support
Route-Map High Availability for Interior Gateway Protocols
BGP Route Redistributions

The routers in a BGP autonomous system (AS) advertise their routes to other BGP speakers (either internally or externally)
through updates exchanged during peering sessions. These updates, or BGP route redistributions, can be used to distribute
information about the topology and metrics for the neighboring routers.
The route redistributions can be for either static routes, which are manually-configured by an admin, or the route redistributions can be for dynamic routes that the router has acquired through the normal operation of the BGP protocol, such as
routes learned through BGP peering sessions with other routers.
Using Route Maps to Permit or Deny Updates

A BGP route map functions much like a filter. Route maps offer a way to permit or deny the exchange of information to
neighboring BGP peers, and route maps can be used by network administrators to reduce the amount of information that is
exchanged during BGP peering sessions.

Without route maps, every router on the Internet would share all of its information about every other router to which it is
connected, and the sheer volume of traffic would bring the Internet to a grinding halt, so route maps offer a way to throttle
the amount of information that is shared among BGP peers.*
Route maps are configured with one or more rules. Each rule consists of a set of match criteria and an associated action (permit or deny). The route map can have multiple rules, which are categorized in ascending order. Once the BGP route map is
placed into action, it can be used to filter inbound or outbound routing traffic. If traffic is received and there is a positive
match for the criteria in one of the rules, then the action associated with that match criteria will be applied. Assuming the
associated action is to alter the local preference for routes from that peer, then ACOS will make this change before redistributing these route to other BGP peers.

The rules in the route map are not just used to permit or deny peering sessions in the binary manner described above.
Route maps can also be used for traffic engineering. This is accomplished by modifying the information a BGP speaker
receives from other BGP peers before the altered information is propagated via the route redistribution process. In other
words, route maps can be configured to modify the properties of the routing information they receive before sending that
modified data on its way.
For example, if you know that a neighboring autonomous system has old equipment that could impede or slow your networks traffic, it might be beneficial if you could administratively tell the equipment in your autonomous system to avoid that
other network.
Route maps allow you to accomplish this goal by rewriting the properties or metrics associated with the paths to this other
network.
You could set up one or more match criteria to identify traffic from this slower and older network, such that if a positive
match occurs, ACOS would increase the cost (or decrease the weight) for the paths to this other network. Doing so would
bias traffic away from these paths and encourage the use of other paths capable of circumventing the slow network.
In this way, ACOS does not simply refuse to accept the route redistributions received from BGP peers in the slower network.
Instead of accepting the routing information received at face value, ACOS tweaks or rewrites the metrics associated with
the paths to make them less attractive before passing them along to the surrounding BGP peers.
*.
BGP route summarization, or route aggregation, offers another way to reduce the number of routes that are shared by consolidating
blocks of IP addresses before redistribution. This prevents excessive fragmentation of blocks of IP addresses and gives ISPs more control over the blocks of IP addresses they own. Route aggregation also helps to conserve the limited number of IPv4 addresses.


ACOS 2.7.2 allows you to use the local preference as a match criteria in a route map. While vetting route updates, if there is a
positive match for the criteria, this triggers an action associated with the match criteria and helps determine whether BGP
updates will be sent to one or more BGP peers.
A route map acts as a filter for the redistribution of BGP routes sent to peers. Rules are set up within the route map, consisting
of match criteria (the metric upon which we are searching) and an associated action (for example, setting the local preference value). If a positive match is found then the action associated with that rule is applied.
For example, you could set a rule within a route map to look for updates from a particular BGP peer (based on IP address,
router ID, or perhaps all routers in a particular Autonomous System Number), and you could then prevent ACOS from propagating, or redistributing, these updates to the other BGP peers in its ASN.
Instead of completely blocking routing updates from a nearby ASN, you could specify an action within the route map that
would modify the various metrics to make the associated paths less preferred. For example, if you knew that a particular BGP
peer is an older router that could hinder network performance, you could increase the cost of the paths to/from that router
by increasing the cost of those paths by increasing the metric number. Similarly, you could achieve the same goal (of reducing the attractiveness of the paths associated with this older router and thus directing traffic away from it) by decreasing the
weight for routes learned from this router.
CLI Example
The following commands configure a route map called RED. The sequence number for this route-map is 10. The rule looks
for route updates that have a local preference value of exactly 5000. If a match occurs, then the action for this route map is to
permit BGP updates to occur with this router.
ACOS(config)# route-map RED permit 10
ACOS(config-route-map)# match local-preference 5000
At this point, you could apply the route map to an ACOS device that has BGP enabled. You could specify the AS that this
ACOS device belongs to (333), the BGP neighbor (10.1.1.1), the name of the route map (RED), and specify whether
this route map is affecting inbound or outbound route updates (in), as shown in the sample commands below.
router bgp 333
redistribute dynamic
neighbor 10.1.1.1 remote-as 333
neighbor 10.1.1.1 route-map RED in


When you are in router BGP mode, the default-information originate CLI command is available to advertise the
default route.
Use the GUI to Configure Globally-Enabled Default Route Origination

BGP configuration is not supported in the GUI.
Use the CLI to Configure Globally-Enabled Default Route Origination

To configure a BGP routing process to distribute a default route, use the default-information originate command
in the address family or router configuration mode. A valid default route must exist and be verified to complete this configuration or the default route will not be advertised:
ACOS(config)# router bgp 10
ACOS(config-bgp:10)# default-information originate

Equal-cost multi-path (ECMP) support for BGP is available; by default, ECMP support is disabled. You can enable support for
up to 10 equal-cost paths per route destination. Traffic to the destination prefix is then shared across all the installed paths.
Based on your configuration, BGP will install up to the maximum number of routes in the forwarding information base (FIB).
Use the maximum-paths command at the BGP configuration level to specify the maximum number of ECMP paths to a
given route destination allowed for BGP: The default maximum-path value is 1. This value will not be displayed in the show
running-config command. With the default setting (maximum-paths 1), BGP will install the single best ECMP route into
the FIB used by the ACOS device to forward traffic.
The example below shows the BGP portion of an ACOS device configuration. The first set of output shows a device running
IPv4 while the second set of output shows a device running IPv6. In the IPv4 output, the lines of output neighbor
10.10.10.197 remote-as 197 through neighbor 60.60.60.197 remote-as 197 show that the ACOS
routing engine learned of this route from multiple neighbors.
ACOS(config-bgp:100)# bgp router-is 100.100.100.100
ACOS(config-bgp:100)# maximum-paths 8
ACOS(config-bgp:100)# neighbor 10.10.10.197 remote-as 197
ACOS(config-bgp:100)# neighbor 3310::197 remote-as 197

ACOS(config-bgp:100)# address-family ipv6
ACOS(config-bgp:100-ipv6)# maximum-paths 7
ACOS(config-bgp:100-ipv6)# neighbor 3310::197 activate
ACOS(config-bgp:100-ipv6)# exit-address-family
ACOS(config-bgp:100)#
The show ip fib command shows that the ACOS devices forwarding information base (FIB) was able to learn of 6 different
routes to the same destination (7.7.7.0/ 24). Each route had an equal cost (distance = 20), and each route was learned
through a different Ethernet port.
ACOS# show ip fib
Prefix
Next Hop
Interface
Distance
-----------------------------------------------------------------------7.7.7.0 /24
60.60.60.197
ethernet6
20
7.7.7.0 /24
50.50.50.197
ethernet5
20
7.7.7.0 /24
40.40.40.197
ethernet4
20
7.7.7.0 /24
30.30.30.197
ethernet3
20
7.7.7.0 /24
20.20.20.197
ethernet2
20
7.7.7.0 /24
10.10.10.197
ethernet1
20
The show ip bgp command displays paths learned through BGP. The ACOS device was connected to 6 different routes, and
the Metric column shows that the cost is the same for all routes.
ACOS# show ip bgp
BGP table version is 14, local router
is 98.98.98.98
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, l - labeled
S Stale, m multipath
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
*> 7.7.7.0/24
10.10.10.197
0 197 ?
*m
20.20.20.197
0 197 ?
*m
30.30.30.197
0 197 ?
*m
40.40.40.197
0 197 ?
*m
50.50.50.197
0 197 ?
*m
60.60.60.197
0 197 ?

The show ip route database command displays essentially the same information as shown above. The ACOS device
has a FIB that is populated with 6 different routes, of equal cost, to the same destination.
ACOS# show ip route database
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
> - selected route, * - FIB route, p - stale info
B
*> 7.7.7.0/24 [20/0] via 10.10.10.197, ethernet 1, 00:13:38

*>
[20/0] via 20.20.20.197, ethernet 2, 00:13:38
*>
[20/0] via 30.30.30.197, ethernet 3, 00:13:38
*>
[20/0] via 40.40.40.197, ethernet 4, 00:13:38
*>
[20/0] via 50.50.50.197, ethernet 5, 00:13:38
*>
[20/0] via 60.60.60.197, ethernet 6, 00:13:38
Route-Map High Availability for Interior Gateway

Protocols
Feature History
ACOS 2.7.2 introduced support for a route-map option that performed matching based on the HA or VRRP-A VRID group,
and also based on whether the device was the active or standby in the group. This option was used to control BGP route
redistribution and advertisement decisions using the ACOS devices high availability state.
ACOS 2.7.2-P4 extended this feature to support all Interior Gateway Protocols (IGPs) such as OSPFv2, OSPFv3, ISISv4/6, RIP and
RIPng.
This feature is now supported in ACOS 4.0.1 and beyond.
NOTE:
Prior to ACOS 2.7.2, a route map could perform filtering based on metrics such as BGP
community, IP address, or metric value. However, the 2.7.2 release was the first release in
which filtering (or matching) could be performed based on the status of an ACOS
device in a high availability configuration.
High availability configuration is only available with VRRP-A beginning with ACOS 4.0
and beyond; the legacy HA configuration is no longer supported.

Route-Map High Availability Overview

This mechanism can be useful in certain network environments; for example, when a network uses VRRP-A for redundancy
and the active ACOS device in the VRRP-A group will be upgraded. Such an upgrade requires the active ACOS device to
change its status to standby, and the standby device must become active.
In this scenario, the ability to perform route map matching based on high availability status offers a unique way to use BGP
(or other IGPs) route redistribution to advertise the paths to the newly-active ACOS device after switchover has occurred.
You can use the BGP protocol to modify some of the route settings by way of the route map. By changing the weights or
local preference of certain routing paths, you can influence the routes that are advertised or withdrawn in route updates
from the ACOS device to its BGP neighbors.
Alternatively, you can just wait for the old routes to time out, at which point they will be automatically withdrawn from the
routing table of the neighboring routers. This will have the effect of directing network traffic to the newly-active ACOS
device.
VRRP-A VRID Group Matching

Figure 2 shows a hypothetical network topology with two ACOS devices using VRRP-A for redundancy.
Here are a few other noteworthy points:
The leftmost ACOS device is Active and the rightmost ACOS device is Standby.
The diagram shows a Layer 3 router above the ACOS devices. The router is in autonomous system 200, and it is using
BGP to share routing updates with the ACOS load balancers. The ACOS devices are also running BGP and are located
within AS 100.
Static routes connect the ACOS devices to a Layer 3 router, which directs traffic to and from the real servers.

FIGURE 2
Topology Using BGP Route Map (with VRRP-A High Availability Matching)
In a network environment like that shown above in Figure 2, the Active ACOS device must be relegated to standby mode
before it can be upgraded. In turn, the Standby device must also be made active. When this switchover occurs, it is imperative that the routers running BGP receive updated routing information. This updated routing information will cause the
routes to the formerly-active ACOS device to be avoided, and the routers must also be provided with new routing information about the paths traffic can use to reach the newly active ACOS device.
CLI Example
The following gives an example of a route map configuration. It is based on the network diagram shown in Figure 2, which
has two ACOS devices using VRRP-A for redundancy. To upgrade one of the active ACOS devices, its status must be changed
to standby (and the standby device must be made active). Then, the new routing information must be pushed to the router
above, which is also running BGP.

Configurations on the Active ACOS device

The CLI commands below are used to configure VRRP-A on the first (Active) ACOS device.
vrrp-a common
device-id 1
set-id 1
enable
The following CLI commands assign an IP address of 20.1.1.1 to Ethernet interface 1 on the ACOS device.
interface eth 1
ip address 20.1.1.1
The following CLI commands are used to create a route map called test1 with a sequence number of 10. A rule is added
that checks for a positive match for the active ACOS device in the VRRP-A group 1. If a positive match is found, then this ACOS
device can share its route redistributions with any BGP peers that pass the match criteria.
route-map test1 permit 10
match group 1 active
The following CLI commands are used at the global configuration level to enable the BGP protocol and specify the Autonomous System (AS) number of 100 for the Active ACOS device. The BGP peer is specified in remote AS 200, and the hop
count needed to reach this external BGP router is not to exceed 255 hops. The outbound redistribution of static routes would
be allowed to the BGP peer at 30.1.1.1, based upon the match criteria (and associated actions) in the route-map called test1.
router bgp 100
redistribute static
neighbor 30.1.1.1 ebgp-multihop 255
neighbor 30.1.1.1 route-map test1 out
The following CLI commands are used to configure a static route from the Active ACOS device to the real servers in the subnet 1.1.1.0 /24, by way of the next-hop router at IP 11.1.1.1.
ip route 1.1.1.0 /24 11.1.1.1
Configurations on the Standby ACOS device

The command below configure VRRP-A on the Standby ACOS device.
vrrp-a common
device-id 2
set-id 1
enable
The following CLI commands assign the IP 21.1.1.1 to Ethernet interface 1 on the Standby ACOS device.
interface eth 1
ip address 21.1.1.1

The CLI commands below create a route map called test1 with a sequence number of 10. A rule is added to check for a
match for the active ACOS device in the HA (or VRRP-A) group 1. If a positive match is found, then this ACOS device may
share its route redistributions with its BGP peers.
route-map test1 permit 10
match group 1 active
The following CLI commands are used at the global configuration level to enable the BGP protocol and specify an Autonomous System (AS) number of 100 for the Standby ACOS device. The BGP peer is specified in remote AS 200, and the hop
count needed to reach this external BGP router is not to exceed 255 hops. The outbound redistribution of static routes could
be sent to the BGP peer at 30.1.1.1, based upon the match criteria (and the associated actions) in route-map test1.
router bgp 100
redistribute static
neighbor 30.1.1.1 ebgp-multihop 255
neighbor 30.1.1.1 route-map test1 out
The following CLI commands are used to configure a static route from the Standby ACOS device to the real servers in the
subnet 1.1.1.0 /24, by way of the next-hop router at IP 12.1.1.1.
ip route 1.1.1.0 /24 12.1.1.1
NOTE:
In the above configuration, only an Active ACOS device can redistribute its static routes.
The Standby ACOS device does not redistribute its static routes. The reason for this is
that the match criteria permits the Active device in an HA (or VRRP-A) pair to send out
(redistribute) its routes. There is no rule in the route map with an explicit deny action,
but the deny is implicit, because any Standby HA devices would fail to match the criteria
in the route map, so the Standby HA device would fail to match the criteria and its routing updates would not be shared.
Bidirectional Forwarding Detection
Bidirectional Forwarding Detection (BFD) provides very fast failure detection for routing protocols. When BFD is enabled, the
ACOS device periodically sends BFD control packets to the neighboring devices that are also running BFD. If a neighbor
stops sending BFD control packets, the ACOS device quickly brings down the BFD session(s) with the neighbor, and recalculates paths for routes affected by the down neighbor.
BFD provides a faster failure detection mechanism than the timeout values used by routing protocols. Routing protocol timers are multiple seconds long, whereas BFD provides sub-second failover.
The A10 implementation of BFD is based on the following RFCs:
RFC 5880, Bidirectional Forwarding Detection (BFD)
RFC 5881, Bidirectional Forwarding Detection (BFD) for IPv4 and IPv6 (Single Hop)
RFC 5882, Generic Application of Bidirectional Forwarding Detection (BFD)
RFC 5883, Bidirectional Forwarding Detection (BFD) for Multihop Paths
Support in this Release

The current release has the following BFD support:
Basic BFD protocol (packet processing, state machine, and so on)
BGP client support
Multihop
BFD Asynchronous mode
OSPFv2/v3 client support
Static route support
IS-IS client support
BFD Demand mode
Full Echo function support
Authentication
BFD Parameters
BFD is disabled by default. You can enable it on a global basis.

Configuring BFD
BFD Echo
BFD echo enables a device to test data path to the neighbor and back. When a device generates a BFD echo packet, the
packet uses the routing link to the neighbor device to reach the device. The neighbor device is expected to send the packet
back over the same link.
BFD Timers
You can configure BFD timers at the following configuration levels:
Global
Interface
If you configure the timers on an individual interface, the interfaces settings are used instead of the global settings. Likewise,
if the BFD timers are not set on an interface, that interface uses the global settings. For BGP loopback neighbors, BFD always
uses the global timer.
The DesiredMinTXInterval, RequiredMinRxInterval and DetectMult timer fields can be configured at the interface and the
global configuration level. However, the actual timer will vary depending on the Finite State Machine (FSM) state, through
negotiation, and whether or not echo has been enabled.
BGP Support
If you run BGP on the ACOS device, you can enable BFD-based fallover for individual BGP neighbors.
Configuring BFD
Static Route Support
A static route flap can occur when you enable BFD in global mode or when you configure a static BFD session.
In the following example, you will see that the static routes experience a flap when BFD is enabled. The fields to note are
flagged in bold:
ACOS(config)# show ipv6 route
IPv6 Routing Table
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
i - IS-IS, B - BGP
Timers: Uptime
C
3ffe:100::/64 via ::, ve 10, 00:01:28
3ffe:1111::/64 via ::, loopback 1, 00:01:30
3ffe:2222::/64 [1/0] via 3ffe:100::20, ve 10, 00:00:25
<===value before flap
timer
C
3ffe:3333::/64 via ::, loopback 2, 00:01:30
ACOS(config)#bfd enable
<===enable BFD

Configuring BFD
ACOS(config)# show ipv6 route
IPv6 Routing Table
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
i - IS-IS, B - BGP
Timers: Uptime
C
3ffe:100::/64 via ::, ve 10, 00:01:32
3ffe:1111::/64 via ::, loopback 1, 00:01:34
3ffe:2222::/64 [1/0] via 3ffe:100::20, ve 10, 00:00:01
3ffe:3333::/64 via ::, loopback 2, 00:01:34
<==value after flap
ACOS(config)#
To enable BFD, use the following command at the global configuration level of the CLI:
ACOS(config)#bfd enable
To enable BFD echo, use the following command at the global configuration level of the CLI:
ACOS(config)#bfd echo
To configure BFD timers, use the following commands. These commands are available at the global configuration level and
at the configuration level for individual interfaces.
[no] bfd interval ms min-rx ms multiplier num
The interval value can be 48-1000 ms, and is 800 ms by default. The min-rx value can be 48-1000 ms, and is 800 ms by
default. The multiplier value can be 3-50 and is 4 by default.
Configuring BFD Parameters for BGP

To enable BFD-based fallover for a BGP neighbor, use the following command at the BGP configuration level:
[no] neighbor ipaddr fall-over bfd [multihop]
To display BFD information for BGP neighbors, use the following command:
show ip bgp neighbor
Displaying BFD Information

To display summarized BFD neighbor information, use the following command:
show bfd neighbors
To display detailed BFD neighbor information, use the following command:

Configuring BFD
show bfd neighbors detail
To display BFD statistics, use the following command:

show bfd statistics
To display BFD statistics, use the following command:

show bfd statistics
To clear BFD statistics, use the following command:

clear bfd statistics
Disable BFD
To disable BFD, enter the following command in global configuration mode:
ACOS(config)# no bfd enable
Enter the command to stop processing all BFD packets.
Configure BFD with OSPF (for IPv4)

To enable BFD with OSPF on an interface, enter one of the following sets of commands:
To enable BFD on an individual interface:
ACOS(config-if:ethernet:1)# ip address 20.0.0.1 255.255.255.0
ACOS(config-if:ethernet:1)# ip ospf bfd
To enable BFD on a virtual interface:

ACOS(config-if:ve:100)# ip ospf bfd
To enable BFD on a trunk:

ACOS(config-if:trunk:1)# ip ospf bfd
To enable BFD for all OSPF-enabled interfaces, enter the following commands:

Configuring BFD
ACOS(config)# router ospf 1
ACOS(config-ospf:1)# bfd all-interfaces
To selectively disable BFD per interface, enter the following command:

ACOS(config-if:ethernet:1)# ip ospf bfd disable
To configure a multihop neighbor over a virtual-link, enter the following command:

ACOS(config-ospf:1)# area 1 virtual-link 40.0.0.1 fall-over bfd
Sample Configuration
Your running configuration will display your current BFD with OSPF configuration:
!
ip address 20.0.0.1 255.255.255.0
ip ospf bfd
!
ip address 30.0.0.1 255.255.255.0
!
!
router ospf 1
bfd all-interfaces
network 20.0.0.0/24 area 0
network 30.0.0.0/24 area 0
area 1 virtual-link 40.0.0.1 fall-over bfd
!
!
bfd enable
!
Configure BFD with OSPF (for IPv6)

To enable BFD with OSPF for IPv6 support on an interface, enter one of the following sets of commands:

Configuring BFD
ACOS(config-if:ethernet:1)# ipv6 router ospf area 0 tag 1
ACOS(config-if:ethernet:1)# ipv6 ospf bfd

ACOS(config-if:ve:100)# ipv6 ospf bfd

ACOS(config-if:trunk:1)# ipv6 ospf bfd
To enable BFD for all OSPFv3-enabled interfaces, enter the following commands:
ACOS(config)# router ipv6 ospf 1
ACOS(config-ospf:1)# bfd all-interfaces

ACOS(config-if:ethernet:1)# ipv6 ospf bfd disable
To configure a multihop neighbor over a virtual-link, enter the following command:

ACOS(config-ospf:1)# area 1 virtual-link 2.2.2.2 fall-over bfd
Your running configuration will display your current BFD with OSPF for IPv6 configuration:
!
ipv6 address 2001::1/64
ipv6 ospf bfd
!
ipv6 address 3001::1/64
!
!
router ipv6 ospf 1
router-id 1.1.1.1

Configuring BFD
bfd all-interfaces
area 1 virtual-link 2.2.2.2 fall-over bfd
!
!
bfd enable
!
Configure BFD with IS-IS (for IPv4)

To enable BFD with ISIS on an interface, enter one of the following sets of commands:
ACOS(config-if:ethernet:1)# ip router isis
ACOS(config-if:ethernet:1)# isis bfd

ACOS(config-if:ve:100)# isis bfd

ACOS(config-if:trunk:1)# isis bfd
To enable BFD for all IS-IS-enabled interfaces, enter the following commands:
ACOS(config-isis)# bfd all-interfaces

ACOS(config-if:ethernet:1)# isis bfd disable
Your running configuration will display your current BFD with ISIS configuration:
!
ip address 20.0.0.1 255.255.255.0

Configuring BFD
ip router isis
isis bfd
!
ip address 30.0.0.1 255.255.255.0
ip router isis
isis bfd
!
!
router isis
bfd all-interfaces
net 49.0001.0000.0000.0001.00
!
!
bfd enable
!
Configure BFD with IS-IS (for IPv6)

To enable BFD with ISIS for IPv6 support on an interface, enter one of the following sets of commands:
ACOS(config-if:ethernet:1)# isis bfd

ACOS(config-if:ve:100)# ipv6 address 2ffe:123::1/64
ACOS(config-if:ve:100)# ipv6 router isis
ACOS(config-if:ve:100)# isis bfd

ACOS(config-if:trunk:1)# isis bfd
To enable BFD for all IS-IS-enabled interfaces, enter the following commands:
ACOS(config-isis)# bfd all-interfaces

Configuring BFD
ACOS(config-if:ethernet:1)# isis bfd disable
Your running configuration will display your current BFD with ISIS (for IPv6 support) configuration:
!
interface ve 100
ipv6 address 2ffe:123::1/64
ipv6 router isis
isis bfd
!
router isis
bfd all-interfaces
net 49.0001.0000.0000.0002.00
!
bfd enable
Configure BFD with BGP

When BFD is configured with BGP, it is configured on a per neighbor basis. This is different from the OSPF or ISIS configuration
with BFD. Use the following commands to configure BFD with BGP:
ACOS(config-bgp:1)# neighbor 1.2.3.4 fall-over bfd
To configure a multihop BFD neighbor, use the following command:

ACOS(config-bgp:1)# neighbor 1.2.3.4 fall-over bfd multihop
Your running configuration will display your current BFD with BGP configuration:
!
router bgp 1
neighbor 1.2.3.4 fall-over bfd multihop
!
!
bfd enable
!

Configuring BFD
Configuring Static BFD

The following sections describe how to configure global IPv4 static BFD and both global and link-local IPv6 static BFD.
IPv4 Static BFD (Global)

From the global configuration mode, use the following command to add a static BFD entry for the specified IPv4 nexthop:
ACOS(config)# ip route static bfd 20.0.0.1 20.0.0.2
In the above command, the first parameter is the IPv4 address of the local interface. You can only use the IP addresses for
interfaces to setup the BFD session. The second parameter is the IPv4 address of the remote interface that serves as the gateway for the static route.
IPv6 Static BFD (Global)

From the global configuration mode, use the following command to add a static BFD entry for the specified IPv6 nexthop:
ACOS(config)#ipv6 route static bfd 2001::1 2001::2
In the above command, the first parameter is the IPv6 address of the local interface. You can only use the IP addresses for
interfaces to setup the BFD session. The second parameter is the IPv6 address of the remote interface that serves as the gateway for the static route.
IPv6 Static BFD (Link-Local)

From the global configuration mode, use the following command to add a static BFD entry for the specified link-local IPv6
nexthop:
ACOS(config)# ipv6 route static bfd ve 100 fe80::1
In the above command, the first parameter is the local interface name (Ethernet, VE, or a specified trunk), and the second
parameter is the remote link-local IPv6 address that serves as the gateway.
Configuring BFD Intervals

Global Interval Configuration
From the global configuration mode, use the following command to modify the global interval timer values:
ACOS(config)# bfd interval 500 min-rx 500 multiplier 4
This command will help configure the interval for any one of the following three parameters and will be applied to all BFD
sessions:
DesiredMinTxInterval
RequiredMinRxInterval

Configuring BFD
Multiplier
Interface Interval Configuration

From the interface configuration mode, use the following command to modify the interface interval timer values:
ACOS(config-if:ve:10)# bfd interval 500 min-rx 500 multiplier 4
NOTE:
For a BFD session for BGP using a loopback address, for an OSPFv2 virtual link, and for an
OSPFv3 virtual link, the ACOS device will always use the global timer configuration,
immaterial of the timer that is configured at the interface level.
Enable Authentication
Authentication Per interface
To configure authentication per interface, from the interface configuration mode, apply one of the following authentication
schemes to OSPF, OSPFv3, IS-IS, or static BFD neighbors.
bfd authentication 1 md5 password-string
You may choose an authentication method from the following available choices:
Simple password
Keyed MD5
Meticulous Keyed MD5
Keyed SHA1
Meticulous Keyed SHA1
Authentication Per Neighbor (for BGP only)

The following command is configured under the BGP configuration mode:
ACOS(config-bgp:10)# neighbor 1.2.3.4 fall-over bfd authentication 1 md5 password-string
Enable Echo and Demand function

Enable the Echo Function
From the global configuration mode, enable the BFD echo:

Viewing BFD Status
ACOS(config)# bfd echo
Enable the Echo Function Per Interface

After you configure the global BFD echo, from the interface configuration mode, you can enable BFD echo on a per interface
basis using the following command:
ACOS(config-if:ethernet:1)# bfd echo
Enable Demand Mode

From the interface configuration mode, you can enable the demand mode to work in conjunction with the echo function
using the following command:
ACOS(config-if:ethernet:1)# bfd echo demand
When demand mode is enabled, after a BFD session is established, a system will be able to verify connectivity with another
system at will instead of routinely. Instead of constantly receiving BFD control packets, the system will request that the other
system stop sending BFD Control packets. To verify connectivity again, the system will explicitly send a short sequence of
BFD Control packets to the other system and receive a response. Demand mode can be configured to work either independently in each direction, or bidirectionally at the same time.
Asynchronous Mode
The Asynchronous mode is the default mode of operation for BFD. In this mode, systems establish connectivity and know of
each others existence by periodically exchanging BFD Control packets. A session between two connected systems is only
declared down after several packets in a row are not received by the other system. BFD will operate in this mode if you do
not configure or enable echo or demand.
Viewing BFD Status

BFD status information and details can be viewed using the show bfd command along with additional options. Refer to
show bfd in the Command Line Interface Reference for more information.
Internet Group Multicast Protocol (IGMP) Queries
The current implementation of the ACOS software supports the generation of generic Internet Group Multicast Protocol version 2 (IGMPv2) membership query requests. ACOS devices will now generate IGMP membership queries and facilitate multicast deployments.
NOTE:
The ACOS software does not support the complete IGMP protocol or the generation of
generic membership queries for IGMPv3 or Multicast Listener Discovery (MLDv2).
Previous releases of the ACOS software did not provide support for the IGMPv2 protocol at all, hence it did not provide IGMP
membership query support.
IGMPv2 provides the following capabilities:
IGMP membership queries are only generated when IPv4 addresses are configured. If any IPv6 interface addresses are
recognized, no queries will be generated.
Generates generic IGMPv2 membership query request packets.
The devices will not process any responses for this query request.
Uses the default values for membership query request wherever possible.
Provides the ability to configure the time interval for generation of these membership queries per interface.
Provides support for this feature with Layer 3 Virtualization (L3V).
IGMP membership queries are supported in routed mode only and will not be supported in non-routed mode.
FIGURE 3
IGMP Membership Queries (Routed and Non-Routed Mode)
In Routed Mode
In Figure 3, the interface for devices 1 and 2 are acting in routed mode, that is, the IP address has been configured on the
interface. When the interface is in routed mode, the device can be configured to generate IGMPv2 membership queries out
of this interface. However, when an IGMP membership query is received on an interface in routed mode, it will be ignored.
In Non-Routed Mode
In Figure 3, the Device 2 device is acting as a switch and both Eth 11 and Eth12 on the Device 2 device are in non-routed
mode. Eth1 on the Device 1 device and Eth2 on the Device 2 device are configured in routed mode. Hence Eth1 interface on
the Device 1 device and Eth2 on the Device 3 device can be configured to generate IGMP Membership Queries.
In this case, when the Device 2 device receives IGMP Membership Queries on Eth11 (generated by the Device 1 device) and
Eth 12 (generated by the Device 3 device) it will accept these packets and just switch them as it would any other packet.
More importantly, it will not drop these packets since Eth11 and Eth12 on Device 2 are acting in non-routed (switched)
mode.
Configuring IGMP Membership Queries

The GUI and the CLI provide a way to configure IGMPv2 membership request queries from the physical, virtual or trunk interface configuration level.
Use the GUI to Configure IGMP Membership Queries

To configure IGMPv2 membership request queries on an interface:
menu bar.
5. Select the Generate Membership Query field.
6. In the Membership Query Interval field, specify the time interval (1-255 seconds) after which the device using this interface will initiate an IGMP membership query request.
7. In the Maximum Response Time field, specify the time interval, in 1/10 of a second, before which receiving devices will
send the ICMP query message response.
8. Click the Update button.
NOTE:
These timers are valid only for a particular interface. They must be configured per interface.
Use the CLI to Configure IGMP Membership Queries

To configure IGMP membership request queries on a physical interface, use the ip igmp command from interface configuration level. For example:
ACOS(config-if)# interface ethernet 2
ACOS(config-if:ethernet:2)# ip igmp generate-membership-query 10 max-resp-time 50
To view your IGMP membership request query configuration for a a physical interface, do the following:
ACOS(config)# show interfaces ethernet 2
Ethernet 2 is up, line protocol is up
Hardware is GigabitEthernet, Address is 001f.a004.2e71
Internet address is 192.168.1.1, Subnet mask is 255.255.255.0
Configured Speed auto, Actual 1Gbit, Configured Duplex auto, Actual fdx
IGMP Membership Query is enabled, IGMP Membership Queries sent 3
Flow Control is disabled, IP MTU is 1500 bytes
Port as Mirror disabled, Monitoring this Port disabled
0 packets input,
0 bytes
Received 0 broadcasts,
Received 0 multicasts,
0 input errors,
0 frame
0 runts
0 CRC
Received 0 unicasts
0 giants
3003 packets output
264264 bytes
Transmitted 0 broadcasts
0 output errors
3003 multicasts
0 unicasts
0 collisions
300 second input rate: 0 bits/sec, 0 packets/sec, 0% utilization

300 second output rate: 12768 bits/sec, 18 packets/sec, 0% utilization
To configure IGMP membership request queries on an virtual Ethernet interface, do the following:
ACOS(config-if:ve:50)# ip address 10.10.10.219 /24
ACOS(config-if:ve:50)# ip igmp generate-membership-query 10 max-resp-time 50
To view your IGMP membership request query configuration for a virtual Ethernet interface, do the following:
ACOS(config)# show interfaces ve 50
VirtualEthernet 50 is up, line protocol is up
Hardware is VirtualEthernet, Address is 001f.a004.2e72
Router Interface for L2 Vlan 50
IP MTU is 1500 bytes
0 packets input
Received
0 bytes
0 broadcasts, Received 0 multicasts, Received 0 unicasts
0 packets output
Transmitted
0 bytes
0 broadcasts, Transmitted 0 multicasts, Transmitted 0 unicasts
300 second input rate: 0 bits/sec, 0 packets/sec

300 second output rate: 0 bits/sec, 0 packets/sec
Part IV
Command Line Interface Reference

Config Commands: Interface on page 3
Config Commands: VLAN on page 53
Config Commands: IP on page 57
Config Commands: IPv6 on page 83
Config Commands: Router RIP on page 95
Config Commands: Router OSPF on page 121
Config Commands: Router IS-IS on page 159
Config Commands: Router BGP on page 181
Config Commands: Interface
This chapter describes the CLI commands for configuring ACOS interface parameters:
access-list
bfd
cpu-process
disable
duplexity
enable
flow-control
icmp-rate-limit
icmpv6-rate-limit
ip address
ip address dhcp
ip allow-promiscuous-vip
ip cache-spoofing-port
ip control-apps-use-mgmt-port
ip default-gateway
ip helper-address
ip igmp
ip nat
ip ospf
ip rip authentication
ip rip receive version
ip rip receive-packet
ip rip send version
ip rip send-packet
ip rip split-horizon
ip router isis | ipv6 router isis

ip slb-partition-redirect
ip stateful-firewall
ipv6 (on management interface)
ipv6 access-list
ipv6 address
ipv6 enable
ipv6 nat inside
ipv6 nat outside
ipv6 ndisc router-advertisement
ipv6 ospf cost
ipv6 ospf dead-interval
ipv6 ospf hello-interval
ipv6 ospf mtu-ignore
ipv6 ospf neighbor
ipv6 ospf network
ipv6 ospf priority
ipv6 ospf retransmit-interval
ipv6 ospf transmit-delay
ipv6 rip split-horizon
ipv6 router isis
ipv6 router ospf
ipv6 router rip
ipv6 stateful-firewall
isis authentication
isis bfd
isis circuit-type
isis csnp-interval
isis hello
isis hello-interval
isis hello-interval-minimal
isis hello-multiplier
isis lsp-interval
isis mesh-group
isis metric
isis network
isis password
isis priority
isis restart-hello-interval
isis retransmit-interval
isis wide-metric
l3-vlan-fwd-disable
lldp enable
lldp notification
lldp tx-dot1-tlvs
lldp tx-tlvs
load-interval
lw-4o6
media-type-copper
monitor
mtu
name
ports-threshold
remove-vlan-tag
snmp-server
trunk-group
To access this configuration level, enter the interface command at the Global configuration level.
If the ACOS device is a member of an aVCS virtual chassis, specify the interface number as follows: DeviceID/num, where
DeviceID is the devices aVCS ID and num is the interface or trunk number.
Common commands available at all configuration levels (clear, debug, do, end, exit, no, show, write) are described in
the Command Line Interface Reference.
access-list
Description
Apply an Access Control List (ACL) to an interface.
Syntax
[no] access-list [num | name name] in
Parameter
Description
num
Number or ID of a configured ACL.
name
Name of a configured ACL.
in
Applies the ACL to inbound traffic received on the interface.
Default
N/A
Mode
Interface
Usage
The ACL must be configured before you can apply it to an interface. To configure an ACL, see
access-list in the Command Line Interface Reference.
You can apply ACLs to Ethernet data interfaces, Virtual Ethernet (VE) interfaces, the
management interface, trunks, and virtual server ports. Applying ACLs to the out-of-band
management interface is not supported.
You can apply ACLs only to the inbound traffic direction. This restriction ensures that ACLs
are used most efficiently by filtering traffic as it attempts to enter the ACOS device, before
being further processed by the device.
Example
The following commands configure a standard ACL to deny traffic from subnet 10.10.10.x,
and apply the ACL to the inbound traffic direction on Ethernet interface 4:
ACOS(config)# access-list 1 deny 10.10.10.0 0.0.0.255
ACOS(config-if:ethernet:4)# access-list 1 in
bfd
Description
Enable or disable BFD on an individual interface.
Syntax
[no] bfd {
authentication key-id {auth-type} |
echo [demand] |
interval ms min-rx ms multiplier num

}
Parameter
Description
authentication key-id {
md5 |
meticulous-md5 |
meticulous-sha1 |
sha1 |
simple}
The authentication option specifies the authentication type to be used for

BFD. You can specify a key-id from 0-255. The authentication options include the
following:
md5 Keyed MD5

meticulous-md5 Meticulous keyed MD5
meticulous-sha1 Meticulous keyedSHA1
sha1 Keyed SHA1
simple Simple password
echo [demand]
Specify echo mode. You can enable the demand mode to work in conjunction
with the echo function. When demand mode is enabled (and a BFD session has
been established), the system will be able to verify connectivity with another system at will instead of routinely.
interval ms min-rx ms
multiplier num
The interval value is the transmit timer, and it specifies the rate at which the
ACOS device sends BFD control packets to its BFD neighbors. You can specify 481000 milliseconds (ms). The default is 800 ms. This timer is used in Asynchronous
mode only.
The min-rx option is the detection timer, and this allows you to specify the maximum number of ms the ACOS device will wait for a BFD control packet from a
BFD neighbor. The min-rx value can be 48-1000 ms, and is 800 ms by default.
This timer is used in Asynchronous mode only.
The multiplier value is the wait multiplier, and this enables you to specify the
maximum number of consecutive times the ACOS device will wait for a BFD control packet from a neighbor. If the multiplier value is reached, the ACOS device
concludes that the routing process on the neighbor is down. The multiplier
value can be 3-50 and is 4 by default.
Mode
Interface
Usage
If you configure the timers on an individual interface, the interfaces settings are used instead
of the global settings. Likewise, if the BFD timers are not set on an interface, that interface
uses the global settings. For BGP loopback neighbors, BFD always uses the global timer.
NOTE:
For a BFD session for BGP using a loopback address, for an OSPFv2 virtual link, and
for an OSPFv3 virtual link, the ACOS device will always use the global timer regardless of the timer that is configured at the interface level.
Example
The following example shows enabling BFD on an interface:

ACOS(config-if:ethernet:1)# bfd authentication 1 md5 password-string
The following example shows a BFD session for BGP:

ACOS(config-bgp:1)# neighbor 1.2.3.4 fall-over bfd authentication 1 md5 password-string
cpu-process
Description
Enable software-based switching or routing of Layer 2/Layer 3 traffic.
NOTE:
This command is only applicable on FTA-enabled devices.
Syntax
[no] cpu-process
Default
Disabled. Traffic is switched or routed in hardware.
Mode
Interface
disable
Description
Disable an interface.
Syntax
disable
Default
The management interface is enabled by default. Data interfaces are disabled by default.
Mode
Interface
Usage
This command applies to all interface types: Ethernet data interfaces, out-of-band Ethernet
management interface, Virtual Ethernet (VE) interfaces, and loopback interfaces.
The command also applies to trunks. When you disable a trunk at the interface configuration
level for the trunk, Layer 3 forwarding is disabled on the trunk.
In L3V deployments, tagged VLAN ports can be enabled or disabled only from the shared
partition.
Example
The following command disables Ethernet interface 3:

ACOS(config-if:ethernet:3)# disable
Example
The following commands access the interface configuration level for trunk 7 and disable
Layer 3 forwarding on the trunk:
ACOS(config-if:trunk:7)# disable
duplexity
Description
Set the duplex mode for an Ethernet interface.
Syntax
[no] duplexity {Full | Half | auto}
Parameter
Description
Full
Full-duplex mode.
Half
Half-duplex mode.
auto
The mode is negotiated based on the mode of the other end of the link.
Default
auto
Mode
Interface
Usage
This command applies only to physical interfaces (Ethernet ports or the management port).
Example
The following command changes the mode on Ethernet interface 6 to half-duplex:

ACOS(config-if:ethernet:6)# duplexity Half
enable
Description
Enable an interface.
Syntax
enable
Default
The management interface is enabled by default. Data interfaces are disabled by default.
Mode
Interface
Usage
This command applies to all interface types: Ethernet data interfaces, out-of-band Ethernet
management interface, Virtual Ethernet (VE) interfaces, trunks, and loopback interfaces.
In L3V deployments, tagged VLAN ports can be enabled or disabled only from the shared
partition.
Example
The following command enables Ethernet interface 3:

flow-control
Description
Enable 802.3x flow control on a full-duplex Ethernet interface.
Syntax
[no] flow-control
Default
Disabled. The ACOS Ethernet interface auto-negotiates flow control settings with the other
end of the link.
Mode
Interface
Usage
This command can cause the interface to briefly go down, then come back up again.
icmp-rate-limit
Description
Configure ICMP rate limiting, to protect against denial-of-service (DoS) attacks.
Syntax
[no] icmp-rate-limit normal-rate [lockup max-rate lockup-time]
Parameter
Description
normal-rate
Maximum number of ICMP packets allowed per second on the interface. If the ACOS interface receives more than the normal rate of ICMP
packets, the excess packets are dropped until the next one-second
interval begins. The normal rate can be 1-65535 packets per second.
max-rate
Maximum number of ICMP packets allowed per second before the

ACOS device locks up ICMP traffic on the interface. When ICMP traffic
is locked up, all ICMP packets on the interface are dropped until the
lockup expires. The maximum rate can be 1-65535 packets per second. The maximum rate must be larger than the normal rate.
lockup-time
Number of seconds for which the ACOS device drops all ICMP traffic
on the interface, after the maximum rate is exceeded. The lockup time
can be 1-16383 seconds.
Default
None
Mode
Global Config
Usage
This command configures ICMP rate limiting on a physical, virtual Ethernet, trunk, or loopback interface. To configure ICMP rate limiting globally, see icmp-rate-limit in the Command Line Interface Reference. To configure it in a virtual server template, see slb template
virtual-server in the Command Line Interface Reference. If you configure ICMP rate limiting filters at more than one of these levels, all filters are applicable.
Log messages are generated only if the lockup option is used and lockup occurs.
Otherwise, the ICMP rate-limiting counters are still incremented but log messages are not
generated.
Example
The following command configures ICMP rate limiting on Ethernet interface 3:

ACOS(config-if:ethernet:3)# icmp-rate-limit 1024 lockup 1200 10
icmpv6-rate-limit
Description
Configure ICMPv6 rate limiting, to protect against denial-of-service (DoS) attacks.
Syntax
[no] icmpv6-rate-limit normal-rate [lockup max-rate lockup-time]
Parameter
Description
normal-rate
Maximum number of ICMPv6 packets allowed per second on the

interface. If the ACOS interface receives more than the normal rate of
ICMPv6 packets, the excess packets are dropped until the next onesecond interval begins. The normal rate can be 1-65535 packets per
second.
lockup
max-rate
Maximum number of ICMPv6 packets allowed per second before the

ACOS device locks up ICMPv6 traffic on the interface. When ICMPv6
traffic is locked up, all ICMPv6 packets on the interface are dropped
until the lockup expires. The maximum rate can be 1-65535 packets
per second. The maximum rate must be larger than the normal rate.
lockup-time
Number of seconds for which the ACOS device drops all ICMPv6 traffic
on the interface, after the maximum rate is exceeded. The lockup time
can be 1-16383 seconds.
Default
None
Mode
Global Config
Usage
This command configures ICMPv6 rate limiting on a physical, virtual Ethernet, trunk, or loopback interface. To configure ICMPv6 rate limiting globally, see icmpv6-rate-limit in the Command Line Interface Reference. To configure it in a virtual server template, see slb template
virtual-server in the Command Line Interface Reference. If you configure ICMPv6 rate limiting
filters at more than one of these levels, all filters are applicable.
Log messages are generated only if the lockup option is used and lockup occurs.
Otherwise, the ICMPv6 rate-limiting counters are still incremented but log messages are not
generated.
Example
The following command configures ICMPv6 rate limiting on Ethernet interface 3:

ACOS(config-if:ethernet:3)# icmpv6-rate-limit 1024 lockup 1200 10
ip address
Description
Assign an IP address to an interface.
Syntax
[no] ip address ipaddr {subnet-mask | /mask-length}
Default
There are no IP addresses configured by default.
Mode
Interface
Usage
This command applies only when the ACOS device is used in gateway mode.
You can configure multiple IP addresses on Ethernet and Virtual Ethernet (VE) data interfaces,
trunks, and on loopback interfaces, on ACOS devices deployed in gateway (route) mode.
Each IP address must be unique on the ACOS device. Addresses within a given subnet can be
configured on only one interface on the device. (The ACOS device can have only one data
interface in a given subnet.)
IP addresses are added to an interface in the order you configure them. The addresses
appear in show command output and in the configuration in the same order.
The first IP address you add to an interface becomes the primary IP address for the interface.
If you remove the primary address, the next address in the list (the second address to be
added to the interface) becomes the primary address.
It does not matter which address is the primary address. OSPF can run on all subnets
configured on a data interface.
The ACOS device automatically generates a directly connected route to each IP address. If
you enable redistribution of directly connected routes, those protocols can advertise the
routes to the IP addresses.
The ACOS device allows the same IP address to be configured as the ACOS devices global IP
address, and as a NAT pool address. However, in Layer 2 (transparent) deployments, if you do
configure the same address in both places, and later delete one of the addresses, you must
reload the ACOS device to place the change into effect.
Example
The following command assigns IP address 10.2.4.69 to Ethernet interface 9:

Example
The following commands configure multiple IP addresses on an Ethernet data interface, display the addresses, then delete the primary IP address and display the results.
ACOS(config-if:ethernet:1)# show ip interfaces ethernet 1
Ethernet 1 ip addresses:
10.10.10.1 /24 (Primary)

10.10.20.2 /24
20.20.20.1 /24
ACOS(config-if:ethernet:1)#no ip address 10.10.20.2 /24
ACOS(config-if:ethernet:1)#show ip interfaces ethernet 1
Ethernet 1 ip addresses:
10.10.10.1 /24 (Primary)
20.20.20.1 /24
ip address dhcp
Description
Enable Dynamic Host Configuration Protocol (DHCP) to configure multiple IP addresses on

an Ethernet data interface.
Syntax
[no] ip address dhcp
Default
Disabled
Mode
Interface
Usage
You can configure VIPs and IP NAT pools to use the DHCP-assigned address of a given data
interface. If this option is enabled, ACOS updates the VIP or pool address any time the specified data interfaces IP address is changed by DHCP.
Notes About This Command

DHCP can be enabled on an interface only if that interface does not already have any
statically assigned IP addresses.
On ACOS devices deployed in gateway (Layer 3) mode, Ethernet data interfaces can
have multiple IP addresses. An interface can have a combination of dynamically
assigned addresses (by DHCP) and statically configured addresses. However, if you plan
to use both methods of address configuration, static addresses can be configured only
after you finish using DHCP to dynamically configure addresses. To use DHCP in this
case, you must first delete all the statically configured IP addresses from the interface.
On virtual appliance models, if single-IP mode is used, DHCP can be enabled only at the
physical interface level.
On devices deployed in Transparent (Layer 2) mode:
you can enable DHCP on the management interface and at the global level.
The VIP address and pool NAT address (if used) should match the global data IP
address of the device. Make sure to enable this option when configuring the VIP or
pool.
ip allow-promiscuous-vip
Description
Enable client traffic received on this interface and addressed to TCP port 80 to be load balanced for any VIP address.
Syntax
[no] ip allow-promiscuous-vip
Default
Disabled
Mode
Interface
Usage
This feature also requires configuration of a virtual server that has IP address 0.0.0.0. For more
information, see the Application Delivery and Server Load Balancing Guide.
ip cache-spoofing-port
Description
Configure the interface to support a spoofing cache server. A spoofing cache server uses the
clients IP address instead of its own as the source address when obtaining content
requested by the client.
Syntax
[no] ip cache-spoofing-port
Default
Disabled
Mode
Interface
Usage
This command applies to the Transparent Cache Switching (TCS) feature. Enter the command on the interface that is attached to the spoofing cache. For more information about
TCS, including additional configuration requirements and examples, see the Application
Delivery and Server Load Balancing Guide.
Example
The following command configures interface 9 to support a spoofing cache server that is
attached to the interface.
ACOS(config-if:ethernet:9)# ip cache-spoofing-port
ip control-apps-use-mgmt-port
Description
Enable use of the management interface as the source interface for automated management traffic.
NOTE:
This command is valid for the management interface only.
Syntax
[no] ip control-apps-use-mgmt-port
Default
By default, use of the management interface as the source interface for automated management traffic is disabled.
Mode
Interface
Usage
The ACOS device uses separate route tables for management traffic and data traffic.
Management route table Contains all static routes whose next hops are connected to
the management interface. The management route table also contains the route to the
device configured as the management default gateway.
Main route table Contains all routes whose next hop is connected to a data interface.
Also contains copies of all static routes in the management route table, excluding the
management default gateway route. Only the data routes are used for load-balanced
traffic.
By default, the ACOS device attempts to use a route from the main route table for
management connections originated on the ACOS device. The ip control-apps-usemgmt-port command enables the ACOS device to use the management route table for
these connections instead.
The ACOS device will use the management route table for reply traffic on connections
initiated by a remote host that reaches the ACOS device on the management port. For
example, this occurs for SSH or HTTP connections from remote hosts to the ACOS device.
Example
The following command enables use of the management interface as the source interface
for automated management traffic:
ACOS(config-if:management)# ip control-apps-use-mgmt-port
ip default-gateway
Description
Specify the default gateway for the out-of-band management interface.
NOTE:
This command is valid for the management interface only.
Syntax
[no] ip default-gateway ipaddr
Default
None
Mode
Interface
Usage
Configuring a default gateway for the management interface provides the following benefits:
Ensures that reply management traffic sent by the ACOS device travels through the correct gateway
Keeps reply management traffic off the data interfaces
The default gateway configured on the management interface applies only to traffic sent
from this interface. For traffic sent through data interfaces, either the globally configured
default gateway is used instead (if the ACOS device is deployed in transparent mode) or an IP
route is used (if the ACOS device is deployed in route mode).
To configure the default gateway for data interfaces on an ACOS device deployed in
transparent mode, use the ip default-gateway command at the Global configuration
level. (See ip default-gateway in the Command Line Interface Reference.)
NOTE:
Normally, if the ACOS device is deployed in transparent mode, outbound traffic

through the management interface is limited to the same subnet. However, outbound traffic through data interfaces is not restricted to the same subnet. To perform operations that require exchanging files with a host (upgrade, import, export,
and so on) that is in a different subnet from the management interface:
Use the ip control-apps-use-mgmt-port command to configure automated

management traffic such as syslog messages and SNMP traps.
For management traffic that you initiate using a command, use the use-mgmt-port
option with the command.
Example
The following commands configure an IP address and default gateway for the management
interface:
ACOS(config)# interface management
ACOS(config-if:management)# ip address 10.10.20.1 /24
ACOS(config-if:management)# ip default-gateway 10.10.20.1
ip helper-address
Description
Configure a helper address for Dynamic Host Configuration Protocol (DHCP).
Syntax
[no] ip helper-address ipaddr
Replace ipaddr with the IP address of the DHCP server.
Default
None
Mode
Interface
Usage
In the current release, the helper-address feature provides service for DHCP packets only.
The ACOS interface on which the helper address is configured must have an IP address.
The helper address can not be the same as the IP address on any ACOS interface or an IP
address used for SLB.
The current release supports DHCP relay service for IPv4 only.
Example
The following commands configure two helper addresses. The helper address for DHCP
server 100.100.100.1 is configured on ACOS Ethernet interface 1 and on Virtual Ethernet (VE)
interfaces 5 and 7. The helper address for DHCP server 20.20.20.102 is configured on VE 9.
ACOS(config-if:ethernet:1)# ip helper-address 100.100.100.1
ACOS(config-if:ve9)# ip helper-address 20.20.20.102
ip igmp
Description
Configure IGMPv2 membership request queries.
Syntax
[no] ip igmp generate-membership-query query-timer max-resp-time

response-timer
Parameter
Description
query-timer
Sets the time interval (1-255 seconds) after which your device
(using the interface under which you are configuring this feature)
will initiate an IGMP membership query request. The default query
timer is 125 seconds. This means that IGMP membership queries
will be sent every 125 seconds from the configured interface.
response-timer
Sets the time interval (in 1/10 of a second) before which receiving
devices will send an ICMP query message response to indicate
intention to join the IGMP group or not. The default response
timer is 100. This means that receiving devices have 10 seconds in
which to indicate if they will join the IGMP membership group or
not.
Default
None
Mode
Interface
Usage
The configured timer is valid only per interface and it must be set for each individual interface.
Example
To configure IGMP membership request queries on a physical interface, do the following:
ACOS(config-if)# interface ethernet 2

ACOS(config-if:ethernet:2)# ip igmp generate-membership-query 10 max-resp-time 50
To view your IGMP membership request query configuration for a a physical interface, do the
following:
ACOS(config)# show interfaces ethernet 2
Ethernet 2 is up, line protocol is up
Hardware is GigabitEthernet, Address is 001f.a004.2e71
Configured Speed auto, Actual 1Gbit, Configured Duplex auto, Actual fdx
Flow Control is disabled, IP MTU is 1500 bytes
Port as Mirror disabled, Monitoring this Port disabled
0 packets input,
0 bytes
Received 0 broadcasts,
Received 0 multicasts,
0 input errors,
0 frame
0 CRC
Received 0 unicasts
0 runts
0 giants
3003 packets output
264264 bytes
Transmitted 0 broadcasts
0 output errors
3003 multicasts
0 unicasts
0 collisions
300 second input rate: 0 bits/sec, 0 packets/sec, 0% utilization

300 second output rate: 12768 bits/sec, 18 packets/sec, 0% utilization
Example
To configure IGMP membership request queries on an virtual Ethernet interface, do the following:
ACOS(config-if:ve:50)# ip address 10.10.10.219 /24
ACOS(config-if:ve:50)# ip igmp generate-membership-query 10 max-resp-time 50
To view your IGMP membership request query configuration for a virtual Ethernet interface,
do the following:
ACOS(config)# show interfaces ve 50
VirtualEthernet 50 is up, line protocol is up
Hardware is VirtualEthernet, Address is 001f.a004.2e72
Router Interface for L2 Vlan 50
0 packets input
Received
0 bytes
0 broadcasts, Received 0 multicasts, Received 0 unicasts
0 packets output
Transmitted
0 bytes
0 broadcasts, Transmitted 0 multicasts, Transmitted 0 unicasts
300 second input rate: 0 bits/sec, 0 packets/sec

300 second output rate: 0 bits/sec, 0 packets/sec
Example
To configure IGMP membership request queries on a trunk, do the following:

ACOS(config-if:trunk:3)# enable
ACOS(config-if:trunk:3)# ip address 11.11.11.219 /24
ACOS(config-if:trunk:3)# ip igmp generate-membership-query 20 max-resp-time 80

ACOS(config-if:trunk:3)# exit
To view your IGMP membership request query configuration for a trunk, do the following:
ACOS(config)# show interfaces trunk 3
Trunk 3 is up, line protocol is up
Hardware is TrunkGroup, Address is 001f.a011.1a4f
ip nat
Description
Enable source Network Address Translation (NAT) on an interface.
Syntax
[no] ip nat {inside | outside}
Parameter
Description
inside
Specifies that this interface is connected to the internal hosts on the

private network that need to be translated into external addresses for
routing.
outside
Specifies that this interface is connected to the external network or

Internet. Before sending traffic from an inside host out on this interface, the ACOS device translates the hosts private address into a public, routable address.
Default
None
Mode
Interface
Usage
On an ACOS device deployed in transparent mode, this command is valid only on Ethernet
data ports. On an ACOS device deployed in route mode, this command is valid on Ethernet
data ports, Virtual Ethernet (VE) interfaces, and trunks.
To use source NAT, you also must configure global NAT parameters. See the ip nat
commands in Config Commands: IP on page 57.
In addition, on some AX series models, if Layer 2 IP NAT is required, you also must enable CPU
processing on the interface. (See cpu-process on page 8.) This applies to AX models
AX 3200-12, AX 3400, AX 5200-11, and AX 5630.
Example
The following commands configure IP source NAT for internal addresses in the 10.1.1.x/24
subnet connected to interface 14. The addresses are translated into addresses in the range
10.153.60.120-150 before traffic from the internal hosts is sent onto the Internet on interface
15. Likewise, return traffic is translated back from public addresses into the private host
addresses.
ACOS(config)# access-list 3 permit 10.1.1.0 0.0.0.255

ACOS(config)# ip nat pool 1 10.153.60.120 10.153.60.150 netmask /24
ACOS(config)# ip nat inside source list 3 pool 1
ACOS(config-if:ethernet:14)# ip nat inside
ACOS(config-if:ethernet:15)# ip nat outside
ip ospf
Description
Configure OSPF interface settings.
Syntax
[no] ip ospf {
[ipaddr] authentication [message-digest | null] |
[ipaddr] authentication-key key-string |
bfd [disable] |
[ipaddr] cost number |
[ipaddr] database-filter all out |
[ipaddr] dead-interval seconds |
disable all |
[ipaddr] hello-interval seconds |
[ipaddr] message-digest-key key-id md5 key-string |
mtu size |
[ipaddr] mtu-ignore |
network type |
[ipaddr] priority priority |
[ipaddr] retransmit-interval seconds |
[ipaddr] transmit-delay seconds
}
Parameter
Description
ipaddr
Configures the parameter only for the specified IP address. Without this
option, the parameter is configured for all IP addresses on the interface.
authentication
ype of authentication used to validate OSPF route updates sent or received on

this interface:
message-digest Message Digest 5 (MD5)
null No authentication is used.
If you enter the authentication command without either of the options above,
a simple key is used for authentication.
authentication-key key-string
Password used by the interface to authenticate link-state messages

exchanged with neighbor OSPF routers. Applies to simple authentication only.
Can be a string up to 8 characters long, with no blanks.
Parameter
Description
bfd
Sets BFD on the interface.

BFD on the interface is disabled by default.
cost number
Numeric cost for using the interface, 1-65535.

By default, an interfaces cost is calculated based on the interfaces bandwidth.
If the auto-cost reference bandwidth is set to its default value (100 Mbps), the
default interface cost is 10.
database-filter all out
Blocks flooding of LSAs to the OSPF interface.

This is disabled by default; LSA flooding is permitted
dead-interval seconds
Number of seconds that neighbor OSPF routers will wait for a new OSPF Hello
packet from ACOS before declaring this OSPF router (the ACOS device) to be
down, 1-65535 seconds.
The default is 40 seconds.
disable all
Disables all OSPF packet processing on the interface.
hello-interval seconds
Number of seconds between transmission of OSPF Hello packets on this interface, 1-65535 seconds.
message-digest-key key-id md5

key-string
Set of MD passwords used by the interface to authenticate link-state messages

exchanged with neighbor OSPF routers. You can enter up to four key strings.
Applies only to MD authentication. Key strings can be up to 16 characters
long, with no blanks.
mtu
Specifies the Maximum Transmission Unit (MTU) for OSPF packets transmitted
on the interface. You can specify 576-65535 bytes.
By default, the IP MTU set on the interface is used.
mtu-ignore
Disables MTU size checking during Database Description (DD) exchange. This
option is useful when the MTU at the remote end of the link is larger than the
maximum MTU supported on the local end of the link.
By default, MTU size checking is enabled. If the MTU size in DD packets from a
neighbor does not match the interface MTU, adjacency is not established
network type
OSPF network type from the default for the media. You can specify one of the
following:
broadcast Broadcast network.

non-broadcast Non-broadcast multiaccess (NBMA) network.
point-to-multipoint Point-to-multipoint network.
point-to-point Point-to-point network.
The default network type depends on the media type.

priority number
Eligibility of this OSPF router to be elected as the designated router (DR) or

backup designated router (BDRs) for the routing domain, 0-255. 1 is the lowest
priority and 255 is the highest priority.
The default priority is 1.
Parameter
Description
retransmit-interval seconds
Number of seconds between retransmissions of link-state advertisements

(LSAs) to adjacent routers for this interface, 1-65535 seconds.
Number of seconds it takes to transmit Link State Update packets (route
updates) on this interface, 1-65535 seconds. This amount is added to the ages
of LSAs sent in the updates.
transmit-delay seconds
The default is 1 second.
Mode
Interface
Usage
The OSPF router with the highest priority is elected as the DR and the router with the second
highest priority is elected as the BDR. If more than one router has the highest priority, the
router with the highest OSPF router ID is selected. Priority applies only to multi-access networks, not to point-to-point networks. If you set the priority to 0, the Thunder Series does not
participate in DR and BDR election.
Example
The following command sets the OSPF priority on Ethernet interface 10 to 100:
ACOS(config-if:ethernet:10)# ip ospf priority 100
ip rip authentication
Description
Configure IPv4 RIP authentication on the interface.
Syntax
[no] ip rip authentication

{
key-chain name [name ...] |
mode {md5 | text} |
string auth-string [auth-string ...]
}
Parameter
Description
key-chain name [name ...]
Enables authentication using the specified key chains. (To configure a keychain file, use the key chain command at the global configuration level of
the CLI.)
mode {md5 | text}
Authentication mode:
md5 Message Digest 5
text Clear text
string
auth-string [auth-string ...]
Default
None
Mode
Interface
Enables authentication using the specified passwords.
ip rip receive version

Description
Specify the RIP version allowed in RIP packets received on the interface.
Syntax
[no] ip rip receive version {1 [2] | 2}
Specify the RIP version:

1 - RIP version 1.
2 - RIP version 2 (default).
Default
See descriptions.
Mode
Interface
ip rip receive-packet
Description
Enable the interface to receive RIP packets.
Syntax
[no] ip rip receive-packet
Default
Enabled
Mode
Interface
ip rip send version

Description
Specify the RIP version allowed to be sent on the interface.
Syntax
[no] ip rip send version {1 [2] | 2}
Specify the RIP version:

1 - RIP version 1.
2 - RIP version 2 (default).
Default
See descriptions.
Mode
Interface
ip rip send-packet
Description
Enable the interface to send RIP packets.
Syntax
[no] ip rip send-packet
Default
Enabled
Mode
Interface
ip rip split-horizon
Description
Configure the split-horizon method. Split horizon prevents the ACOS device from advertising
a route to the neighbor that advertised the same route to the ACOS device.
Syntax
[no] ip rip split-horizon {poisoned | disable | enable}
Parameter
Description
poisoned
Enables advertisement of a route to the neighbor that advertised the

route to the ACOS device, but sets the metric value to infinity, thus making the route advertised by the ACOS device unusable by the neighbor
(poisoned reverse).
Without this option, advertisement of a route to the neighbor that advertised the route to the ACOS device is not allowed.
disable
Disable the split-horizon method.
enable
Enables split-horizon, but without the poisoned reverse.
Default
Split-horizon with poison is enabled.
Mode
Interface
ip router isis | ipv6 router isis

Description
Enable Intermediate System to Intermediate System (IS-IS) routing on the interface.
Syntax
[no] {ip | ipv6} router isis [tag]
Default
Not set
Mode
Interface
ip slb-partition-redirect
Description
Enable routing redirection on an ingress Ethernet data port that will receive traffic addressed
to the VIP in a private partition.
Syntax
[no] ip slb-partition-redirect
Default
Not set
Mode
Interface
Example
The following example enables routing redirection on ethernet interface 4 so that traffic
addressed to partition p69 will be received on the partition.
ACOS(config-if:ethernet:4)# ip slb-partition-redirect
ACOS(config)# ip route 10.2.4.0 /24 partition p69

ACOS(config)# active-partition p69
ACOS(config)# ip route 0.0.0.0 /24 partition shared
ip stateful-firewall
Description
Configure stateful firewall direction for this interface.
Syntax
[no] ipv6 stateful-firewall {inside | outside
Mode
[access-list num]}
Parameter
Description
inside
Inside (private) interface for the stateful firewall.
outside
Outside (public) interface for the stateful firewall.
access-list
Access list id. You can specify 1-199.
Interface
ACOS(config-if:ethernet:1)# ip stateful-firewall outside access-list 1
ipv6 (on management interface)

Description
Configure an IP version 6 address and default gateway on the management interface.
Syntax
[no] ipv6 address ipaddr/mask-length
Syntax
[no] ipv6 default-gateway gateway-ipaddr
Default
None.
Mode
Interface
Usage
The ipv6 default-gateway command applies only to the management interface. To

configure IPv6 on a data interface, see ipv6 address on page 26.
Example
The following commands configure an IPv6 address and default gateway on the management port:
ACOS(config-if:management)# ipv6 address 2001:db8:11:2/32
ACOS(config-if:management)# ipv6 default-gateway 2001:db8:11:1/32
ipv6 access-list
Description
Apply an IPv6 Access Control List (ACL) to an interface.
Syntax
[no] ipv6 access-list name in
Parameter
Description
name
Name of a configured IPv6 ACL.
in
Applies the ACL to inbound IPv6 traffic received on the interface.
Default
N/A
Mode
Interface
ipv6 address
Description
Configure an IPv6 address on the interface.
Syntax
[no] ipv6 address ipv6-addr/prefix-length [link-local] [anycast]
Parameter
Description
ipv6-addr
Valid unicast IPv6 address.
prefix-length
Prefix length, up to 128.
link-local
Configures the address as the link-local IPv6 address for the interface, instead of a global address. Without this option, the address is
a global address.
anycast
Configures the address as an anycast address. An anycast address

can be assigned to more than one interface. A packet sent to an
anycast address is routed to the nearest interface with that
address, based on the distance in the routing protocol.
Default
None.
Mode
Interface
Usage
Use this command to configure the link-local and global IP addresses for the interface.
The ipv6 address command, used without the link-local option, configures a
global address. If you use the link-local option, the address is instead configured as
the link-local address.
To enable automatic configuration of the link-local IPv6 address instead, use the ipv6
enable command.
To configure IPv6 on the management interface, see ipv6 (on management interface) on
page 25.
Example
The following command configures a global IPv6 address on Ethernet interface 8:
ACOS(config-if:ethernet:8)# ipv6 address e101::1112/64
Example
The following command overrides any auto-generated link-local address on interface 6 and
explicitly configures a new link-local address:
ACOS(config-if:ethernet:6)# ipv6 address fe80::1/64 link-local
ipv6 enable
Description
Enable automatic configuration of a link-local IPv6 address on the interface.
Syntax
[no] ipv6 enable
Default
Disabled
Mode
Interface
Usage
Use this command to enable automatic configuration of the link-local IPv6 address.
To manually configure the address instead, see ipv6 address on page 26.
Example
The following command enables an automatically generated link-local IPv6 address on

Ethernet interface 6:
ACOS(config-if:ethernet:6)# ipv6 enable
ipv6 nat inside

Description
Enable inside NAT on the interface.
Syntax
[no] ipv6 nat inside
Default
Disabled
Mode
Interface
ipv6 nat outside

Description
Enable outside NAT for IPv6 on the interface.
Syntax
[no] ipv6 nat outside
Default
Disabled
Mode
Interface
ipv6 ndisc router-advertisement

Description
Configure IPv6 neighbor router discovery (RFC 4861).
Syntax
[no] ipv6 ndisc router-advertisement

{
default-lifetime seconds |
disable |
enable |
hop-limit num |
max-interval seconds |
min-interval seconds |
mtu {disable | bytes} |
prefix ipv6-addr/prefix-length
[not-autonomous | not-on-link |
preferred-lifetime seconds |
valid-lifetime seconds] |
rate-limit num |
reachable-time ms |
retransmit-timer seconds |
vrid num
}
Parameter
Description
default-lifetime seconds
Specifies the number of seconds for which router advertisements sent on this interface are valid. You can specify 0 or 4-9000 seconds. The value can not be less than
the maximum advertisement interval. If you specify 0, the host will not use this
interface (IPv6 router) as a default route.
The default lifetime is 1800 seconds.
disable
Disables IPv6 router discovery (default).
enable
Enables IPv6 router discovery (by default, this is disabled).
hop-limit num
Specifies the default hop count value that should be used by hosts. For a given
packet, the hop count is decremented at each router hop. If the hop count reaches
0, the packet becomes invalid.
You can specify 0-255. If you specify 0, the value is unspecified by this IPv6 router.
The default is 255.
max-interval seconds
Specifies the maximum number of seconds between transmission of unsolicited

router advertisement messages on this interface. You can specify 4-1800 seconds.
min-interval seconds
Specifies the minimum number of seconds between transmission of unsolicited

router advertisement messages on this interface. You can specify 3-1350 seconds.
mtu {disable | bytes}
Specifies the MTU value to include in the MTU options field. You can specify 12009216 bytes or disabled.
NOTE: If this option is disabled, no MTU value is included.
This is disabled by defaul.t
Parameter
Description
prefix
ipv6-addr/prefix-length
[options]
Specifies the IPv6 prefixes to advertise on this interface. A maximum of 32 prefixes

can be advertised on an interface.
The following options are supported:
not-autonomous Disables support for auto-configuration of IPv6 addresses
by clients. This is disabled by default.
not-on-link Disables the On-Link flag. When enabled, the On-Link flag indicates that the prefix is assigned to this interface. If you enable this option, the
valid-lifetime is 2592000 seconds (30 days). This is enabled by default.
preferred-lifetime seconds Specifies the number of seconds for which
auto-generated addresses remain preferred. You can specify 0-4294967295 seconds. The default is 604800.
valid-lifetime seconds specifies the number of seconds for which advertisement of the prefix is valid. You can specify 1-4294967295 seconds. The default
is 2592000.
Specifies the maximum number of router solicitation requests per second that will
be processed on the interface. You can specify 1-100000 messages per second.
rate-limit num
The default rate limit is 00000 messages per second

Specifies the number of milliseconds (ms) for which the host should assume a
neighbor is reachable, after receiving a reachability confirmation from the neighbor.
reachable-time ms
You can specify 0-3600000 ms. If you specify 0, the value is unspecified by this IPv6
router.
The default is 0.
retransmit-timer seconds
Specifies the number of seconds a host should wait between sending neighbor
solicitation messages.
You can specify 0-4294967295 seconds. If you specify 0, the value is unspecified by
this IPv6 router.
The default is 0.
Specifies a VRID for which to send router advertisements.
vrid num
By default, no VRID is set; advertisement are sent regardless of VRID.
Default
IPv6 router discovery is disabled by default. The command options have the default values
specified in the table above.
Mode
Interface
Usage
When router discovery is enabled, the ACOS device:

Sends IPv6 router advertisements out the IPv6 interfaces on which router discovery is
enabled. IPv6 hosts that receive the router advertisements will use the ACOS device as
their default gateway.
Replies to IPv6 router solicitations received by IPv6 interfaces on which router discovery
is enabled.
IPv6 router discovery is not supported in transparent mode. The ACOS device must be
deployed in gateway mode.
When IPv6 router discovery is enabled on an interface, any new IPv6 addresses that you add
to the interface are automatically added to the set of prefixes to advertise.
Router advertisements are sent to the all-nodes multicast address at an interval that is
uniformly distributed between the minimum and maximum advertisement intervals. If a
host sends a router solicitation message, the ACOS device sends a router advertisement as a
unicast to that host instead.
The source address of router advertisements is always a link-local IPv6 address.
For the reachable-time, hop-limit, and retransmit-timer options, the ACOS
device recommends the configured value to hosts but does not itself use the value.
Example
The following commands configure an IPv6 address on Ethernet interface 1, enable IPv6
router discovery, change the minimum and maximum advertisement intervals, and add two
prefixes to the prefix advertisement list.

ACOS(config-if:ethernet:1)# ipv6 ndisc router-advertisement enable
ACOS(config-if:ethernet:1)# ipv6 ndisc router-advertisement max-interval 300
ACOS(config-if:ethernet:1)# ipv6 ndisc router-advertisement min-interval 150
ACOS(config-if:ethernet:1)# ipv6 ndisc router-advertisement prefix 2001::/64 on-link
ACOS(config-if:ethernet:1)# ipv6 ndisc router-advertisement prefix 2001:a::/96 on-link
ipv6 ospf cost

Description
Explicitly set the link-state metric (cost) for this OSPF interface.
Syntax
[no] ipv6 ospf cost num
Replace num with the cost (1-65535).
Default
By default, an interfaces cost is calculated based on the interfaces bandwidth. If the autocost reference bandwidth is set to its default value (100 Mbps), the default interface cost is
10.
Mode
Interface
ipv6 ospf dead-interval

Description
Specify the maximum time to wait for a reply to a hello message, before declaring the neighbor to be offline.
Syntax
[no] ipv6 ospf dead-interval seconds
Replace seconds with the number of seconds this OSPF router will wait for a reply to a hello
message sent out this interface to an OSPF neighbor, before declaring the neighbor to be
offline. You can specify 1-65535 seconds.
Default
40
Mode
Interface
ipv6 ospf hello-interval

Description
Specify the time to wait between sending hello packets to OSPF neighbors.
Syntax
[no] ipv6 ospf hello-interval seconds
Replace seconds with the number of seconds this OSPF router will wait between
transmission of hello packets out this interface to OSPF neighbors. You can specify 1-65535
seconds.
Default
10
Mode
Interface
ipv6 ospf mtu-ignore

Description
Disable checking of the maximum transmission unit (MTU) during OSPFv3 Database Description (DD) exchange.
Syntax
[no] ipv6 ospf mtu-ignore [instance-id num]
Replace num with a specific an OSPFv3 process, 0-255. If you do not use this option, MTU
checking on the interface is disabled for all OSPFv3 processes.
Default
MTU checking is enabled by default.
Mode
Interface
ipv6 ospf neighbor

Description
Configure an OSPFv3 neighbor that is located on a non-broadcast network reachable

through this interface.
Syntax
[no] ipv6 ospf neighbor ipv6-addr

[
cost num [instance-id num] |
instance-id num |
poll-interval seconds [priority num] [instance-id num] |
priority num [poll-interval seconds] [instance-id num]
]
Parameter
Description
ipv6-addr
IPv6 address of the OSPF neighbor.
cost num
Specifies the link-state metric to the neighbor, 1-65535.

There is no default cost set.
Parameter
Description
poll-interval
seconds
Number of seconds this OSPFv3 interface will wait for a reply to a

hello message sent to the neighbor, before declaring the neighbor
to be offline. You can specify 1-4294967295 seconds.
priority num
Router priority of the neighbor, 1-255.

The default priority is 0.
Default
No neighbors on non-broadcast networks are configured by default. When you configure

one, the other parameters have the default settings described in the table above.
ipv6 ospf network

Description
Specify the network type.
Syntax
[no] ipv6 ospf network

{broadcast | non-broadcast | point-to-multipoint | point-to-point}
[instance-id num]
Parameter
Description
broadcast
Broadcast network.
non-broadcast
Non-broadcast multiaccess (NBMA) network.
point-to-multipoint
Point-to-multipoint network.
point-to-point
Point-to-point network.
num
Specifies an OSPFv3 process, 0-255. If you do not use this

option, MTU checking on the interface is disabled for all
OSPFv3 processes.
Default
Depends on the media type.
Mode
Interface
ipv6 ospf priority

Description
Priority of this OSPF router (and process) on this interface for becoming the designated
router for the OSPF domain.
Syntax
[no] ipv6 ospf priority num
Replace num with the priority of this OSPF process on this interface, 0-255. The lowest
priority is 0 and the highest priority is 255.
Default
Mode
Interface
Usage
If more than one OSPF router has the highest priority, the router with the highest router ID is
selected as the designated router.
ipv6 ospf retransmit-interval

Description
Specify the time to wait before resending an unacknowledged packet out this interface to
an OSPF neighbor.
Syntax
[no] ipv6 ospf retransmit-interval seconds
Replace seconds with the number of seconds this OSPF router waits before resending an
unacknowledged packet out this interface to a neighbor. You can specify 1-65535 seconds.
Default
Mode
Interface
ipv6 ospf transmit-delay

Description
Specify the time to wait between sending packets out this interface to an OSPF neighbor.
Syntax
[no] ipv6 ospf transmit-delay seconds
Replace seconds with the number of seconds this OSPF router waits between transmission of
packets out this interface to OSPF neighbors. You can specify 1-65535 seconds.
Default
Mode
Interface
ipv6 rip split-horizon

Description
Configure the split-horizon method. Split horizon prevents the ACOS device from advertising
a route to the neighbor that advertised the same route to the ACOS device.
Syntax
[no] ipv6 rip split-horizon {poisoned | disable | enable}
Parameter
Description
poisoned
Enables advertisement of a route to the neighbor that advertised the

route to the ACOS device, but sets the metric value to infinity, thus making the route advertised by the ACOS device unusable by the neighbor
(poisoned reverse).
Without this option, advertisement of a route to the neighbor that advertised the route to the ACOS device is not allowed.
disable
Disable the split-horizon method.
enable
Enables split-horizon, but without the poisoned reverse.
Default
Split-horizon with poison is enabled.
Mode
Interface
ipv6 router isis

Description
Configure options for Intermediate System to Intermediate System (IS-IS) on an IPv6 data
interface.
Syntax
[no] ipv6 router isis [ISO routing area tag name]
Default
None
Mode
Interface
ipv6 router ospf

Description
Configure an OSPFv3 area.
Syntax
[no] ipv6 router ospf

{
area {num | ipaddr} [tag tag [instance-id num]] |
tag tag area {num | ipaddr} [instance-id num]
}
Mode
Interface
Usage
For OSPFv3, the area tag ID configured on an interface must be the same as the tag ID for the
OSPF instance.
ipv6 router rip

Description
Configure RIP routing for IPv6.
Syntax
[no] ipv6 router rip
Mode
Interface
ipv6 stateful-firewall
Description
Configure stateful firewall direction for this interface.
Syntax
[no] ipv6 stateful-firewall {inside | outside
Parameter
Description
inside
Inside (private) interface for the stateful firewall.
outside
Outside (public) interface for the stateful firewall.
access-list
Access list id. You can specify 1-199.
[access-list num]}
Mode
Interface
Example
ACOS(config-if:ethernet:1)#ipv6 stateful-firewall outside accesslist 1
isis authentication
Description
Configure authentication for this IS-IS interface.
Syntax
[no] isis authentication send-only [level-1 | level-2]

[no] isis authentication mode md5 [level-1 | level-2]
[no] isis authentication key-chain name [level-1 | level-2]
Parameter
Description
send-only
[level-1 | level-2]
Disables checking for keys in IS-IS packets received by this interface.
mode md5
[level-1 | level-2]
key-chain name
[level-1 | level-2]
level-1 Disables key checking only for Level-1 (intra-area) IS-IS traffic.
level-2 Disables key checking only for Level-2 (inter-area) IS-IS traffic.
Enabled MD5 authentication.
level-1 Enables MD5 only for Level-1 (intra-area) IS-IS traffic.
level-2 Enables MD5 only for Level-2 (inter-area) IS-IS traffic.
Specifies the name of the certificate key chain to use for authenticating IS-IS traffic.
level-1 Applies to Level-1 (intra-area) IS-IS traffic.
level-2 Applies to Level-2 (inter-area) IS-IS traffic.
Default
Clear-text authentication is enabled by default. MD5 authentication is disabled by default.

No key chain is set by default. The send-only option is disabled by default. For all options
that accept the level-1, level-1-2, or level-2 keyword, the default is level-1.
Mode
IS-IS
Usage
This command overrides the globally configured authentication settings for the IS-IS
instance.
Use the send-only option to temporarily disable key checking, then use the key-chain
option to specify the key chain. To use MD5, use the md5 option to disable clear-text
authentication and enable MD5 authentication. After key-chains are installed on the other ISIS routers, disable the send-only option.
Example
The following command disables MD5 authentication for IS-IS on interface VE 2. Clear-text
authentication will be used instead.
ACOS(config-if:ve:3)# no isis authentication mode md5
isis bfd
Description
Disable BFD.
Syntax
[no] isis bfd disable
Default
Takes the value from the global BFD configuration.
Mode
Interface
isis circuit-type
Description
Specify the IS-IS routing level (circuit type) for this interface.
Syntax
[no] isis circuit-type [level-1 | level-1-2 | level-2]
Specify the IS-IS routing level:

level-1 - Intra-area adjacencies are formed
level-1-2 - both intra-area and inter-area adjacencies are formed
level-2 - Inter-area adjacencies are formed
Default
level-1
Mode
Interface
isis csnp-interval
Description
Configure the interval between transmission of complete sequence number PDUs (CSNPs).
Syntax
[no] isis csnp-interval seconds [level-1 | level-2]
Parameter
Description
seconds
Specifies the number of seconds to wait between transmission

of CSNPs. You can specify 0-65535 seconds.
level-1 |
level-2
Specifies the IS-IS routing level to which the interval setting

applies:
level-1 Intra-area
level-2 Inter-area
The default is level-1.
Default
10 seconds, for both level-1 and level-2
Mode
Interface
Usage
This command is valid only on broadcast interfaces (network type broadcast).
isis hello
Description
Enable padding of IS-IS Hello packets.
Syntax
[no] isis hello padding
Default
Enabled
Mode
Interface
Usage
When padding is enabled, extra bytes are added to IS-IS Hello packets to make them equal
to the MTU size of the interface. This option informs neighbors of the interfaces MTU, so that
neighbors do not send Hello packets that are longer than the MTU.
isis hello-interval
Description
Configure the interval between transmission of IS-IS Hello packets on this interface.
Syntax
[no] isis hello-interval seconds [level-1 | level-2]
Parameter
Description
seconds
Specifies the number of seconds between transmission of Hello packets

to neighbors. You can specify 0-65535 seconds.
level-1 |
level-2
Specifies the IS-IS routing level to which the interval setting applies:
level-1 Intra-area
level-2 Inter-area
Default
Mode
Interface
isis hello-interval-minimal
Description
Base the hello interval value on the hello multiplier value.
Syntax
[no] isis hello-interval-minimal [level-1 | level-2]
Parameter
Description
level-1 |
level-2
Specifies the IS-IS routing level to which the interval setting applies:
level-1 Intra-area
level-2 Inter-area
Default
Mode
Interface
Usage
The minimal option bases the hello interval on the hello multiplier, by setting the hold time
to 1, and dividing the hold time by the hello multiplier:
hello-interval = hold-time % hello-multiplier
hello-interval = 1 % hello-multiplier
(For more information, see isis hello-multiplier on page 39.)
isis hello-multiplier
Description
Configure the multiplier used for calculating the neighbor hold time for Hello packets.
Syntax
[no] isis hello-multiplier num [level-1 | level-2]
Parameter
Description
num
Specifies the multiplier. You can specify 2-100.
level-1 | level-2
Specifies the IS-IS routing level to which the multiplier setting

applies.:
level-1 Intra-area
level-2 Inter-area
Default
Mode
Interface
Usage
The hold time specifies the maximum number of seconds IS-IS neighbors should allow
between Hello packets from this IS-IS interface. If the neighbor does not receive a Hello
packet before the hold time expires, the neighbor terminates the adjacency with this IS-IS
router on this interface.
To calculate the hold time, IS-IS multiplies the IS-IS hello interval by the multiplier:
hello-interval x hello-multiplier = hold-time
The hold-time value is included in Hello packets sent to IS-IS neighbors.

NOTE:
If the minimal option is used with the isis hello-interval command, the
hold time is set to 1. This overrides the hold time calculated based on the hellomultiplier value.
isis lsp-interval
Description
Configure the minimum LSP transmission interval.
Syntax
[no] isis lsp-interval ms
Replace ms with the minimum number of milliseconds IS-IS will wait between transmission
of LSPs (1-4294967295).
Default
33 ms
Mode
Interface
Usage
The LSP transmission interval helps avoid high CPU utilization on IS-IS neighbors during LSP
floods, by allowing the neighbors time to send, receive, and process LSPs.
isis mesh-group
Description
Configure mesh-group membership to control LSP flooding from this interface.
Syntax
[no] isis mesh-group {group-num | blocked}
Parameter
Description
group-num
Specifies the mesh group number. You can specify 1-4294967295.

LSPs are flooded to all Level-1 or Level-2 IS-IS neighbors (as applicable), except to the neighbors who are in the same mesh group. LSPs
are not flooded to the neighbors who are in the same mesh group as
this interface.
blocked
Blocks flooding of LSPs on this interface.
Default
None
Mode
Interface
isis metric
Description
Configure the default IS-IS metric (cost) for the interface.
Syntax
[no] isis metric num [level-1 | level-2]
Parameter
Description
num
Specifies the cost of using this interface as a link in an IS-IS

route. You can specify 1-63.
level-1 | level-2
Specifies the IS-IS routing level to which the default metric setting applies:
level-1 Intra-area
level-2 Inter-area
Default
10, for Level-1 and Level-2 routing levels
Mode
Interface
Usage
The default metric is used for SPF calculation. Links with lower metrics are preferred to links
with higher metrics.
The default metric is applicable only when the metric style is narrow. (See metric-style on
page 167.)
isis network
Description
Configure the network type.
Syntax
[no] isis network {broadcast | point-to-point}
Parameter
Description
broadcast
The network is a broadcast network.
point-to-point
The network is a point-to-point network.
Default
broadcast
Mode
Interface
isis password
Description
Configure the plain-text password for authentication of Hello packets sent and received on
this interface.
Syntax
[no] isis password string [level-1 | level-2]
Parameter
Description
string
Specifies the password.
level-1 | level-2
Specifies the IS-IS routing level to which the password applies:

level-1 Intra-area
level-2 Inter-area
Default
None
Mode
Interface
Usage
The password is applicable only if the authentication type is plain-text. (See isis authentication on page 35.)
isis priority
Description
Configure this interfaces priority for Designated Integrated System (DIS) election.
Syntax
[no] isis priority num [level-1 | level-2]
Parameter
Description
num
Specify the priority (0-127).
level-1 | level-2
Specifies the IS-IS routing level to which the priority applies:

level-1 Intra-area
level-2 Inter-area
Default
Mode
Interface
Usage
During DIS election, the IS-IS router with the highest priority is elected as the DIS for the LAN.
If more than one IS-IS router has the highest priority, the router that has the IS-IS interface
with the highest MAC address is elected as the DIS.
The priority is applicable only if the network type is broadcast. (See isis network on
page 41.)
isis restart-hello-interval
Description
Configure the amount of time this interface waits for acknowledgement from neighbors of
its notification to restart IS-IS, before resending the notification.
Syntax
[no] isis restart-hello-interval seconds [level-1 | level-2]
Parameter
Description
seconds
Specifies the number of seconds IS-IS waits to receive an

acknowledgment of its restart notification. You can specify 165535 seconds.
level-1 | level-2
Specifies the IS-IS routing level to which the interval applies:

level-1 Intra-area
level-2 Inter-area
Default
3 seconds, for Level-1 and Level-2 routing levels
Mode
Interface
Usage
To notify its IS-IS neighbors of an intent to restart the IS-IS process, the ACOS device inserts a
Restart TLV in IS-IS Hello packets sent to neighbors on this interface. If the an acknowledge-
ment of the restart notification is not received on this interface before the restart hello interval expires, IS-IS resends the notification.
isis retransmit-interval
Description
Configure the interval between transmission of LSPs on point-to-point links.
Syntax
[no] isis retransmit-interval seconds
Replace seconds with the number of seconds IS-IS waits before resending an LSP that was
dropped (0-65535). Use a value that is greater than the expected round-trip delay between
any two routers on the attached network.
Default
Mode
Interface
Usage
The retransmit interval is applicable only if the network type is point-to-point. (See isis network on page 41.)
isis wide-metric
Description
Configure the length of a wide metric on the interface.
Syntax
[no] isis wide-metric num [level-1 | level-2]
Parameter
Description
num
Specifies the metric length. You can specify 1-16777214.
level-1 | level-2
Specifies the IS-IS routing level to which the metric applies:

level-1 Intra-area
level-2 Inter-area
Default
Mode
Interface
Usage
The wide metric is applicable only if the metric style is set to wide or transition. (See metricstyle on page 167.)
l3-vlan-fwd-disable
Description
Disable Layer 3 forwarding between VLANs on tis interface.
Syntax
[no] l3-vlan-fwd-disable
Default
By default, the ACOS device can forward Layer 3 traffic between VLANs.
Mode
Interface
Usage
This command is applicable only on ACOS devices deployed in gateway (route) mode. If the
option to disable Layer 3 forwarding between VLANs is configured at any level, the ACOS
device can not be changed from gateway mode to transparent mode, until the option is
removed.
The command is applicable to inbound traffic on the interface.
The command is valid on physical Ethernet interfaces, Virtual Ethernet (VE) interfaces, trunks,
and on the lead interface in trunks.
However, if the command is configured on a physical Ethernet interface, that interface can
not be added to a trunk or VE.
If the command is used on a trunk or VE and that trunk or VE is removed from the
configuration, the command is also removed from all physical Ethernet interfaces that were
members of the trunk or VE. Likewise, if a VLAN is removed, the command is removed from
any physical Ethernet interfaces that were members of the VLAN.
To display statistics for this option, use the show slb switch command. For more
information, see show slb switch in the Command Line Interface Reference.
lldp enable
Description
Configure this interface to send only, receive only, or send and receive LLDP data packets.
Specify rx to configure the interface to only receive LLDP data packets; specify tx to
configure the interface to only send LLDP data packets. If neither is specified, the interface
can both receive and send LLDP data packets.
Syntax
[no] lldp enable [rx] [tx]
Default
Not enabled.
Mode
Port configuration mode
lldp notification
Description
Configure this port to send notifications.
Syntax
[no] lldp notification enable
Default
Not enabled.
Mode
Interface
lldp tx-dot1-tlvs
Description
The TLVs VLAN name and link-aggregation are dictated by 802.1ab Annex E.
Syntax
[no] lldp tx-dot1-tlvs [vlan] [link-aggregation]
Parameter
Description
vlan
Assign a name to the VLAN and map the VLAN ID to the VLAN.
link-aggregation
Link-aggregation TLV, dictated by 802.1ab 2005 and 802.1ab

2009.
Default
Since 802.1ab 2009 and 802.1ab2005 are inherently different, some older devices do support
these TLVs by default. The TLVs will not automatically be included in the transmitted frame.
Mode
Interface
lldp tx-tlvs
Description
Configure the transmission TLV packets to exclude. All basic TLVs will be included by default.
Syntax
[no] lldp tx tlvs exclude {

management-address |
port-description |
system-capabilities |
system-description |
system-name
}
Default
Not enabled.
Mode
Interface
load-interval
Description
Change the interval for utilization statistics for the interface.
Syntax
[no] load-interval seconds
You can specify 5-300 seconds.
You must specify the amount in 5-second intervals. For example, 290 and 295 are valid
interval values. However, 291, 292, 293, and 294 are not valid interval values.
Default
300 seconds
Mode
Interface
Usage
This command applies only to data interfaces.

To display interface utilization statistics, see the show interfaces and show statistics
commands in the Command Line Interface Reference.
Example
The following command changes the utilization statistics interval for Ethernet interface 1 to
200 seconds:
ACOS(config-if:ethernet:1)# load-interval 200
lw-4o6
Description
Configure an LW-4over6 interface.
Syntax
[no] lw-4o6 {inside | outside}
Mode
Parameter
Description
inside
Configure an LW-4over6 inside interface.
outside
Configure an LW-4over6 outside interface.
Interface
media-type-copper
Description
Configure a 40G port if you want to use a copper 40G DAC cable.
This command is only available on devices with 40G interfaces.
Syntax
[no] media-type-copper
Default
40G ports on ACOS devices are configured to use fiber cables by default.
Mode
Interface
monitor
Description
Configure an Ethernet interface to send a copy of its traffic to another Ethernet interface.
Before using this command, you must have first configured a mirror port to accept the
copied (mirrored) traffic. For more information, see the mirror-port command in the
Command Line Interface Reference.
Syntax
[no] monitor {both | input | output} [vlan vlan-id]
Parameter
Description
both
Send a copy of both inbound and outbound traffic to the mirror port.
The mirror port must have already been configured to send both inbound
and outbound mirrored traffic from this monitored port. For example:
ACOS(config)# mirror-port 1 ethernet 1 both
input
Send inbound traffic only to the mirror port.

The mirror port must have already been configured to send inbound mirrored traffic from this monitored port. For example:
ACOS(config)# mirror-port 2 ethernet 2 input
output
Send outbound traffic only to the mirror port.

The mirror port must have already been configured to accept outbound
mirrored traffic from this monitored port. For example:
ACOS(config)# mirror-port 3 ethernet 3 output
vlan
vlan-id
If applicable, specify the VLAN to which the monitored port belongs.
Default
By default, no traffic is mirrored.
Mode
Interface
Usage
This command is valid only on Ethernet data interfaces. To specify the port where mirrored
traffic should be sent, use the mirror-port command at the global Config level. For more
information, see the mirror-port command in the Command Line Interface Reference.
NOTE:
Only one mirror port is supported. All mirrored traffic for the directions you specify
goes to that port.
Example
The following commands enable monitoring of input traffic on Ethernet port 5, and enable
the monitored traffic to be copied (mirrored) to Ethernet port 3:
ACOS(config)# mirror-port 2 ethernet 3
ACOS(config-if:ethernet:5)# monitor input 2
mtu
Description
Change the Maximum Transmission Unit (MTU) for an Ethernet interface.
Syntax
[no] mtu bytes
Replace bytes with the largest packet size that can be forwarded out the interface (12001500).
NOTE:
See Usage section below for details on jumbo frame support.
Default
1500 bytes
Mode
Interface
Usage
This command applies to the Ethernet data interfaces.

If the ACOS device needs to forward a packet that is larger than the MTU of the ACOS egress
interface to the next hop, but the Do Not Fragment bit is set in the packet, the ACOS device
drops the packet and sends an ICMP Destination Unreachable code 4 (Fragmentation
required, and DF set) message to the sender.
To display a counter of how many outbound packets have been dropped because they were
longer than the outbound interface's MTU, use the following command:
show slb switch [detail | ethernet port-num [detail]]
The counter is labeled MTU exceeded Drops. The counter includes packets that had the Do
Not Fragment bit set and packets that did not have the bit set.
You can enable jumbo support on a global basis. In this case, the MTU is not automatically
changed on any interfaces, but you can increase the MTU on individual interfaces.
On FTA models, you can increase the MTU on individual Ethernet interfaces up to
12000 bytes.
On non-FTA models, you can increase the MTU on individual Ethernet interfaces up to
9216 bytes.
name
Description
Assign a name to the interface.
Syntax
[no] name string
Replace string with the name for the interface, 1-63 characters.
Default
None
Mode
Interface
Usage
This command applies to physical and virtual Ethernet data interfaces, and trunks. This command does not apply to the management interface.
Example
The following commands assign the name "WLAN-interface" to an interface and show the
result:
ACOS(config-if:ve:1)# name WLAN-interface
ACOS(config-if:ve:1)# show ip interfaces
Port IP
Netmask
PrimaryIP
Name
--------------------------------------------------------------------------mgm
192.168.20.136
255.255.255.0
Yes
ve1
192.168.217.1
255.255.255.0
Yes
ve2
50.50.50.1
255.255.255.0
Yes
WLAN-interface
ports-threshold
Description
Configure the minimum port threshold for a trunk.
Syntax
[no] ports-threshold number-of-ports

[timer seconds [do-auto-recovery]]
Parameter
Description
number-of-ports
Minimum number of ports that must be up in order for the

trunk to remain up. If the number of up ports falls below the
configured threshold, the ACOS device automatically disables
the trunks member ports. The ports are disabled in the running-config. You can specify 2-8.
timer
seconds
[do-auto-recovery]
Number of seconds to wait after a port goes down before

marking the trunk down, if the configured threshold is
exceeded. You can set the ports-threshold timer to 1-300 seconds.
The do-auto-recovery option brings the trunk back Up
when the required number of ports comes back up. Without
this option, the trunk remains disabled until you re-enable it.
This option is applicable only to LACP trunks.
Mode
Interface
Usage
This command is applicable only to trunk interfaces.
remove-vlan-tag
Description
Remove the VLAN tag from packets to ensure that packets going out of the interface will be
untagged.
NOTE:
This command is not available on non-FPGA platforms, and is also not available on
the A10 Thunder Series 3230S(S), 3430(S), and 5330(S) platforms.
Syntax
[no] remove-vlan-tag
Default
Disabled
Mode
Interface
Example
Ensure packets going out of ethernet interface 2 are untagged:

ACOS(config-if:ethernet:2)# remove-vlan-tag
snmp-server
Description
Specify a data interface to use as the source interface for SNMP traps.
Syntax
[no] snmp-server trap-source
Default
Management interface
Mode
Interface
Usage
Select a data interfaces from which to send SNMP traps. The interface can be any of the following types:
Ethernet
VLAN / VE
Loopback
When the ACOS device sends an SNMP trap from the specified data interface, the agentaddress in the SNMP trap is the data interfaces IP address.
Implementation Details:
This feature does not support IPv6.
This feature supports SNMPv1 but not SNMPv2c or SNMPv3.
Example
The following command attempts to set a loopback interface as the SNMP trap source. However, the feature has already been enabled on Ethernet port 1, and only one interface can be
enabled for SNMP traps, so this example shows that the existing trap source will be overwritten with the new one:
ACOS(config)# interface loopback 1
ACOS(config-if:loopback:1)# snmp-server trap-source
The trap source already exists for interface eth1. Do you want to
overwrite? [yes/no]:yes
ACOS(config-if:loopback:1)#
trunk-group
Description
Add the interface to a trunk group.
Syntax
[no] trunk-group TrunkID [static | lacp | lacp-udld]
Parameter
Description
static
Adds the interface to a static trunk.
lacp
Adds the interface to a dynamic trunk.
lacp-udld
Adds the interface to a dynamic trunk that uses Unidirectional Link

Detection.
Default
static
Mode
Interface
Usage
Use this command on each Ethernet data port you want to add to the trunk. When finished,
use the interface trunk TrunkID command to access the configuration level for the
trunk interface.
For more information about trunk configuration, see Link Trunking on page 3.
Config Commands: VLAN
The commands in this chapter configure parameters on individual VLANs:

name
router-interface
tagged
untagged
To access this CLI level, enter the vlan command from the Global configuration level. For example:
ACOS(config-vlan:4)#
If the ACOS device is a member of an aVCS virtual chassis, specify the VLAN ID as follows: DeviceID/vlan-id, where
DeviceID is the devices aVCS ID and vlan-id is the VLAN ID.
name
Description
Assign a name to the VLAN.
Syntax
[no] name string
Replace string with the name for the VLAN, 1-63 characters.
Default
The default name for VLAN 1 is DEFAULT VLAN. For other VLANs, if a name is not configured,
None appears in place of the name.
Mode
VLAN
Example
The following commands assign the name Test100 to VLAN 100 and show the result:
ACOS(config-vlan:100)# name Test100
ACOS(config-vlan:100)# show vlan
Total VLANs: 3
VLAN 1, Name [DEFAULT VLAN]:
Untagged Ports:
Tagged Ports:
3
None
10
VLAN 100, Name [Test100]:

Untagged Ports:
Tagged Ports:
1
None
Router Interface: ve 1
VLAN 200, Name [None]:
Untagged Ports:
Tagged Ports:
2
None
Router Interface: ve 2
router-interface
Description
Add a virtual Ethernet (VE) router interface to the VLAN. A VE is required in order to configure
an IP address on a VLAN.
Syntax
[no] router-interface ve ve-num
Replace ve-num with the VE number, 2-4094. The VE number must be the same as the VLAN
number.
Default
By default, a VLAN does not have a VE.
Mode
VLAN
Usage
This command is valid only on ACOS devices deployed in route mode.

The VE interface on a VLAN must have the same number as the VLAN. For example, in VLAN
69, the VE number also must be 69.
MAC Address Assignment

The MAC addresses used by the ACOS devices physical Ethernet data ports also are used for
VEs. (See the system ve-mac-scheme command in the Command Line Interface Reference.)
Example
The following command configures VE 4 on VLAN 4:

tagged
Description
Add tagged ports to a VLAN. A tagged port can be a member of more than one VLAN. An
untagged port can be a member of only a single VLAN.
Syntax
[no] tagged
{ethernet port-num [to port-num] | trunk trunk-num
[to trunk-num]}
Parameter
Description
port-num
Add the specified tagged ethernet port to the VLAN.

To add a range of ports, use the to port-num option.
trunk-num
Add the specified tagged trunk to the VLAN.

To add a range of trunks, use the to trunk-num option.
Default
A VLAN has no ports by default.
Mode
VLAN
Usage
A port can be a tagged member of a maximum of 128 VLANs.
Example
The following command adds ports 4 and 5 to VLAN 4 as tagged ports:

ACOS(config-vlan:4)# tagged ethernet 4 to 5
untagged
Description
Add untagged ports to a VLAN. An untagged port can be a member of only a single VLAN.
Syntax
[no] untagged
{
ethernet port-num [to port-num] |
lif lif-num |
trunk trunk-num [to trunk-num] |
}
Parameter
Description
port-num
Add the specified untagged ethernet port to the VLAN.

To add a range of ports, use the to port-num option.
lif-num
Add the specified logical interface to the VLAN.
trunk-num
Add the specified untagged trunk to the VLAN.

To add a range of trunks, use the to trunk-num option.
Default
VLAN 1 contains all ports by default. New VLANs do not contain any ports by default.
Mode
VLAN
Example
The following command adds port 6 and ports 8-10 to VLAN 4 as an untagged ports:
ACOS(config-vlan:4)# untagged ethernet 6
ACOS(config-vlan:4)# untagged ethernet 8 to 10
Config Commands: IP
The IP commands configure global IPv4 parameters.

ip access-list
ip address
ip anomaly-drop
ip as-path
ip community-list
ip default-gateway
ip dns
ip extcommunity-list
ip frag buff
ip frag max-reassembly-sessions
ip frag timeout
ip icmp disable
ip mgmt-traffic
ip nat alg pptp
ip nat icmp
ip nat inside source
ip nat pool
ip nat pool-group
ip nat range-list
ip nat template logging
ip nat translation
ip nat-global reset-idle-tcp-conn
ip prefix-list
ip route
ip tcp syn-cookie threshold
NOTE:
To configure global IPv6 parameters, see Config Commands: IPv6 on page 83.
ip access-list
Description
Configures an IPv4 access control list (ACL).
Syntax
[no] ip access-list acl-name
Replace acl-name with the name of the IP ACL, 1-16 characters.

This command changes the CLI to the configuration level for the specified IPv4 ACL, where
the following commands are available:
{
[sequence-number]
{[remark string] |
[deny | permit | l3-vlan-fwd-disable]}
{traffic-type}
{traffic-source}
{traffic-destination}
{more-options}
}
Match Option
Description
sequence-number
Sequence number of this rule in the ACL. You can use this option to resequence the rules in
the ACL.
remark string
Adds a remark to the ACL (1-63 characters). The remark appears at the top of the ACL when
you display it in the CLI. To use blank spaces in the remark, enclose the entire remark string
in double quotes. The ACL must already exist before you can configure a remark for it. An
ACL and its individual rules can have multiple remarks.
deny |
permit |
l3-vlan-fwd-disable
Specify the action to take for traffic that matches the ACL:
deny - Drops any traffic that matches the ACL applied to interfaces or used for management access.
permit - Allows any traffic that matches the ACL applied to interfaces or used for management access. For ACLS used for IP source NAT, this option specifies the inside host
addresses to be translated into external addresses.
NOTE: If you are configuring an ACL for source NAT, use the permit action. For ACLs
used with source NAT, the deny action does not drop traffic, it simply does not use the
denied addresses for NAT translations.
l3-vlan-fwd-disable - Disables Layer 3 forwarding between VLANs for IP addresses
that match the ACL rule.
traffic-type
Specifies the type of traffic to match:

geo-location Matches on geo-location name.
icmp [type {type-option} [code {any-code | code-num}]] Matches on
ICMP traffic. (For information about the type and code options, see the object-group service command in the Command Line Interface Reference.)
ip Matches on any type of IP traffic.
object-group group-name Matches on the values in the specified service object
group. (See the object-group service command in the Command Line Interface Reference.)
tcp Matches on TCP traffic.
udp Matches on UDP traffic.
traffic-source
Specifies the source address(es) on which to match:

any The ACL matches on all source IP addresses.
host host-src-ipaddr The ACL matches only on the specified host IP address.
net-src-ipaddr {filter-mask | /mask-length} The ACL matches on any
host in the specified subnet. The filter-mask specifies the portion of the address to filter:
Use 0 to match.
Use 255 to ignore.
For example, the following filter-mask filters on a 24-bit subnet: 0.0.0.255
Alternatively, you can use mask-length to specify the portion of the address to filter.
For example, you can specify /24 instead 0.0.0.255 to filter on a 24-bit subnet.
object-group group-name Matches on the addresses in the specified network
object group. (See the object-group service command in the Command Line Interface
Reference.)
Match Option
Description
eq src-port |
gt src-port |
lt src-port |
range
start-src-port
end-src-port
These options are available for both TCP or UDP only; they specify the source protocol ports
on which to match:
eq src-port The ACL matches on traffic from the specified source port.
gt src-port The ACL matches on traffic from any source port with a higher number
than the specified port.
lt src-port The ACL matches on traffic from any source port with a lower number
than the specified port.
range start-src-port end-src-port The ACL matches on traffic from any
source port within the specified range.
traffic-destination
Specifies the destination address(es) on which to match. (The options are the same as those
for source address.)
more-options
Specifies additional match criteria:

fragments Matches on packets in which the More bit in the header is set (1) or has a
non-zero offset.
vlan vlan-id Matches on the specified VLAN. VLAN matching occurs for incoming
traffic only.
dscp num Matches on the 6-bit Diffserv value in the IP header, 1-63.
established Matches on TCP packets in which the ACK or RST bit is not set. This
option is useful for protecting against attacks from outside. Since a TCP connection from
the outside does not have the ACK bit set (SYN only), the connection is dropped. Similarly,
a connection established from the inside always has the ACK bit set. (The first packet to
the network from outside is a SYN/ACK.)
log [transparent-session-only] Configures the ACOS device to generate log
messages when traffic matches the ACL.
The transparent-session-only option limits logging for an ACL rule to creation and deletion of transparent sessions for traffic that matches the ACL rule.
Mode
Configuration mode.
Usage
The support for named IPv4 ACLs supplements the support for IPv4 ACLs configured by ID.
You can use a named IPv4 ACL in any place a standard or extended IPv4 ACL is supported. In
the CLI, use the name option in front of the IPv4 ACL name.
Introduced in Release
2.7.1
Example
The following commands configure a named, extended IPv4 ACL called Deny-Rules to
deny traffic sent from subnet 10.10.10.x to 10.10.20.5:80, and apply the ACL to inbound traffic
received on Ethernet interface 7:
ACOS(config)# ip access-list Deny-Rules

ACOS(config-ext-access-list:Deny-Rules)# deny tcp 10.10.10.0 0.0.0.255 10.10.20.5 /32 eq
80
ACOS(config-ext-access-list:Deny-Rules)# exit
ACOS(config-if:ethernet:7)# access-list name Deny-Rules in
ip address
Description
Configure the global IP address of the ACOS device, when the device is deployed in transparent mode (Layer 2 mode).
Syntax
[no] ip address ipaddr {subnet-mask | /mask-length}
Default
None.
Mode
Configuration mode
Usage
This command applies only when the ACOS device is deployed in transparent mode. To
assign IP addresses to individual interfaces instead (gateway mode), use the ip address
command at the interface configuration level. (See ip address on page 12.)
If the ACOS device is a member of an aVCS virtual chassis, use the device-context
command to specify the device in the chassis to which to apply this command.
Loopback Interface Support for OSPF

If an IP address is configured on a loopback interface, and the address is in a subnet that is
also configured as an OSPF network subnet, the loopback interface is automatically included
in the OSPF subnet.
The ACOS devices table of OSPF interfaces will include the loopback interface. Likewise, the
ACOS device will include the loopback interface in link-state advertisements sent to
neighbor OSPF routers.
Multiple OSPF Networks on the Same Interface Not Supported

The ACOS device does not support multiple OSPF networks on a data interface. One OSPF
network configuration can enable at most one network per interface.
For example, assume a data port has 3 IP addresses configured that belong to 3 separate
subnets, S1, S2, and S3. If you configure network S4 with area A.B.C.D, and S4 contains S1, S2,
and S3, then only S1 will be running OSPF. S2 and S3 will not be known to other OSPF
routers.
To work around this limitation, enable OSPF redistribution of directly connected routes so
that OSPF will redistribute S2 and S3 via the network running on S1.
Example
The following command configures global IP address 10.10.10.4/24:

ACOS(config)# ip address 10.10.10.4 /24
ip anomaly-drop
Description
Enable filtering for IP packets that exhibit predictable, well-defined anomalies. You can enable filtering for the following types of IP anomalies:
Syntax
[no] ip anomaly-drop {parameter} variable if applicable
Parameter
Description
bad-content
Bad content threshold. You can specify a value of 1-127.
drop-all
Drop all IP anomaly packets.
frag
Drop all fragmented packets.
ip-option
Drop packets with IP options.
land-attack
Drop IP packets with the same source and destination

addresses.
out-of-sequence
Out of sequence packet threshold. You can specify a value

of 1-127.
packet-deformity
Drop packets with deformity. You can specify layer-3 or

layer-4.
ping-of-death
Drop oversize ICMP packets.
security-attack
Drop packets causing a security attack. You can specify

layer-3 or layer-4.
tcp-no-flag
Drop TCP packets with no flag.
tcp-syn-fin
Drop TCP packets with both syn and fin flags set.
tcp-syn-frag
Drop fragmented TCP packets with a syn flag set.
zero-window
Zero window size threshold.
Default
All options except for ip-option are disabled by default.
Mode
Configuration mode
Example
ACOS(config)# ip anomaly-drop security-attack layer-3
ip as-path
Description
Configure an AS-path list for BGP.
Syntax
[no] ip as-path access-list regular-expression {deny | permit}
Parameter
Description
regular-expression
Access list name.
deny | permit
Action to perform on matching entries.
Default
None
Mode
Configuration mode
ip community-list
Description
Specify BGP community attributes.
Syntax
[no] ip community-list num

{deny | permit}
[community-number]
[local-AS]
[no-advertise]
[no-export]
Syntax
[no] ip community-list {expanded | standard} list-name

{deny | permit}
[community-number]
[local-AS]
[no-advertise]
[no-export]
Parameter
Description
num
List number.
{expanded | standard}
list-name
List type and name.
deny | permit
Action to perform for matching communities.
community-number
Community number.
local-AS
Advertises routes only within the local Autonomous System (AS), not to external BGP peers.
no-advertise
Does not advertise routes.
no-export
Does not advertise routes outside the AS boundary.
Default
None
Mode
Configuration mode
Example
Example configuration:
ACOS(config)# ip community-list standard list-name permit 10 no-advertise
ip default-gateway
Description
Specify the default gateway to use to reach other subnets, when the ACOS device is
deployed in transparent mode (Layer 2 mode).
Syntax
[no] ip default-gateway ipaddr
Default
None.
Mode
Configuration mode
Usage
This command applies only when the ACOS device is used in transparent mode. If you
instead want to use the device in gateway mode (Layer 3 mode), configure routing.
To configure the default gateway for the out-of-band management interface, use the
interface management command to go to the configuration level for the interface, then
enter the ip default-gateway command. (See ip default-gateway on page 15.)
Example
The following command configures an ACOS device deployed in transparent mode to use
router 10.10.10.1 as the default gateway for data traffic:
ACOS(config)# ip default-gateway 10.10.10.1
ip dns
Description
Configure DNS servers and the default domain name (DNS suffix) for hostnames on the
ACOS device.
Syntax
[no] ip dns {primary | secondary} ipaddr

[no] ip dns suffix string
Default
None
Mode
Configuration mode
Usage
This command applies to transparent mode and gateway mode.

This command can only be used in the shared partition.
Example
The following command sets primary DNS server 20.20.20.5:

ACOS(config)# ip dns primary 20.20.20.5
ip extcommunity-list
Description
Configure an extended community list for BGP.
Syntax
[no] ip extcommunity-list num

{deny | permit}
{rt | soo {AS-num:nn | ipaddr:nn}}
Syntax
[no] ip extcommunity-list
{expanded | standard} list-name
{deny | permit}
{rt | soo {AS-num:nn | ipaddr:nn}}
Parameter
Description
num
List number.
{expanded | standard}
list-name
List type and name.
deny | permit
Action to perform for matching communities.
rt | soo
{AS-num:nn | ipaddr:nn}
Community type and ID:
Default
None
Mode
Configuration mode
rt Route-target extended community.

soo Site-of-origin extended community.
ACOS(config)# ip extcommunity-list standard list-name permit soo 10:20
ip frag buff
Description
Maximum buffer size used for fragmentation.
Syntax
[no] ip frag buff num
Replace num with the maximum number of buffers the ACOS device will allow for
fragmentation sessions. You can specify 10000-3000000 (3 million). The specified maximum
applies to both IPv4 and IPv6.
Default
The default range on 64-bit ACOS models is 5% of total buffers
Mode
Configuration mode
Usage
If the ACOS device is a member of an aVCS virtual chassis, use the device-context command to specify the device in the chassis to which to apply this command.
ip frag max-reassembly-sessions
Description
Configure the IP fragment queue size.
Syntax
[no] ip frag max-reassembly-sessions num
Replace num with the maximum number of simultaneous fragmentation sessions the ACOS
device will allow. You can specify 1-200000. The specified maximum applies to both IPv4 and
IPv6.
Default
100000
Mode
Configuration mode
Usage
ip frag timeout
Description
Configure the timeout for IP packet fragments.
Syntax
[no] ip frag timeout ms
Replace ms with the number of milliseconds (ms) the ACOS device buffers fragments for
fragmented IP packets. If any fragments of an IP packet do not arrive within the specified
time, the fragments are discarded and the packet is not re-assembled. You can specify 416000 ms (16 seconds), in 10-ms increments.
Default
1000 ms (1 second)
Mode
Configuration mode
Usage
ip icmp disable
Description
Disable ICMP messages.
Syntax
[no] ip icmp disable {redirect | unreachable}
Parameter
Description
redirect
Disables sending of ICMP Redirect messages.
unreachable
Disables sending of ICMP Destination Unreachable messages.
Default
Both types of ICMP messages are enabled.
Mode
Configuration mode
Usage
Example
The following command disables sending of IPv4 ICMP Redirect messages:

ACOS(config)# ip icmp disable redirect
ip mgmt-traffic
Description
Allows a loopback interface IP address to be used as the source interface for management
traffic originated by the ACOS device.
Syntax
[no] ip mgmt-traffic
{all | ftp | ntp | rcp | snmp | ssh | syslog | telnet | tftp | web}
source-interface loopback num
To apply the command only to a specific type of traffic (SNMP, NTP, and so on), use the option
for that traffic type. To apply the command to all management traffic types, use the all
option.
Default
Not set
Mode
Configuration mode
Usage
Notes about the implementation of this command:

Loopback interface IP address The loopback interface you specify when configuring
this feature must have an IP address configured on it. Otherwise, this feature does not
take effect.
Management interface If use of the management interface as the source for management traffic is also enabled, the loopback interface takes precedence over the management interface. The loopback interfaces IP address will be used instead of the
management interfaces IP address as the source for the management traffic.
Likewise, the use-mgmt-port option has no effect.
Ping traffic Configuration for use of a loopback interface as the source for management traffic does not apply to ping traffic. By default, ping packets are sourced from the
best interface based on the route table. You can override the default interface selection
by specifying a loopback or other type of interface as part of the ping command.
Layer 2/3 Virtualization This feature is supported only for loopback interfaces that
belong to the shared partition. When this feature is configured, management traffic initiated from a private partition will use the IP address of the specified loopback interface
as the source address, and will use the shared partitions data routing table to select the
outbound interface.
Limitations
The current release has the following limitations related to this feature:
Floating loopback interfaces are not supported.
IPv6 interfaces are not supported.
aVCS is not supported.
Example
The following commands configure an IP address on loopback interface 2:

ACOS(config)# interface loopback 2
ACOS(config-if:loopback:2)# ip address 10.10.10.66 /24
ACOS(config-if:loopback:2)# exit
Example
The following command configures the ACOS device to use loopback interface 2 as the
source interface for management traffic of all types listed above:
ACOS(config)# ip mgmt-traffic all loopback 2
ip nat alg pptp

Description
Disable or re-enable NAT Application-Layer Gateway (ALG) support for the Point-to-Point
Tunneling Protocol (PPTP). This feature enables clients and servers to exchange Point-to-
Point (PPP) traffic through the ACOS device over a Generic Routing Encapsulation (GRE) tunnel. PPTP is used to connect Microsoft Virtual Private Network (VPN) clients and VPN hosts.
Syntax
ip nat alg pptp {enable | disable}
Default
Enabled
Mode
Configuration mode
Usage
NAT ALG for PPTP has additional configuration requirements. For information, see the NAT
ALG Support for PPTP section in the Network Address Translation chapter of the Application Delivery and Server Load Balancing Guide.
ip nat icmp
Description
Configure NAT ICMP settings.
Syntax
[no] ip nat icmp {always-source-nat-errors | respond-to-ping}
Parameter
Description
always-source-nat-errors
Enable NAT for ICMP messages from inside routers. By default, source IP addresses
of ICMP error messages sent by inside routers are not translated into NAT
addresses.
respond-to-ping
Enable ping replies from NAT pool addresses. By default, ping requests sent to LSN
NAT pool addresses are dropped.
Default
Disabled
Mode
Configuration mode
ip nat inside source

Description
Configure inside Network Address Translation (NAT).
Syntax
[no] ip nat inside source

{
class-list name |
list acl-name pool pool-or-group-name
[msl seconds]
[respond-to-user-mac] |
static inside-ipaddr nat-ipaddr
[disable | enable]
[vrid num]
}
Parameter
Description
class-list name
Specifies a class list. Entries in the class list map internal IP addresses to IP NAT
pools.
list acl-name
Specifies an Access Control List (ACL) that matches on the inside addresses to be
translated. (To configure the ACL, see the access-list commands in the Command
Line Interface Reference.)
pool pool-or-group-name
[msl seconds]
[respond-to-user-mac]
Dynamically assigns addresses from a range defined in a pool or pool group.

The msl seconds option sets the TCP Maximum Segment Life (MSL) for source-NAT
connections that use the specified pool or pool group. This option is useful for NAT
connections to devices with older TCP/IP stacks, where the MSL is up to 2 minutes,
resulting in a wait of up to 240 seconds (4 minutes) after a FIN before the endpoint
can enter a new connection. You can set the MSL to 1-1800 seconds.
The respond-to-user-mac option causes existing connections to follow the
active ACOS device to use the inside clients MAC address, instead of the routing
table, to select the next hop for the reply.
NOTE: This option is valid only for the current session. After the clients MAC
address expires, the ACOS device will use the routing table to select the next hop. If
the session has traffic from the inside client, the ACOS device will learn the inside
client's MAC address again.
static
inside-ipaddr nat-ipaddr
Statically maps the specified inside address to a specific NAT address.
disable | enable
Disables or re-enables the static mapping.
vrid num
VRRP-A VRID.
Default
None
Mode
Configuration mode
For static NAT mappings, the following limitations apply:
Application Layer Gateway (ALG) services other than FTP are not supported when the
server is on the inside.
Syn-cookies are not supported.
Example
The following command configures static inside NAT translation of 10.10.10.55 to

192.168.20.44:
ACOS(config)# ip nat inside source static 10.10.10.55 192.168.20.44
ip nat pool
Description
Configure a named set of IP addresses for use by NAT.
Syntax
[no] ip nat pool pool-name

start-ipaddr end-ipaddr
netmask {subnet-mask | /mask-length}
[gateway ipaddr]
[ip-rr]
[scaleout-device-id device-id]
[vrid num]
Parameter
Description
pool-name
Name of the address pool.
start-ipaddr
Beginning (lowest) IP address in the range.
end-ipaddr
Ending (highest) IP address in the range.
netmask
{subnet-mask | /mask-length}
Network mask for the IP addresses in the pool.
gateway ipaddr
Default gateway to use for NATted traffic.
ip-rr
Uses pool IP addresses in round robin fashion. Without this option, IP address
selection from a NAT pool depends on the incoming tuple and the usage of
the NAT pool.
scaleout-device-id device-id
Configure the Scale Out device ID to which this IP NAT pool will be bound (164).
vrid num
VRRP-A VRID. In the shared partition, you can specify 1-31 or default. In private partitions, you can specify default.
Default
None.
Mode
Configuration mode
Usage
The pool can be used by other ip nat commands. The IP addresses must be IPv4 addresses.
To configure a pool of IPv6 addresses, see ipv6 nat pool on page 89.
To enable inside or outside NAT on interfaces, see ip nat on page 19.
When you use the gateway option, the gateway you specify is used as follows:
For forward traffic (traffic from a client to a server), the NAT gateway is used if the source
NAT address (the address from the pool) and the server address are not in the same IP
subnet.
On reverse traffic (reply traffic from a server to a client), the NAT gateway is used if all
the following conditions are true:
The session is using translated addresses (is source NATted).

The source protocol port is in the source NAT subnet.
The destination is not in the source NAT subnet.
For conditions under which the NAT gateway is needed, if no NAT gateway is configured, the
ACOS device uses the default gateway configured for the ACOS devices other traffic instead.
Example
The following command configures an IP address pool named pool1 that contains
addresses from 30.30.30.1 to 30.30.30.254:
ACOS(config)# ip nat pool pool1 30.30.30.1 30.30.30.254 netmask /24
ip nat pool-group
Description
Configure a set of IP pools for use by NAT. Pool groups enable you to use non-contiguous IP
address ranges, by combining multiple IP address pools.
Syntax
[no] ip nat pool-group pool-group-name [vrid num]
Parameter
Description
pool-group-name
Name of the pool group.
vrid num
VRRP-A VRID.
This command changes the CLI to the configuration level for the specified pool group,
where the following command is available:
member pool-name
Replace pool-name with the name of a configured IP address pool.
Default
None.
Mode
Configuration mode
Usage
To use a non-contiguous range of addresses, configure a separate pool for each contiguous
portion of the range, then configure a pool group that contains the pools.
The addresses within an individual pool still must be contiguous, but you can have gaps
between the ending address in one pool and the starting address in another pool. You also
can use pools that are in different subnets.
For SLB, a pool group can contain up to 5 pools. Pool group members must belong to the
same protocol family (IPv4 or IPv6). A pool can be a member of multiple pool groups.
If a pool group contains pools in different subnets, the ACOS device selects the pool that
matches the outbound subnet. For example, if there are two routes to a given destination, in
different subnets, and the pool group has a pool for one of those subnets, ACOS selects the
pool that is in the subnet for the outbound route.
The ACOS device selects the pool whose addresses are in the same subnet as the next-hop
interface used by the data route table to reach the server.
Example
The following commands create a pool group containing 3 pools:

ACOS(config)# ip nat pool-group group1
ACOS(config-pool-group:group1)# member pool1
ip nat range-list
Description
Configure a range of IP addresses to use with static NAT.
Syntax
[no] ip nat range-list list-name

local-ipaddr /mask-length
global-ipaddr /mask-length
count number
[vrid num]
Parameter
Description
list-name
Name of the static NAT address range.
local-ipaddr /mask-length
Beginning (lowest) IP address in the range of local addresses.
global-ipaddr /mask-length
Beginning (lowest) IP address in the range of global addresses.
count number
Number of addresses to be translated, 1-200000. The range contains a contiguous

block of the number of addresses you specify.
The block of local addresses starts with the address you specify for local-ipaddr.
Likewise, the block of global addresses begins with the address you specify for
global-ipaddr.
VRRP-A VRID.
vrid num
Default
None.
Mode
Configuration mode
Usage
You can configure up to 2000 ranges. You can specify IPv4 or IPv6 addresses within a range.
Example
The following command configures an IP address range named nat-list-1 that maps up to
100 local addresses starting from 10.10.10.97 to Internet addresses starting from
192.168.22.50:
ACOS(config)# ip nat range-list nat-list-1 10.10.10.97 /16 192.168.22.50 /16 count 100
ip nat template logging

Description
Configure a template for external logging of SLB traffic events.
Syntax
[no] ip nat template logging template-name
This command changes the CLI to the configuration level for the specified NAT logging
template, where the following commands are available.
Command
Description
[no] facility facility-name
Specifies the logging facility to use. For a list of available facilities, enter
the following command: facility ?
The default facility is local0.
[no] include-destination
Includes the destination IP addresses and protocol ports in NAT port

mapping logs.
[no] include-rip-rport
Includes the IP and port of real server in logs (SLB function only).
[no] log port-mappings

{creation | disable}
Enables logging for NAT mapping.

creationLog only the creation of NAT mappings. By default,
both NAT mapping creation and deletion are logged.
disableDisable the logging of NAT mappings.
NOTE: The no form of the command returns the logging method to

its default, Syslog.
[no] service-group
group-name
Specifies the service group for the external log servers.
[no] severity severity-level
Specifies the severity level to assign to LSN traffic logs generated using
this template. Use the severity ? command to view the available
severity levels. You can enter the name or the number of a severity
level.
The default severity is 7 (debugging).
[no] source-port
{source-port | any}
Specifies the source protocol port the ACOS device uses to send out
log messages to the external log servers (1-65535).
NOTE: This does not conflict with the real server port, which is the
destination port of the logging packet.
If the any option is configured, the ACOS device randomly selects a
source-port for each logging packet.
The default source port is 514 (for UDP only).
NOTE:
The source-port command is only applicable to syslog over UDP, and does not
apply to TCP traffic. With syslog over TCP traffic, the source port is determined by
ACOS through Smart NAT.
Default
There is no NAT logging template by default. When you configure one, the template options
have the default values as described in the table above.
Mode
Configuration mode
Usage
The template keeps track as to which external clients were mapped to the NAT IP and load
balances multiple IP address requests. Therefore it can be used once VIPs are configured.
Example
The following commands show a configuration for external logging of SLB NAT activity.
ACOS(config)# ip nat pool pool1 20.0.0.1 20.0.0.1 netmask /32
ACOS(config)# ip nat template logging testlog
ACOS(config-nat logging)# log port-mappings both
ACOS(config-nat logging)# log session
ACOS(config-nat logging)# include-destination
ACOS(config-nat logging)# include-rip-rport
ACOS(config-nat logging)# service-group log
ACOS(config-nat logging)# exit
ACOS(config)# slb server rs1 20.0.0.6
ACOS(config-real server)# port 80 tcp
ACOS(config-real server-node port)# exit
ACOS(config-real server)# exit
ACOS(config)# slb server rs2 20.0.0.8
ACOS(config-real server)# port 80 tcp
ACOS(config)# slb server ls1 20.0.0.7
ACOS(config-real server)# port 514 udp
ACOS(config)# slb service-group sg1 udp
ACOS(config-slb svc group)# member ls1 514
ACOS(config-slb svc group-member:514)# exit
ACOS(config-slb svc group)# exit
ACOS(config)# slb virtual-server vip1 10.0.0.111
ACOS(config-slb vserver)# template logging testlog
ACOS(config-slb vserver)# show log
Log Output:
Apr 15 14:27:04 Apr 15 14:27:03 ACOS NAT-TCP-C: 10.0.0.12:25235 ->
20.0.0.1:2097 RS 20.0.0.7:80#015
...
ip nat translation
Description
Configure NAT timers.
Syntax
[no] ip nat translation

{
icmp-timeout {age seconds | fast} |
service-timeout {tcp | udp} portnum {age seconds | fast}
tcp-timeout seconds |
udp-timeout seconds
}
Parameter
Description
icmp-timeout
{age seconds | fast}
Specifies the minimum number of seconds NATted ICMP sessions can remain idle before
being terminated. You can specify 2-15000 seconds, or fast. The fast option terminates
the session as soon as a response is received.
The default is fast.
service-timeout
{tcp | udp} portnum
{age seconds | fast}
Specifies the minimum number of seconds NATted sessions on a specific protocol port
can remain idle before being terminated. The timeout set for an individual protocol port
overrides the global TCP or UDP timeout for NATted sessions. You can specify 2-15000 seconds, or fast. The fast option terminates the session as soon as a response is received.
By default, this is not set. For all service ports except UDP 53, the tcp-timeout or udptimeout setting is used. For UDP port 53, the SLB MSL time is used.
tcp-timeout seconds
Timeout for TCP sessions that are not ended normally by a FIN or RST. You can specify
2-15000 seconds:
udp-timeout seconds
The supported values and timer behavior for UDP sessions are the same as those for tcptimeout (described above).
Default
See descriptions.
Mode
Configuration mode
Usage
The timeout value you specify is the minimum number of seconds the session can remain
idle. It takes up to 60 seconds following expiration of the configured timeout value for the
session to be removed.
If you specify 2-31 seconds, the timeout takes place very rapidly, as close to the configured
timeout as possible.
If you specify 32-15000 seconds, the timeout value must be divisible by 60, and can be a
minimum of 1 minute. If the timeout is set to a value in the range 32-59, the timeout value is
rounded up to 60. Values in the range 61-14999 are rounded down to the nearest multiple of
60.
Example
The following command changes the TCP timeout to 120 seconds:

ACOS(config)# ip nat translation tcp-timeout 120
ip nat-global reset-idle-tcp-conn
Description
Enable client and server TCP Resets for NATted TCP sessions that become idle.
Syntax
[no] ip nat-global reset-idle-tcp-conn
Default
Disabled.
Mode
Configuration mode
ip prefix-list
Description
Configure an IPv4 prefix list.
Syntax
[no] prefix-list list-name

[description string]
[seq sequence-num]
{deny | permit}
{any | ipaddr/mask-length}
[ge prefix-length] [le prefix-length]
Parameter
Description
list-name
Name of the IP prefix list. The name can not contain blanks.
description string
Description of the IP prefix list.
seq sequence-num
Changes the sequence number of the IP prefix-list rule. The sequence number can
be 1-4294967295.
deny | permit
Action to take for IP addresses that match the prefix list.
any | ipaddr /mask-length
IP address and number of mask bits, from left to right, on which to match. If you
omit the ge and le options (described below), the mask-length is also the subnet
mask on which to match.
ge prefix-length
Specifies a range of prefix lengths on which to match. Any prefix length equal to or
greater than the one specified will match. For example, ge 25 will match on any of
the following mask lengths: /25, /26, /27, /28, /29, /30, /31, or /32.
le prefix-length
Specifies a range of prefix lengths on which to match. Any prefix length less than
or equal to the one specified will match. The lowest prefix length in the range is
the prefix specified with the IP address. For example, 192.168.1.0/24 le 28
will match on any of the following mask lengths: /24, /25, /26, /27, or /28.
Default
N/A
Mode
Configuration mode
Usage
You can use IP prefix lists to provide input to the OSPFv2 command area area-id filter-list on
page 136.
How Matching Occurs

Matching begins with the lowest numbered IP prefix-list rule and continues until the first
match is found. The action in the first matching rule is applied to the IP address. For example,
if the IP prefix list contains the following two rules, rule 5 is used for IP address 192.168.1.9,
even though the address also matches rule 10.
ip prefix-list 5 permit any
ip prefix-list 10 deny 192.168.1.0/24
The ge prefix-length and le prefix-length options enable you to specify a range of mask
lengths on which to match. If you do not use either option, the mask-length in the address (/
24 in the example above) specifies both the following:
Number of bits to match, from left to right
Mask length on which to match
If you use one or both of the ge or le options, the mask-length specifies only the number of
bits to match. The ge or le option specifies the mask length(s) on which to match.
The following rule matches on any address whose first octet is 10 and whose mask-length is
8:
ip prefix-list match_on_8bit_mask_only permit 10.0.0.0/8
IP address 10.10.10.10/8 would match this rule but 10.10.10.10/24 would not.
The following rule uses the le option to extend the range of mask lengths that match:
ip prefix-list match_on_24bit_mask_or_less permit 10.0.0.0/8 le 24
This rule matches on any address that has 10 in the first octet, and whose mask length is 24
bits or less. IP addresses 10.10.10.10/8 and 10.10.10.10/24 would both match this rule.
The following rule permits any address from any network that has a mask 16-24 bits long.
ip prefix-list match_any_on_16-24bit_mask permit 0.0.0.0/0 ge 16 le
24
Implied Deny any Rule

The IP prefix list has an implied deny any rule at the end. This rule is not visible and can not
be changed or deleted. If an IP address does not match any of the rules in the IP prefix list,
the ACOS device uses the implied deny any rule to deny the address.
Sequence Numbering
As described above, the sequence of rules in the IP prefix list can affect whether a given
address matches a permit rule or a deny rule.
When you configure the first IP prefix-list rule, the ACOS device assigns sequence number 5
to the rule by default. After that, the sequence number for each new rule is incremented by
5. If you explicitly set the sequence number of a rule, subsequent rules are still sequenced in
increasing increments of 5. For example, if you set the sequence number of the first rule to 7,
the next rule is 12 by default.
You can explicitly set the sequence number of a rule when you configure the rule. You also
can change the sequence number of a rule that is already configured.
Example
The following commands add descriptions to some IP prefix-list rule and display the results:
ACOS(config)# ip prefix-list aaa description Here_is_a_string_to_describe_the_rule.

ACOS(config)# ip prefix-list ccc description And_here_is_a_string_to_describe_this_rule.
ACOS(config)# show running-config | section ip prefix-list
ip prefix-list aaa description Here_is_a_string_to_describe_the_rule.
ip prefix-list aaa seq 5 permit any
ip prefix-list bbb seq 10 permit 192.168.1.0/24
ip prefix-list ccc description And_here_is_a_string_to_describe_this_rule.
ip prefix-list ccc seq 15 deny 10.10.10.0/8 le 24
ip route
Description
Configure a static IP route.
Syntax
[no] ip route destination-ipaddr {subnet-mask | /mask-length}

{
next-hop-ipaddr
[distance]
[description string] |
lif num next-hop-ipaddr
[distance]
partition partition-name
[vrid vrid]
tunnel num next-hop-ipaddr
[distance]
}
Syntax
[no] ip route static bfd local-ipaddr remote-ipaddr
Parameter
Description
destination-ipaddr
{subnet-mask | /mask-length}
Specifies the destination of the route. To configure a default route, specify

0.0.0.0/0.
next-hop-ipaddr
Specifies the next-hop router to use to reach the route destination. The address
must be in the same subnet as the ACOS device.
distance
Distance value for the route, 1-255.
partition partition-name
[vrid vrid]
Forwards the traffic to the specified L3V partition as the next hop. The vrid
option specifies the VRRP-A VRID, if applicable.
description string
Description of the static route.
Default
There are no static routes configured by default.
Mode
Configuration mode
Usage
If a destination can be reached by an explicit route (a route that is not a default route), then
the explicit route is used. If an explicit route is not available to reach a given destination, the
default route is used (if a default route is configured).
Example
The following command configures a default route using gateway 10.10.10.1 and the default
metric:
ACOS(config)# ip route 0.0.0.0/0 10.10.10.1
ip tcp syn-cookie threshold

Description
Modify the threshold for TCP handshake completion. The TCP handshake threshold is applicable when SYN cookies are active.
Syntax
[no] ip tcp syn-cookie threshold seconds
Parameter
Description
seconds
Number of seconds allowed for a TCP handshake to be completed. If

the handshake is not completed within the allowed time, the ACOS
device drops the session. You can specify 1-100 seconds.
Default
4 seconds
Mode
Configuration mode
Usage
The TCP handshake threshold is applicable only when software-based SYN cookies are
active. To enable support for software-based SYN cookies, use the syn-cookie enable
command at the virtual port level. (See the syn-cookie command in the Command Line
Interface Reference for more information.)
Example
The following command changes the TCP TCP handshake threshold to 15 seconds:
ACOS(config)# ip tcp syn-cookie threshold 15
Config Commands: IPv6
The IPv6 commands configure global IPv6 parameters.

ipv6 access-list
ipv6 address
ipv6 default-gateway
ipv6 frag timeout
ipv6 icmpv6 disable
ipv6 nat icmpv6 respond-to-ping
ipv6 nat inside source list
ipv6 nat pool
ipv6 nat pool-group
ipv6 neighbor
ipv6 ospf display route single-line
ipv6 prefix-list sequence-number
ipv6 route
NOTE:
To configure global IPv4 parameters, see Config Commands: IP on page 57.
ipv6 access-list
Description
Configure an extended IPv6 ACL.
Syntax
[no] ipv6 access-list name
This command changes the CLI to the configuration level for the ACL, where the following
ACL-related commands are available.
Syntax
[no] [seq-num] {permit | deny}

{ipv6 | icmp | geo-location name | object-group name}
{any | host host-src-ipv6addr | net-src-ipv6addr /mask-length |
object-group name}
{any | host host-dst-ipv6addr | net-dst-ipv6addr /mask-length |
object-group name}
[fragments] [vlan vlan-id] [dscp num]
[log]
Syntax
[no] [seq-num] {permit | deny} {tcp | udp}

{any | host host-src-ipv6addr | net-src-ipv6addr /mask-length |
object-group name}
[eq src-port | gt src-port | lt src-port |
range start-src-port end-src-port]
{any | host host-dst-ipv6addr | net-dst-ipv6addr /mask-length |
object-group name}
[eq src-port | gt src-port | lt src-port |
range start-src-port end-src-port]
[fragments] [vlan vlan-id] [dscp num]
[established]
[log]
Parameter
Description
seq-num
Sequence number of this rule in the ACL. You can use this option to
resequence the rules in the ACL.
deny | permit
Action to take for traffic that matches the ACL:

deny Drops the traffic.
permit Allows the traffic.
ipv6 | icmp | geo-location name |

object-group name
Type of traffic on which to match.
tcp | udp
Parameter
Description
any |
host host-src-ipv6addr |
net-src-ipv6addr /prefix-length |
object-group name
Source IP address(es) to filter.

any The ACL matches on all source IP addresses.
host host-src-ipv6addr The ACL matches only on the specified host IPv6 address.
net-src-ipv6addr /prefix-length The ACL matches on any
host in the specified subnet.
object-group name The ACL matches on the object group.
eq src-port |
gt src-port |
lt src-port |
range start-src-port end-src-port
For tcp or udp, the source protocol ports to filter.
any |
host host-dst-ipv6addr |
net-dst-ipv6addr /mask-length |
object-group name
Destination IP address(es) to filter.
eq dst-port |
gt dst-port |
lt dst-port |
range start-dst-port end-dst-port
For tcp or udp, the destination protocol ports to filter.
fragments
Matches on packets in which the More bit in the header is set (1) or has
a non-zero offset.
vlan vlan-id
Matches on the specified VLAN. VLAN matching occurs for incoming

traffic only.
dscp num
Matches on the 6-bit Diffserv value in the IP header, 1-63.
established
Matches on TCP packets in which the ACK or RST bit is not set. This
option is useful for protecting against attacks from outside. Since a TCP
connection from the outside does not have the ACK bit set (SYN only),
the connection is dropped. Similarly, a connection established from the
inside always has the ACK bit set. (The first packet to the network from
outside is a SYN/ACK.)
log
Configures the ACOS device to generate log messages when traffic

matches the ACL.
Syntax
eq src-port The ACL matches on traffic from the specified

source port.
gt src-port The ACL matches on traffic from any source port
with a higher number than the specified port.
lt src-port The ACL matches on traffic from any source port
with a lower number than the specified port.
range start-src-port end-src-port The ACL matches on
traffic from any source port within the specified range.
eq dst-port The ACL matches on traffic from the specified destination port.
gt dst-port The ACL matches on traffic from any destination
port with a higher number than the specified port.
lt dst-port The ACL matches on traffic from any destination
port with a lower number than the specified port.
range start-dst-port end-dst-port The ACL matches on
traffic from any destination port within the specified range.
[no] remark string
The remark command adds a remark to the ACL. The remark appears at the top of the ACL
when you display it in the CLI. The string can be 1-63 characters. To use blank spaces in the
remark, enclose the entire remark string in double quotes.
Default
None
Mode
Configuration mode
ipv6 address
Description
Configure the global IPv6 address of the ACOS device, when the device is deployed in transparent mode (Layer 2 mode).
Syntax
[no] ipv6 address ipv6-addr/prefix-length [link-local] [anycast]
Parameter
Description
ipv6-addr
Valid unicast IPv6 address.
prefix-length
Prefix length, up to 128.
link-local
Configures the address as the link-local IPv6 address for the interface, instead of a global
address. Without this option, the address is a global address.
anycast
Configures the address as an anycast address. An anycast address can be assigned to more than
one interface. A packet sent to an anycast address is routed to the nearest interface with that
address, based on the distance in the routing protocol.
Default
N/A
Mode
Configuration mode
Usage
This command applies only when the ACOS device is deployed in transparent mode. To
assign IPv6 addresses to individual interfaces instead (gateway mode), use the ipv6
address command at the interface configuration level. (See ipv6 address on page 26.)
Example
The following command configures global IPv6 address 2001:db8::1521:31ab/32:

ACOS(config)# ipv6 address 2001:db8::1521:31ab/32
ipv6 default-gateway
Description
Specify the default gateway to use to reach other IPv6 networks, when the ACOS device is
used in transparent mode (Layer 2 mode).
Syntax
[no] ipv6 default-gateway ipv6-addr
Replace ipv6-addr with the IPv6 address of the next-hop gateway.
Default
N/A
Mode
Configuration mode
Usage
This command applies only when the ACOS device is used in transparent mode. If you
instead want to use the device in gateway mode (Layer 3 mode), configure routing.
Example
The following command configures default IPv6 gateway 2001:db8::1521:31ac:

ACOS(config)# ipv6 default-gateway 2001:db8::1521:31ac
ipv6 frag timeout

Description
Configure the timeout for IPv6 packet fragments.
Syntax
[no] ipv6 frag timeout ms
Replace ms with the number of milliseconds (ms) the ACOS device buffers fragments for
fragmented IPv6 packets. If any fragments of an IPv6 packet do not arrive within the
specified time, the fragments are discarded and the packet is not re-assembled. You can
specify 4-16000 ms (16 seconds), in 10-ms increments.
Default
1000 ms (1 second)
Mode
Configuration mode
Usage
ipv6 icmpv6 disable

Description
Disable ICMPv6 messages.
Syntax
[no] ipv6 icmpv6 disable {redirect | unreachable}
Parameter
Description
redirect
Disables sending of ICMPv6 Redirect messages.
unreachable
Disables sending of ICMPv6 Destination Unreachable messages.
Default
Both types of ICMP messages are enabled.
Mode
Configuration mode
Usage
Example
The following command disables sending of IPv6 ICMP Destination Unreachable messages:
ACOS(config)# ipv6 icmpv6 disable unreachable
ipv6 nat icmpv6 respond-to-ping

Description
Enable ACOS to respond to ping requests sent to NAT addresses owned by the ACOS device.
Syntax
[no] ipv6 icmpv6 respond-to-ping
Default
Disabled.
ipv6 nat inside source list

Description
Inside configuration for IPv6 NAT.
Syntax
[no] ipv6 nat inside source list list-name pool pool-name
Parameter
Description
list-name
Name of the source list.
pool-name
Default
N/A
Mode
Configuration mode
ipv6 nat pool

Description
Configure a named set of IPv6 addresses for use by Network Address Translation (NAT).
Syntax
[no] ipv6 nat pool pool-name start-ipv6-addr end-ipv6-addr

netmask mask-length
[gateway ipaddr]
[ip-rr]
[vrid num]
Parameter
Description
pool-name
start-ipaddr
Beginning (lowest) IP address in the range.
end-ipaddr
Ending (highest) IP address in the range.
netmask
mask-length
Network mask for the IP addresses in the pool, 64-128.
gateway
ipv6-addr
Next-hop gateway address.
ip-rr
Uses pool IP addresses in round robin fashion. Without this option,

IP address selection from a NAT pool depends on the incoming
tuple and the usage of the NAT pool.
vrid num
VRRP-A VRID.
Default
None.
Mode
Configuration mode
Example
The following command configures an IPv6 address pool named ipv6pool2:

ACOS(config)# ipv6 nat pool ipv6pool2 abc1::1 abc1::10 netmask 96
ipv6 nat pool-group

Description
Configure a set of IPv6 pools for use by NAT. Pool groups enable you to use non-contiguous
IP address ranges, by combining multiple IPv6 address pools.
Syntax
[no] ipv6 nat pool-group pool-group-name

[vrid num]
Parameter
Description
pool-group-name
Name of the pool group.
vrid num
VRRP-A VRID.
This command changes the CLI to the configuration level for the specified pool group,
where the following command is available:
member pool-name
Replace pool-name with the name of a configured IP address pool.
Default
None.
Mode
Configuration mode
Usage
To use a non-contiguous range of addresses, configure a separate pool for each contiguous
portion of the range, then configure a pool group that contains the pools.
The addresses within an individual pool still must be contiguous, but you can have gaps
between the ending address in one pool and the starting address in another pool. You also
can use pools that are in different subnets.
For SLB, a pool group can contain up to 5 pools. Pool group members must belong to the
same protocol family (IPv4 or IPv6). A pool can be a member of multiple pool groups.
If a pool group contains pools in different subnets, the ACOS device selects the pool that
matches the outbound subnet. For example, of there are two routes to a given destination,
in different subnets, and the pool group has a pool for one of those subnets, ACOS selects
the pool that is in the subnet for the outbound route.
The ACOS device selects the pool whose addresses are in the same subnet as the next-hop
interface used by the data route table to reach the server.
ipv6 neighbor
Description
Configure a static IPv6 neighbor.
Syntax
[no] ipv6 neighbor ipv6-addr macaddr

{ethernet port-num | trunk TrunkID}
[vlan vlan-id]
Parameter
Description
ipv6-addr
IPv6 unicast address of the neighbor.
macaddr
MAC address of the IPv6 neighbor.
ethernet
port-num |
trunk
TrunkID
Ethernet interface or trunk connected to the neighbor.
vlan-id
VLAN for which to add the IPv6 neighbor entry. If you do not specify
the VLAN, the entry is added for all VLANs.
Default
N/A
Mode
Configuration mode
Usage
The neighbor must be directly connected to the ACOS devices Ethernet port you specify, or
connected through a Layer 2 switch.
Example
The following command configures IPv6 neighbor 2001:db8::1111:2222 with MAC address
abab.cdcd.efef, connected to the ACOS devices Ethernet port 5:
ACOS(config)# ipv6 neighbor 2001:db8::1111:2222 abab.cdcd.efef ethernet 5
ipv6 ospf display route single-line

Description
Change how IPv6 routes are displayed in the show ipv6 ospf route output.
Syntax
[no] ipv6 ospf display route single-line
Default
By default, this option is disabled. Routes are displayed on multiple lines.
Mode
Configuration mode
ipv6 prefix-list sequence-number

Description
Configure an IPv6 prefix list.
Syntax
[no] prefix-list list-name

[seq sequence-num]
{deny | permit}
{any | ipav6ddr/prefix-length}
[ge prefix-length] [le prefix-length]
Parameter
Description
list-name
Name of the IP prefix list. The name can not contain blanks.
description string
Description of the IP prefix list.
seq sequence-num
Changes the sequence number of the IP prefix-list rule. The sequence number can
be 1-4294967295.
deny | permit
Action to take for IP addresses that match the prefix list.
any | ipav6ddr/prefixlength
IP address and number of mask bits, from left to right, on which to match. If you
omit the ge and le options (described below), the mask-length is also the subnet
mask on which to match.
Parameter
Description
ge prefix-length
Specifies a range of prefix lengths on which to match. Any prefix length equal to or
greater than the one specified will match. For example, ge 25 will match on any of
the following mask lengths: /25, /26, /27, /28, /29, /30, /31, or /32.
le prefix-length
Specifies a range of prefix lengths on which to match. Any prefix length less than
or equal to the one specified will match. The lowest prefix length in the range is
the prefix specified with the IP address. For example, 192.168.1.0/24 le 28
will match on any of the following mask lengths: /24, /25, /26, /27, or /28.
Default
N/A
Mode
Configuration mode
Usage
You can use IP prefix lists to provide input to the OSPFv2 command area area-id filter-list on
page 136.
The rules for matching and sequence numbering are the same as those for IPv4 prefix lists.
(See ip prefix-list on page 77.)
ipv6 route
Description
Configure a static IPv6 route.
Syntax
[no] ipv6 route ipv6addr/prefix-length next-hop-ipv6addr

[ethernet num | trunk num | ve num]
[distance]
[no] ipv6 route static bfd [ethernet num | trunk num | ve num]
ipv6addr next-hop-ipv6addr
Parameter
Description
ipv6addr
IPv6 unicast address of the route destination.
prefix-length
Prefix length, 1-128.
next-hop-ipv6addr
IPv6 unicast address of the next-hop gateway to the destination.
distance
Distance value for the route, 1-255.
string
Description of the static route.
Default
N/A
Mode
Configuration mode
Usage
The ethernet, trunk, and ve options are available only if the ipv6addr is a link-local
address. Otherwise, the options are not displayed in the online help and are not supported.
If you use an individual Ethernet port, the port can not be a member of a trunk or a VE.
If you use a trunk, the trunk can not be a member of a VE.
After you configure the static route, you can not change the interfaces membership in
trunks or VEs. For example, if you configure a static route that uses Ethernet port 6s linklocal address as the next hop, it is not supported to later add the interface to a trunk or
VE. The static route must be removed first.
Example
The following command configures a static IPv6 route to destination 2001:db8::3333:3333/

32, though gateway 2001:db8::3333:4444:
ACOS(config)# ipv6 route 2001:db8::3333:3333/32 2001:db8::3333:4444
Example
The following command configures a default IPv6 route:

ACOS(config)# ipv6 route ::/0 abc1::1111
Example
The following command configures an IPv6 static route that uses Ethernet port 6s link-local
address as the next hop:
ACOS(config)# ipv6 route abaa:3::0/64 fe80::2 ethernet 6
Config Commands: Router RIP
This chapter describes the syntax for the Routing Information Protocol (RIP) commands. The commands are described in the
following sections:
Enabling RIP
Interface-level RIP Commands
IPv4 RIP Configuration Commands
RIP Show Commands
RIP Clear Commands
Enabling RIP
You can enable RIP for IPv4 and RIP for IPv6. Each version runs independently of the other. The ACOS device supports a single
IPv4 RIP process and a single IPv6 RIP process.
NOTE:
Optionally you also can enable RIPv1. RIPv1 and RIPv2 can be enabled separately for
inbound and outbound RIP traffic.
Enabling RIP for IPv4

To enable RIP for IPv4:
1. Use the router rip global configuration command to enable RIP and access the configuration level for global IPv4
RIP parameters:
ACOS(config)# router rip
ACOS(config-rip)#
2. From RIP routing configuration mode, use the network command to enable individual networks or interfaces. For
example:
ACOS(config-rip)# network 192.168.10.10/24
ACOS(config-rip)# network ethernet 3

This is the minimum required configuration. Additional configuration may be required depending on your deployment.
Enabling RIP for IPv6

To enable RIP for IPv6:
1. Use the router ipv6 rip global configuration command to enable RIP and access the configuration level for global
IPv4 RIP parameters:
ACOS(config)# router ipv6 rip
ACOS(config-rip)#
2. To enable IPv6 RIP on an individual interface:

a. Access the interface. For example:
b. Use the following command to enable IPv6 RIP on the interface:

ACOS(config-if:ethernet:6)# ipv6 router rip

In addition to global parameters, RIP has parameters on the individual interface level. To configure RIP on an interface, use
the interface command to access the configuration level for the interface, then use the ip rip or ipv6 rip command.
(See Config Commands: Interface on page 3.)

The configuration commands in the following sections are applicable to IPv4 RIP.
Global IPv4 RIP Commands

The commands in this section apply globally to the IPv4 RIP process.
To access the configuration level for a IPv4 RIP process, use the router rip command at the global configuration level of
the CLI.

the interface command to access the configuration level for the interface, then use the ip rip command. (See Config
Commands: Interface on page 3.)

cisco-metric-behavior
Description
Enable Cisco-compatible metric behavior. This option affects the display of metric values in
the RIP routing table.
Syntax
[no] cisco-metric-behavior {enable | disable}
Parameter
Description
enable
The metric values displayed for routes in the RIP routing table are the
values before modification by this RIP router (the ACOS device).
disable
values after modification by this RIP router (the ACOS device).
Default
disable
Mode
IPv4 RIP
default-information originate
Description
Enable generation of a default route into RIP.
Syntax
[no] default-information originate
Default
Disabled
Mode
IPv4 RIP
default-metric
Description
Configure the default metric value for routes that are redistributed into IPv4 RIP.
Syntax
[no] default-metric num
Replace num with the default metric, 1-16.
Default
Mode
IPv4 RIP

distance
Description
Set the administrative distance for IPv4 RIP routes.
Syntax
[no] distance num [ipaddr/mask-length [acl-id]]
Parameter
Description
num
Administrative distance, 1-255.
ipaddr/mask-length
Network prefix and mask length. The specified distance is

applied only to routes with a matching source address.
acl-id
ACL ID. The specified distance is applied only to routes that

match the source IP address in the ACL.
NOTE:
In the ACL, use the permit action, not the deny action.
Default
The default distance is 120.
Mode
IPv4 RIP
Usage
The administrative distance specifies the trustworthiness of routes. In cases where there are
multiple routes to the same destination, from different routing protocols, the administrative
distance can be used as a tie-breaker.
A low administrative distance value indicates a high level of trust. Likewise, a high
administrative distance value indicates a low level of trust. For example, setting the
administrative distance value for external routes to 255 means those routes are very
untrustworthy and should not be used.
distribute-list
Description
Configure filtering of route updates.
Syntax
[no] distribute-list {acl-id | prefix list-name} {in | out} [interface]
Parameter
Description
acl-id |
prefix list-name
ACL or prefix list that specifies the routes to filter. The action you
use in the ACL or prefix list determines whether matching routes
are allowed:
permit Matching routes are allowed.
deny Matching routes are prohibited.

Parameter
Description
in | out
Traffic direction for which to filter updates:

in Inbound route updates are filtered.
out Outbound route updates are filtered.
interface
Interface on which updates are filtered. You can specify the following types of interfaces:
ethernet portnum Ethernet data interface.
loopback [num] Loopback interface. If you do not specify an interface number, route updates are filtered out on all
loopback interfaces.
trunk trunknum Trunk interface.
ve ve-num Virtual Ethernet (VE) interface.
If no interface is specified, the filter applies to all interfaces.
NOTE:
The internal option is not applicable.
Default
Route updates are not filtered out.
Mode
IPv4 RIP
Usage
Distribute lists can be global or interface-specified:

If you do not specify an interface with the distribute list, the list is global.
If you do specify an interface with the distribute list, the list applies only to routes
received (in) or advertised (out) on that interface.
The ACOS device can have one global inbound distribute list and one global outbound
distribute list. Likewise, each interface can have one inbound distribute list and one
outbound distribute list.
For inbound updates, if the interface on which the update is received has a distribute list,
that distribute list is checked before the global distribute list. Likewise, for outbound updates,
the distribute list on the outbound interface is checked before the global distribute list. The
action (permit or deny) in the first distribute list that matches is used.
ACL Implicit Deny Rule

Every ACL has an implicit deny any rule at the end. Traffic that does not match any of the
explicitly configured rules in an ACL will match the implicit deny rule.
Example
The following commands allow incoming RIP routes only for network 30.30.30.0/24, and only
when received through Ethernet interface 4:
ACOS(config)#ip prefix-list rip-subnet-only permit 30.30.30.0/24
ACOS(config)#router rip
ACOS(config-router)#distribute-list prefix rip-subnet-only in ether-

net 4
Example
The following commands allow advertisement of RIP routes only for network 10.0.0.0/8, and
only when advertised through VE interface 45:
ACOS(config)# access-list 23 permit 10.0.0.0 0.255.255.255
ACOS(config-rip)# distribute-list 23 out ve 45
maximum-prefix
Description
Specify the maximum number of routes allowed in the IPv4 RIP route table.
Syntax
[no] maximum-prefix num [threshold]
Parameter
Description
num
Maximum number of RIP routes allowed. You can specify 1-2048.
threshold
Percentage of the maximum number of routes at which a warning is

generated. You can specify 1-100. The warnings appear in the routing
log.
Default
256. The default threshold is 75 percent.
Mode
IPv4 RIP
neighbor
Description
Specify a neighboring IPv4 RIP router.
Syntax
[no] neighbor ipaddr
Replace ipaddr with the IP address of the neighboring IPv4 RIP router.
Default
None
Mode
IPv4 RIP
Usage
Enter the command separately for each IPv4 RIP neighbor.

network
Description
Enable IPv4 RIP on a network.
Syntax
[no] network {ipaddr/mask-length | interface}
Parameter
Description
ipaddr/mask-length
Prefix and mask length of a IPv4 RIP network.
interface
Interface on which to enable RIP. You can specify the following types of interfaces:
loopback [num] Loopback interface. If you do not
specify an interface number, RIP is enabled on all loopback
interfaces.
If no interface is specified, RIP is enabled on all the interfaces.
Default
None
Mode
IPv4 RIP

offset-list
Description
Increase the metric for specific routes.
Syntax
[no] offset-list acl-id {in | out} offset [interface]
Parameter
Description
acl-id
ACL that matches on the routes for which to increase the metric.
in | out
Direction to which to apply the metric:

in Applies the additional metric value to routes received in
updates from RIP neighbors.
out Applies the additional metric value to routes advertised to
RIP neighbors.
offset
Additional metric to add to routes. You can specify 0-16.
interface
Interface on which to increase the metric. You can specify the following types of interfaces:
loopback [num] Loopback interface. If you do not specify an
interface number, the metric is increased on all loopback interfaces.
If no interface is specified, the metric is increased on all interfaces.
Default
Not set. The metric that is otherwise applied to the route by the RIP process is used.
Mode
IPv4 RIP
passive-interface
Description
Block RIP broadcasts from being sent on an interface.
Syntax
[no] passive-interface interface
Replace interface with the interface on which to block RIP broadcasts. You can specify the
following types of interfaces:
loopback [num] Loopback interface. If you do not specify an interface number, RIP
broadcasts are blocked on all loopback interfaces.
Default
None. RIP broadcasts are not blocked on any interfaces.
Mode
IPv4 RIP

recv-buffer-size
Description
Configure the receive buffer size for RIP UDP packets.
Syntax
[no] recv-buffer-size bytes
Replace bytes with the maximum RIP UDP packet size allowed. You can specify 81922147483647 bytes.
Default
8192
Mode
IPv4 RIP

redistribute
Description
Redistribute route information from other sources into RIP.
Syntax
[no] redistribute
{
bgp [options] |
connected [options] |
floating-ip [options] |
ip-nat-list [options] |
ip-nat [options] |
isis [options] |
lw4o6 [options] |
ospf [options] |
static [options] |
vip [only-flagged | only-not-flagged [options]]
}
Parameter
Description
bgp [options]
Redistributes route information from Border Gateway Protocol (BGP) into RIP. For options,
see the end of this parameter list.
connected [options]
Redistributes route information for directly connected networks into RIP. For options, see
the end of this parameter list.
floating-ip [options]
Redistributes route information for floating IP addresses into RIP. For options, see the end
of this parameter list.
ip-nat-list [options]
Redistributes routes into RIP for reaching translated NAT addresses allocated from a range
list. For options, see the end of this parameter list.
ip-nat [options]
Redistributes routes into RIP for reaching translated NAT addresses allocated from a pool.
For options, see the end of this parameter list.
isis [options]
Redistributes route information from Intermediate System to Intermediate System (IS-IS)

into RIP. For options, see the end of this parameter list.
lw406 [options]
Redistributes routes into OSPF for Lightweight 4over6. (This is an IPv6 Migration feature.)
ospf [options]
Redistributes route information from Open Shortest Path First (OSPF) into RIP. For options,
static [options]
Redistributes routes into RIP for reaching networks through static routes. For options, see
vip
[only-flagged |
only-not-flagged
[options]]
Redistributes routes into RIP for reaching virtual server IP addresses.

To control which VIPs are redistributed, use one of the following options:
only-flagged Redistributes only the VIPs on which the redistributionflagged command is used.
only-not-flagged Redistributes all VIPs except those on which the redistribution-flagged command is used.
For more information, see the Usage information for this command.
options - Optional parameters supported for the options listed above:
metric num Metric for the route, 0-16. There is no default.
route-map map-name Name of a route map. (To configure a route map, use the
route-map command at the global configuration level of the CLI.)

Default
Disabled. By default, RIP routes are not redistributed. For other defaults, see above.
Mode
IPv4 RIP
Usage
When you enable redistribution, routes to all addresses of the specified type are redistributed. The vip option can be used to control which routes to VIPs are redistributed into RIP.
VIP Redistribution
You can exclude redistribution of individual VIPs using one or the other of the following
methods.
If more VIPs will be excluded than will be allowed to be redistributed:
At the configuration level for each of the VIPs to allow to be redistributed, enter the
following command: redistribution-flagged
At the configuration level for the RIP process, enter the following command:
redistribute vip only-flagged
If fewer VIPs will be excluded than will be allowed to be redistributed:

At the configuration level for each of the VIPs to exclude from redistribution, enter
the following command: redistribution-flagged
At the configuration level for the RIP process, enter either of the following commands: redistribute vip only-not-flagged or redistribute vip
NOTE:
In the configuration, the redistribute vip command is automatically converted into the redistribute vip only-not-flagged command. When you
display the configuration, it will contain the redistribute vip only-notflagged command, not the redistribute vip command.
VIP Redistribution Usage Examples:

If you have 10 VIPs and all of them need to be redistributed by RIP, use the redistribute vip command at the configuration level for the RIP process.
If you have 10 VIPs but only 2 of them need to be redistributed, use the redistribution-flagged command at the configuration level for each of the 2 VIPs, then use
the redistribute vip only-flagged command at the configuration level for the
RIP process.
If you have 10 VIPs and need to redistribute 8 of them, use the redistributionflagged command at the configuration level for the 2 VIPs that should not be redistributed. Enter the redistribute vip only-not-flagged command at the configuration level for the RIP process. (In this case, alternatively, you could enter
redistribute vip instead of redistribute vip only-not-flagged.)
Example
The following commands redistribute floating IP addresses and VIP addresses into RIP:
ACOS(config-router)# redistribute floating-ip
ACOS(config-router)# redistribute vip
Example
The following commands flag a VIP, then configure RIP to redistribute only that flagged VIP.
The other (unflagged) VIPs will not be redistributed.

ACOS(config)# slb virtual-server vip1
ACOS(config-slb vserver)# redistribution-flagged
ACOS(config-slb vserver)# exit
ACOS(config-rip)# redistribute vip only-flagged
route
Description
Configure static RIP routes.
Syntax
[no] route ipaddr/prefix-length
Replace ipaddr/prefix-length with the destination of the route.
Default
None
Mode
IPv4 RIP
timers
Description
Configure RIP timers.
Syntax
[no] timers basic update timeout garbage-collection
Parameter
Description
update
Amount of time between transmission of RIP route updates to neighbors. You can specify 5-2147483647 seconds.
timeout
Maximum number of seconds the ACOS device waits for an update to

a RIP route before the route becomes invalid. You can specify
5-2147483647 seconds.
An invalid route remains in the route table and is not actually removed
until the garbage-collection timer expires. (See below.)
garbage-collection
Amount of time after a route becomes invalid that the route remains
in the route table before being removed. You can specify
5-2147483647 seconds.
Default
See descriptions.
Mode
IPv4 RIP
Usage
All RIP routers in the network should use the same timer values. However, the timers should
not be synchronized among multiple routers, since this can cause unnecessary collisions.

version
Description
Specify the RIP version to run.
Syntax
[no] version {1 [2] | 2}
Parameter
Description
RIP version 1.
RIP version 2.
Default
Mode
IPv4 RIP
Usage
The version you specify runs on all RIP interfaces on the ACOS device.
CAUTION:
RIPv1 is less secure than RIPv2. It is recommended to run RIPv2 if your other routers
support it.

The configuration commands in the following sections are applicable to IPv6 RIP.
Global IPv6 RIP Commands

The commands in this section apply globally to the IPv6 RIP process.
To access the configuration level for a IPv6 RIP process, use the router ipv6 rip command at the global configuration
level of the CLI:
ACOS(config)# router ipv6 rip
ACOS(config-rip)#

the interface command to access the configuration level for the interface, then use the ip rip or ipv6 rip command.
(See Config Commands: Interface on page 3.)

aggregate-address
Description
Configure an aggregate of multiple IPv6 RIP routes.
Syntax
[no] aggregate-address ipv6addr/mask-length
Replace ipv6addr/mask-length with the IPv6 address and prefix length of the aggregate. The
aggregate route will be used instead of the individual routes to destinations that match the
aggregates address and prefix.
Default
None
Mode
IPv6 RIP
cisco-metric-behavior
Description
Enable Cisco-compatible metric behavior. This option affects the display of metric values in
the RIP routing table.
Syntax
[no] cisco-metric-behavior {enable | disable}
Parameter
Description
enable
values before modification by this RIP router (the ACOS device).
disable
values after modification by this RIP router (the ACOS device).
Default
disable
Mode
IPv6 RIP
Description
Enable generation of a default route into RIP.
Syntax
Default
Disabled
Mode
IPv6 RIP
default-metric
Description
Configure the default metric value for routes that are redistributed into IPv6 RIP.
Syntax
[no] default-metric num

Replace num with the default metric, 1-16.
Default
Mode
IPv6 RIP
distribute-list
Description
Configure filtering of route updates.
Syntax
[no] distribute-list {acl-id | prefix list-name} {in | out}

[interface]
Parameter
Description
acl-id |
prefix list-name
ACL or prefix list that specifies the routes to filter. The action you
use in the ACL or prefix list determines whether matching routes
are allowed:
permit Matching routes are allowed.
deny Matching routes are prohibited.
in | out
Traffic direction for which to filter updates:

in Inbound route updates are filtered.
out Outbound route updates are filtered.
interface
Interface on which updates are filtered. You can specify the following types of interfaces:
loopback [num] Loopback interface. If you do not specify an interface number, route updates are filtered out on all
loopback interfaces.
If no interface is specified, the filter applies to all interfaces.
Default
Route updates are not filtered out.
Mode
IPv6 RIP
Usage
Distribute lists can be global or interface-specified:

If you do not specify an interface with the distribute list, the list is global.
If you do specify an interface with the distribute list, the list applies only to routes
received (in) or advertised (out) on that interface.
The ACOS device can have one global inbound distribute list and one global outbound
distribute list. Likewise, each interface can have one inbound distribute list and one
outbound distribute list.
For inbound updates, if the interface on which the update is received has a distribute list,
that distribute list is checked before the global distribute list. Likewise, for outbound updates,

the distribute list on the outbound interface is checked before the global distribute list. The
action (permit or deny) in the first distribute list that matches is used.
ACL Implicit Deny Rule

Every ACL has an implicit deny any rule at the end. Traffic that does not match any of the
explicitly configured rules in an ACL will match the implicit deny rule.

neighbor
Description
Specify a neighboring IPv6 RIP router.
Syntax
[no] neighbor ipv6addr interface
Parameter
Description
ipv6addr
Link-local IPv6 address of the neighboring IPv6 RIP router.
interface
Interface on which the neighbor can be reached. You can specify the
Default
None
Mode
IPv6 RIP
Usage
Enter the command separately for each IPv4 RIP neighbor.
offset-list
Description
Increase the metric for specific routes.
Syntax
[no] offset-list acl-id {in | out} offset [interface]
Parameter
Description
acl-id
ACL that matches on the routes for which to increase the metric.
in | out
Direction to which to apply the metric:

in Applies the additional metric value to routes received in
updates from RIP neighbors.
out Applies the additional metric value to routes advertised to RIP
neighbors.
offset
Additional metric to add to routes. You can specify 0-16.
interface
Interface on which to increase the metric. You can specify the following types of interfaces:
interface number, the metric is increased on all loopback interfaces.
If no interface is specified, the metric is increased on all interfaces.
Default
Not set. The metric that is otherwise applied to the route by the RIP process is used.
Mode
IPv6 RIP

passive-interface
Description
Block RIP broadcasts from being sent on an interface.
Syntax
[no] passive-interface interface
Replace interface with the interface on which to block RIP broadcasts. You can specify the
loopback [num] Loopback interface. If you do not specify an interface number, RIP
broadcasts are blocked on all loopback interfaces.
Default
None. RIP broadcasts are not blocked on any interfaces.
Mode
IPv6 RIP
recv-buffer-size
Description
Configure the receive buffer size for RIP UDP packets.
Syntax
[no] recv-buffer-size bytes
Replace bytes with the maximum RIP UDP packet size allowed. You can specify 81922147483647 bytes.
Default
8192
Mode
IPv6 RIP
redistribute
Description
Redistribute route information from other sources into RIP.

Syntax
[no] redistribute
{
bgp [options] |
ip-nat [options] |
isis [options] |
ospf [options] |
static [options] |
vip [only-flagged | only-not-flagged [options]]
}
Parameter
Description
bgp [options]
Redistributes route information from Border Gateway Protocol (BGP) into RIP. For options,
connected [options]
Redistributes route information for directly connected networks into RIP. For options, see
Redistributes route information for floating IP addresses into RIP. For options, see the end
of this parameter list.
ip-nat [options]
Redistributes routes into RIP for reaching translated NAT addresses allocated from a pool.
Redistributes routes into RIP for reaching translated NAT addresses allocated from a range
list. For options, see the end of this parameter list.
isis [options]
Redistributes route information from Intermediate System to Intermediate System (IS-IS)

into RIP. For options, see the end of this parameter list.
ospf [options]
static [options]
Redistributes routes into RIP for reaching networks through static routes. For options, see
vip
[only-flagged |
only-not-flagged |
[options]]
Redistributes routes into RIP for reaching virtual server IP addresses.

To control which VIPs are redistributed, use one of the following options:
only-flagged Redistributes only the VIPs on which the redistributionflagged command is used.
only-not-flagged Redistributes all VIPs except those on which the redistribution-flagged command is used.
See Usage below for more information.
options - Optional parameters supported for the options listed above:
metric num Metric for the route, 0-16. There is no default.
route-map map-name Name of a route map. (To configure a route map, use the
route-map command at the global configuration level of the CLI.)
Default
Disabled. By default, RIP routes are not redistributed. For other defaults, see above.
Mode
IPv6 RIP
Usage
When you enable redistribution, routes to all addresses of the specified type are redistributed. The vip option can be used to control which routes to VIPs are redistributed into RIP.

VIP Redistribution
methods.
At the configuration level for the RIP process, enter the following command:
redistribute vip only-flagged

At the configuration level for the RIP process, enter either of the following commands: redistribute vip only-not-flagged or redistribute vip
NOTE:

If you have 10 VIPs and all of them need to be redistributed by RIP, use the redistribute vip command at the configuration level for the RIP process.
RIP process.
If you have 10 VIPs and need to redistribute 8 of them, use the redistributionflagged command at the configuration level for the 2 VIPs that should not be redistributed. Enter the redistribute vip only-not-flagged command at the configuration level for the RIP process. (In this case, alternatively, you could enter
redistribute vip instead of redistribute vip only-not-flagged.)
route
Description
Configure static RIP routes.
Syntax
[no] route ipv6addr/prefix-length
Replace ipv6addr/prefix-length with the destination of the route.
Default
None
Mode
IPv6 RIP

route-map
Description
Configure a list of interfaces to use as input to other RIP commands.
Syntax
[no] route-map map-name {in | out} interface
Parameter
Description
map-name
Name of the route map.
in | out
Direction to which the map applies:

in Applies to incoming routes received in updates from RIP neighbors.
out Applies to routes advertised to RIP neighbors.
interface
Interface to which to apply the route map. You can specify the following
types of interfaces:
interface number, the route map is applied to all loopback interfaces.
Default
None
Mode
IPv6 RIP

RIP Show Commands
timers
Description
Configure RIP timers.
Syntax
[no] timers basic update timeout garbage-collection
Parameter
Description
update
Amount of time between transmission of RIP route updates

to neighbors. You can specify 5-2147483647 seconds.
timeout
Maximum number of seconds the ACOS device waits for an

update to a RIP route before the route becomes invalid. You
can specify 5-2147483647 seconds.
An invalid route remains in the route table and is not actually
removed until the garbage-collection timer expires. (See
below.)
The defaul tis 180 seconds.
garbage-collection
Amount of time after a route becomes invalid that the route

remains in the route table before being removed. You can
specify 5-2147483647 seconds.
Default
See descriptions.
Mode
IPv6 RIP
Usage
All RIP routers in the network should use the same timer values. However, the timers should
not be synchronized among multiple routers, since this can cause unnecessary collisions.
RIP Show Commands

This section lists the RIP show commands:
show ip rip database
show ipv6 rip database

RIP Show Commands

Description
Display the RIP IPv4 route database.
Syntax
Mode
All
Example
The following command displays the IPv4 RIP database:
ACOS(config)# show ip rip database

Codes: R - RIP, Rc - RIP connected, Rs - RIP static, K - Kernel,
C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP,
v - VIP, V - VIP selected, N - IP NAT group,
n - IP NAT, f - Floating IP
Network
Rc 1.0.3.0/24
R 1.0.4.0/24
Rc 12.0.0.0/24
Next Hop
12.0.0.2
Metric From
1
2 12.0.0.2
1
Parameter
Description
Codes
R - RIP
If
Time
ethernet 5
ethernet 2 02:59
ethernet 2
Rc - RIP connected
Rs - RIP static
K - Kernel
C - Connected
S - Static
O - OSPF
I - IS-IS
B - BGP,
v - VIP
V - VIP selected
N - IP NAT group,
n - IP NAT
f - Floating IP
Network
Destination network and subnet mask.
Next Hop
Next hop IP address.
Metric
Cost of the route.
From
IP address of the originating router.

RIP Show Commands
Parameter
Description
If
Outgoing interface.
Time
Remaining lifetime of the route.

Description
Display the RIP IPv4 route database.
Syntax
Mode
All
Example
The following command displays the IPv6 RIP database:
ACOS(config)# show ipv6 rip database

Codes: R - RIP, Rc - RIP connected, Rs - RIP static, Ra - RIP aggregated,
Rcx - RIP connect suppressed, Rsx - RIP static suppressed,
K - Kernel, C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP,
v - VIP, V - VIP selected, N - IP NAT group,
n - IP NAT, f - Floating IP
Rc
Rc
R
Network
3000::/64
3ff3::/64
3ff4::/64
Next Hop
::
::
fe80::21f:a0ff:fe10:a4a6
If
Met Tag Time
ethernet 2 1
0
ethernet 5 1
0
ethernet 2 2
0 02:59

RIP Clear Commands
Parameter
Description
Codes
R - RIP
Rc - RIP connected
Rs - RIP static
Ra - RIP aggregated
Rcx - RIP connect suppressed
Rsx - RIP static suppressed
K - Kernel
C - Connected
S - Static
O - OSPF
I - IS-IS
B - BGP,
v - VIP
V - VIP selected
N - IP NAT group,
n - IP NAT
f - Floating IP
Network
Destination network and subnet mask.
Next Hop
Next hop IP address.
If
Outgoing interface.
Metric
Cost of the route.
Tag
Tag information of the route.
Time
Remaining lifetime of the route.
RIP Clear Commands

This section lists the RIP clear commands:
clear ip rip route
clear ipv6 rip route

RIP Clear Commands
clear ip rip route

Description
Clears routes from the IPv4 RIP table.
Syntax
clear ip rip route {ipaddr/mask-length | rip}
Mode
Parameter
Description
ipaddr/mask-length
Replace ipaddr/mask-length to clear the route to the specified network.
rip
Clears all RIP routes from the table.
Privileged EXEC or any configuration level

Description
Clears routes from the IPv6 RIP table.
Syntax

{ipv6addr/mask-length | rip}
Mode
Parameter
Description
ipv6addr/mask-length
Clears the route to the specified network.
rip
Clears all RIP routes from the table.
Privileged EXEC or any configuration level
Config Commands: Router OSPF
This chapter describes the commands for configuring global OSPFv2 and OSPFv3 parameters.
The following sections are covered:
Enabling OSPF
Configuration Commands Applicable to OSPFv2 or OSPFv3
Configuration Commands Applicable to OSPFv2 Only
OSPF Show Commands
Enabling OSPF
To enable OSPF, use one of the following commands at the global configuration level of the CLI. Each command changes the
CLI to the configuration level for the specified OSPFv2 process ID or OSPFv3 process tag.
Enable OSPFv2
To enable OSPFv2, use the following command:
ACOS(config)#router ospf [process-id]
The process-id specifies the IPv4 OSPFv2 process to run on the ACOS device, and can be 1-65535.
Enable OSPFv3
To enable OSPFv3, use the following command:
ACOS(config)#router ipv6 ospf [tag]
The tag specifies the IPv6 OSPFv3 process to run on the IPv6 link, and can be 1-65535.

NOTE:
NOTE:
For OSPFv3, the area tag ID configured on an interface must be the same as the tag ID
for the OSPF instance.
Interface-level OSPF Commands

In addition to global parameters, OSPF has parameters on the individual interface level. To configure OSPF on an interface,
use the interface command to access the configuration level for the interface, then use the ip ospf or ipv6 ospf
command. (See Config Commands: Interface on page 3.)
Show Commands
To display OSPF settings, use the show {ip | ipv6} ospf command.
Configuration Commands Applicable to OSPFv2 or

OSPFv3
The following configuration commands are applicable to OSPFv2 and OSPFv3.
The commands in this section apply throughout the OSPFv2 process or OSPFv3 process in which the commands are
entered.
abr-type
Description
Specify the Area Border Router (ABR) type.
Syntax
[no] abr-type {cisco | ibm | standard}
Parameter
Description
cisco
Alternative ABR using Cisco implementation (RFC 3509).
ibm
Alternative ABR using IBM implementation (RFC 3509).
standard
Standard ABR behavior (RFC 2328)
Default
cisco
Mode
OSPFv3

area area-id default-cost

Description
Specify the cost of a default summary route sent into a stub area.
Syntax
[no] area area-id default-cost num
Parameter
Description
area-id
Area ID, either an IP address or a number.
num
Cost of the default summary route, 0-16777214.
Default
The default is 1.
Mode
OSPFv2 or OSPFv3
Example
The following command assigns a cost of 4400 to default summary routes injected into stub
areas:
ACOS(config-ospf:1)#area 5.5.5.5 default-cost 4400
area area-id range

Description
Summarize routes at an area boundary.
Syntax
[no] area area-id range ipaddr/mask-length

[advertise | not-advertise]
Parameter
Description
area area-id
Beginning area ID (either an IP address or a number).
range
Ending area ID.
ipaddr
Subnet address for the range.
/mask-length
Network mask length for the range.
advertise
Generates Type 3 summary LSAs for the areas in the range.
not-advertise
Does not generate Type 3 summary LSAs. The networks are hidden from other networks.
Default
There is no default range configuration. When you configure a range, the default advertisement string is advertise.
Mode
OSPFv2 or OSPFv3
Example
The following command configures a range and disables advertisement of routes into the
areas:
ACOS(config-ospf:1)#area 8.8.8.8 range 10.10.10.10/16 not-advertise

area area-id stub

Description
Configure a stub area.
Syntax
[no] area area-id stub [no-summary]
Parameter
Description
area-id
Area ID.
no-summary
ABRs do not send summary LSAs into the stub area.
Default
None
Mode
OSPFv2 or OSPFv3
Example
The following command configures a stub area with area ID 10.2.4.5:

ACOS(config-ospf:1)#area 10.2.4.5 stub
area area-id virtual-link

Description
Configure a link between two backbone areas that are separated by non-backbone areas.
Syntax
[no] area area-id virtual-link ipaddr

[authentication]
[authentication-key string [string ...]]
[dead-interval seconds]
[fall-over bfd]
[hello-interval seconds]
[message-digest-key num md5 string [string ...]]
[retransmit-interval seconds]
[transmit-delay seconds]
Parameter
Description
area-id
ipaddr
IP address of the OSPF neighbor at the other end of the link.
authentication
Enables authentication on the link.
authentication-key string
[string ...]
Specifies a simple text password for authenticating OSPF traffic

between this router and the neighbor at the other end of the virtual
link. The string is an 8-character authentication password.
dead-interval seconds
Number of seconds this OSPF router will wait for a reply to a hello
message sent to the neighbor on the other end of the virtual link,
before declaring the neighbor to be offline. You can specify 1-65535
seconds.
fall-over bfd
Enable fall-over detection.

Parameter
Description
hello-interval seconds
Number of seconds this OSPF router waits between sending hello

messages to the neighbor on the other end of the virtual link. You can
specify 1-65535 seconds.
message-digest-key num
md5 string [string ...]
Specifies an MD5 key, 1-255. The string is a 16-character authentication

password.
retransmit-interval seconds
Number of seconds this OSPF router waits before resending an unacknowledged packet to the neighbor on the other end of the virtual
link. You can specify 1-65535 seconds.
Number of seconds this OSPF router waits between sending packets
to the neighbor on the other end of the virtual link. You can specify
1-65535 seconds.
transmit-delay seconds
The default is 1 second.
Default
None. When you configure a virtual link, it has the default settings described in the table
above.
Mode
OSPFv2 or OSPFv3
auto-cost reference bandwidth

Description
Change the reference bandwidth used by OSPF to calculate default metrics.
Syntax
[no] auto-cost reference-bandwidth mbps
Replace mbps with the reference bandwidth, in Mbps. You can specify 1-4294967.
Default
100 Mbps
Mode
OSPFv2 or OSPFv3
Usage
By default, OSPF calculates the OSPF metric for an interface by dividing the reference bandwidth by the interface bandwidth. This command differentiates high-bandwidth links from
lower-bandwidth links. If multiple links have high bandwidth, specify a larger reference
bandwidth so that the cost of those links is differentiated from the cost of lower-bandwidth
links.
Description
Enable BFD on all interfaces for which OSPF is running.
Syntax
[no] bfd all-interfaces
Default
Disabled
Mode
OSPFv2 or OSPFv3
bfd

2.7.1
Description
Clear all or specific OSPF neighbors.
Syntax
clear ip ospf [process-id]

{
process |
neighbor
{all | neighbor-id | interface
{interface-ip-address [neighbor-ip-address]}}
}
clear
clear ipv6 ospf [process-tag]

{
process |
neighbor
{all | neighbor-id |
interface-name [neighbor-id]}
}
Parameter
Description
process-id
Specifies the IPv4 OSPFv2 process to run on the device,

and can be 1-65535.
process-tag
Specifies the IPv6 OSPFv3 process to run on the IPv6 link,

and can be 1-65535.
neighbor-id
Router-id of the OSPF device.
neighbor-ip-address
IP address of the interface for the neighboring device.
interface-ip-address
IP address of the interface of the device on which the

OSPF neighbor exists.
Default
N/A
Mode
OSPFv2 or OSPFv3
2.7.1
Usage
Using OSPFv2, the CLI enables you to indicate an interface IP Address of the ACOS device.
Using OSPFv3, the CLI enables you to specify the interface name for a specific neighbor.
Example

ACOS(config)#clear ip ospf neighbor all
Example

ACOS(config)#clear ip ospf neighbor 192.1.1.1
Example
The following command clears all neighbors on an interface:

ACOS(config)#clear ip ospf neighbor interface 10.1.1.10
Example
The following command clears a neighbor on a specified interface to a specified router:

ACOS(config)#clear ip ospf neighbor interface 10.1.1.10 192.1.1.10
Example

ACOS(config)#clear ipv6 ospf 5 neighbor all
Example

ACOS(config)#clear ipv6 ospf neighbor 192.1.1.1
Example
The following command clears all OSPFv3 neighbors on a specified

interface:
ACOS(config)#clear ipv6 ospf neighbor ethernet 1
Example
The following command clears all neighbors on a specified interface to a specific router:
ACOS(config)#clear ipv6 ospf neighbor ethernet 1 192.1.1.1
default-metric
Description
Set the numeric cost that is assigned to OSPF routes by default. The metric (cost) is added to
routes when they are redistributed.
Syntax
[no]
default-metric num
Replace num with the default cost, 0-16777214.
Default
20
Mode
OSPFv2 or OSPFv3
Example
The following command configures a default metric of 6666:

ACOS(config-router)#default-metric 6666
distribute-internal
Description
Enable redistribution of ACOS-specific resources as internal routes (type-1 LSAs).
Syntax
[no] distribute-internal
{lw4o6 [options] | floating-ip | ip-nat | ip-nat-list | vip | viponly-flagged} area area-id [cost num]
Default
Distribute-internal for router IPv6 OSPF:
Syntax
[no] distribute-internal
{lw4o6 [options] | nat64 | floating-ip | ip-nat | ip-nat-list | vip
| vip-only-flagged}

Description
Parameter
Description
lw4o6 [options]
Redistributes LW4o6 routes into OSPF.
nat64
Redistributes NAT64 routes into OSPF.
floating-ip
[options]
Redistributes routes into OSPF for reaching floating IP addresses.
ip-nat
Redistributes routes into OSPF for reaching translated NAT

addresses allocated from a pool.
ip-nat-list
Redistributes routes into OSPF for reaching translated NAT

addresses allocated from a range list.
vip
Redistributes routes into OSPF for reaching virtual server IP

addresses.
vip-only-flagged
Same as the vip option, but applies only to VIPs on which the
redistribution-flagged option is enabled.
Default
Disabled. By default, OSPF routes are not redistributed. For other defaults, see above.
Mode
OSPFv2 or OSPFv3
Usage
Routes that are redistributed into OSPF as external routes are redistributed as type-5 link state
advertisement (LSAs). Routes that are redistributed into OSPF as internal routes are redistributed as type-1 LSAs.
You can enable either external or internal redistribution for a given ACOS-specific resource
type.
Example
The following command enables internal distribution into OSPF area 0, of routes to all VIPs
configured on the ACOS device, and assigns cost 11 to the routes:
ACOS(config-router)#distribute-internal vip area 0 cost 11
Example
The following command enables internal distribution into OSPF area 1, of routes to VIPs that
have the redistribution-flagged option, and assigns cost 21 to the routes:
ACOS(config-router)#distribute-internal vip-only-flagged area 1 cost
21
Example
The following command enables internal distribution into OSPF area 5, of routes to floating
IP addresses, and assigns cost 555 to the routes:
ACOS(config-router)#distribute-internal floating-ip area 5 cost 555
Example
The following command displays the OSPF IPv4 route table. The routes configured for internal distribution are indicated by internal.
ACOS(config-router)#show ip ospf route
OSPF process 11:
counter = 6
Codes: C - connected, D - Discard, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
C
6.1.1.0/24 [10] is directly connected, ve 6, Area 0.0.0.0
C 111.1.1.2/32 [21] is directly connected, internal vip-onlyflagged, Area 0.0.0.1

C 111.1.1.3/32 [11] is directly connected, internal vip, Area
0.0.0.0
C 114.1.1.1/32 [21] is directly connected, internal vip-onlyflagged, Area 0.0.0.1
C 200.1.1.2/32 [555] is directly connected, internal floating-ip,
Area 0.0.0.5
ha-standby-extra-cost
Description
Enable OSPF awareness of VRRP-A.
Syntax
[no] ha-standby-extra-cost cost [group group-num]
Parameter
Description
cost
Extra cost to add to the ACOS devices OSPF interfaces, if the VRRP-A
status of one or more of the devices VRIDs is Standby (1-65535).
If the resulting cost value is more than 65535, the cost is set to 65535.
group-num
A specific VRRP-A VRID that will incur the specified cost; if none are
specified, all VRIDs will incur the extra cost.
NOTE: This option is only available for OSPFv2.
Default
Not set. The OSPF protocol on the ACOS device is not aware of the VRRP-A state (Active or
Standby) of the ACOS device.
Mode
OSPFv2 or OSPFv3
Usage
Enter the command on each of the ACOS devices in the VRRP-A VRID..
log-adjacency-changes
Description
Log changes in adjacency state.

Syntax
log-adjacency-changes {detail | disable}
Parameter
Description
detail
Enable the logging of all changes in adjacency state.
disable
Disable logging.
Default
Logging is enabled in brief mode by default.
Mode
OSPFv3
Usage
In brief mode, the following state changes are logged:

FULL -> XXXX
XXXX -> FULL
XXXX -> DOWN
In detail mode, all state changes will be logged. In disable mode, no state changes are
logged.
Example
Enable the logging of all adjacency state changes.

ACOS(config)#router ipv6 ospf 2
ACOS(config-ospf:2)#log-adjacency-changes detail
max-concurrent-dd
Description
Set the maximum number of OSPF neighbors that can be processed concurrently during
database exchange between this OSPF router and its OSPF neighbors.
Syntax
[no] max-concurrent-dd num
Replace num with the maximum number of neighbors that can be processed at the same
time during database exchange. You can specify 1-65535.
Default
Not set (no limit)
Mode
OSPFv2 or OSPFv3
Usage
This command is useful in cases where router performance is being adversely affected by
processing of neighbor adjacencies.
passive-interface
Description
Disable Link-State Advertisements (LSAs) from being sent on an interface.
Syntax
[no] passive-interface
{ethernet portnum | lif num | loopback num | ve ve-num}

Default
LSAs are enabled. (No interfaces are passive.)
Mode
OSPFv2 or OSPFv3
Example
The following command configures a passive interface on the Virtual Ethernet (VE) interface
on VLAN 3:
ACOS(config-router)#passive-interface ve 3
redistribute
Description
Enable distribution of routes from other sources into OSPF.
Syntax
[no] redistribute
{
bgp [options] |
ip-nat [ipaddr/mask-length
floating-IP-forward-address ipaddr] [options] |
isis [options] |
lw4o6 [options] |
ospf [process-id] [options] |
rip [options] |
static [options] |
vip [ipaddr floating-IP-forward-address ipaddr |
{only-flagged | only-not-flagged}] [options]
}
Parameter
Description
bgp [options]
Redistributes routes into OSPF for reaching BGP. For options, see the
end of this parameter list.
connected [options]
Redistributes routes into OSPF for reaching directly connected networks. For options, see the end of this parameter list.
Redistributes routes into OSPF for reaching floating IP addresses. For

options, see the end of this parameter list.
ip-nat
[ipaddr/mask-length |
floating-IP-forward-address ipaddr]
[options]
Redistributes routes into OSPF for reaching translated NAT addresses

allocated from a pool.
By default, the forward address for all redistributed NAT pool
addresses is 0.0.0.0. To set a floating IP address as the forward address,
use the ipaddr/mask-length] option to specify the NAT pool address.
The floating-IP-forward-address ipaddr option specifies the forward address to use when redistributing the route to the NAT pool
address.

Parameter
Description
Redistributes routes into OSPF for reaching translated NAT addresses

allocated from a range list. For options, see the end of this parameter
list.
isis [options]
Redistributes routes into OSPF for IS-IS.
lw406 [options]
Redistributes routes into OSPF for Lightweight 4over6. (This is an IPv6

Migration feature.)
ospf [process-id] [options]
Redistributes routes into this OSPFv2 process for reaching networks in

another OSPFv2 process. For options, see the end of this parameter
list.
rip [options]
Redistributes routes into OSPF for RIP.
static [options]
Redistributes routes into OSPF for reaching networks through static

routes. For options, see the end of this parameter list.
vip
[ipaddr
floating-IP-forward-address ipaddr |
{only-flagged | only-not-flagged}]
[options]
Redistributes routes into OSPF for reaching virtual server IP addresses.

By default, the forward address for all redistributed VIPs is 0.0.0.0. To
set a floating IP address as the forward address, use the ipaddr option
to specify the VIP address. Use the floating-IP-forwardaddress option to specify the forward address to use when redistributing the route to the VIP.
To control which VIPs are redistributed, use one of the following
options:
only-flagged Redistributes only the VIPs on which the
redistribution-flagged command is used.
only-not-flagged Redistributes all VIPs except those on which
the redistribution-flagged command is used.
For more information, see the Usage section for this command.
options - Optional parameters supported for the options above:
metric-type {1 | 2} External link type associated with
the route advertised into the OSPF routing domain (1 for Type 1
external route, or 2 for Type 2 external route).
metric num Metric for the route, 0-16777214. The default is
20.
route-map map-name Name of a route map. (To configure a
route map, see the route-map command in the Command Line
Interface Reference.
tag num Includes the specified tag value in external Link-State
Advertisements (LSAs). Inter-domain routers running Border
Gateway Protocol (BGP) can be configured to make routing decisions based on the tag value. The tag value can be
0-4294967295. The default is 0.

Default
Disabled. By default, OSPF routes are not redistributed. For other defaults, see above.
Mode
OSPFv2 or OSPFv3
Usage
When you enable redistribution, routes to all addresses of the specified type are redistributed. You can use the vip option to control which routes to VIPs are redistributed into OSPF.
By default, the ACOS device uses 0.0.0.0 as the forward address in routes that are
redistributed in OSPF type-5 link state advertisement (LSAs). In this case, other OSPF routers
find a route to reach the ACOS device (which is acting as OSPF ASBR), then use the
corresponding next-hop address as the next hop for the destination network. You can
specify a floating IP address to use as the forward address, for individual NAT pools or VIPs.
(See the syntax above.)
VIP Redistribution
methods.
At the configuration level for the OSPFv2 process or OSPFv3 process, enter the following command: redistribute vip only-flagged
At the configuration level for the OSPFv2 process or OSPFv3 process, enter either of
the following commands: redistribute vip only-not-flagged or redistribute vip
NOTE:
If you have 10 VIPs and all of them need to be redistributed by OSPF, use the redistribute vip command at the configuration level for the OSPF process.
OSPFv2 process or OSPFv3 process.
If you have 10 VIPs and need to redistribute 8 of them, use the redistributionflagged command at the configuration level for the 2 VIPs that should not be redistributed. Enter the redistribute vip only-not-flagged command at the configuration level for the OSPFv2 process or OSPFv3 process. (In this case, alternatively,

you could enter redistribute vip instead of redistribute vip only-notflagged.)
Example
The following commands redistribute floating IP addresses and VIP addresses into OSPF:
ACOS(config-router)# redistribute floating-ip
ACOS(config-router)# redistribute vip
Example
The following commands flag a VIP, then configure OSPF to redistribute only that flagged VIP.
The other (unflagged) VIPs will not be redistributed.
ACOS(config)# slb virtual-server vip1
ACOS(config-slb vserver)# redistribution-flagged
ACOS(config-slb vserver)# exit
ACOS(config)# router ospf
ACOS(config-ospf)# redistribute vip only-flagged
Example
The following command enables redistribution of VIPs, and sets tag value 555 to be included
in external LSAs that advertise the route to the VIP:
ACOS(config-router)# redistribute vip metric-type 1 metric 1 tag 555
router-id
Description
Set the value used by this OSPF router to identify itself when exchanging route information
with other OSPF routers.
Syntax
[no] router-id ipaddr
NOTE:
The syntax for this command is slightly different for OSPFv2. See ospf router-id on
page 144.
Default
The default router ID is the highest-numbered IP address configured on any of the ACOS
devices loopback interfaces. If no loopback interfaces are configured, the highest-numbered
IP address configured on any of the ACOS devices other Ethernet data interfaces is used.

NOTE:
Setting the router ID is required for OSPFv3 and is strongly recommended for OSPFv2.
Mode
OSPFv2 or OSPFv3
Usage
The ACOS device has only one router ID. The address does not need to match an address
configured on the ACOS device. However, the address must be an IPv4 address and must be
unique within the routing domain.
New or changed router IDs require a restart of the OSPF process. To restart the OSPF process,
use the clear ip ospf process command.
Example
The following commands set the router ID to 3.3.3.3 and reload OSPF to place the new router
ID into effect:
ACOS(config-ospf)# router-id 3.3.3.3
ACOS(config-ospf)# clear ip ospf process
timers spf exp

Description
Change Shortest Path First (SPF) timers used for route recalculation following a topology
change. This command enables exponential back-off delays for route recalculation.
Syntax
[no] timers spf exp min-delay max-delay
Parameter
Description
min-delay
Specifies the minimum number of milliseconds (ms) the OSPF process

waits after receiving a topology change, before recalculating its OSPF
routes. You can specify 0-2147483647.
max-delay
Specifies the maximum number of milliseconds (ms) the OSPF process

waits after receiving a topology change, before recalculating its OSPF
routes. You can specify 0-2147483647.
Default
The default min-delay is 500 ms. The default max-delay is 50000 ms.
Mode
OSPFv2 or OSPFv3
Usage
After you enter this command, any pending route recalculations are rescheduled based on
the new timer values.

The following configuration commands are applicable to OSPFv2 only.
The commands in this section apply throughout the OSPFv2 process in which the commands are entered.

area area-id authentication

Description
Enable authentication for an OSPF area.
Syntax
[no] area area-id authentication [message-digest]
The message-digest option enables MD5 authentication. If you omit this option, simple
text authentication is used.
Default
Disabled. No authentication is used.
Mode
OSPFv2
area area-id filter-list

Description
Filter the summary routes advertised by this OSPF router, if it is acting as an Area Border
Router (ABR).
Syntax
[no] area area-id filter-list

{access acl-id {in | out} | prefix list-name {in | out}}
Parameter
Description
area-id
access acl-id
{in | out}
ID of an Access Control List (ACL). The only routes that are advertised are routes to the subnets permitted by the ACL.
prefix list-name
{in | out}
ID of an IP prefix list. The only routes that are advertised are

routes to the subnets that match the list.
Default
Not set.
Mode
OSPFv2
Usage
You can specify an ACL or an IP prefix list. To configure an ACL, see the access-list command
in the Command Line Interface Reference, or ipv6 access-list on page 84. To configure a prefix
list, see ip prefix-list on page 77.
area area-id multi-area-adjacency

Description
Enables support for multiple OSPF area adjacencies on the specified interface.
Syntax
[no] area area-id multi-area-adjacency

{ethernet portnum | loopback num | management | ve ve-num}
neighbor ipaddr

Default
Disabled. By default, only one OSPF adjacency is allowed on an interface for a given OSPF
process.
Mode
OSPFv2
Usage
This command is applicable only if this OSPF router is an ABR.
area area-id nssa

Description
Configure a not-so-stubby area (NSSA).
Syntax
[no] area area-id nssa

[
default-information-originate
[metric num] [metric-type {1 | 2}] |
no-redistribution |
no-summary |
translator-role {always | candidate | never}
Parameter
Description
area-id
Area ID.
default-information-originate
[metric num]
[metric-type {1 | 2}]
Generates a Type 7 LSA into the NSSA area. (This option takes effect only on
Area Border Routers (ABRs)):
no-redistribution
Disables redistribution of routes into the area.
no-summary
Disables sending summary LSAs into the NSSA.
translator-role
{always | candidate | never}
Specifies the types of LSA translation performed by this OSPF router for the
NSSA:
metric num Metric for the default route, 0-16777214. The default is 20.
metric-type {1 | 2} External link type associated with the route
advertised into the OSPF routing domain:
1 Type 1 external route
2 Type 2 external route
always If this OSPF router is an NSSA border router, the router will
always translate Type 7 LSAs into Type 5 LSAs, regardless of the translator
state of other NSSA border routers.
candidate If this OSPF router is an NSSA border router, the router is eligible to be elected the Type 7 NSSA translator.
never This OSPF router is ineligible to be elected the Type 7 NSSA translator.
Default
None
Mode
OSPFv2
Example
The following command configures an NSSA with area ID 6.6.6.6:

ACOS(config-ospf)# area 6.6.6.6 nssa
area area-id shortcut

Description
Configure short-cutting through an area.
Syntax
[no] area area-id shortcut {default | disable | enable}
Parameter
Description
area-id
Area ID.
default
Enables the default shortcut behavior. (See below.)
disable
Disables shortcutting through the area.
enable
Forces shortcutting through the area.
Default
None
Mode
OSPFv2
Usage
A shortcut enables traffic to go through a non-backbone area with a lower metric, regardless
of whether the ABR router is attached to the backbone area.
compatible rfc1583
Description
Enable calculation of summary route costs per RFC 1583.
Syntax
[no] compatible rfc1583
Default
Disabled. Summary route costs are calculated based on RFC 2328.
Mode
OSPFv2
Description
Create a default route into the OSPF domain.
Syntax

[always]
[metric num]

[metric-type {1 | 2}]
[route-map name]
Parameter
Description
always
Configures the ACOS device to automatically declare itself a default

gateway for other OSPF routers, even if the ACOS device does not
have a default route to 0.0.0.0/0.
metric num
Metric for the default route, 0-16777214.
metric-type
{1 | 2}
External link type associated with the default route advertised into the
OSPF routing domain:
1 - Type 1 external route.
2 - Type 2 external route.
route-map
map-name
Name of a route map. (To configure a route map, see the route-map
command in the Command Line Interface Reference.
Default
This option is disabled by default. If you enable it, the default metric is 10. The default metric
type is 2.
Mode
OSPF
Usage
This command is not supported in OSPFv3. See the System Configuration and Administration
Guide for details.
Example
The following command creates a default route into the OSPF domain with a metric of 20:
ACOS(config-router)#default-information originate metric 20
distance
Description
Set the administrative distance for OSPF routes, based on route type.
Syntax
[no] distance
{num | ospf {external | inter-area | intra-area} num}
Parameter
Description
num
Sets the administrative distance for all route types. You can specify
1-255.
ospf
{external |
inter-area |
intra-area}
num
Sets the administrative distance for specific route types:

external Routes that OSPF learns from other routing domains
by redistribution.
intra-area Routes within the same OSPF area.
inter-area Routes between OSPF areas.
You can use the ospf option with one or more of its suboptions. For
each route type, you can specify 1-255.

Default
For all route types, the default administrative distance is 110.
Mode
OSPFv2
Usage
The administrative distance specifies the trustworthiness of routes. A low administrative distance value indicates a high level of trust. Likewise, a administrative distance value indicates
a low level of trust. For example, setting the administrative distance value for external routes
to 255 means those routes are very untrustworthy and should not be used.
distribute-list
Description
Filter the networks received or sent in route updates.
Syntax
[no] distribute-list acl-id

{
in |
out {connected | floating-ip | ip-nat |
ip-nat-list | ospf | static | vip}
Parameter
Description
acl-id
ID of an ACL. Only the networks permitted by the ACL will be allowed.
in
Uses the specified ACL to filter routes received by OSPF from other
sources. The filter applies to routes from all sources.
out
route-type
Uses the specified ACL to filter routes advertised by OSPF to other

routing domains. The route-type can be one of the following:
connected Filters advertisement of directly connected networks.
floating-ip Filters advertisement of networks for floating IP
addresses.
ip-nat Filters advertisement of networks that are translated NAT
addresses allocated from a pool.
ip-nat-list Filters advertisement of networks that are translated
NAT addresses allocated from a range list.
ospf [process-id] Filters advertisement of networks to another
OSPF process.
static [only-flagged | only-not-flagged] Filters advertisement of
networks reached by static routes.
vip [only-flagged | only-not-flagged] Filters advertisement of
networks to reach VIPs.
By default, the option applies to all VIPs. To restrict the option to a
subset of VIPs, use one of the following options:
only-flagged Redistributes only the VIPs on which the redistribution-flagged command is used.
only-not-flagged Redistributes all VIPs except those on which the
Default
None
Mode
OSPFv2

host ipaddr area

Description
Configure a stub host entry for an area.
Syntax
[no] host ipaddr area area-id [cost num]
Parameter
Description
ipaddr
IP address of the host.
area area-id
OSPF area where the host is located.
cost num
Cost of the stub host entry, 0-65535.
Default
None
Mode
OSPFv2
Usage
Routes to the host are listed in router LSAs as stub links.
Description
Log adjacency changes.
Syntax
[no] log-adjacency-changes {detail | disable}
Parameter
Description
detail
disable
Disable logging of adjacency state changes.
Default
Enabled by default.
Mode
OSPFv2
Example
The following example disables logging of adjacency state changes:

ACOS(config-ospf)# log-adjacency-changes disable
maximum-area
Description
Set the maximum number of OSPF areas supported for this OSPF process.
Syntax
[no] maximum-area num
Replace num with the maximum number of areas allowed for this OSPF process. You can
specify 1-4294967294.

Default
4294967294
Mode
OSPFv2

neighbor
Description
Configure an OSPF neighbor that is located on a non-broadcast network.
Syntax
[no] neighbor ipaddr

[
cost num |
poll-interval seconds [priority num] |
priority num [poll-interval seconds]
]
Parameter
Description
ipaddr
IP address of the OSPF neighbor.
cost num
Specifies the link-state metric to the neighbor, 1-65535.

By default, no cost is set.
poll-interval
seconds
Number of seconds this OSPF router will wait for a reply to a hello
message sent to the neighbor, before declaring the neighbor to
be offline. You can specify 1-65535 seconds.
priority num
Router priority of the neighbor, 1-255.

By default, no priority is set.
Default
No neighbors on non-broadcast networks are configured by default. When you configure

one, the other parameters have the default settings described in the table above.
Mode
OSPFv2
Usage
This command is required only for neighbors on networks. Adjacencies to neighbors on

other types of networks are automatically established by the OSPF protocol.
It is recommended to set the poll-interval to a much higher value than the hello interval.
network
Description
Enable OSPF routing for an area, on interfaces that have IP addresses in the specified area
subnet.
Syntax
[no] network
ipaddr {/mask-length | wildcard-mask}

area area-id
[instance-id num]
Parameter
Description
ipaddr
{/mask-length | wildcard-mask}
Subnet of the area. You can specify the subnet in CIDR format (ipaddr/masklength) or as ipaddr wildcard-mask. In a wildcard-mask, 0s represent the network portion and 1s represent the host portion. For example, for a subnet
that has 254 hosts and a 24-bit network mask, the wildcard-mask is
0.0.0.255.
area area-id
Area ID.
instance-id num
Range of OSPF instances for which to enable OSPF routing for the area, 0-255.
If you omit this option, OSPF routing is enabled for all OSPF instances that are
running on interfaces that have IP addresses in the specified area subnet.
Default
None
Mode
OSPFv2
Example
The following command configures an OSPF network:

ACOS(config-ospf)# network 10.10.20.20/24 area 10.10.20.30
ospf abr-type
Description
Specify the Area Border Router (ABR) type.
Syntax
[no] ospf abr-type {cisco | ibm | shortcut | standard}
Parameter
Description
cisco
Alternative ABR using Cisco implementation (RFC 3509).
ibm
Alternative ABR using IBM implementation (RFC 3509).
shortcut
Shortcut ABR (draft-ietf-ospf-shortcut-abr-02.txt).
standard
Standard ABR behavior (RFC 2328)
Default
cisco
Mode
OSPFv2
ospf router-id
Description
Set the value used by this OSPF router to identify itself when exchanging route information
with other OSPF routers.
Syntax
[no] ospf router-id ipaddr

Default
For OSPFv2, the default router ID is the highest-numbered IP address configured on any of
the ACOS devices loopback interfaces. If no loopback interfaces are configured, the highestnumbered IP address configured on any of the ACOS devices other Ethernet data interfaces
is used.
NOTE:
Setting the router ID is strongly recommended for OSPFv2.
Mode
OSPFv2
Usage
The ACOS device has only one router ID. The address does not need to match an address
configured on the ACOS device. However, the address must be an IPv4 address and must be
unique within the routing domain.
New or changed router IDs require a restart of the OSPF process. To restart the OSPF process,
use the clear ip ospf process command.
Example
The following commands set the router ID to 2.2.2.2 and reload OSPF to place the new router
ID into effect:
ACOS(config-ospf)# router-id 2.2.2.2
ACOS(config-ospf)# clear ip ospf process
overflow database
Description
Specify the maxim number of LSAs or the maximum size of the external database.
Syntax
[no] overflow database

{max-lsa [hard | soft] | external max-lsa recover-time}
Parameter
Description
max-lsa [hard | soft]
Specifies the maximum number of LSAs per OSPF process, 0-4294967294.

To configure the action to take if the LSA limit is exceeded:
hard Shut down the OSPF process for the process.
soft Issue a warning message without shutting down the OSPF process
for the process.
external max-lsa recover-time
Specifies the maximum number of AS-external-LSAs the OSPF router can

receive, 0-2147483647. The recover-time option specifies the number of
seconds OSPF waits before attempting to recover after max-lsa is exceeded.
You can specify 0-65535 seconds. To disable recovery, specify 0.
Default
The default max-lsa is 2147483647.
Mode
OSPFv2

summary-address
Description
Summarize or disable advertisement of external routes for a specific IP address range. A summary-address helps reduce the size of the OSPF link-state database.
Syntax
[no] summary-address ipaddr/mask {not-advertise | tag num}
Parameter
Description
ipaddr/mask
Specifies the address range.
not-advertise
Disables advertisement of routes for the specified range.
tag num
Includes the specified tag value in external LSAs for IP addresses

within the specified range. The tag value can be 0-4294967295. The
default tag value is 0.
Default
None
Mode
OSPFv2

All the global OSPF commands that are applicable to OSPFv3 are also applicable to OSPFv2. (See Configuration Commands
Applicable to OSPFv2 or OSPFv3 on page 122.)
OSPF Show Commands

This section lists the OSPF show commands.
show {ip | ipv6} ospf

Description
Display configuration information and statistics for OSPFv2 processes or OSPFv3 processes.

OSPF Show Commands
Syntax
show ip ospf [process-id]

show ipv6 ospf [tag]
Parameter
Description
process-id
Specifies the OSPFv2 process. If you omit this option, settings for all
configured OSPFv2 processes are displayed.
tag
Specifies the OSPFv3 process. If you omit this option, settings for all
configured OSPFv3 processes are displayed.
Mode
Privileged EXEC and all configuration levels
Example
The following command shows information for OSPFv2 process 0:

ACOS#show ip ospf 0
Routing Process "ospf 0" with ID 1.1.1.1
Process uptime is 3 hours 12 minutes
Process bound to VRF default
Conforms to RFC2328, and RFC1583 Compatibility flag is disabled
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Graceful Restart
This router is an ASBR (injecting external routing information)
SPF schedule delay min 0.500 secs, SPF schedule delay max 50.0 secs
Refresh timer 10 secs
Number of incoming current DD exchange neighbors 0/5
Number of outgoing current DD exchange neighbors 0/5
Number of external LSA 0. Checksum 0x000000
Number of opaque AS LSA 0. Checksum 0x000000
Number of non-default external LSA 0
External LSA database is unlimited.
Number of LSA originated 2
Number of LSA received 79
Number of areas attached to this router: 1
Area 1 (NSSA)
Number of interfaces in this area is 2(2)
Number of fully adjacent neighbors in this area is 2
Number of fully adjacent virtual neighbors through this area
is 0
Area has no authentication
SPF algorithm last executed 02:07:40.860 ago
SPF algorithm executed 16 times
Number of LSA 10. Checksum 0x06b2fa
NSSA Translator State is disabled
Shortcutting mode: Default, S-bit consensus: ok

OSPF Show Commands
show ip ospf border-routers

Description
Display route information for OSPFv2 ABRs and ASBRs.
Syntax
show ip ospf border-routers
Mode
Example
The following command shows route information for ABRs and ASBRs:
ACOS#show ip ospf border-routers
OSPF process 0 internal Routing Table
Codes: i - Intra-area route, I - Inter-area route
i 9.1.1.1 [10] via 10.1.1.2, ethernet 1, ASBR, Area 0.0.0.0
OSPF process 1 internal Routing Table
Codes: i - Intra-area route, I - Inter-area route
show ip ospf database

Description
Displays information about the OSPFv2 databases on the device.
NOTE:
The options are different for OSPFv3. See show ipv6 ospf database on page 150.
Syntax
show ip ospf database

[
adv-router ipaddr |
{asbr-summary | external | network | nssa-external |
opaque-area | opaque-as | opaque-link | router | summary}
[[ipaddr [adv-router ipaddr] [self-originate]] |
[adv-router ipaddr] | [self-originate]] |
max-age |
self-originate
]
Parameter
Description
adv-router ipaddr
Displays LSA information for the specified advertising router.
asbr-summary
Displays information about ASBR summary LSAs.
max-age
Displays information for the LSAs that have reached the maximum age allowed, which is 3600 seconds.
self-originate
Displays information for LSAs originated by this OSPF router.
external
Displays information about external LSAs.

OSPF Show Commands
Parameter
Description
network
Displays information about network LSAs.
nssa-external
Displays information about NSSA external LSAs.
opaque-area
Displays information about Type-10 Opaque LSAs. Type-10

Opaque LSAs are LSAs with local-area scope (link state type 10),
and are not flooded outside the local area.
opaque-as
Displays information about Type-11 LSAs, which are flooded

throughout the Autonomous System (AS).
opaque-link
Displays information about Type-9 LSAs. Type-9 LSAs have linklocal scope, and are not flooded beyond the local network.
router
Displays information about router LSAs.
summary
Displays information about summary LSAs.
The following suboptions are available for the external, network, nssa-external,
opaque-area, opaque-as, opaque-link, router, and summary options:
Parameter
Description
ipaddr
Displays LSA information for a specific link-state ID (expressed

as an IP address).
adv-router ipaddr
self-originate
Displays information for LSAs originated by this OSPF router.
Mode
Example
The following command shows the OSPFv2 database:

ACOS#show ip ospf database
Router Link States (Area 0.0.0.1 [NSSA])
Link ID
ADV Router
Age
1.1.1.1
1.1.1.1
1105 0x800000c9 0xcb72 2
Seq#
CkSum
2.2.2.2
2.2.2.2
638 0x80000008 0xdb92 2
3.3.3.3
3.3.3.3
1998 0x800000cb 0x47c1 2
4.4.4.4
4.4.4.4
1717 0x800000f6 0xe1d2 3
Net Link States (Area 0.0.0.1 [NSSA])

Link ID
ADV Router
Age
10.0.0.1
3.3.3.3
1998 0x80000006 0xec1b
11.0.0.1
3.3.3.3
203 0x80000005 0x14ef
13.0.0.2
4.4.4.4
1717 0x80000006 0xbf3c
14.0.0.1
4.4.4.4
1962 0x80000004 0xf207
Seq#
CkSum
Link count

OSPF Show Commands
Summary Link States (Area 0.0.0.1 [NSSA])
Link ID
ADV Router
Age
0.0.0.0
3.3.3.3
1998 0x800000a3 0x99ed 0.0.0.0/0
Seq#
CkSum
Route
NSSA-external Link States (Area 0.0.0.1 [NSSA])

Link ID
Tag
1.0.100.1
32
0
ADV Router
Age
1.1.1.1
Seq#
CkSum
Route
1105 0x8000008e 0x942a E2 1.0.100.1/
show ipv6 ospf database

Description
Displays information about the OSPFv3 databases on the device.
Syntax
show ipv6 ospf [tag] database

[
external [adv-router ipaddr] |
grace [adv-router ipaddr] |
inter-prefix [adv-router ipaddr] |
inter-router [adv-router ipaddr] |
intra-prefix [adv-router ipaddr] |
link [adv-router ipaddr] |
network [adv-router ipaddr] |
router [adv-router ipaddr]
]
Parameter
Description
external
Displays information about external LSAs.
grace
Displays information about grace LSAs, used during graceful restart.
inter-prefix
Displays information about Inter-Area-Prefix LSAs.
inter-router
Displays information about Inter-Area-Router LSAs.
intra-prefix
Displays information about Intra-Area-Prefix LSAs.
links
Displays information about link LSAs.
network
Displays information about network LSAs.
router
Displays information about router LSAs.
[adv-router]
ipaddr
Mode
Example
The following command shows the OSPFv3 database:

ACOS#show ipv6 ospf database

OSPF Show Commands
OSPFv3 Router with ID (100.1.1.1) (Process *null*)
Link-LSA (Interface ethernet 1)
Link State ID
ADV Router
0.0.0.3
9.1.1.1
0.0.0.3
100.1.1.1
Age
Seq#
CkSum
Prefix
498 0x8000000c 0xfa01
31 0x80000001 0xf29e
Router-LSA (Area 0.0.0.0)

Link State ID
ADV Router
0.0.0.0
9.1.1.1
Age
19 0x8000000d 0x9356
Seq#
CkSum
Link
1
0.0.0.0
100.1.1.1
18 0x80000003 0x7127
Network-LSA (Area 0.0.0.0)

Link State ID
ADV Router
0.0.0.3
9.1.1.1
Age
Seq#
CkSum
19 0x80000001 0x7d29
Intra-Area-Prefix-LSA (Area 0.0.0.0)

Link State ID
erence
ADV Router
0.0.0.2
work-LSA
9.1.1.1
Age
Seq#
CkSum
Prefix
Ref-
Net-
18 0x80000001 0x5d5f
AS-external-LSA
Link State ID
ADV Router
Age
0.0.0.4
9.1.1.1
1508 0x80000017 0x6aad E2
Seq#
CkSum
0.0.0.1
100.1.1.1
29 0x80000001 0xcd18 E2
show {ip | ipv6} ospf interface

Description
Display OSPF information for an interface.
Syntax
show {ip | ipv6} ospf interface

{ethernet portnum | lif num | loopback num | management |
trunk num | tunnel num | ve ve-num}
Mode
Example
The following command shows OSPFv3 information for interface Ethernet 1:

ACOS#show ipv6 ospf interface
ethernet 1 is up, line protocol is up

OSPF Show Commands
Interface ID 3
IPv6 Prefixes
fe80::21f:a0ff:fe04:d7e4/64 (Link-Local Address)
1000::1/32
OSPFv3 Process (*null*), Area 0.0.0.0, Instance ID 0
Router ID 100.1.1.1, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State Backup, Priority 1
Designated Router (ID) 9.1.1.1
Interface Address fe80::21f:a0ff:fe04:b1f0
Backup Designated Router (ID) 100.1.1.1
Interface Address fe80::21f:a0ff:fe04:d7e4
Timer interval configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:02
Neighbor Count is 1, Adjacent neighbor count is 1
show {ip | ipv6} ospf neighbor

Description
Display information about OSPF neighbors.
Syntax
show ip ospf neighbor

[ipaddr [detail]] |
[all] |
[detail [all]] |
[interface interface-num]]
Syntax
show ipv6 ospf [tag] neighbor

[ipaddr [detail]] |
[detail [all]] |
[interface interface-num]

OSPF Show Commands
NOTE:
The all option applies only to OSPFv2.

Parameter
Description
process-id
Specifies the OSPFv2 process. If you omit this option, information for all configured OSPFv2 processes are displayed.
tag
Specifies the OSPFv3 process. If you omit this option, information for all configured OSPFv3 processes are displayed.
ipaddr [detail]
Displays information for the specified neighbor. For detailed

information, use the detail option. For summary information,
omit the detail option.
all
Includes neighbors whose status is Down. Without this option,

down neighbors are not included in the output.
detail [all]
Displays detailed information for all neighbors. To include down

neighbors in the output, use the all option.
interface ipaddr
Displays information for neighbors reachable through the specified IP interface.
Mode
Example
The following command shows information for OSPFv2 neighbors:
ACOS#show ip ospf neighbor

OSPF process 0:
Neighbor ID
9.1.1.1
Pri
1
State
Dead Time
Address
Interface Instance ID
Full/Backup
00:00:34
10.1.1.2
ethernet 1
show ip ospf redistributed

Description
Display the routes that are being redistributed into OSPFv2.
Syntax
show ip ospf [process-id] redistributed

[
bgp |
connected |
floating-ip |
ip-nat |
ip-nat-list |
isis |
kernel |
lw4o6 |
ospf [|process-id] |
rip
selected-vip
static |
vip
]

OSPF Show Commands
Parameter
Description
process-id
Specifies the OSPFv2 process. If you omit this option, information for
all configured OSPF processes is displayed.
bgp
Displays redistributed routes from BGP.
connected
Displays redistributed routes to directly-connected networks.
floating-ip
Displays redistributed routes to floating IP addresses.
ip-nat
Displays redistributed routes to IP addresses assigned from an IP NAT

pool.
ip-nat-list
Displays redistributed routes to IP addresses assigned from an IP NAT

range list.
isis
Displays redistributed routes from IS-IS.
kernel
Displays redistributed kernel routes.
lw4o6
Displays redistributed Lightweight 4over6 routes.
ospf
[process-id]
Displays redistributed routes from other OSPFv2 processes.
rip
Displays redistributed routes from RIP.
selected-vip
Displays redistributed routes to SLB VIPs that are explicitly flagged for
redistribution. This option is applicable if the only-flagged option
was used with the redistribute vip command.
static
Displays redistributed static routes.
vip
Displays redistributed routes to SLB VIPs that are implicitly flagged for
redistribution. This option is applicable if the only-not-flagged
option was used with the redistribute vip command.
Mode
Usage
For more information on VIP redistribution, see Usage in redistribute on page 131.

OSPF Show Commands
show {ip | ipv6} ospf route

Description
Display information for OSPFv2 routes.
Syntax
show ip ospf [process-id] route

show ipv6 ospf [tag] route
Parameter
Description
process-id
all configured OSPFv2 processes are displayed.
tag
Mode
Example
The following command shows OSPFv2 IPv4 routes and OSPFv3 IPv6 routes:
ACOS#show ip ospf route
IA 0.0.0.0/0 [2] via 10.0.0.1, ve 1, Area 0.0.0.1
O
1.0.4.0/24 [2] via 13.0.0.2, ve 2, Area 0.0.0.1
10.0.0.0/24 [1] is directly connected, ve 1, Area 0.0.0.1
11.0.0.0/24 [2] via 10.0.0.1, ve 1, Area 0.0.0.1
ACOS#show ipv6 ospf route

OSPFv3 Process (*null*)
Total = 1
Codes: C - connected, D - Discard, O - OSPF, IA - OSPF inter area

Destination
Metric
Next-hop
C
1000::/32
10
directly connected, ethernet 1, Area 0.0.0.0

E2 9111::/32
via fe80::21f:a0ff:fe04:b1f0, ethernet 1
10/20

OSPF Show Commands
show ipv6 ospf topology

Description
Display OSPFv3 topology information.
Syntax
show ipv6 ospf [tag] topology [area area-id]
Parameter
Description
tag
all configured OSPFv3 processes is displayed.
area area-id
Displays OSPFv3 topology information for the specified area.
Mode
Example
The following command shows the OSPFv3 topology:

ACOS#show ipv6 ospf topology
OSPFv3 Process (*null*)
OSPFv3 paths to Area (0.0.0.0) routers
Router ID
Bits
Metric
Next-Hop
Interface
9.1.1.1
ethernet 1
9.1.1.1
10
100.1.1.1
--
show {ip | ipv6} ospf virtual-links

Description
Display virtual link information.
Syntax
show ip ospf [process-id] virtual-links

show ipv6 ospf [tag] virtual-links
Parameter
Description
process-id
tag
Mode
Example
The following command shows information for OSPFv2 virtual links:

ACOS#show ip ospf virtual-link
Virtual Link VLINK1 to router 143.0.0.143 is up
Transit area 0.0.0.1 via interface ethernet 1
Local address 13.0.0.2/32
Remote address 13.0.0.1/32

OSPF Show Commands
Transmit Delay is 1 sec, State Point-To-Point,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit
5
Hello due in 00:00:10
Adjacency state Full
ACOS#show ipv6 ospf virtual-links
Virtual Link VLINK1 to router 5.6.7.8 is up
Transit area 0.0.0.1 via interface eth0, instance ID 0
Local address 3ffe:1234:1::1/128
Remote address 3ffe:5678:3::1/128
Transmit Delay is 1 sec, State Point-To-Point,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

OSPF Show Commands
Config Commands: Router IS-IS
This chapter describes the commands for configuring global Intermediate System to Intermediate System (IS-IS) parameters.
The following sections are covered:
IS-IS Configuration Commands
IS-IS Show Commands
the System Configuration and Administration Guide.

This section describes the IS-IS configuration commands:
address-family
adjacency-check
area-password
authentication
bfd
distance
domain-password
ignore-lsp-errors
is-type
lsp-gen-interval
lsp-refresh-interval
max-lsp-lifetime
metric-style
net

passive-interface
protocol-topology
redistribute
set-overload-bit
spf-interval-exp
summary-address
address-family
Description
Configure this IS-IS instance to exchange multicast IPv6 addresses with other IS-IS routers.
Syntax
[no] address-family ipv6
This command changes the CLI to the address-family configuration level, where the
following commands are available.
Command
Description
adjacency-check
Enables IS-IS router adjacency based on Type-Length-Value (TLV) fields in

IS-IS Hello packets between routers.
Enables advertisement of the default route in Link State Packets (LSPs)

sent by this IS-IS instance.
distance
Sets the administrative distance, 1-255, for IS-IS routes.
exit-address-family
Exits from the address-family configuration level.
[no] multi-topology
[level-1 | level-1-2 | level-2]
[transition]
Enables multi-topology mode. The transition option accepts and generates both IS-IS IPv6 and multi-topology IPv6 TLVs.
redistribute option
Enables distribution of routes from other sources into IS-IS. For available
options, see redistribute on page 170.
summary-prefix ipv6-addr/prefix
Configures an IPv6 summary prefix.
Default
Disabled. When you enable IPv6 exchange, the unicast option is disabled by default.
Mode
IS-IS
Example
The following command enables exchange of IPv6 multicast addresses with other IS-IS routers, and enables the default route to be advertised.
ACOS(config)#router isis
ACOS(config-isis)#address-family ipv6
ACOS(config-isis-ipv6)#default-information originate

adjacency-check
Description
Enable IS-IS router adjacency based on Type-Length-Value (TLV) fields in IS-IS Hello packets
between routers.
Syntax
[no] adjacency-check
Default
Enabled.
Mode
IS-IS
area-password
Description
Configure the password for authenticating IS-IS traffic between Level-1 routers.
Syntax
[no] area-password string

[authenticate snp {send-only | validate}]
Parameter
Description
string
authenticate snp
Uses the password for authentication of Sequence Number

Packets (SNPs).
send-only
Inserts the password into SNP PDUs before sending them, but
does not check for the password in SNP PDUs received from
other routers.
validate
Inserts the password into SNP PDUs before sending them, and
also checks for the password in SNP PDUs received from other
routers.
Default
None. If you configure a Level-1 password, the snp option is disabled by default.
Mode
IS-IS
Usage
This command applies only to Level-1. To configure authentication for Level-2, see domainpassword on page 164.
Example
The following command configures IS-IS to use password isisl1pwd to authenticate Level-1
IS-IS traffic within the area, including inbound and outbound SNP PDUs:
ACOS(config-isis)#area-password isisl1pwd authenticate snp validate

authentication
Description
Configure authentication for this IS-IS instance.
Syntax
[no] authentication send-only [level-1 | level-2]

[no] authentication mode md5 [level-1 | level-2]
[no] authentication key-chain name [level-1 | level-2]
Parameter
Description
send-only [level-1 | level-2]
Disables checking for keys in IS-IS packets received by this IS-IS instance.
level-1 Disables key checking only for Level-1 (intra-area) IS-IS traffic.
level-2 Disables key checking only for Level-2 (inter-area) IS-IS traffic.
mode md5 [level-1 | level-2]
Enables MD5 authentication.

level-1 Enables MD5 only for Level-1 (intra-area) IS-IS traffic.
level-2 Enables MD5 only for Level-2 (inter-area) IS-IS traffic.
Specifies the name of the certificate key chain to use for authenticating IS-IS
traffic.
key-chain name
[level-1 | level-2]
level-1 Applies only to Level-1 (intra-area) IS-IS traffic.

level-2 Applies only to Level-2 (inter-area) IS-IS traffic.
Default
Clear-text authentication is enabled by default. MD5 authentication is disabled by default.

No key chain is set by default. The send-only option is disabled by default. All options
apply to Level-1 and Level-2, unless you specify one level or the other. For all options that
accept the level-1, level-1-2, or level-2 keyword, the default is level-1.
Mode
IS-IS
Usage
Use the send-only option to temporarily disable key checking, then use the key-chain
option to specify the key chain. To use MD5, use the md5 option to disable clear-text authentication and enable MD5 authentication. After key-chains are installed on the other IS-IS routers, disable the send-only option.
Example
The following commands configure MD5 authentication for this IS-IS instance:
ACOS(config-isis)#authentication send-only
ACOS(config-isis)#authentication mode md5
ACOS(config-isis)#authentication key-chain chain1
ACOS(config-isis)#no authentication send-only

bfd
Description
Enable BFD on all interfaces for which IS-IS is running.
Syntax
[no] bfd all-interfaces
Default
Disabled
Mode
IS-IS
Description
Enable advertisement of the default route in Link State Packets (LSPs) sent by this IS-IS
instance.
Syntax
Default
Disabled
Mode
IS-IS
Usage
If the IPv4 or IPv6 data route tables contain a default route, the default route is included in
Level-2 LSPs sent by this IS-IS instance. This command does not apply to Level-1 LSPs.
distance
Description
Set the administrative distance for IS-IS routes.
Syntax
[no] distance num [system-id]
Parameter
Description
num
Specifies the distance, 1-255.
system-id
Assigns the distance only to routes from the router with the specified
IS-IS system ID.
Default
None
Mode
IS-IS
Usage
The administrative distance specifies the trustworthiness of routes. A low administrative distance value indicates a high level of trust. Likewise, a administrative distance value indicates
a low level of trust. For example, setting the administrative distance value for external routes
to 255 means those routes are very untrustworthy and should not be used.

domain-password
Description
Configure the password for authenticating IS-IS traffic between Level-2 routers.
Syntax
[no] domain-password string

[authenticate snp {send-only | validate}]
Parameter
Description
string
authenticate snp
Uses the password for authentication of Sequence Number

Packets (SNPs).
send-only
Inserts the password into SNP PDUs before sending them, but
does not check for the password in SNP PDUs received from
other routers.
validate
Inserts the password into SNP PDUs before sending them, and
also checks for the password in SNP PDUs received from other
routers.
Default
None. If you configure a Level-2 password, the snp option is disabled by default.
Mode
IS-IS
Usage
This command applies only to Level-2. To configure authentication for Level-1, see areapassword on page 161.
Example
The following command configures IS-IS to use password isisl2pwd to authenticate Level-2
IS-IS traffic, including inbound and outbound SNP PDUs:
ACOS(config-router)#domain-password isisl2pwd authenticate snp validate
Description
Enable IS-IS awareness of VRRP-A.
Syntax
[no] ha-standby-extra-cost num
Replace num with the extra cost to add to the ACOS devices IS-IS interfaces, if the VRRP-A
status of one or more of the devices VRIDs is Standby. You can specify 1-65535. If the
resulting cost value is more than 65535, the cost is set to 65535.
Default
Not set. The IS-IS protocol on the ACOS device is not aware of the VRRP-A state (Active or
Standby) of the ACOS device.
Mode
IS-IS
Usage
Enter the command on each of the ACOS devices in the VRRP-A VRID.

ignore-lsp-errors
Description
Disable checksum verification for inbound LSPs.
Syntax
[no] ignore-lsp-errors
Default
Disabled. The checksums of inbound LSPs are verified.
Mode
IS-IS
is-type
Description
Specify the IS-IS routing level for this IS-IS instance.
Syntax
[no] is-type {level-1 | level-1-2 | level-2-only}
Parameter
Description
level-1
Level-1 (intra-area) only.
level-1-2
Level-1 and Level-2.
level-2-only
Level-2 (inter-area) only.
Default
Level-1.
Mode
IS-IS
Usage
Only one IS-IS instance on the ACOS device can run Level-2 routing.
Description
Log adjacency changes.
Syntax
[no] log-adjacency-changes {detail | disable}
Parameter
Description
detail
disable
Disable logging of adjacency state changes.
Default
Enabled by default.
Mode
IS-IS
Example
The following example disables logging of adjacency state changes:

ACOS(config-isis)#log-adjacency-changes disable

lsp-gen-interval
Description
Configure the minimum interval for LSP regeneration.
Syntax
[no] lsp-gen-interval [level-1 | level-2] seconds
Parameter
Description
level-1 | level-2
Specifies the circuit type to which to apply the interval configuration. The default is level-1.
seconds
Specifies the minimum number of seconds between each

regeneration of the LSP. You can specify 1-120 seconds.
Default
30 seconds, for both Level-1 and Level2
Mode
IS-IS
lsp-refresh-interval
Description
Configure the LSP refresh interval.
Syntax
[no] lsp-refresh-interval seconds
Replace seconds with the minimum number of seconds IS-IS must wait before refreshing
an LSP. You can specify 1-65535 seconds.
Default
900
Mode
IS-IS
Usage
The lsp-refresh-interval must be smaller than the max-lsp-lifetime.
max-lsp-lifetime
Description
Configure the LSP maximum lifetime.
Syntax
[no] max-lsp-lifetime seconds
Replace seconds with the maximum number of seconds an LSP can remain in the database
without being refreshed. You can specify 350-65535 seconds.
Default
1200
Mode
IS-IS
Usage
The max-lsp-lifetime must be larger than the lsp-refresh-interval.

metric-style
Description
Configure the metric style to use for SPF calculation and for TLV encoding in LSPs.
Syntax
[no] metric-style
{
narrow [[level-1 | level-1-2 | level-2]] |
transition [level-1 | level-1-2 | level-2] |
wide [[level-1 | level-1-2 | level-2] |
narrow-transition [level-1 | level-1-2 | level-2] |
wide-transition [level-1 | level-1-2 | level-2]}
Parameter
Description
narrow
Supports 6-bit metric length for SPF calculation and TLV encoding.
The transition option also allows 24-bit metrics for SPF calculation, but not for TLV encoding.
level-1 Supports 24-bit SPF calculation only for circuit type Level-1.
level-1-2 Supports 24-bit SPF calculation for circuit types Level-1 and Level-2. (This is
the default, if the transition option is used.)
transition
Supports 6-bit and 24-bit metric lengths for SPF calculation and TLV encoding.
level-1 Supports both metric lengths only for circuit type Level-1.
level-2 Supports both metric lengths only for circuit type Level-2.
level-1-2 Supports both metric lengths for circuit types Level-1 and Level-2. (This is
wide
This command should be included in all IPv6 IS-IS configurations.

Parameter
Description
narrow-transition
wide-transition
Default
Narrow, for Level-1 and Level-2 routing levels (level-1-2). For all options that accept the
level-1, level-1-2, or level-2 keyword, the default is level-1.
Mode
IS-IS
Description
Configure a Network Entity Title (NET) for the instance.
Syntax
[no] net area-address.system-id.00
net
Parameter
Description
area-address
Specifies the address of the IS-IS area.
system-id
Specifies the system ID.
Default
None
Mode
IS-IS
Usage
Each IS-IS instance must have at least 1 NET.

The total length of the NET can be 8-20 bytes.
The last (right-most) byte must be 00.
The system-id must be 6 bytes long. For Level-1, the system-id must be unique
within the area. For Level-2, the system-id must be unique within the entire domain.
The area-address can be up to 13 bytes long.
You can configure more than one NET. This is useful in cases where you are reconfiguring the
network and need to temporarily merge or split existing areas.

If you configure more than 1 NET, the area-address must be unique in each NET but the
system-id must be the same.
passive-interface
Description
Disable routing IS-IS routing updates on ACOS interfaces.
Syntax
[no] passive-interface
{ethernet num | lif num | loopback num | trunk num | ve ve-num}
Parameter
Description
ethernet num
Disables routing updates from being sent on the specified Ethernet

data port.
lif num
Disables routing updates from being sent on the specified logical

interface.
loopback num
Disables routing updates from being sent on the specified loopback

interface.
trunk num
Disables routing updates from being sent on the specified trunk interface.
ve ve-num
Disables routing updates from being sent on the specified Virtual

Ethernet (VE) interface.
Default
Disabled
Mode
IS-IS
Usage
This command removes all IS-IS configuration from the specified interface.
For proper operation of IS-IS, routing updates must be enabled on at least one interface.
protocol-topology
Description
Enable IS-IS protocol topology support, which provides IPv4/IPv6/dual-stack support.
Syntax
[no] protocol-topology
Default
Disabled
Mode
IS-IS
Usage
For standard IS-IS support, leave this option disabled.

redistribute
Description
Enable distribution of routes from other sources into IS-IS.
Syntax
[no] redistribute
{
bgp [options] |
ip-nat [options] |
isis [options] |
lw4o6 [options] |
ospf [process-id] [options] |
rip [route-map map-name] |
static [options] |
vip [only-flagged | only-not-flagged] [options]
}
Parameter
Description
bgp [options]
Redistributes route information from Border Gateway Protocol (BGP) into

IS-IS. For options, see the end of this parameter list.
connected [options]
Redistributes routes into IS-IS for reaching directly connected networks.
Redistributes routes into IS-IS for reaching floating IP addresses.
ip-nat [options]
Redistributes routes into IS-IS for reaching translated NAT addresses allocated from a pool.
Redistributes routes into IS-IS for reaching translated NAT addresses allocated from a range list.
isis [options]
Redistributes routes back into IS-IS.
lw406 [options]
Redistributes routes into IS-IS for Lightweight 4over6. (This is an IPv6

Migration feature.)
ospf [process-id] [options]
Redistributes OSPF routes into IS-IS.
rip [options]
Redistributes routes into IS-IS for RIP.
static [options]
Redistributes routes into IS-IS for reaching networks through static

routes.

Parameter
Description
vip
[only-flagged | only-not-flagged]
[options]
TO control which VIPs are redistributed, use one of the following options:
only-flagged Redistributes only the VIPs on which the redistribution-flagged command is used.
only-not-flagged Redistributes all VIPs except those on which
the redistribution-flagged command is used.
For more information, see the Usage description of this command.
Optional parameters supported for all other options in this table:
[options]
level-1 Redistributes only at the IS-IS area level. (This is the default
IS-IS level.)
level-1-2 Redistributes at both the IS-IS area and domain levels.
level-2 Redistributes only at the IS-IS domain level. (This is the
default.)
metric num Metric for the default route, 0-4261412864. The default
is 0.
metric-type Specifies the metric information used when comparing the route to other routes:
The external type uses the routes metric for comparison.
The internal type uses the routes metric for comparison and also
uses the cost of the router that advertised the route (this is the
default).
route-map map-name Name of a route map. (To configure a route
map, use the route-map command. See route-map in the System
Configuration and Administration Guide.
Default
Disabled. By default, IS-IS routes are not redistributed. For other defaults, see above.
Mode
IS-IS
Usage
When you enable redistribution, routes to all addresses of the specified type are redistributed. Use the vip option to control which routes to VIPs are redistributed into IS-IS.
VIP Redistribution
methods.
At the configuration level for IS-IS, enter the following command: redistribute
vip only-flagged

At the configuration level for IS-IS, enter either of the following commands: redistribute vip only-not-flagged or redistribute vip

NOTE:

If you have 10 VIPs and all of them need to be redistributed by IS-IS, use the redistribute vip command at the configuration level for IS-IS.
the redistribute vip only-flagged command at the configuration level for ISIS.
If you have 10 VIPs and need to redistribute 8 of them, use the redistributionflagged command at the configuration level for the 2 VIPs that should not be redistributed. Enter the redistribute vip only-not-flagged command at the configuration level for IS-IS. (In this case, alternatively, you could enter redistribute
vip instead of redistribute vip only-not-flagged.)
Example
The following commands redistribute floating IP addresses and OSPF routes into IS-IS:
ACOS(config-isis)#redistribute floating-ip
ACOS(config-isis)#redistribute ospf
set-overload-bit
Description
Disable use of this IS-IS router as a transit router during SPF calculation.
Syntax
[no] set-overload-bit
Syntax
[no] set-overload-bit on-startup {seconds | wait-for-bgp}
Syntax
[no] set-overload-bit suppress {[external] [interlevel]}
Parameter
Description
on-startup
{seconds | wait-for-bgp}
Sets the overload bit only after startup of the IS-IS instance, and clears the bit
based on one of the following options:
seconds Clears the overload bit after the specified number of seconds. You
can specify 5-86400 seconds.
wait-for-bgp Clears the overload bit after BGP signals that it has finished
convergence.
If BGP is not running, the overload bit is immediately cleared.
If BGP is running but does not signal convergence within 10 minutes after
the IS-IS instance starts, the overload bit is cleared.

Parameter
Description
supress
{external | interlevel}
Suppresses redistribution of specific types of reachability information during the

overload state.
external Suppresses redistribution of IP prefixes learned from other protocols. For example, redistribution of IP prefixes from OSPF is suppressed.
interlevel Suppresses redistribution of IP prefixes learned from other IS-IS
levels. For example, redistribution of IP prefixes from Level-2 to Level-1 is suppressed.
Default
Disabled. The overload bit is not set, and this IS-IS router can be used as a transit (intermediate hop) router during SPF calculation.
Mode
IS-IS
Usage
IP prefixes that are directly connected to this IS-IS router continue to be reachable even
when the overload bit is set.
spf-interval-exp
Description
Configure the minimum and maximum delay between receiving a link-state or IS-IS configuration change, and SPF recalculation.
Syntax
[no] spf-interval-exp [level-1 | level-2] min-delay max-delay
Parameter
Description
level-1 | level-2
Specifies the IS-IS level to which to apply the interval setting.

min-delay
Specifies the minimum number of milliseconds (ms) to wait

before SPF recalculation following a link-state or IS-IS configuration change. You can specify 0-2147483647 ms.
max-delay
Specifies the maximum number of ms to wait. You can specify

0-2147483647 ms.
Default
The default min-delay is 500 ms and the default max-delay is 50000 ms, for Level-1 and Level2 routing levels.
Mode
IS-IS

IS-IS Show Commands
summary-address
Description
Configure an IPv4 summary address to aggregate multiple IPv4 prefixes for advertisement.
Syntax
[no] summary-address ipaddr/mask-length

Parameter
Description
ipaddr/mask-length
Specifies the summary IPv4 address to advertise.
level-1 |
level-1-2 |
level-2
Specifies the IS-IS routing level to which to advertise the

summary address. If you do not specify a routing level, the
summary address is advertised at Level-2 only.
Default
None
Mode
IS-IS
Usage
The summary address is advertised instead of the individual IP prefixes contained in the summary address. For example, if the IPv4 route table has routes to 192.168.1.x/24, 192.168.2.x/
24, and 192.168.11.x/24, you can configure IS-IS to advertise summary address 192.168.0.0/16
instead of each of the individual prefixes.
IS-IS Show Commands

This section describes the IS-IS show commands:
show ip isis [tag] route
show ipv6 isis [tag] route
show ipv6 isis [tag] topology
show isis counter
show isis [tag] database
show isis interface
show isis [tag] topology

IS-IS Show Commands

Description
Display the IPv4 IS-IS route table.
Syntax
Replace tag with the IS-IS tag (area). If you do not specify a tag value, IPv4 routes for all areas
are displayed.
Mode
All
Example
The following command shows the IPv4 IS-IS route table:
ACOS(config)#show ip isis route

System wide total number of IS-IS IPv4 routes is 1 (Limit 8192)
Codes: C - connected, E - external, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, D - discard, e - external metric
Area (null):
Destination
Metric
Next-Hop
Interface
1.0.3.0/24
10
--
ethernet 5
Tag
--
L1
1.0.4.0/24
20
12.0.0.2
ethernet 2
12.0.0.0/24
10
--
ethernet 2
--

Description
Display the IPv6 IS-IS route table.
Syntax
Replace tag with the IS-IS tag (area). If you do not specify a tag value, IPv6 routes for all areas
are displayed.
Mode
All
Example
The following command shows the IPv6 IS-IS route table:
ACOS(config)#show ipv6 isis route

System wide total number of IS-IS IPv6 routes is 1 (Limit 8192)
Codes: C - connected, E - external, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, D - discard, e - external metric
Area (null):
C
3000::/64 [10]

IS-IS Show Commands
via ::, ethernet 2
C
3ff3::/64 [10]
L1
3ff4::/64 [20]
via ::, ethernet 5

via fe80::21f:a0ff:fe10:a4a6, ethernet 2
show ipv6 isis [tag] topology

Description
Display IPv6 IS-IS topology information.
Syntax
show ipv6 isis [tag] topology [l1 | l2 | level-1 | level-2]
Mode
All
Example
The following command shows IPv6 IS-IS topology information:
ACOS(config)#show ipv6 isis topology

Area (null):
IS-IS paths to level-1 routers
System Id
Metric
0000.0000.0001
--
0000.0000.0002
10
Next-Hop
Interface
SNPA
0000.0000.0002
ethernet 2
001f.a010.a4a6
Next-Hop
Interface
SNPA
0000.0000.0002
ethernet 2
001f.a010.a4a6

System Id
Metric
0000.0000.0001
--
0000.0000.0002
10
show isis counter

Description
Display IS-IS statistics.
Syntax
show isis counter
Mode
All
Example
The following command shows IS-IS counters:
ACOS(config)#show isis counter

Area (null):
IS-IS Level-1 isisSystemCounterEntry:
isisSysStatCorrLSPs: 0
isisSysStatAuthTypeFails: 0
isisSysStatAuthFails: 0
isisSysStatLSPDbaseOloads: 0
isisSysStatManAddrDropFromAreas: 0

IS-IS Show Commands
isisSysStatAttmptToExMaxSeqNums: 0
isisSysStatSeqNumSkips: 0
isisSysStatOwnLSPPurges: 0
isisSysStatIDFieldLenMismatches: 0
isisSysStatMaxAreaAddrMismatches: 0
isisSysStatPartChanges: 0
isisSysStatSPFRuns: 4
IS-IS Level-2 isisSystemCounterEntry:
isisSysStatCorrLSPs: 0
isisSysStatAuthTypeFails: 0
isisSysStatAuthFails: 0
isisSysStatLSPDbaseOloads: 0
isisSysStatManAddrDropFromAreas: 0
isisSysStatAttmptToExMaxSeqNums: 0
isisSysStatSeqNumSkips: 0
isisSysStatOwnLSPPurges: 0
isisSysStatIDFieldLenMismatches: 0
isisSysStatMaxAreaAddrMismatches: 0
isisSysStatPartChanges: 0
isisSysStatSPFRuns: 3

Description
Display the IS-IS database entries.
Syntax

[lspid]

IS-IS Show Commands
[detail | verbose]
[l1 | l2 | level-1 | level-2]
Parameter
Description
tag
Specifies the IS-IS tag (area). If you do not specify a tag value, database
entries for all areas is displayed.
lspid
Specifies the ID of a specific LSP to display.
detail
Displays detailed contents of the LSPs. Without this option, summary

information is displayed.
verbose
Displays verbose database information.
l1 |
l2 |
level-1 |
level-2
Specifies the IS-IS routing level for which to display database entries.
Mode
All
Example
The following command shows the IS-IS database:
ACOS(config)#show isis database

IS-IS Level-1 Link State Database:
LSPID
LSP Checksum
LSP Holdtime
ATT/P/OL
0000.0000.0001.00-00* 0x00000007
LSP Seq Num
0x8223
857
0/0/0
0000.0000.0002.00-00
0x00000007
0x0F96
865
0/0/0
0000.0000.0002.02-00
0x00000004
0x01D4
865
0/0/0
LSP Checksum
LSP Holdtime
ATT/P/OL
0000.0000.0001.00-00* 0x00000003
0x77F4
884
0/0/0
0000.0000.0002.00-00
0x00000003
0x640A
879
0/0/0
0000.0000.0002.02-00
0x00000001
0x07D1
853
0/0/0
IS-IS Level-2 Link State Database:

LSPID
LSP Seq Num
show isis interface

Description
Display IS-IS information for interfaces.
Syntax
show isis interface

[
counter |
ethernet port-num |
lif num |
loopback num |
trunk num |

IS-IS Show Commands
ve ve-num
}
Parameter
Description
counter
Displays IS-IS interface status information and statistics.
ethernet port-num
Displays IS-IS information for the specified Ethernet data port.
lif num
Displays IS-IS information for the specified logical interface.
loopback num
Displays IS-IS information for the specified loopback interface.
trunk num
Displays IS-IS information for the specified trunk interface.
ve ve-num
Displays IS-IS information for the specified VE interface.
Mode
All
Example
The following command shows IS-IS interface information:
ACOS(config)#show isis interface

Routing Protocol: IS-IS ((null))
Network Type: Broadcast
Circuit Type: level-1-2
Local circuit ID: 0x01
Extended Local circuit ID: 0x00000005
Local SNPA: 001f.a002.5bc9
MTU: 1500 (Jumbo enabled)
IP interface address:
12.0.0.1/24
IPv6 interface address:
3000::1/64
fe80::21f:a0ff:fe02:5bc9/64
Level-1 Metric: 10/10, Priority: 64, Circuit ID: 0000.0000.0002.02
Number of active level-1 adjacencies: 1
Next IS-IS LAN Level-1 Hello in 4 seconds
Routing Protocol: IS-IS ((null))
Network Type: Broadcast
Circuit Type: level-1-2
Local circuit ID: 0x02
Extended Local circuit ID: 0x0000000B
Local SNPA: 001f.a002.5bcc
MTU: 1500 (Jumbo enabled)
IP interface address:

IS-IS Show Commands
1.0.3.1/24
IPv6 interface address:
3ff3::1/64
fe80::21f:a0ff:fe02:5bcc/64
show isis [tag] topology

Description
Display IPv4 IS-IS topology information.
Syntax
show isis topology [l1 | l2 | level-1 | level-2]
You can specify one of l1, l2, level-1, or level-2 as the IS-IS routing level for which to
display topology information.
Default
level-1
Usage
All
Example
The following command shows IPv4 IS-IS topology information:
ACOS(config)#show isis topology

Area (null):
System Id
Metric
0000.0000.0001
--
0000.0000.0002
10
Next-Hop
Interface
SNPA
0000.0000.0002
ethernet 2
001f.a010.a4a6
Next-Hop
Interface
SNPA
0000.0000.0002
ethernet 2
001f.a010.a4a6

System Id
Metric
0000.0000.0001
--
0000.0000.0002
10
ACOS(config)#
Config Commands: Router BGP
This chapter describes the syntax for the Border Gateway Protocol (BGP) commands. The commands are described in the following sections:
Enabling BGP on page 182
BGP Configuration Commands on page 183
BGP Show Commands on page 213
BGP Clear Commands on page 226

Enabling BGP
Enabling BGP
To enable BGP on the ACOS device:
1. Enable the protocol and specify the Autonomous System (AS) number, using the following command at the global
configuration level of the CLI:
router bgp AS-num
The AS-num specifies the Autonomous System Number (ASN), which can be 1-4294967295. The ACOS device supports
configuration of one local AS.
2. Specify the ACOS devices BGP router ID:
bgp router-id ipaddr
NOTE:
It is strongly recommended to manually set a unique BGP router ID for each BGP
instance within the ACOS device's partitions.
3. Specify each of the ACOS devices neighbor (peer) BGP routers:

neighbor neighbor-id remote-as AS-num
NOTE:
use on the ACOS device, to prevent router ID changes caused by VRRP-A failover. If you
do not explicitly configure the ACOS devices BGP router ID, BGP sessions may become
reset whenever there is an interface state change.

BGP Configuration Commands

The commands in this section apply globally to the BGP process running on the ACOS device.
The following sections are included:
Commands at the Global Configuration Level
Commands at the BGP Router Configuration Level
Commands at the Global Configuration Level

The commands in this section are available at the global configuration level of the CLI:
bgp disable-advertisement
bgp extended-asn-cap
bgp nexthop-trigger
bgp disable-advertisement
Description
Disable BGP advertisement. This change only takes affect when the ACOS device is rebooted.
Syntax
[no] bgp disable-advertisement on-boot
Mode
Global configuration
bgp extended-asn-cap
Description
Enable the ACOS device to send 4-octet BGP Autonomous System Number (ASN) capabilities.
Syntax
[no] bgp extended-asn-cap
Default
Disabled; 2-octet ASN capabilities are enabled instead.
Mode
Configuration mode

bgp nexthop-trigger
Description
Configure BGP nexthop tracking.
Syntax
[no] bgp nexthop-trigger {delay seconds | enable}
Parameter
Description
seconds
Specifies the how long BGP waits before walking the full BGP table to
determine which prefixes are affected by the nexthop changes, after
receiving a trigger about nexthop changes. You can specify 1-100 seconds.
enable
Enables nexthop tracking.
Default
BGP nexthop tracking is disabled by default. When you enable it, the default delay is 5 seconds.
Mode
Configuration mode
Commands at the BGP Router Configuration Level

The commands in this section are available at the configuration level for the BGP routing process for an AS.
To access the BGP router configuration level, use the router bgp command at the global configuration level of the CLI:
ACOS(config)#router bgp 100
ACOS(config-bgp:100)#
The following commands are available:

address-family
aggregate-address
auto-summary
bgp always-compare-med
bgp bestpath
bgp dampening
bgp default
bgp deterministic-med
bgp enforce-first-as
bgp fast-external-failover
bgp log-neighbor-changes
bgp nexthop-trigger-count

bgp router-id
bgp scan-time
distance
maximum-paths
neighbor neighbor-id activate
neighbor neighbor-id advertisement-interval
neighbor neighbor-id allowas-in
neighbor neighbor-id as-origination-interval
neighbor neighbor-id capability
neighbor neighbor-id collide-established
neighbor neighbor-id default-originate
neighbor neighbor-id description
neighbor neighbor-id disallow-infinite-holdtime
neighbor neighbor-id distribute-list
neighbor neighbor-id dont-capability-negotiate
neighbor neighbor-id ebgp-multihop
neighbor neighbor-id enforce-multihop
neighbor neighbor-id fall-over
neighbor neighbor-id filter-list
neighbor neighbor-id maximum-prefix
neighbor neighbor-id next-hop-self
neighbor neighbor-id override-capability
neighbor neighbor-id passive
neighbor neighbor-id password
neighbor neighbor-id peer-group
neighbor neighbor-id prefix-list
neighbor neighbor-id remote-as
neighbor neighbor-id remove-private-as
neighbor neighbor-id route-map
neighbor neighbor-id send-community

neighbor neighbor-id shutdown
neighbor neighbor-id soft-reconfiguration
neighbor neighbor-id strict-capability-match
neighbor neighbor-id timers
neighbor neighbor-id unsuppress-map
neighbor neighbor-id update-source
neighbor neighbor-id weight
network
redistribute
synchronization
timers
address-family
Description
Configure address family parameters.
Syntax
[no] address-family ivp6
This command changes the CLI to a new configuration level where the following commands
are available.
Command
Description
[no] aggregate-address options
See aggregate-address on page 188.
[no] auto-summary
See auto-summary on page 188.
[no] bgp dampening options
See bgp dampening on page 189.
See default-information originate on page 192.
[no] distance
See distance on page 192.
[no] exit-address-family
Exits the address-family configuration level.
[no] maximum-paths
See maximum-paths on page 193.

Command
Description
[no] neighbor options
The following neighbor commands are supported under the addressfamily configuration level:

[no] network options
See network on page 210.
[no] redistribute options
See redistribute on page 211.
Default
None
Mode
BGP

aggregate-address
Description
Configure an aggregate address.
Syntax
[no] aggregate-address ipaddr/mask-length [as-set] [summary-only]
Parameter
Description
ipaddr/mask-length
If you are using this command at the BGP configuration

level, specify an IPv4 aggregate network address.
If you are using the command at the address-family configuration level, you must specify an IPv6 IP aggregate network address.
as-set
Generates AS set path information.
summary-only
Filters more specific routes from updates.
Default
None
Mode
BGP or address-family
auto-summary
Description
Enable sending of summarized routes to BGP peers.
Syntax
[no] auto-summary
Default
Disabled
Mode
BGP
bgp always-compare-med
Description
Enable comparison of the Multi Exit Discriminators (MEDs) for paths from neighbors in different ASs.
Syntax
[no] bgp always-compare-med
Default
Disabled. By default, MED comparison is done only among paths from the same AS.
Mode
BGP

bgp bestpath
Description
Configure options to select the best of multiple paths for a route.
Syntax
[no] bgp bestpath {as-path [ignore] | compare-routerid}
Parameter
Description
as-path
Use the AS path when selecting the best path for a route.
AS path consideration is enabled by default.
ignore
Ignore the AS path when selecting the best path for a route.
comparerouterid
Enables comparison of router IDs when comparing identical routes

received from different neighbors. In this case, the route from the
neighbor with the lowest route ID is selected.
By default, BGP receives routes with identical eBGP paths from eBGP
peers and selects the first route received as the best path.
Mode
BGP
bgp dampening
Description
Configure the BGP response to route flapping, to minimize network disruption.
Syntax
[no] bgp dampening {dampening-options | route-map
Parameter
Description
dampening-options
Configures the dampening options:
map-name}
reachability-half-lifeSpecifies the reachability half-life, which is the time it

takes the penalty to decrease to one-half of its current value. You can specify 1-45 minutes.
The default is 15 minutes.
reuse-startSpecifies the reuse limit value. When the penalty for a suppressed route
decays below the reuse value, the routes become unsuppressed. You can specify 1-20000.
The default is 750.
suppress-startSpecifies the suppress limit value. When the penalty for a route
exceeds the suppress value, the route is suppressed. You can specify 1-20000.
The default is 2000.
max-suppress-durationSpecifies the maximum time that a dampened route is
suppressed. You can specify 1-255 minutes.
The default is 60 minutes (4 times the half-life time).
map-name
Applies the dampening settings only to routes that match the specified route map.
Default
See descriptions.
Mode
BGP

bgp default
Description
Change BGP default settings.
Syntax
[no] bgp default {ipv4-unicast | local-preference num}
Parameter
Description
ipv4-unicast
Activates IPv4 unicast for communication with peers.

By default, this is enabled.
num
Specifies the local preference value for routes. You can specify 04294967295.
The default is 100.
Default
See descriptions.
Mode
BGP
bgp deterministic-med
Description
Enable comparison of the Multi Exit Discriminator (MED) values during selection of a route
among routes advertised by different peers in the same AS.
Syntax
[no] bgp deterministic-med
Default
Disabled
Mode
BGP
bgp enforce-first-as
Description
Enable the ACOS device to deny any updates received from an external neighbor that do not
have the neighbors configured AS at the beginning of the AS_PATH.
Syntax
[no] bgp enforce-first-as
Default
Enabled
Mode
BGP

bgp fast-external-failover
Description
Enable immediate reset of a BGP session if the interface used for the BGP connection goes
down.
Syntax
[no] bgp fast-external-failover
Default
Enabled
Mode
BGP
bgp log-neighbor-changes
Description
Enable logging of status change messages without enabling BGP debugging.
Syntax
[no] bgp log-neighbor-changes
Default
Disabled
Mode
BGP
bgp nexthop-trigger-count
Description
Configure display of BGP nexthop-tracking status.
Syntax
[no] bgp nexthop-trigger-count num
Mode
Parameter
Description
num
Count value (0-127).
BGP
bgp router-id
Description
Configure the router ID.
Syntax
[no] bgp router-id ipaddr
Default
Parameter
Description
ipaddr
IPv4 address.
If a loopback interface is configured, the router ID is set to the IP address of the loopback
interface. If there are multiple loopback interfaces, the loopback interface with the highest
numbered IP address is used.

If there are no loopback interfaces, the interface with the highest numbered IP address is
used.
Mode
BGP
bgp scan-time
Description
Set the interval for BGP route next-hop scanning.
Syntax
[no] bgp scan-time seconds
Parameter
Description
seconds
Amount of time between scans, in seconds (0-60 seconds).
Default
60
Mode
BGP
Description
Enable advertisement of the default route in packets sent by this BGP instance.
A valid default route must exist and be verified to complete this configuration or the default
route will not be advertised
Syntax
Default
Disabled
Mode
BGP
distance
Description
Configure the administrative distance for BGP. The administrative distance is a rating of trustworthiness of the BGP process relative to other routing processes running on the ACOS
device. The greater the distance, the lower the trust rating.
Syntax
[no] distance
{
admin-distance ipaddr/mask-length [acl-id] |

bgp external internal local
}
Parameter
Description
admin-distance
ipaddr/mask-length
[acl-id]
Overrides the configured administrative distance for specific prefixes.

The acl-id option specifies an ACL that matches on the routes for which to override
the default administrative distance. If you do not use this option, the distance is
applied to all IPv4 BGP routes.
NOTE: This option is not available if you are configuring the distance at the
address-family configuration level.
external Specifies the administrative distance (1-255) for BGP routes learned
from another AS.
The default external administrative distance is 20.
bgp
external internal local
internal Specifies the administrative distance (1-255)for BGP routes learned

from a neighbor within the same AS.
The default internal administrative distance is 200.
local Specifies the administrative distance (1-255) for BGP routes redistributed
from another route source on this ACOS device.
The default local administrative distance is 200.
Default
See descriptions.
Mode
BGP
maximum-paths
Description
Syntax
Specify the maximum number of ECMP paths to a given route destination allowed for BGP:
[no] maximum-paths path-num
Parameter
Description
num
Maximum number of paths to a given destination. You can specify 1-10.
Default
1. BGP will install the single best ECMP route into the FIB used by the ACOS device to forward
traffic.
Mode
BGP


Description
Enable the exchange of address family routes with a neighboring BGP router.
Syntax
[no] neighbor neighbor-id activate
Parameter
Description
neighbor-id
ID of the neighbor, which can be one of the following types of values:

IPv4 address.
IPv6 address.
Name of a peer group.
Default
N/A
Mode
BGP
Usage
After the TCP connection is opened with the neighbor, use this command to enable or disable the exchange of address family information with the neighboring router.

Description
Configure the minimum interval between transmission of BGP route updates to a neighbor.
Syntax
[no] neighbor neighbor-id advertisement-interval seconds
Parameter
Description
neighbor-id

IPv4 address.
IPv6 address.
seconds
Default
Minimum interval between route updates. You can specify 0-600 seconds.
The advertisement interval has the following default settings:

eBGP 30 seconds
iBGP 5 seconds
Mode
BGP


Description
Allow re-advertisement of all prefixes containing duplicate AS numbers.
Syntax
[no] neighbor neighbor-id allowas-in [occurrences]
Parameter
Description
neighbor-id

IPv4 address.
IPv6 address.
occurrences
Default
Disabled
Mode
BGP
Maximum number of occurrences of a given AS number. You can

specify 1-10.

Description
Configure the interval between transmission of AS origination route updates.
Syntax
[no] neighbor neighbor-id as-origination-interval seconds
Parameter
Description
neighbor-id

IPv4 address.
IPv6 address.
seconds
Default
15 seconds
Mode
BGP
Time between AS origination route updates. You can specify 1-600

seconds.


Description
Configure capability settings for the ACOS devices BGP communication with a neighbor.
Syntax
[no] neighbor neighbor-id capability

{dynamic | orf prefix-list {both | receive | send} | route-refresh}
Parameter
Description
neighbor-id

IPv4 address.
IPv6 address.
dynamic
Enables the ACOS device to advertise or withdraw an address family capability with
the neighbor, without bringing down the BGP session with the peer.
orf prefix-list
{both | receive | send}
Enables Outbound Router Filtering (ORF) and advertises the ACOS devices ORF capability to the neighbor.
both ACOS device can send ORF entries to the neighbor, as well as receive ORF
entries from the neighbor.
receive ACOS device can receive ORF entries from the neighbor, but can not
send ORF entries to the neighbor.
send ACOS device can send ORF entries to the neighbor, but can not receive
ORF entries from the neighbor.
Enables advertisement of route-refresh capability to the neighbor. When this option is
enabled, the ACOS device can dynamically request the neighbor to re-advertise its
Adj-RIB-Out.
route-refresh
Default
None. (This assumes that the neighbor has no special capabilities or functions.)
Mode
BGP
Usage
BGP neighbors exchange ORFs reduce the number of updates exchanged between neighbors. By filtering updates, this option minimizes generating and processing of updates.
The local router (ACOS device) advertises the ORF capability in send mode, and the remote
router receives the ORF capability in receive mode applying the filter as outbound policy.
The two routers exchange updates to maintain the ORF for each router. Only an individual
router or a peer group can be configured to be in receive or send mode. A peer-group
member cannot be configured to be in receive or send mode.

Description
Include the neighbor, if already in TCP established state, in conflict resolution if a TCP connection collision is detected.
Syntax
[no] neighbor neighbor-id collide-established
Replace neighbor-id with the ID of the neighbor, which can be one of the following types of
values:

ipv4ipaddr IPv4 address.
ipv6addr IPv6 address.
tag Name of a peer group.
Default
Use this command only if necessary. Generally, the command is not required.
Inclusion of a neighbor with an established TCP connection into resolution of TCP
connection collision conflicts is automatically enabled when the neighbor is configured for
BGP graceful-restart.
Mode
BGP

Description
Enable transmission of a default route (0.0.0.0) to a neighbor.
Syntax
[no] neighbor neighbor-id default-originate [route-map map-name]
Parameter
Description
neighbor-id

IPv4 address.
IPv6 address.
map-name
Default
Disabled
Mode
BGP
Route map that specifies the nexthop IP address.

Description
Configure a description for a neighbor.
Syntax
[no] neighbor neighbor-id description string [string ...]
Parameter
Description
neighbor-id

IPv4 address.
IPv6 address.
string
Default
None
Mode
BGP
String that describes the neighbor (up to 80 characters).


Description
Disallow a neighbor to set the holdtime to infinite (0 seconds).
Syntax
[no] neighbor neighbor-id disallow-infinite-holdtime
values:
ipv4ipaddr IPv4 address.
ipv6addr IPv6 address.
tag Name of a peer group.
Default
Disabled. Infinite holdtime is allowed.
Mode
BGP

Description
Filter route updates to or from a neighbor.
Syntax
[no] neighbor neighbor-id distribute-list ip-access-list {in | out}
Parameter
Description
neighbor-id

IPv4 address.
IPv6 address.
ip-access-list
Time between AS origination route updates. You can specify 1-600

seconds.
in | out
Specifies the update direction to filter:

in Updates received from the neighbor are filtered.
out Updates sent to the neighbor are filtered before transmission.
Default
None. By default, updates are not filtered.
Mode
BGP


Description
Disable capability negotiation with a neighbor.
Syntax
[no] neighbor neighbor-id dont-capability-negotiate
values:
ipv4ipaddr IPv4 address
ipv6addr IPv6 address
tag Name of a peer group
Default
Capability negotiation is enabled by default.
Mode
BGP

Description
Allow BGP connections with external peers on indirectly connected networks.
Syntax
[no] neighbor neighbor-id ebgp-multihop [count]
Parameter
Description
neighbor
The IPv4 or IPv6 address of the neighbor router, or the router tag (1128 characters).
count
The maximum hop count to reach the neighbor (1-255).

If no count is specified, the default hop count is 1.
Replace count with the maximum number of hops allowed, 1-255.
Default
Disabled by default.
Mode
BGP

Description
Enforce eBGP neighbors to perform multihop.
Syntax
[no] neighbor neighbor-id enforce-multihop
Default
Enabled
Mode
BGP


Description
Enable neighbor fall-over detection.
Syntax
[no] neighbor neighbor-id fall-over bfd
Mode
BGP

Description
Filter route updates to or from a neighbor based on AS path.
Syntax
[no] neighbor neighbor-id filter-list

AS-path-access-list {in | out}
Parameter
Description
neighbor-id
ID of the neighbor, which can be one of the following

types of values:
IPv4 address.
IPv6 address.
AS-path-access-list
AS path list. To configure an AS path list, use the following

command at the global configuration level of the CLI:
ip as-path access-list
in | out

out Updates sent to the neighbor are filtered before
transmission.
Default
None. By default, updates are not filtered.
Mode
BGP

Description
Configure the maximum number of network prefixes that can be received in route updates
from a neighbor.
NOTE:
The actual maximum number of prefixes that can be configured varies depending
on the platform.

Syntax
[no] neighbor neighbor-id maximum-prefix num [threshold]
Parameter
Description
neighbor-id
ID of the neighbor, which can be one of the following types of

values:
IPv4 address.
IPv6 address.
num
Maximum number of prefixes allowed. You can specify 1-65536.

The default is 128.
threshold
Percentage of the allowed maximum at which a warning message

is generated. You can specify 1-100.
The default is 75 percent.
Default
See descriptions.
Mode
BGP
Usage
If the maximum is reached, the ACOS device brings down the BGP session with the peer.

Description
Configure the ACOS device as the BGP next hop for a neighbor.
Syntax
[no] neighbor neighbor-id next-hop-self
Parameter
Description
neighbor-id

IPv4 address.
IPv6 address.
Default
Disabled
Mode
BGP


Description
Override the results of capability negotiation with a neighbor.
Syntax
[no] neighbor neighbor-id override-capability
Parameter
Description
neighbor-id

IPv4 address.
IPv6 address.
Default
Disabled
Mode
BGP

Description
Do not initiate a TCP connection with the specified neighbor, but allow the neighbor to initiate a TCP connection with the ACOS device. Once the connection is up, BGP will work over
the connection.
Syntax
[no] neighbor neighbor-id passive
Parameter
Description
neighbor-id

IPv4 address.
IPv6 address.
Default
Disabled
Mode
BGP


Description
Enable MD5 authentication for sessions with a BGP neighbor.
Syntax
[no] neighbor neighbor-id password encrypted string
Parameter
Description
neighbor-id

IPv4 address.
IPv6 address.
string
The string can be up to 80 characters long. The string can include the
printable ASCII characters, which are [0-9], [a-z], and [A-Z] and are fully
defined by hexadecimal value range 0x20-0x7e. The string can not
begin with a blank space, and can not contain any of the following
special characters: ' " < > & \ / ?
The password string is encrypted when viewing the the running-config and startup-config output.
Default
Disabled
Mode
BGP
Usage
Message Digest 5 (MD5) authentication of TCP segments (as introduced in RFC 2385), provides protection of BGP sessions via the TCP MD5 Signature Option. This feature is enabled
on a per-neighbor basis for the individual BGP peer configuration, and a password is
required. The password must be the same on the ACOS device and on the peer (BGP neighbor).
Example
The following command enables MD5 for the connection with eBGP neighbor 10.10.10.22:
ACOS(config-bgp:123)# neighbor 10.10.10.22 password 1234567890abcde


Description
Add the ACOS device to a BGP peer group.
Syntax
[no] neighbor neighbor-id peer-group group-name
Parameter
Description
neighbor-id

IPv4 address.
IPv6 address.
group-name
Default
None
Mode
BGP
Name of the peer group.

Description
Use a prefix list to filter route updates to or from a neighbor.
Syntax
[no] neighbor neighbor-id prefix-list list-name {in | out}
Parameter
Description
neighbor-id

IPv4 address.
IPv6 address.
list-name
Name of the prefix list.
in | out

out Updates sent to the neighbor are filtered before transmission.
Default
By default, updates are not filtered.
Mode
BGP
Usage
Filtering by prefix list matches the prefixes of routes with those listed in the prefix list. If there
is a match, the route is used. An empty prefix list permits all prefixes. If a given prefix does not
match any entries of a prefix list, the route is denied access. When multiple entries of a prefix
list match a prefix, the entry with the smallest sequence number is considered to be a real
match.

The ACOS device begins the search at the top of the prefix list, with rule sequence number 1.
Once a match or deny occurs, the ACOS device does not need to go through the rest of the
prefix list. For efficiency the most common matches or denies are listed at the top.
The neighbor distribute-list command is an alternative to the neighbor prefix-list
command. Only one of these commands can be used for filtering to the same neighbor in
any direction.

Description
Configure an internal or external BGP (iBGP or eBGP) TCP session with another router.
Syntax
[no] neighbor neighbor-id remote-as AS-num
Parameter
Description
neighbor-id
ID of the neighbor, which can be one of the following types

of values:
IPv4 address.
IPv6 address.
Neighbors AS number.
AS_num
NOTE:
AS number 23456 is a reserved 2-octet AS number. An old BGP speaker (2-byte

implementation) should be configured with 23456 as its remote AS number while
peering with a non-mappable new BGP speaker (4-byte implementation).
Default
None
Mode
BGP

Description
Remove the private AS number from outbound updates.
Syntax
[no] neighbor neighbor-id remove-private-as
Parameter
Description
neighbor-id

IPv4 address.
IPv6 address.
Default
Disabled
Mode
BGP


Description
Apply a route map to incoming or outgoing routes.
Syntax
[no] neighbor neighbor-id route-map map-name {in | out}
Parameter
Description
neighbor-id

IPv4 address.
IPv6 address.
map-name
Name of the route map.
in | out
Specifies the traffic direction to which to apply the route map:

in The route map is applied to routes received from the neighbor.
out The route map is applied to routes sent to the neighbor.
Default
None
Mode
BGP

Description
Send community attributes to a neighbor.
Syntax
[no] neighbor neighbor-id send-community

[both | none | extended | standard]
Parameter
Description
neighbor-id

IPv4 address.
IPv6 address.
both
Sends both standard and extended community attributes.
none
Disable community attributes from being sent.
extended
Sends only extended community attributes.
standard
Sends only standard community attributes.
Default
By default, both standard and extended community attributes are sent to a neighbor. To
explicitly send only the standard or extended community attribute, run the bgp configtype command with the standard parameter, before running this command.
Mode
BGP

Usage
The community attribute groups destinations in a certain community and applies routing
decisions according to those communities. Upon receiving community attributes, the ACOS
device re-announces them to the neighbor.
Usage
To prevent community attributes from being re-announced to the neighbor, use the no
form of this command.

Description
Disable a neighbor.
Syntax
[no] neighbor neighbor-id shutdown
Parameter
Description
neighbor-id

IPv4 address.
IPv6 address.
Default
None
Mode
BGP
Usage
This command shuts down any active session for the specified neighbor and clears all
related routing data.

Description
Configure the ACOS device to begin storing updates, without any consideration of the
applied route policy.
Syntax
[no] neighbor neighbor-id soft-reconfiguration inbound
Parameter
Description
neighbor-id

IPv4 address.
IPv6 address.
Default
Disabled
Mode
BGP
Usage
Use this command to store updates for inbound soft reconfiguration. Soft-reconfiguration
can be used as an alternative to BGP route refresh capability. Using this command enables
local storage of all the received routes and their attributes. When a soft reset (inbound) is

performed on the neighbor, the locally stored routes are reprocessed according to the
inbound policy. The BGP neighbor connection is not affected.

Description
Close the BGP connection to a neighbor if a capability value does not completely match the
value on the ACOS device.
Syntax
[no] neighbor neighbor-id strict-capability-match
Parameter
Description
neighbor-id

IPv4 address.
IPv6 address.
Default
Enabled
Mode
BGP

Description
Configure the timers for a neighbor.
Syntax
[no] neighbor neighbor-id timers

{interval holdtime | connect seconds}
Parameter
Description
neighbor-id

IPv4 address.
IPv6 address.
interval
Amount of time in seconds between transmission of keepalive messages to the neighbor. You can specify 0-65535 seconds.
The default interval is 60 seconds.
holdtime
maximum amount of time in seconds the ACOS device will wait for a
keepalive message from the neighbor before declaring the neighbor
dead. You can specify 0-65535 seconds.
seconds
Connect timer. You can specify 0-65535 seconds. In ACTIVE state, the
BGP router (ACOS device) will accept an incoming connection request
from the peer before the connect time expires.
The default connect time is 0.

Default
See descriptions.
Mode
BGP

Description
Selectively leak more-specific routes to a neighbor.
Syntax
[no] neighbor neighbor-id unsuppress-map map-name
Parameter
Description
neighbor-id

IPv4 address.
IPv6 address.
map-name
Name of the route map used to select routes to be unsuppressed.
Default
Disabled
Mode
BGP
Usage
When the aggregate-address command is used with the summary-only option, the morespecific routes of the aggregate are suppressed to all neighbors. Use the unsuppress-map
command to selectively leak more-specific routes to a particular neighbor.

Description
Allows BGP sessions to use specific source IP address or interface for TCP connections with a
neighbor.
Syntax
[no] neighbor neighbor-id update-source source
Parameter
Description
neighbor-id

IPv4 address.
IPv6 address.
source
Source IP address or interface name.

NOTE: It is highly recommended to specify an IP address instead of an
interface name. When multiple IP addresses are configured at one
interface, ACOS will choose the lowest IP address as source IP address.
Default
IP address of the outgoing interface to the neighbor.
Mode
BGP


Description
Assign a weight value to routes learned from a neighbor.
Syntax
[no] neighbor neighbor-id weight num
Parameter
Description
neighbor-id

IPv4 address.
IPv6 address.
num
Weight value assigned to routes learned from the neighbor. You can
sepcify 0-65535.
Default
Default weight: 0 (zero)
Mode
BGP
Usage
Use this command to specify a weight value, per address-family, to all routes learned from a
neighbor. The route with the highest weight gets preference when the same prefix is learned
from more than one peer.
Unlike the local-preference attribute, the weight attribute is relevant only to the local
router.
The weights assigned using the set weight command override the weights assigned
using this command.
When the weight is set for a peer group, all members of the peer group will have the same
weight. The command can also be used to assign a different weight to a particular peergroup member. When a separately configured weight of the peer-group member is
unconfigured, its weight will be reset to its peer groups weight.
network
Description
Specify the networks to be advertised by the ACOS devices BGP routing process.
Syntax
[no] network {ipaddr/mask-length | ipaddr [mask network-mask]}

[backdoor]

[community community-list]
[route-map map-name]
Parameter
Description
ipaddr/mask-length | ipaddr
IPv4 Network address and mask.

NOTE: If you are using this command under the
address-family configuration level, you can only
specify an IPv6 address and mask length:
backdoor
Specify a backdoor BGP route.
community community-list
Match the specified BGP community list.
route-map map-name
Route map used to set or modify a value.
Default
None
Mode
BGP
Usage
A unicast network address without a mask is accepted if it falls into the natural boundary of
its class. A class-boundary mask is derived if the address matches its natural class-boundary.
redistribute
Description
Redistribute route information from other sources into BGP.
Syntax
[no] redistribute
{
connected [route-map map-name] |
floating-ip [route-map map-name] |
ip-nat [route-map map-name] |
ip-nat-list [route-map map-name] |
isis [route-map map-name] |
lw4o6 [options] |
nat64 [route-map map-name] |
ospf [route-map map-name] |
rip [route-map map-name] |
static [route-map map-name] |
vip
[only-flagged [route-map map-name] |
only-not-flagged [route-map map-name] |

[route-map map-name]]
}
Parameter
Description
connected [route-map map-name]
Redistributes route information for directly connected networks

into BGP. The route-map option specifies the name of a configured route map.
floating-ip [route-map map-name]
Redistributes route information for floating IP addresses into BGP.

The route-map option specifies the name of a configured route
map.
ip-nat [route-map map-name]
Redistributes routes into BGP for reaching translated NAT

addresses allocated from a pool. The route-map option specifies
the name of a configured route map.
ip-nat-list [route-map map-name]
Redistributes routes into BGP for reaching translated NAT

addresses allocated from a range list. The route-map option
specifies the name of a configured route map.
isis [route-map map-name]
Redistributes route information from Intermediate System to

Intermediate System (IS-IS) into BGP. The route-map option
lw406 [options]
Redistributes routes into BGP for Lightweight 4over6. (This is an

IPv6 Migration feature.)
nat64 [route-map map-name]
Redistributes routes into BGP for Nat64. The route-map option

NOTE: This option is only available for the redistribute command under the address-family configuration level.
ospf [route-map map-name]
Redistributes route information from Open Shortest Path First

(OSPF) into BGP. The route-map option specifies the name of a
configured route map.
static [route-map map-name]
Redistributes routes into BGP for reaching networks through

static routes. The route-map option specifies the name of a configured route map.
vip
[only-flagged [route-map map-name] |
only-not-flagged [route-map map-name] |
[route-map map-name]]
Redistributes routes into BGP for reaching virtual server IP

addresses.
To control which VIPs are redistributed, use one of the following
options:
only-flagged Redistributes only the VIPs on which the
only-not-flagged Redistributes all VIPs except those on
which the redistribution-flagged command is used.
For more information, see the Usage section of this command.
The route-map option specifies the name of a configured route
map.
Default
None

BGP Show Commands
Mode
BGP
synchronization
Description
Enable IGP synchronization of iBGP learned routes.
Syntax
[no] synchronization
Default
Disabled
Mode
BGP
Usage
Enable synchronization if the ACOS device should not advertise routes learned from iBGP
neighbors, unless those routes also are present in an IGP (for example, OSPF). Synchronization may be enabled when all the routers in an AS do not speak BGP and the AS is a transit
for other ASs.
timers
Description
Configure the BGP keepalive and holdtime timer values.
Syntax
[no] timers bgp interval holdtime
Parameter
Description
interval
Specifies the amount of time between transmission of keepalive messages to neighbors. You can specify 0-65535 seconds.
holdtime
Specifies the maximum amount of time the ACOS device will wait for a
keepalive message from a neighbor before declaring the neighbor dead.
You can specify 0-65535 seconds.
Default
The default interval is 30 seconds. The default holdtime is 90 seconds.
Mode
BGP
BGP Show Commands

This section lists the BGP show commands:
show ip bgp ipv4addr
show bgp ipv6addr
show [ip] bgp ipv4 {multicast | unicast}
show bgp ipv4 neighbors
show bgp ipv4 prefix-list

BGP Show Commands
show bgp ipv4 quote-regexp
show bgp ipv4 summary
show bgp ipv6
show bgp nexthop-tracking
show bgp nexthop-tree-details
show ip bgp attribute-info
show ip bgp cidr-only
show [ip] bgp community
show ip bgp community-info
show [ip] bgp community-list
show [ip] bgp dampening
show [ip] bgp filter-list
show [ip] bgp inconsistent-as
show [ip] bgp neighbors
show [ip] bgp paths
show [ip] bgp prefix-list
show [ip] bgp quote-regexp
show [ip] bgp regexp
show [ip] bgp route-map
show ip bgp scan
show [ip] bgp summary
show ip bgp view

BGP Show Commands
show ip bgp ipv4addr

Description
Display BGP network information for IPv4.
Syntax
show ip bgp {ipv4addr | ipv4addr/mask-length [longer-prefixes]}
Parameter
Description
ipv4addr |
IPv4 prefix and mask length.
longer-prefixes
Include prefixes that have a longer mask than the one

specified.
Mode
All
Example
Ths
ACOS#show ip bgp 192.10.23.67

BGP table version is 7, local router ID is 80.80.80.80
Status codes: s suppressed, d damped, h history, * valid, > best, i internal, S Stale
Origin codes: i - IGP, e - EGP,? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
S>i10.70.0.0/24
192.10.23.67
100
0 ?
S>i30.30.30.30/32
192.10.23.67
100
0 ?
S>i63.63.63.1/32
192.10.23.67
100
0 ?
S>i67.67.67.67/32
192.10.23.67
100
0 ?
S>i172.22.10.0/24
192.10.23.67
100
0 ?
S>i192.10.21.0
192.10.23.67
100
0 ?
S>i192.10.23.0
192.10.23.67
100
0 ?
Total number of prefixes 7
show bgp ipv6addr

Description
Display BGP network information for IPv6.
Syntax
show bgp {ipv6addr | ipv6addr/mask-length [longer-prefixes]}
Mode
Parameter
Description
ipv6addr |
IPv6 prefix and mask length.
longer-prefixes
Include prefixes that have a longer mask than the one

specified.
All

BGP Show Commands

Description
Display BGP information for IPv4.
Syntax

[
ipv4addr |
ipv4addr/mask-length |
community [community-number] [exact-match]
[local-AS] [no-advertise] [no-export] |
community-list list-name [exact-match] |
dampening {dampened-paths | flap-statistics | parameters} |
filter-list list-name |
inconsistent-as |
neighbors [ipv4addr | ipv6addr
[advertised-routes | received prefix-filter | received-routes |
routes]] |
paths |
prefix-list list-name |
quote-regexp string |
regexp string [string ...] |
route-map map-name |

BGP Show Commands
summary
]
Parameter
Description
multicast | unicast
Specifies the IPv4 address family for which to display information.
ipv4addr | ipv4addr/mask-length
Network and mask information.
community [community-number]
[options]
Displays routes matching the communities. Enter the community number

in AA:NN format.
exact-match Displays only communities that exactly match.
local-AS Displays only communities that are not sent outside the
local AS.
no-advertise Displays only communities that are not sent advertised to neighbors.
no-export Displays only communities that are not exported to the
next AS.
community-list list-name
[exact-match]
Displays routes matching the specified community list. The exact-match

option displays only the routes that have exactly the same communities.
dampening {options}
Displays route-flap dampening information. You must specify one of the following options:
dampened-paths Displays paths suppressed due to dampening.
flap-statistics Displays flap statistics for routes.
parameters Displays details for configured dampening parameters.
filter-list list-name
Displays routes that match the specified filter list.
inconsistent-as
Displays routes that have inconsistent AS Paths.
neighbors
[ipv4addr | ipv6addr [options]]
Displays detailed information about TCP and BGP neighbor connections.

advertised-routes Displays the routes advertised to a BGP
neighbor.
received prefix-filter Displays all received routes, both
accepted and rejected.
received-routes Displays the received routes from neighbor. To
display all the received routes from the neighbor, configure BGP soft
reconfiguration first.
routes Displays all accepted routes learned from neighbors.
paths
Displays path information.
prefix-list list-name
Displays routes that match the specified prefix list.
quote-regexp string
Displays routes that match the specified AS-path regular expression.

Enclose the regular expression string in double quotation marks (example:
regexp-string-1).
regexp string [string ...]
Displays routes that match the specified AS-path regular expression(s).
route-map map-name
Displays routes that match the specified route map.
summary
Displays a summary of BGP neighbor status.

BGP Show Commands
Mode
All

Description
Display information about IPv4 BGP neighbors.
Syntax

[ipv4addr | ipv6addr
[advertised-routes |
received prefix-filter |
received-routes |
routes]]
Mode
Parameter
Description
ipv4addr | ipv6addr
advertised-routes
Displays the routes advertised to a BGP neighbor.
received
prefix-filter
Displays all received routes, both accepted and rejected.
received-routes
Displays the received routes from neighbor. To display all

the received routes from the neighbor, configure BGP soft
reconfiguration first.
routes
Displays all accepted routes learned from neighbors.
All
show bgp ipv4 prefix-list

Description
Display IPv4 routes that match the specified prefix list.
Syntax
show bgp ipv4 prefix-list list-name
Mode
All
show bgp ipv4 quote-regexp

Description
Display IPv4 routes that match the specified AS-path regular expression. Enclose the regular
expression string in double quotation marks (example: regexp-string-1).
Syntax
show bgp ipv4 quote-regexp string
Mode
All

BGP Show Commands

Description
Display a summary of BGP IPv4 neighbor status.
Syntax
Mode
All
show bgp ipv6

Description
Display BGP information for IPv6.
Syntax
show bgp ipv6

[
ipv6addr |
community [community-number] [options]
[local-AS] [no-advertise] [no-export] |
community-list list-name [exact-match] |
dampening {dampened-paths | flap-statistics | parameters} |
filter-list list-name |
inconsistent-as |
multicast {ipv6addr | ipv6addr/mask-length [longer-prefixes]} |
neighbors [ipv4addr | ipv6addr
[advertised-routes | received prefix-filter | received-routes |
routes]] |
paths |
prefix-list list-name |
quote-regexp string |
regexp string [string ...] |
route-map map-name |
summary |
unicast {ipv6addr | ipv6addr/mask-length [longer-prefixes]} |
view view-name
]
Parameter
Description
ipv6addr |
community
[community-number]
[options]
Displays routes for communities. Enter the community number in AA:NN format.
exact-match Displays only communities that exactly match.
local-AS Displays only communities that are not sent outside the local AS.
no-advertise Displays only communities that are not sent advertised to
neighbors.
no-export Displays only communities that are not exported to the next AS.
community-list list-name
[exact-match]
Displays routes matching the specified community list. The exact-match option
displays only the routes that have exactly the same communities.

BGP Show Commands
Parameter
Description
dampening {options}
displays route-flap dampening information. You must specify one of the following
options:
dampened-paths Displays paths suppressed due to dampening.
flap-statistics Displays flap statistics for routes.
parameters Displays details for configured dampening parameters.
filter-list list-name
Displays routes that match the specified filter list.
inconsistent-as
Displays routes that have inconsistent AS Paths.
multicast {ipv6addr |
[longer-prefixes]}
Displays IPv6 routes for the specified multicast address family.
neighbors
[ipv4addr | ipv6addr
[options]]
Displays detailed information about TCP and BGP neighbor connections. The following options are supported:
The longer-prefixes option includes prefixes that have a longer mask than the
one specified.
advertised-routes Displays the routes advertised to a BGP neighbor.

received prefix-filter Displays all received routes, both accepted and
rejected.
received-routes Displays the received routes from neighbor. To display all
the received routes from the neighbor, configure BGP soft reconfiguration first.
routes Displays all accepted routes learned from neighbors.
paths
Displays BGP path information.
prefix-list list-name
Displays routes that match the specified prefix list.
quote-regexp string
Displays routes that match the specified AS-path regular expression. Enclose the regular expression string in double quotation marks (example: regexp-string-1).
regexp string
[string ...]
Displays routes that match the specified AS-path regular expression(s).
route-map map-name
Displays routes that match the specified route map.
summary
Displays a summary of BGP neighbor status.
unicast {ipv6addr |
[longer-prefixes]}
Displays IPv6 routes for the specified unicast address family. The longer-prefixes
option includes prefixes that have a longer mask than the one specified.
view view-name
Displays neighbors within the specified view.
Mode
All

Description
Display the status of nexthop address tracking.
Syntax
Mode
All

BGP Show Commands

Description
Display nexthop tree details.
Syntax
Mode
All

Description
Display internal attribute hash information.
Syntax
Mode
All

Description
Display routes with non-natural network masks.
Syntax
Mode
All
show [ip] bgp community

Description
Display routes for communities.
Syntax
show [ip] bgp community [community-number]

[exact-match] [local-AS] [no-advertise] [no-export]
Mode
Parameter
Description
community-number
Community number, in AA:NN format.
exact-match
Displays only communities that exactly match.
local-AS
Displays only communities that are not sent outside the local
AS.
no-advertise
Displays only communities that are not sent advertised to

neighbors.
no-export
Displays only communities that are not exported to the next AS.
All

BGP Show Commands

Description
Display all BGP community information.
Syntax
Mode
All
show [ip] bgp community-list

Description
Display routes for a specific community list.
Syntax
show [ip] bgp community-list list-name [exact-match]
Mode
Parameter
Description
list-name
Displays routes matching the specified community list.
exact-match
Displays only the routes that have exactly the same communities.
All

Description
Display route-flap dampening information.
Syntax

{dampened-paths | flap-statistics | parameters}
Mode
Parameter
Description
dampened-paths
Displays paths suppressed due to dampening.
flap-statistics
Displays flap statistics for routes.
parameters
Displays details for configured dampening parameters.
All
show [ip] bgp filter-list

Description
Display routes that match a specific filter list.
Syntax
show [ip] bgp filter-list list-name
Mode
All

BGP Show Commands

Description
Display routes that have inconsistent AS Paths.
Syntax
Mode
All

Description
Display information about BGP neighbors.
Syntax

[
ipv4addr | ipv6addr
[
advertised-routes |
received prefix-filter |
received-routes |
routes |
]
]
Parameter
Description
ipv4addr | ipv6addr
advertised-routes
Displays the routes advertised to a BGP neighbor.
received prefix-filter
Displays all received routes, both accepted and rejected.
received-routes
Displays the received routes from neighbor. To display all the received routes from
the neighbor, configure BGP soft reconfiguration first.
routes
Displays all accepted routes learned from neighbors.
Mode
All
Example
The following example shows output for this command.
AOCS#show ip bgp neighbors

BGP neighbor is 192.10.23.67, remote AS 1, local AS 1, internal link
BGP version 4, remote router ID 172.22.10.10
BGP state = Established, up for 00:00:22
Last read 00:00:22, hold time is 240, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received (old and new)
Address family IPv4 Unicast: advertised and received
Received 3 messages, 0 notifications, 0 in queue
Sent 3 messages, 0 notifications, 0 in queue
Route refresh request: received 0, sent 0
Minimum time between advertisement runs is 5 seconds
For address family: IPv4 Unicast

BGP Show Commands
BGP table version 1, neighbor version 1
Index 1, Offset 0, Mask 0x2
AF-dependant capabilities:
Graceful restart: advertised, received
Community attribute sent to this neighbor (both)
0 accepted prefixes
0 announced prefixes
Connections established 1; dropped 0
Graceful-restart Status:
Remote restart-time is 120 sec
Local host: 192.10.23.80, Local port: 33837
Foreign host: 192.10.23.67, Foreign port: 179
Nexthop: 192.10.23.80
Nexthop global: 1111::80
Nexthop local: fe80::203:47ff:fe97:bb79
BGP connection: non shared network

Description
Use this command to display BGP nexthop-tracking status
Syntax
Mode
All

Description
Use this command to display BGP nexthop-tree details.
Syntax
Mode
All
show [ip] bgp paths

Description
Display BGP path information.
Syntax
show [ip] bgp paths
Mode
All

BGP Show Commands
show [ip] bgp prefix-list

Description
Display routes that match a specific prefix list.
Syntax
show [ip] bgp prefix-list list-name
Mode
All
show [ip] bgp quote-regexp

Description
Display routes that match the specified AS-path regular expression. Enclose the regular
expression string in double quotation marks (example: regexp-string-1).
Syntax
show [ip] bgp quote-regexp string
Mode
All
show [ip] bgp regexp

Description
Display routes that match the specified AS-path regular expression(s).
Syntax
show [ip] bgp regexp string [string ...]
Mode
All
show [ip] bgp route-map

Description
Display routes that match the specified route map.
Syntax
show [ip] bgp route-map map-name
Mode
All
show ip bgp scan

Description
Display BGP scan status.
Syntax
show ip bgp scan
Mode
All
Example
Below is an example output for this command.

ACOS#show ip bgp scan
BGP scan is running
BGP scan interval is 60
BGP instance: AS is 11,DEFAULT
Current BGP nexthop cache:
BGP connected route:

BGP Clear Commands
10.10.10.0/24
10.10.11.0/24

Description
Display a summary of BGP neighbor status.
Syntax
Mode
All
show ip bgp view

Description
Display neighbors of a specific view.
Syntax
show ip bgp view view-name

[
ipv4addr |
ipv4 {multicast | unicast} summary |
neighbors [ipv4addr | ipv6addr] |
summary
]
Parameter
Description
view-name
Name of the view.
ipv4addr | ipv4addr/mask-length
Prefix and mask.
ipv4 {multicast | unicast} summary
Displays information for the specified IPv4 address family.
neighbors [ipv4addr | ipv6addr]
Displays information for the specified neighbor.
summary
Displays summary neighbor information.
Mode
All
BGP Clear Commands

This section lists the BGP clear commands.
clear [ip] bgp {* | AS-num}
clear [ip] bgp ipv4addr
clear [ip] bgp external
clear [ip] bgp ipv4

BGP Clear Commands
clear [ip] bgp ipv6
clear [ip] bgp peer-group
clear [ip] bgp view

Description
Reset the BGP connection to all neighbors or a specific neighbor.
Syntax

[in [prefix-filter] | out | soft [in | out]]
Parameter
Description
in [prefix-filter]
Clears incoming advertised routes. The prefix-filter

option pushes out prefix-list outbound routing filters, and
performs inbound soft reconfiguration.
out
Clears outgoing advertised routes.
soft {in | out}
Activates routing policy changes without resetting the BGP

neighbor connection.
in Requests route updates from the specified neighbor.
out Sends route updates to the specified neighbor.
Mode

Description
Reset the BGP connection for a specific IPv4 neighbor.
Syntax

Parameter
Description
in [prefix-filter]

out
soft {in | out}

Mode

BGP Clear Commands

Description
Reset the BGP connection for a specific IPv6 neighbor.
Syntax

Parameter
Description
in [prefix-filter]

out
soft {in | out}

Mode

Description
Reset the BGP connection to external neighbors.
Syntax

Parameter
Description
in [prefix-filter]

out
soft {in | out}

Mode

BGP Clear Commands
clear [ip] bgp ipv4

Description
Reset dampened routes or route-flap statistics counters and history for IPv4.
Syntax
clear [ip] bgp ipv4 {multicast | unicast}

{dampening | flap-statistics}
[ipv4addr | ipv4addr/mask-length]
Mode
Parameter
Description
dampening
Resets dampened routes.
flap-statistics
Resets route-flap statistics and history.
ipv4addr |
Resets dampened routes or route-flap statistics and history

only for the specified IPv4 prefix.
clear [ip] bgp ipv6

Description
Reset dampened routes or route-flap statistics counters and history for IPv6.
Syntax
clear [ip] bgp ipv6 {

unicast {dampening [network] | flap-statistics network} |
{external | peer-group group-name | * | as-num | ipv4addr | ipv6addr}

BGP Clear Commands
}
Parameter
Description
unicast
Resets unicast routes.
external
Clear all external peers.

NOTE: This option is only available with clear bgp ipv6.
Resets all IPv6 dampened routes.
dampening [network]
To reset dampened routes for an specific network, specify either an IPv6 network (for
example, 2003::) or a network length (for example, 2003::/24).
flap-statistics [network]
Resets all IPv6 route-flap statistics and history.

To reset route-flap statistics and history for a specific network, specify either an IPv6
network (for example, 2003::) or a network length (for example, 2003::/24).
peer-group
Clear all members of the specified peer group.
Clear all peers.
as-num
Clear all peers with the specified AS number.
ipv4-addr
Clear the specified IPv4 BGP neighbor.
ipv6-addr
Clear the specified IPv6 BGP neighbor.
in [prefix-filter]
Clears incoming advertised routes. The prefix-filter option pushes out prefixlist outbound routing filters, and performs inbound soft reconfiguration.
out
soft {in | out}
Activates routing policy changes without resetting the BGP neighbor connection.
Mode

BGP Clear Commands
clear [ip] bgp peer-group

Description
Reset the BGP connection to all members of a peer group.
Syntax
clear [ip] bgp peer-group group-name

Parameter
Description
group-name
Clear BGP connections to all members of the specified group.
in [prefix-filter]

out
soft {in | out}

Mode
clear [ip] bgp view

Description
Reset the BGP connection to a specific view.
Syntax
clear [ip] bgp view view-name * [soft [in | out]]
Parameter
Description
view-name
Clear BGP connections to the specified view.
soft {in | out}

For option information, see clear [ip] bgp {* | AS-num} on page 227.
Mode

BGP Clear Commands
[replace this with a Product VAR]Network Configuration Guide
Document No.: 410-NET-001 | 3/29/2016

A10 Thunder Vlan Bridging + VRRP

Uploaded by

Document Informationclick to expand document informationHow to Vlan Bridging using VRRP in A10 Thunder.

Document Informationclick to expand document information

Copyright:

Available Formats

A10 Thunder Vlan Bridging + VRRP

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

A10 Thunder Vlan Bridging + VRRP

Uploaded by

Copyright:

Available Formats

NETWORK CONFIGURATION GUIDE

A10 Thunder Series and AX Series

A10 Networks Inc. Software License and End User Agreement

Layer 2 Networking ....................................................................................................................... 1

Static Trunk Configuration .............................................................................................................................. 7

Dynamic Trunk Configuration ....................................................................................................................... 9

LACP Passthrough ............................................................................................................................................13

Link Layer Discovery Protocol ..............................................................................................................19

page 1 | Document No.: 410-NET-001 - 3/29/2016

A10 Thunder Series and AX SeriesNetwork Configuration Guide

Virtual LAN Support ................................................................................................................................23

VLAN-to-VLAN Bridging .................................................................................................................................26

Layer 3 Networking ....................................................................................................................... 1

Routing Protocols .......................................................................................................................... 1

OSPF Logging ...................................................................................................................................................... 7

Intermediate System to Intermediate System (IS-IS) ...................................................................13

Document No.: 410-NET-001 - 3/29/2016 | page 2

A10 Thunder Series and AX SeriesNetwork Configuration Guide

Border Gateway Protocol (BGP) ..........................................................................................................15

Bidirectional Forwarding Detection ..................................................................................................25

page 3 | Document No.: 410-NET-001 - 3/29/2016

A10 Thunder Series and AX SeriesNetwork Configuration Guide

Enable the Echo Function ........................................................................................................................................................35

Viewing BFD Status..........................................................................................................................................36

Internet Group Multicast Protocol (IGMP) Queries ......................................................................37

Command Line Interface Reference ....................................................................................... 1

Document No.: 410-NET-001 - 3/29/2016 | page 4

A10 Thunder Series and AX SeriesNetwork Configuration Guide

Config Commands: VLAN ......................................................................................................................53

page 5 | Document No.: 410-NET-001 - 3/29/2016

A10 Thunder Series and AX SeriesNetwork Configuration Guide

Config Commands: IP .............................................................................................................................57

Config Commands: IPv6 ........................................................................................................................83

Config Commands: Router RIP .........................................................................................................95

Document No.: 410-NET-001 - 3/29/2016 | page 6

A10 Thunder Series and AX SeriesNetwork Configuration Guide

Enabling RIP for IPv4 .............................................................................................................................................................................95

Interface-level RIP Commands ....................................................................................................................96

IPv6 RIP Configuration Commands......................................................................................................... 107

RIP Show Commands................................................................................................................................... 116

RIP Clear Commands.................................................................................................................................... 119

Config Commands: Router OSPF ................................................................................................. 121

page 7 | Document No.: 410-NET-001 - 3/29/2016

A10 Thunder Series and AX SeriesNetwork Configuration Guide

Configuration Commands Applicable to OSPFv2 Only ................................................................... 135

Configuration Commands Applicable to OSPFv3 Only ................................................................... 146

Config Commands: Router IS-IS ................................................................................................... 159

Document No.: 410-NET-001 - 3/29/2016 | page 8

A10 Thunder Series and AX SeriesNetwork Configuration Guide

IS-IS Show Commands................................................................................................................................. 174

Config Commands: Router BGP .................................................................................................... 181

Commands at the BGP Router Configuration Level ......................................................................................................184

page 9 | Document No.: 410-NET-001 - 3/29/2016

A10 Thunder Series and AX SeriesNetwork Configuration Guide

BGP Show Commands................................................................................................................................. 213

Document No.: 410-NET-001 - 3/29/2016 | page 10

A10 Thunder Series and AX SeriesNetwork Configuration Guide