A10 4.1.4-P1 Net PDF

ACOS 4.1.
4-P1
Network Configuration Guide
for A10 Thunder® Series and AX™ Series
2 April 2018
© 2018 A10 NETWORKS, INC. CONFIDENTIAL AND PROPRIETARY- ALL RIGHTS RESERVED
Information in this document is subject to change without notice.
PATENT PROTECTION
A10 Networks products are protected by patents in the U.S. and elsewhere. The following website is provided to satisfy the virtual patent marking provi-
sions of various jurisdictions including the virtual patent marking provisions of the America Invents Act. A10 Networks' products, including all Thunder
Series products, are protected by one or more of U.S. patents and patents pending listed at:
https://www.a10networks.com/company/legal-notices/a10-virtual-patent-marking
TRADEMARKS
A10 Networks trademarks are listed at:
https://www.a10networks.com/company/legal-notices/a10-trademarks
CONFIDENTIALITY
This document contains confidential materials proprietary to A10 Networks, Inc. This document and information and ideas herein may not be disclosed,
copied, reproduced or distributed to anyone outside A10 Networks, Inc. without prior written consent of A10 Networks, Inc.
A10 NETWORKS INC. SOFTWARE LICENSE AND END USER AGREEMENT

Software for all A10 Networks products contains trade secrets of A10 Networks and its subsidiaries and Customer agrees to treat Software as confidential
information.
Anyone who uses the Software does so only in compliance with the terms of the End User License Agreement (EULA), provided later in this document
or available separately. Customer shall not:
1. reverse engineer, reverse compile, reverse de-assemble or otherwise translate the Software by any means
2. sublicense, rent or lease the Software.
DISCLAIMER
This document does not create any express or implied warranty about A10 Networks or about its products or services, including but not limited to fit-
ness for a particular use and non-infringement. A10 Networks has made reasonable efforts to verify that the information contained herein is accurate,
but A10 Networks assumes no responsibility for its use. All information is provided "as-is." The product specifications and features described in this pub-
lication are based on the latest information available; however, specifications are subject to change without notice, and certain features may not be
available upon initial product release. Contact A10 Networks for current information regarding its products or services. A10 Networks’ products and ser-
vices are subject to A10 Networks’ standard terms and conditions.
ENVIRONMENTAL CONSIDERATIONS
Some electronic components may possibly contain dangerous substances. For information on specific component types, please contact the manufac-
turer of that component. Always consult local authorities for regulations regarding proper disposal of electronic components in your area.
FURTHER INFORMATION
For additional information about A10 products, terms and conditions of delivery, and pricing, contact your nearest A10 Networks location, which can be
found by visiting www.a10networks.com.
Table of Contents
LAYER 2 NETWORKING ...........................................................................................................15
Link Trunking ............................................................................................................................. 17

Overview................................................................................................................................17
Trunk Parameters .................................................................................................................18
Interface-Level Parameters for Trunks .................................................................................................. 18
Port-Threshold Parameters ..................................................................................................................... 19
LACP Parameters ...................................................................................................................................... 19
Global LACP Parameter ..................................................................................................................... 20
Interface-Level LACP Parameters ................................................................................................... 20
Unidirectional Link Detection ............................................................................................................ 22
Static Trunk Configuration...................................................................................................22
Use the GUI to Configure a Static Trunk ............................................................................................... 23
Configure the Trunk ............................................................................................................................ 23
Configuring the Minimum Port Threshold ..................................................................................... 23
Use the CLI to Configure a Static Trunk ................................................................................................ 24
Dynamic Trunk Configuration ..............................................................................................25
Use the GUI to Configure an LACP Trunk ............................................................................................. 25
Configuring the LACP System Priority ............................................................................................ 26
Configuring the Minimum Port Threshold ..................................................................................... 26
Verifying Port Threshold Configuration in the GUI ....................................................................... 26
Use the CLI to Configure an LACP Trunk .............................................................................................. 27
Configuring Each Interface ............................................................................................................... 27
Configuring LACP System Priority ................................................................................................... 28
Configuring Interface-Level Parameters on an LACP Trunk ...................................................... 28
LACP Passthrough ...............................................................................................................29
Configuration .............................................................................................................................................. 31
Displaying LACP Information .................................................................................................................. 32
Clearing LACP Statistics ........................................................................................................................... 34
Link Layer Discovery Protocol .................................................................................................... 35

Overview of LLDP..................................................................................................................35
Configure LLDP.....................................................................................................................36
Use the GUI to Configure LLDP ............................................................................................................... 36
Use the CLI to Configure LLDP ................................................................................................................ 37
Virtual LAN Support ................................................................................................................... 39

VLAN Overview .....................................................................................................................39
page 3
ACOS 4.1.4-P1 Network Configuration Guide for A10 Thunder Series
Contents
Default VLAN (VLAN 1) ............................................................................................................................. 39

Virtual Ethernet Interfaces ....................................................................................................................... 40
Maximum Number of Supported Virtual Ethernet Interfaces ........................................................... 40
Example of Tagged and Untagged Ports .............................................................................................. 40
VLAN-to-VLAN Bridging........................................................................................................42
Overview of VLAN-to-VLAN Bridging ..................................................................................................... 42
VLAN-to-VLAN Bridging Configuration Notes ...................................................................................... 44
VLAN-to-VLAN Bridging Configuration Examples ............................................................................... 45
CLI Example – Transparent Mode .................................................................................................. 45
CLI Example – Routed Mode with VRRP-A ................................................................................... 46
LAYER 3 NETWORKING ...........................................................................................................49
Dynamic Host Configuration Protocol (DHCP) ........................................................................... 51

Overview of DHCP.................................................................................................................51
Enable DHCP.........................................................................................................................52
Configure DHCP Relays........................................................................................................52
Overview of DHCP Relays ........................................................................................................................ 53
Configure DHCP Relays ............................................................................................................................ 53
Use the GUI to Configure a DHCP Relay ........................................................................................ 53
Use the CLI to Configure a DHCP Relay ......................................................................................... 54
ROUTING PROTOCOLS ............................................................................................................57
Open Shortest Path First (OSPF) ................................................................................................ 59

Support for Multiple OSPFv2 and OSPFv3 Processes .......................................................59
Support for OSPFv2 and OSPFv3 on the Same Interface or Link......................................59
OSPF MIB Support................................................................................................................60
OSPF Configuration Example ..............................................................................................60
Interface Configuration ............................................................................................................................. 60
Global OSPF Parameters .......................................................................................................................... 61
Clearing Specific OSPF Neighbors ......................................................................................................... 62
OSPF Logging .......................................................................................................................64
Configuring Router Logging for OSPF ................................................................................................... 64
Enable output options ........................................................................................................................ 64
Set severity level and facility ............................................................................................................. 65
Enable debug options to generate output ..................................................................................... 66
Intermediate System to Intermediate System (IS-IS) ................................................................. 69

Basic IS-IS Example Topology .............................................................................................69
Configuring IS-IS...................................................................................................................70
Verifying Your IS-IS Configuration.......................................................................................71
Border Gateway Protocol (BGP) ................................................................................................. 73
page 4
Contents
BGP Route Redistributions ..................................................................................................73

Using Route Maps to Permit or Deny Updates ...................................................................74
Using Route Maps for Traffic Engineering..........................................................................74
Route Selection Based on Local Preference.......................................................................75
Globally-Enabled Default Route Origination........................................................................77
Equal-Cost Multi-path ECMP Support .................................................................................77
Route-Map High Availability for Interior Gateway Protocols .............................................79
Route-Map High Availability Overview ................................................................................................... 80
VRRP-A VRID Group Matching ................................................................................................................ 80
Bidirectional Forwarding Detection ............................................................................................ 85

BFD Parameters....................................................................................................................86
Configuring BFD ...................................................................................................................86
Static Route Support ................................................................................................................................. 86
Configuring BFD Parameters for BGP ............................................................................................ 87
Displaying BFD Information .............................................................................................................. 88
Disable BFD .......................................................................................................................................... 88
Configure BFD with OSPF (for IPv4) ...................................................................................................... 88
Sample Configuration ........................................................................................................................ 89
Configure BFD with OSPF (for IPv6) ...................................................................................................... 90
Configure BFD with IS-IS (for IPv4) ........................................................................................................ 91
Configure BFD with IS-IS (for IPv6) ........................................................................................................ 92
Configure BFD with BGP .......................................................................................................................... 93
Configuring Static BFD ............................................................................................................................. 94
IPv4 Static BFD (Global) .................................................................................................................... 94
IPv6 Static BFD (Global) .................................................................................................................... 94
IPv6 Static BFD (Link-Local) ............................................................................................................. 95
Configuring BFD Intervals ........................................................................................................................ 95
Global Interval Configuration ............................................................................................................ 95
Interface Interval Configuration ....................................................................................................... 95
Enable Authentication ............................................................................................................................... 96
Authentication Per interface ............................................................................................................. 96
Authentication Per Neighbor (for BGP only) .................................................................................. 96
Enable Echo and Demand function ........................................................................................................ 96
Enable the Echo Function ................................................................................................................. 96
Enable the Echo Function Per Interface ......................................................................................... 96
Enable Demand Mode ........................................................................................................................ 97
Asynchronous Mode .......................................................................................................................... 97
Viewing BFD Status..............................................................................................................97
Internet Group Multicast Protocol (IGMP) Queries ..................................................................... 99

In Routed Mode .................................................................................................................................100
page 5
Contents
In Non-Routed Mode ........................................................................................................................100

Configuring IGMP Membership Queries .............................................................................................100
Use the GUI to Configure IGMP Membership Queries ..............................................................100
Use the CLI to Configure IGMP Membership Queries ...............................................................101
COMMAND LINE INTERFACE REFERENCE .................................................................................103
Config Commands: Interface .................................................................................................... 105

access-list ....................................................................................................................................108
bfd .................................................................................................................................................109
cpu-process .................................................................................................................................110
disable ..........................................................................................................................................110
duplexity .......................................................................................................................................111
enable ...........................................................................................................................................111
flow-control .................................................................................................................................112
icmp-rate-limit ............................................................................................................................. 112
icmpv6-rate-limit ........................................................................................................................ 113
ip address ....................................................................................................................................114
ip address dhcp .......................................................................................................................... 115
ip allow-promiscuous-vip .........................................................................................................116
ip cache-spoofing-port ..............................................................................................................116
ip control-apps-use-mgmt-port ............................................................................................... 116
ip default-gateway .....................................................................................................................117
ip helper-address ........................................................................................................................118
ip igmp ..........................................................................................................................................119
ip nat .............................................................................................................................................122
ip ospf ...........................................................................................................................................123
ip rip authentication ...................................................................................................................125
ip rip receive version ..................................................................................................................126
ip rip receive-packet ...................................................................................................................126
ip rip send version ......................................................................................................................126
ip rip send-packet .......................................................................................................................127
ip rip split-horizon .......................................................................................................................127
ip router isis | ipv6 router isis ...................................................................................................127
ip slb-partition-redirect ..............................................................................................................128
ip stateful-firewall .......................................................................................................................128
ip ttl-ignore ...................................................................................................................................129
ipv6 (on management interface) .............................................................................................129
ipv6 access-list ...........................................................................................................................130
ipv6 address ................................................................................................................................130
ipv6 enable ..................................................................................................................................131
ipv6 nat inside .............................................................................................................................131
ipv6 nat outside ..........................................................................................................................132
ipv6 ndisc router-advertisement .............................................................................................132
ipv6 ospf cost ............................................................................................................................. 135
ipv6 ospf dead-interval ..............................................................................................................135
ipv6 ospf hello-interval ..............................................................................................................136
page 6
Contents
ipv6 ospf mtu-ignore .................................................................................................................136

ipv6 ospf neighbor .....................................................................................................................136
ipv6 ospf network .......................................................................................................................137
ipv6 ospf priority .........................................................................................................................137
ipv6 ospf retransmit-interval ....................................................................................................138
ipv6 ospf transmit-delay ...........................................................................................................138
ipv6 rip split-horizon ..................................................................................................................138
ipv6 router isis ............................................................................................................................139
ipv6 router ospf ..........................................................................................................................139
ipv6 router rip ..............................................................................................................................139
ipv6 stateful-firewall ..................................................................................................................140
ipv6 ttl-ignore ..............................................................................................................................140
isis authentication ......................................................................................................................140
isis bfd ..........................................................................................................................................141
isis circuit-type ............................................................................................................................142
isis csnp-interval ........................................................................................................................142
isis hello .......................................................................................................................................142
isis hello-interval .........................................................................................................................143
isis hello-interval-minimal .........................................................................................................143
isis hello-multiplier .....................................................................................................................144
isis lsp-interval ............................................................................................................................144
isis mesh-group ..........................................................................................................................145
isis metric ....................................................................................................................................145
isis network .................................................................................................................................146
isis password ..............................................................................................................................146
isis priority ...................................................................................................................................147
isis restart-hello-interval ...........................................................................................................148
isis retransmit-interval ..............................................................................................................148
isis wide-metric ...........................................................................................................................149
l3-vlan-fwd-disable .....................................................................................................................149
lldp enable ....................................................................................................................................150
lldp notification ...........................................................................................................................150
lldp tx-dot1-tlvs ...........................................................................................................................150
lldp tx-tlvs .....................................................................................................................................151
load-interval .................................................................................................................................151
lw-4o6 ...........................................................................................................................................152
media-type-copper .....................................................................................................................152
monitor .........................................................................................................................................152
mtu ................................................................................................................................................154
name .............................................................................................................................................154
ports-threshold ........................................................................................................................... 155
remove-vlan-tag .......................................................................................................................... 156
snmp-server ................................................................................................................................ 156
trunk-group ..................................................................................................................................157
Config Commands: VLAN ......................................................................................................... 159

name .............................................................................................................................................159
page 7
Contents
router-interface ...........................................................................................................................160
shared-vlan ..................................................................................................................................161
tagged ...........................................................................................................................................161
untagged ......................................................................................................................................161
Config Commands: IP ............................................................................................................... 163

ip access-list ...............................................................................................................................164
ip address ....................................................................................................................................167
ip anomaly-drop .......................................................................................................................... 169
ip as-path .....................................................................................................................................170
ip community-list .......................................................................................................................170
ip default-gateway ..................................................................................................................... 171
ip dns ............................................................................................................................................172
ip extcommunity-list ..................................................................................................................172
ip frag buff ...................................................................................................................................173
ip frag cpu-threshold .................................................................................................................173
ip frag max-packets-per-reassembly .....................................................................................173
ip frag max-reassembly-sessions ...........................................................................................174
ip frag timeout ............................................................................................................................ 174
ip icmp disable ............................................................................................................................ 174
ip map-list ....................................................................................................................................175
ip mgmt-traffic ............................................................................................................................ 175
ip nat alg pptp ............................................................................................................................. 176
ip nat icmp ...................................................................................................................................177
ip nat inside source ....................................................................................................................178
ip nat pool ....................................................................................................................................179
ip nat pool-group ........................................................................................................................180
ip nat range-list ...........................................................................................................................181
ip nat template logging .............................................................................................................182
ip nat translation ........................................................................................................................ 184
ip nat-global reset-idle-tcp-conn .............................................................................................186
ip prefix-list ..................................................................................................................................186
ip reroute ......................................................................................................................................188
ip route .........................................................................................................................................188
ip tcp syn-cookie threshold ......................................................................................................190
ip-list .............................................................................................................................................190
ipv4-in-ipv6 frag ..........................................................................................................................190
Config Commands: IP Reroute ................................................................................................. 191

suppress-protocols ....................................................................................................................191
Config Commands: IPv6 ........................................................................................................... 193

ipv6 access-list ...........................................................................................................................194
ipv6 address ................................................................................................................................196
ipv6 default-gateway .................................................................................................................196
ipv6 frag timeout ........................................................................................................................197
ipv6 icmpv6 disable ...................................................................................................................198
page 8
Contents
ipv6 nat icmpv6 respond-to-ping ............................................................................................198

ipv6 nat inside source list .........................................................................................................198
ipv6 nat pool ................................................................................................................................199
ipv6 nat pool-group ....................................................................................................................199
ipv6 neighbor ..............................................................................................................................200
ipv6 ospf display route single-line ..........................................................................................201
ipv6 prefix-list sequence-number ............................................................................................201
iv6p reroute .................................................................................................................................202
ipv6 route .....................................................................................................................................202
ipv6-in-ipv4 frag ..........................................................................................................................204
Config Commands: IPv6 Reroute ............................................................................................. 205

suppress-protocols ....................................................................................................................205
Config Commands: Router – RIP ............................................................................................. 207

Enabling RIP....................................................................................................................... 207
Enabling RIP for IPv4 ..............................................................................................................................207
Enabling RIP for IPv6 ..............................................................................................................................208
Interface-level RIP Commands ......................................................................................... 208
IPv4 RIP Configuration Commands.................................................................................. 208
cisco-metric-behavior ................................................................................................................209
default information originate ...................................................................................................209
default-metric ..............................................................................................................................209
distance ........................................................................................................................................210
distribute-list ...............................................................................................................................211
maximum-prefix ......................................................................................................................... 212
neighbor .......................................................................................................................................212
network ........................................................................................................................................213
offset-list ......................................................................................................................................214
passive-interface ........................................................................................................................ 214
recv-buffer-size ........................................................................................................................... 215
redistribute ..................................................................................................................................216
route ..............................................................................................................................................218
timers ............................................................................................................................................218
version ..........................................................................................................................................219
IPv6 RIP Configuration Commands.................................................................................. 220
aggregate-address .....................................................................................................................220
cisco-metric-behavior ................................................................................................................221
default-information originate ...................................................................................................221
default-metric .............................................................................................................................. 221
distribute-list ...............................................................................................................................222
neighbor .......................................................................................................................................224
offset-list ......................................................................................................................................224
recv-buffer-size ........................................................................................................................... 225
redistribute ..................................................................................................................................225
page 9
Contents
route ..............................................................................................................................................227
route-map ....................................................................................................................................228
timers ............................................................................................................................................229
RIP Show Commands........................................................................................................ 229
show ip rip database .................................................................................................................230
show ipv6 rip database .............................................................................................................231
RIP Clear Commands ........................................................................................................ 233
clear ip rip route ..........................................................................................................................233
clear ipv6 rip route .....................................................................................................................233
Config Commands: Router – OSPF .......................................................................................... 235

Enabling OSPF ................................................................................................................... 235
Configuration Commands Applicable to OSPFv2 or OSPFv3 ......................................... 236
area area-id default-cost ...........................................................................................................237
area area-id range ......................................................................................................................238
area area-id stub ........................................................................................................................238
area area-id virtual-link ..............................................................................................................239
auto-cost reference bandwidth ...............................................................................................241
bfd .................................................................................................................................................241
clear ..............................................................................................................................................241
default-metric .............................................................................................................................. 243
distribute-internal ....................................................................................................................... 245
ha-standby-extra-cost ...............................................................................................................247
log-adjacency-changes .............................................................................................................247
max-concurrent-dd ....................................................................................................................248
passive-interface ........................................................................................................................248
redistribute ..................................................................................................................................248
router-id ........................................................................................................................................252
timers spf exp .............................................................................................................................253
Configuration Commands Applicable to OSPFv2 Only ................................................... 253
area area-id authentication ......................................................................................................254
area area-id filter-list ..................................................................................................................255
area area-id multi-area-adjacency ..........................................................................................255
area area-id nssa ........................................................................................................................255
area area-id shortcut .................................................................................................................257
compatible rfc1583 ....................................................................................................................257
distance ........................................................................................................................................258
distribute-list ...............................................................................................................................258
host ipaddr area .........................................................................................................................260
maximum-area ...........................................................................................................................260
neighbor .......................................................................................................................................262
network ........................................................................................................................................262
ospf abr-type ............................................................................................................................... 263
page 10
Contents
ospf router-id ...............................................................................................................................264

overflow database .....................................................................................................................265
summary-address ......................................................................................................................265
Configuration Commands Applicable to OSPFv3 Only ................................................... 266
OSPF Show Commands .................................................................................................... 266
show {ip | ipv6} ospf ...................................................................................................................267
show ip ospf border-routers ....................................................................................................268
show ip ospf database ..............................................................................................................268
show ipv6 ospf database .........................................................................................................270
show {ip | ipv6} ospf interface .................................................................................................272
show {ip | ipv6} ospf neighbor .................................................................................................272
show ip ospf redistributed ........................................................................................................273
show {ip | ipv6} ospf route ........................................................................................................275
show ip route acos ..................................................................................................................... 275
show ipv6 ospf topology ..........................................................................................................276
show {ip | ipv6} ospf virtual-links .............................................................................................277
Config Commands: Router – IS-IS ............................................................................................ 279

IS-IS Configuration Commands ........................................................................................ 279
address-family ............................................................................................................................280
adjacency-check .........................................................................................................................281
area-password ............................................................................................................................281
authentication .............................................................................................................................282
bfd .................................................................................................................................................283
distance ........................................................................................................................................283
domain-password ......................................................................................................................284
ha-standby-extra-cost ...............................................................................................................284
ignore-lsp-errors .........................................................................................................................285
is-type ...........................................................................................................................................285
lsp-gen-interval ...........................................................................................................................286
lsp-refresh-interval .....................................................................................................................286
max-lsp-lifetime ..........................................................................................................................286
metric-style ..................................................................................................................................287
net .................................................................................................................................................288
protocol-topology .......................................................................................................................289
redistribute ..................................................................................................................................290
set-overload-bit ...........................................................................................................................292
spf-interval-exp ...........................................................................................................................293
summary-address ......................................................................................................................294
IS-IS Show Commands...................................................................................................... 294
show ip isis [tag] route ..............................................................................................................295
show ipv6 isis [tag] route ..........................................................................................................295
show ipv6 isis [tag] topology ...................................................................................................296
page 11
Contents
show isis counter .......................................................................................................................296

show isis [tag] database ........................................................................................................... 297
show isis interface .....................................................................................................................298
show isis [tag] topology ............................................................................................................300
Config Commands: Router – BGP ............................................................................................ 301

Enabling BGP ..................................................................................................................... 302
BGP Configuration Commands......................................................................................... 303
Commands at the Global Configuration Level ...................................................................................303
bgp extended-asn-cap ...............................................................................................................303
bgp nexthop-trigger ...................................................................................................................303
Commands at the BGP Router Configuration Level .........................................................................304
address-family ............................................................................................................................306
aggregate-address .....................................................................................................................308
auto-summary ............................................................................................................................308
bgp always-compare-med ........................................................................................................308
bgp bestpath ...............................................................................................................................309
bgp dampening ...........................................................................................................................310
bgp default ...................................................................................................................................311
bgp deterministic-med ..............................................................................................................311
bgp enforce-first-as ...................................................................................................................311
bgp fast-external-failover ..........................................................................................................312
bgp log-neighbor-changes .......................................................................................................312
bgp nexthop-trigger-count .......................................................................................................312
bgp router-id ................................................................................................................................312
bgp scan-time ............................................................................................................................. 313
distance ........................................................................................................................................313
maximum-paths .........................................................................................................................314
neighbor neighbor-id activate ..................................................................................................314
neighbor neighbor-id advertisement-interval .......................................................................315
neighbor neighbor-id allowas-in ..............................................................................................316
neighbor neighbor-id as-origination-interval .........................................................................316
neighbor neighbor-id capability ...............................................................................................316
neighbor neighbor-id collide-established ..............................................................................317
neighbor neighbor-id default-originate ..................................................................................318
neighbor neighbor-id description ............................................................................................318
neighbor neighbor-id disallow-infinite-holdtime ..................................................................319
neighbor neighbor-id distribute-list ........................................................................................319
neighbor neighbor-id dont-capability-negotiate ...................................................................320
neighbor neighbor-id ebgp-multihop ......................................................................................320
neighbor neighbor-id enforce-multihop .................................................................................320
neighbor neighbor-id fall-over ..................................................................................................321
neighbor neighbor-id filter-list ..................................................................................................321
neighbor neighbor-id maximum-prefix ..................................................................................321
neighbor neighbor-id next-hop-self .........................................................................................322
page 12
Contents
neighbor neighbor-id override-capability ...............................................................................323

neighbor neighbor-id passive ..................................................................................................323
neighbor neighbor-id password ..............................................................................................324
neighbor neighbor-id peer-group ............................................................................................325
neighbor neighbor-id prefix-list ................................................................................................325
neighbor neighbor-id remote-as ..............................................................................................326
neighbor neighbor-id remove-private-as ...............................................................................327
neighbor neighbor-id route-map .............................................................................................327
neighbor neighbor-id send-community .................................................................................328
neighbor neighbor-id shutdown ..............................................................................................329
neighbor neighbor-id soft-reconfiguration ............................................................................329
neighbor neighbor-id strict-capability-match .......................................................................330
neighbor neighbor-id timers .....................................................................................................330
neighbor neighbor-id unsuppress-map .................................................................................332
neighbor neighbor-id update-source ......................................................................................332
neighbor neighbor-id weight ....................................................................................................333
network ........................................................................................................................................333
redistribute ..................................................................................................................................334
synchronization .......................................................................................................................... 336
timers ............................................................................................................................................337
BGP Show Commands ...................................................................................................... 337
show ip bgp ipv4addr ................................................................................................................338
show bgp ipv6addr ....................................................................................................................339
show [ip] bgp ipv4 {multicast | unicast} ................................................................................. 339
show bgp ipv4 neighbors .........................................................................................................341
show bgp ipv4 prefix-list ...........................................................................................................341
show bgp ipv4 quote-regexp ....................................................................................................342
show bgp ipv4 summary ..........................................................................................................342
show bgp ipv6 .............................................................................................................................342
show bgp nexthop-tracking .....................................................................................................344
show bgp nexthop-tree-details ................................................................................................344
show ip bgp attribute-info ........................................................................................................344
show ip bgp cidr-only ................................................................................................................344
show [ip] bgp community .........................................................................................................345
show ip bgp community-info ...................................................................................................345
show [ip] bgp community-list ..................................................................................................345
show [ip] bgp dampening .........................................................................................................346
show [ip] bgp filter-list ...............................................................................................................346
show [ip] bgp inconsistent-as ..................................................................................................346
show [ip] bgp neighbors ............................................................................................................346
show bgp nexthop-tracking .....................................................................................................348
show bgp nexthop-tree-details ................................................................................................348
show [ip] bgp paths ....................................................................................................................348
show [ip] bgp prefix-list .............................................................................................................348
show [ip] bgp quote-regexp ......................................................................................................348
show [ip] bgp regexp ..................................................................................................................349
show [ip] bgp route-map ...........................................................................................................349
page 13
Contents
show ip bgp scan .......................................................................................................................349

show [ip] bgp summary ............................................................................................................349
show ip bgp view ........................................................................................................................350
BGP Clear Commands ....................................................................................................... 350
clear [ip] bgp {* | AS-num} .........................................................................................................351
clear [ip] bgp ipv4addr ...............................................................................................................351
clear [ip] bgp ipv6addr ...............................................................................................................352
clear [ip] bgp external ................................................................................................................352
clear [ip] bgp ipv4 .......................................................................................................................353
clear [ip] bgp ipv6 .......................................................................................................................353
clear [ip] bgp peer-group ...........................................................................................................355
clear [ip] bgp view .......................................................................................................................355
page 14
Part I
Layer 2 Networking
This section contains the following:
• “Link Trunking” on page 17

• “Link Layer Discovery Protocol” on page 35
• “Virtual LAN Support” on page 39
Link Trunking
This chapter describes how to configure trunk links on the ACOS device.
The following topics are covered:
• Overview
• Trunk Parameters
• Static Trunk Configuration
• Dynamic Trunk Configuration
• LACP Passthrough
Overview
The ACOS device supports aggregation of multiple Ethernet data ports into logical links, called “trunks”.
Trunks can enhance performance by providing higher throughput and greater link reliability.
Higher throughput is provided by the aggregate throughput of the individual links in the trunk. Greater
link reliability is provided by the multiple links in the trunk. If an individual port in the trunk goes down,
the trunk link continues to operate using the remaining up ports in the trunk.
You can configure the following types of trunks:
• Static trunks
• Dynamic trunks – You can enable Link Aggregation Control Protocol (LACP) on Ethernet data
interfaces, to make those interfaces candidate members of dynamically configured trunks.
Link Aggregation Control Protocol (LACP) dynamically creates trunk links. The ACOS implementa-
tion of LACP is based on the 802.3ad IEEE specification. You can configure a maximum of 16
LACP trunks on an ACOS device. An interface can belong to a single LACP trunk.
NOTE: The number of trunks supported and number of ports that can be config-
ured per trunk vary depending on the specific device. In the CLI, use the ?
help command to determine the allowable values. In the GUI, the allow-
able ranges are visible in the configurable fields.
page 17
Trunk Parameters
Interface parameters for a trunk apply collectively to the entire trunk, as a single interface. For example,
IP addresses and other IP parameters apply to the entire trunk as a single interface.
Trunk Parameters
This section describes the parameter that can be configured for a trunk:
• Interface-Level Parameters for Trunks
• Port-Threshold Parameters
• LACP Parameters
• Unidirectional Link Detection
Interface-Level Parameters for Trunks

After you add a trunk to the configuration, you can configure the trunk as an Ethernet data interface.
The following interface-level parameters can be configured on trunk interfaces.
• Trunk Interface Name – You can assign a name to the trunk, in addition to the numeric ID you
specify when you create the trunk. The name can be 1-63 characters in length, can contain
numbers, upper case and lower case characters, and must not include the following symbols:
~!@#$%^&*()_+|}{:”<>?
• IPv4 and IPv6 parameters – You can assign one or more IPv4 and IPv6 addresses, and config-
ure other IP-related parameters such as IP helper or IPv6 neighbor discovery.
• Dynamic routing – You can configure interface-level OSPF and IS-IS parameters.
• Access list (ACL) – You can filter incoming traffic based on source and destination IPv4 or IPv6
address and protocol port, as well as additional parameters such as ICMP type and code or
VLAN ID.
• ICMP rate limiting – You can enable protection against distributed denial-of-service (DDoS)
attacks such as Smurf attacks, which consist of floods of spoofed broadcast ping messages.
• Layer 3 forwarding – Layer 3 forwarding is enabled by default. You can disable it.
If you want to allow Layer 3 forwarding except between VLANs, a separate option allows you to
disable Layer 3 forwarding between VLANs.
• Port threshold – Minimum number of individual member ports that must be Up in order for the
trunk to be Up. (See “Port-Threshold Parameters” on page 19.)
NOTE: The disable and enable commands at the interface configuration level
for the trunk control Layer 3 forwarding on the trunk but do not com-
pletely disable the trunk. To control all forwarding on the trunk, use the
disable or enable command at the trunk configuration level instead.
page 18
Trunk Parameters
For more information about these commands, see the “Config Commands: Interface” chapter of the
Command Line Interface Reference.
Port-Threshold Parameters
By default, a trunk’s status remains UP so long as at least one of its member ports is up. You can
change the ports threshold of a trunk to 2-8 ports.
If the number of up ports falls below the configured threshold, the ACOS device automatically disables
the trunk’s member ports. The ports are disabled in the running-config. The ACOS device also gener-
ates a log message and an SNMP trap, if these services are enabled.
NOTE: After the feature has disabled the members of the trunk group, the ports
are not automatically re-enabled. The ports must be re-enabled manually
after the issue that caused the ports to go down has been resolved.
In some situations, a timer is used to delay the ports-threshold action. The configured port threshold is
not enforced until the timer expires. The ports-threshold timer for a trunk is used in the following situa-
tions:
• When a member of the trunk links up.
• A port is added to or removed from the trunk.
• The port threshold for the trunk is configured during runtime. (If the threshold is set in the
startup-config, the timer is not used.)
LACP Parameters
By default, a trunk’s status remains Up so long as at least one of its member ports is up. You can
change the ports threshold of a trunk to 2-8 ports.
Since a trunk comprises of several member links, if the number of operational members of a trunk goes
below the configured threshold value, the remaining member links are automatically marked as
“blocked” and the trunk is considered non--operational. When the down link is functional again, the
remaining links that were marked blocked are also operational again, making the trunk available for
use.
NOTE: If you administratively disable the LACP feature from members of the
trunk group, the links are not automatically re-enabled. The links must be
re-enabled manually after the issue that caused the links to go down has
been resolved.
The following LACP parameters are configurable:
page 19
Trunk Parameters
• Global LACP Parameter
• Interface-Level LACP Parameters
• Unidirectional Link Detection
Global LACP Parameter

• LACP system priority – Specifies the LACP priority of the ACOS device. In cases where LACP set-
tings on the local device (the ACOS device) and the remote device at the other end of the link dif-
fer, the settings on the device with the higher priority are used.
You can specify 1-65535. A low priority number indicates a high priority value. The highest priority
is 1 and the lowest priority is 65535. The default is 32768.
Interface-Level LACP Parameters

In addition to the interface-level parameters you can configure on static trunk interfaces, LACP trunk
interfaces have the following parameters:
• LACP trunk ID – ID of a dynamic trunk. Adding an interface to an LACP trunk makes that interface
a candidate for membership in the trunk. During negotiation with the other side of the link, LACP
selects the interfaces to actively participate in the link. When you add an interface, you must
specify whether LACP will run in active or passive mode on the interface. Active mode initiates
link formation with the other end of the link. Passive mode waits for the other end of the link to
initiate link formation. The admin key must match on all interfaces in the trunk. The value can be
1-4096.
• LACP port priority – Priority of the interface for selection as an active member of a link. If the
LACP trunk has more candidate members than are allowed by the device at the other end of the
link, LACP selects the interfaces with the highest port priority values as the active interfaces. The
other interfaces are standbys, and are used only if an active interface goes down. You can spec-
ify 1-65535. A low priority number indicates a high priority value. The highest priority is 1 and the
lowest priority is 65535. The default is 32768.
• LACP timeout – Aging timeout for LACP data units from the other end of the LACP link. You can
specify short (3 seconds) or long (90 seconds). The default is long.
• Mode – Indicate whether you want LACP to operate in Active or Passive Mode. The Active mode
initiates link formation with the other end of the link. In this case, the ACOS device will send the
LACP frame to its link partner. Passive mode waits for the other end of the link to initiate link for-
mation. In this case, the ACOS device will only send an LACP frame if it receives an LACP frame
from the link partner.
• Admin Key – The admin key must match on all interfaces in the trunk. The value can be 10000-
65535.
• Unidirectional Link Detection (UDLD) – UDLD checks the links in LACP trunks to ensure that both
the send and receive sides of each link are operational. UDLD can only be configured on the sin-
page 20
Trunk Parameters
gle port LACP trunk. UDLD is not supported on multilink LACP trunks. (For more information, see
“Unidirectional Link Detection” on page 22.)
page 21
Static Trunk Configuration
Unidirectional Link Detection

When UDLD is enabled, the UDLD uses LACP protocol packets as heartbeat messages. If an LACP link
on the ACOS device does not receive an LACP protocol packet within a specified timeout, LACP blocks
traffic on the port. This corrects the problem by forcing the devices connected by the non-operational
link to use other, fully operational links.
A link that is blocked by LACP can still receive LACP protocol packets but blocks all other traffic.
UDLD is disabled by default on LACP trunk links. You can enable UDLD on individual LACP trunk inter-
faces.
Heartbeat Timeout
The local port waits for a configurable timeout to receive an LACP protocol packet from the remote
port. If an LACP protocol packet does not arrive before the timeout expires, LACP disables the local
port. You can set the timeout to 1-60 seconds (slow timeout) or 100-1000 milliseconds (fast timeout).
The default is 1 second.
If the remote port begins sending LACP protocol packets again, LACP on the local port re-enables the
port.
Requirements
To operate properly, UDLD must be supported and enabled on both devices that are using LACP trunk
links.
It is recommended to use auto-negotiation on each end of the link to establish the mode (half duplex or
full duplex). Auto-negotiation helps ensure link bidirectionality at Layer 1, while UDLD helps at Layer 2.

This section provides steps for configuring a static trunk:
• Use the GUI to Configure a Static Trunk
• Use the CLI to Configure a Static Trunk
An overview of the procedure for creating a trunk:
1. Add individual Ethernet data ports to the trunk.

2. Configure the trunk as a single interface.
page 22
Use the GUI to Configure a Static Trunk

To configure a static trunk on an Ethernet interface:
1. Configure the Trunk

2. Configuring the Minimum Port Threshold
Configure the Trunk

1. Hover over Network in the navigation bar, and select Interface.
2. Check the menu bar to be sure you’re on the LAN page.
3. Click Edit in the Actions column for an Ethernet interface.
4. Find the Trunk Group section and click the plus sign (+) icon to expand it.
c. Click the Configure Trunk radio button.
d. Select Static in the Trunk Type field.
e. Specify a Trunk Number.
5. Repeat as needed to configure trunks on additional Ethernet interfaces.
6. Click Update button.
Configuring the Minimum Port Threshold

To configure the trunk’s port threshold and port threshold timer:
1. Click Trunk on the menu bar.

2. Click Edit in the Actions column for the trunk interface.
page 23
3. In the General fields section, do the following:

a. In the Port Threshold field, specify a value of 2-8.
b. In the Port Threshold Timer field, indicate a timer value from 1-300 seconds.
4. Click Update Trunk.
Use the CLI to Configure a Static Trunk

To configure a static trunk, use the commands in this section.
1. Change the CLI to the configuration level for the interface.

ACOS(config)# interface ethernet 1
ACOS(config-if:ethernet:1)#
2. Assign the interface to the trunk, using the following command:

ACOS(config-if:ethernet:1)# trunk-group 7
AOCS(config-if:ethernet:1-trunk-group:7)#
You must repeat this series of commands for each interface you want to add to a trunk.
The following commands configure trunk 7 with ports 1and 2, and verify the configuration:

ACOS(config-if:ethernet:1-trunk-group:7)# exit
ACOS(config-if:ethernet:1)# exit
ACOS(config-if:ethernet:2-trunk-group:7)# show trunk
Trunk ID : 7 Member Count: 2
Trunk Name : None
Trunk Status : Up
Trunk Type : Static
Members : 1 2
Cfg Status : Enb Enb
Oper Status : Up Up
Ports-Threshold : None
Working Lead : 2
ACOS(config)#
page 24
Dynamic Trunk Configuration
Configuring Interface-Level Trunk Parameters
The following commands access the interface configuration level for the trunk and assign a name, an
IPv6 address along with port threshold parameters to the trunk interface:
ACOS(config)# interface trunk 7

ACOS(config-if:trunk:7)# name exampletrunk7
ACOS(config-if:trunk:7)# ipv6 address 2001:db8::7/32
ACOS(config-if:trunk:7)# ports-threshold 2
ACOS(config-if:trunk:7)# ports-threshold-timer 100

This section provides steps for configuring a dynamic trunk:
• Use the GUI to Configure an LACP Trunk
• Use the CLI to Configure an LACP Trunk
Use the GUI to Configure an LACP Trunk

To configure an LACP trunk:
1. Navigate to Network >> Interfaces >> LAN.

2. Click Edit in the Actions column for the Ethernet.
3. Scroll down and click Trunk Group to reveal trunk configuration options.
4. Enter the Trunk ID.
5. To configure the LACP trunk without uni-directional detection:
a. Specify LACP as the type for the Trunk Type.
6. Click the checkbox for Uni-directional Detection:
a. Specify LACP-UDLD for the Trunk Type.
b. Choose Slow or Fast for UDLD Timeout. If you select Slow, specify a UDLD timeout of 1-60 sec-
onds. If you select Fast, specify a UDLD timeout of 100-1000ms.
7. Specify Active or Passive mode in the Mode field.
8. Specify an Admin Key.
9. Choose a Timeout value of Long or Short.
page 25
10.Specify the LACP priority in the Port Priority field.

11.Click Update.
Configuring the LACP System Priority

To configure the LACP system priority, follow these steps:
1. Hover over Network in the navigation bar, and select LACP.

2. You can specify an LACP system priority of 1-65535. The default priority setting is 2.
3. Click OK.
Configuring the Minimum Port Threshold

To configure the port threshold parameters for LACP trunks, do the following:
NOTE: These steps assume that you have already created an LACP dynamic
trunk. See Use the GUI to Configure an LACP Trunk.
1. Navigate to Network >> Interfaces >> Trunk.

2. Click Edit in the Actions column for an existing LACP Trunk 1. The Create Trunk window appears.
3. In the Ports Threshold section, enter a value from 2-8.
4. In the Port Threshold Timer field, indicate a timer value from 1-300 seconds.
5. Click Update Trunk.
Verifying Port Threshold Configuration in the GUI

To verify your LACP configuration of the Port Threshold and the Port Threshold Timer, do the following:
1. Navigate to Network >> Interfaces >> Trunk.

2. The configured trunks table appears.
3. The Ports Threshold field displays the configured ports threshold.
page 26
4. The Timer field displays the configured port threshold timer.
Use the CLI to Configure an LACP Trunk

To configure a dynamic, use the commands in this section.
Configuring Each Interface

1. Change the CLI to the configuration level for the interface.
2. Assign the interface to the LACP trunk, using the following command:
ACOS(config-if:ethernet:1)# trunk-group 4 lacp
ACOS(config-if:ethernet:1-trunk-group:4)#
3. (Optional) Specify the LACP priority of the interface, using the following command:
ACOS(config-if:ethernet:1-trunk-group:4)# port-priority 100
You can specify 1-65535. The default is 32768.
4. (Optional) Specify the aging timeout for LACP data units from the other end of the LACP link, using
the following command:
ACOS(config-if:ethernet:1-trunk-group:4)# timeout short
You can specify short (3 seconds) or long (90 seconds). The default is long.
5. (Optional) Specify the UDLD aging timeout, using the following command:
ACOS(config-if:ethernet:1-trunk-group:4)# udld timeout slow 1
You can specify fast (100-1000 milliseconds) or slow (1-60 seconds). The default is slow 1.
6. (Optional) Configure ports-threshold settings. Specify the minimum number of ports that must
remain up, using the ports-threshold command at the LACP trunk configuration level of the CLI:
page 27
ACOS(config-if:trunk:4)# ports-threshold 2 timer 100 do-auto-recovery

ACOS(config-if:trunk:4)# exit
ACOS(config)#
You can specify 2-8 ports.

You can set the ports-threshold timer to 1-300 seconds. The default is 10 seconds. The do-auto-
recovery option in this command enables automatic recovery of the trunk when the required
number of ports come back up. If you omit this option, the trunk remains disabled until you re-
enable it.
Configuring LACP System Priority

1. (Optional) Set the LACP system priority, using the following command at the global configuration
level of the CLI:
ACOS(config)# lacp system-priority 32768
You can specify 1-65535. The default is 32768.
Configuring Interface-Level Parameters on an LACP Trunk

To configure interface-level parameters for the trunk, use the following command to access the inter-
face configuration level for the trunk.
1. Change the CLI to the configuration level for the trunk interface.
ACOS(config-if:trunk:4)#
2. For a list of the commands applicable at this level. (For information, see the CLI Reference.)
vThunder(config-if:trunk:4)# ?
access-list Apply ACL rules to incoming packets on this interface
bfd Configure BFD (Bidirectional Forwarding Detection)
clear Clear or Reset Functions
do To run exec commands in config mode
end Exit from configure mode
exit Exit from configure mode or sub mode
icmp-rate-limit Limit ICMP traffic to this interface
icmpv6-rate-limit Limit ICMPv6 traffic to this interface
ip Global IP configuration subcommands
ipv6 Global IPv6 configuration subcommands
isis ISIS
l3-vlan-fwd-disable Disable L3 forwarding between VLANs
lw-4o6 Configure LW-4over6 interface
mtu Interface mtu
name Name for the interface
no Negate a command or set its defaults
ports-threshold Threshold for the minimum number of ports that need to
be UP for the trunk to remain UP
page 28
LACP Passthrough
show Show Running System Information

snmp-server SNMP trap source
write Write Configuration
enable Enable
disable Disable
vThunder(config-if:trunk:4)#
NOTE: The commands listed at this level depend on the device model and the
ACOS software release.
For more information about these commands, see “Config Commands: Interface” on page 105.
LACP Passthrough
LACP passthrough allows the ACOS device to forward traffic on one trunk that originated on another
trunk that is down. With this feature, if an LACP trunk goes down, the other trunk is used to continue
connectivity for the traffic.
This feature can be useful in topologies that use LACP and where multiple ACOS devices connect to the
server farm. In this type of topology, if the ACOS device acts as a proxy for client-server traffic, LACP
passthrough can help prevent sessions from being dropped following failover from one LACP trunk to
another.
FIGURE 1 LACP Passthrough - Example Topology
LACP passthrough creates a tunnel from one LACP trunk to another through the ACOS device. One end
of the tunnel is connected to clients and the other end of the tunnel is connected to the servers.
page 29
LACP Passthrough
In this example, two ACOS devices are connected through redundant device pairs to clients and serv-
ers. Two VLANs are used, 210 and 220. Each ACOS device has trunk interfaces in both VLANs:
VLAN 210 contains the following trunks:
• Trunk 1 (Ethernet ports 6 and 10) connected to clients
• Trunk 3 (Ethernet ports 5 and 9) connected to servers
Similarly, VLAN 220 contains the following trunks:
• Trunk 2 (Ethernet ports 8 and 12) connected to clients
• Trunk 4 (Ethernet ports 7 and 11) connected to servers
On each ACOS device, the following LACP tunnels are configured:
• Ethernet ports 5 and 6
Link monitoring is configured to automatically disable all interfaces on a trunk if any of its ports goes
down.
Without LACP passthrough, if trunk 1 goes down, existing client connections on that trunk stop work-
ing. This occurs even if the client traffic begins to arrive on trunk 2. With LACP configured as described
above, the ACOS device continues service for the client-server sessions without interruption.
Notes
• The current release supports LACP passthrough only on untagged VLAN ports. Tagged ports are
not supported in this release.
• Each LACP passthrough tunnel can contain two Ethernet data ports. These ports must be in the
same VLAN and use the same Virtual Ethernet (VE) interface. On of the ports must be connected
to the clients. The other port must be connected to the servers.
• This feature requires use of the link monitoring and automatic disable feature to bring all of a
trunk’s ports down if any of its ports goes down. (See “Link Monitoring” in the System Configuration
and Administration Guide.)
• Similarly, the nexthop devices that connect the ACOS device to the clients and servers must be
configured to bring a trunk down when any of its member ports goes down.
page 30
LACP Passthrough
Configuration
This example configures LACP passthrough for the physical interfaces in VLAN 210 in Figure 1.
The following commands configure LACP parameters on the ports:

ACOS(config-if:ethernet:6-trunk-group:1)# admin-key 10001
ACOS(config-if:ethernet:6-trunk-group:1)# mode active
ACOS(config-if:ethernet:6-trunk-group:1)# timeout long
ACOS(config-if:ethernet:10-trunk-group:1)# admin-key 10001
ACOS(config-if:ethernet:5-trunk-group:3)# timeout short
ACOS(config)#
The following commands configure LACP passthrough between interfaces 6 and 5, and between inter-
faces 10 and 9:
ACOS(config)# lacp-passthrough ethernet 6 ethernet 5

ACOS(config)# lacp-passthrough ethernet 10 ethernet 9
page 31
LACP Passthrough
Displaying LACP Information

To view LACP information, use the various show lacp commands. For more information, refer to the
The following command shows the LACP system ID:
ACOS# show lacp sys-id

System 0064,00-1f-a0-01-d4-f0
The following command shows LACP statistics:
ACOS# show lacp counter

Traffic statistics
Port LACPDUs Marker Pckt err
Sent Recv Sent Recv Sent Recv
Aggregator po5 1000000
ethernet 1 81 81 0 0 0 0
ethernet 2 81 81 0 0 0 0
ethernet 6 233767 233765 0 0 0 0
In this example, LACP has dynamically created two trunks, 5 and 10. Trunk 5 contains ports 1 and 2.
Trunk 10 contains port 6.
The following command shows details about the LACP admin keys:
ACOS# show lacp trunk admin-key-list-details

% Admin Key: 1
bandwidth: 0
mtu: 1500
duplex mode: 0
hardware type: 2
type: 0
additional parameter: 10001
ref count: 2
% Admin Key: 2
bandwidth: 1
mtu: 1500
duplex mode: 0
hardware type: 2
type: 0
ref count: 451
page 32
LACP Passthrough
% Admin Key: 3
bandwidth: 1
mtu: 16436
duplex mode: 0
hardware type: 1
type: 0
ref count: 14
% Admin Key: 4
bandwidth: 1
mtu: 1500
duplex mode: 0
hardware type: 2
type: 0
ref count: 6
The following command shows summary trunk information:
ACOS# show lacp trunk summary

Admin Key: 0005 - Oper Key 0005
Link: ethernet 1 (3) sync: 1
The following command shows information for trunk 5:
ACOS# show lacp trunk 5

Aggregator po5 1000000 Admin Key: 0005 - Oper Key 0005 Partner LAG: 0x0064,00-1f-a0-01-dc-
60 Partner Oper Key 0005
The following command shows detailed information for all LACP trunks:
ACOS# show lacp trunk detail

Mac address: 00:1f:a0:02:1e:48
Receive link count: 1 - Transmit link count: 0
Individual: 0 - Ready: 1
Partner LAG- 0x0064,00-1f-a0-01-dc-60
page 33
LACP Passthrough

Mac address: 00:1f:a0:02:1e:4d
Receive link count: 1 - Transmit link count: 0
Individual: 0 - Ready: 1
Partner LAG- 0x8000,00-1f-a0-10-19-66
Clearing LACP Statistics

To clear LACP statistics counters, use the clear lacp command. For more information, refer to the
page 34
Link Layer Discovery Protocol
The Link Layer Discovery Protocol (LLDP) enables network devices to advertise their identity, capabili-
ties, and neighbors on the network. This feature is based on the IEEE 802.1AB standard and the stan-
dard MIB called “LLDP-V2-MIB.”
For more information, refer to the following URLs:
• http://www.mibdepot.com/cgi-bin/getmib3.cgi?win=mib_a&i=1&n=IP-MIB&r=vmware&f=LLDP-
V2-MIB.mib&v=v2&t=def
• http://www.ieee802.org/1/files/public/MIBs/LLDP-V2-MIB-200906080000Z.txt
This chapter contains the following topics:
• Overview of LLDP
• Configure LLDP
Overview of LLDP
LLDP allows ACOS devices to discover directly-connected LAN neighbors and allows these neighbors
to discover the ACOS devices. Configure LLDP only in the shared partition.
Use the LLDP protocol to assist in the following ways:
• To discover remote networks.
• To facilitate port association.
• To help identify which port a switch or a host is connected to.
• To help design and troubleshoot network topologies.
Since the LLDP protocol can transmit or receive information on system capabilities, but cannot request
specific information from an LLDP agent or acknowledge receipt of information, it is called a “one-way
protocol.”
NOTE: This feature does not support aXAPI.
The Link Layer Discovery Protocol Data Unit (LLDPDU) contains several elements of variable lengths
that comprise the LLCP frame. They carry information on the type, length, and value fields (TLVs),
page 35
Configure LLDP
where type identifies the kind of information that is transmitted, length contains the string of octets,
and value is the actual content that is being transmitted. The mandatory information that is transmit-
ted identifies the TLV for the chassis ID, the port ID, the Time to Live, and the end of the LLDP data
packet. It can also contain zero or more optional TLVs. For the duration of an operational port, the
chassis ID and the port ID information will remain the same.
A Time to Live TLV or a non-zero TLV informs the receiving LLDP agent to discard the LLDP data packet
after the indicated time expires. A zero TLV directs the receiving LLDP agent to discard the LLDP packet
immediately. As the name suggests, the End of LLDP data packet indicates that completion of the
LLDP packet.
Configure LLDP
This section describes how to configure LLDP:
• Use the GUI to Configure LLDP
• Use the CLI to Configure LLDP
Use the GUI to Configure LLDP

To configure this feature using the GUI:
1. To enable the LLDP feature globally:

a. Navigate to Network >> Interfaces >> LLDP.
b. Select the Enable checkbox in the Enable field.
c. Optionally, enable RX using the Rx field.
d. Optionally, enable TX using the Tx field.
2. To enable LLDP on the interface:
a. Navigate to Network >> Interfaces >> LAN.
b. Click Edit in the Actions column for the interface.
c. Click LLDP to expand additional configuration options.
d. Select the Rt Enable field.
e. Optionally, select the Rx field.
f. Optionally, select the Tx field.
page 36
Configure LLDP
Use the CLI to Configure LLDP

To enable the LLDP feature via the CLI, enable the feature from the global level:
ACOS(config)# lldp enable rx tx
The example below shows how to enable LLDB on an interface (Ethernet 2):

ACOS(config-if:ethernet:2)# lldp enable rx tx
The following example shows your LLDP configuration:
ACOS(config)# show run | inc lldp

lldp enable rx tx
lldp notification interval 20
lldp tx interval 10
lldp tx fast-count 2
lldp tx fast-interval 2
The following example shows your LLDP interface configuration:
ACOS(config)# show run int eth 1

interface ethernet 1
ip address 7.1.1.169 255.255.255.0
lldp enable rx tx
lldp notification enable
page 37
Configure LLDP
page 38
Virtual LAN Support
This chapter describes support for VLAN and for VLAN-to-VLAN bridging.
• VLAN Overview
• VLAN-to-VLAN Bridging
VLAN Overview
A VLAN is a Layer 2 broadcast domain. MAC-layer broadcast traffic can be flooded within the VLAN but
does not cross to other VLANs. For traffic to go from one VLAN to another, it must be routed.
You can segment the ACOS device into multiple VLANs. Each Ethernet data port can be a member of
one or more VLANs, depending on whether the port is tagged or untagged:
• Tagged – Tagged ports can be members of multiple VLANs. The port can recognize the VLAN to
which a packet belongs based on the VLAN tag included in the packet.
• Untagged – Untagged ports can belong to only a single VLAN. By default, all Ethernet data ports
are untagged members of VLAN 1.
NOTE: A tagged port is a physical port to which a tagged VLAN is bound, while
an untagged port is a physical port to which an untagged VLAN is bound.
See the Example of Tagged and Untagged Ports section for how these
ports are configured.
Default VLAN (VLAN 1)

By default, all the ACOS device’s Ethernet data ports are members of a single virtual LAN (VLAN), VLAN
1.
On a new or unconfigured ACOS device, as soon as you configure an IP address on any individual Ether-
net data port or trunk interface, Layer 2 forwarding on VLAN 1 is disabled.
When Layer 2 forwarding on VLAN 1 is disabled, broadcast, multicast, and unknown unicast packets
are dropped instead of being forwarded. Learning is also disabled on the VLAN. However, packets for
the ACOS device itself (for example, LACP or OSPF) are not dropped.
page 39
VLAN Overview
To re-enable Layer 2 forwarding on VLAN 1, use the following command at the global configuration
level of the CLI:
ACOS(config)# vlan-global enable-def-vlan-l2-forwarding
NOTE: Configuring an IP address on an individual Ethernet interface indicates

you are deploying in routed mode (also called “gateway mode”). If you
deploy in transparent mode instead, in which the ACOS device has a sin-
gle IP address for all data interfaces, Layer 2 forwarding is left enabled by
default on VLAN 1.
Virtual Ethernet Interfaces

On ACOS devices deployed in routed mode (Layer 3 mode), you can configure IP addresses on VLANs.
To configure an IP address on a VLAN, add a Virtual Ethernet (VE) interface to the VLAN, then assign
the IP address to the VE.
Each VLAN can have one VE. The VE ID must be the same as the VLAN ID. For example, VLAN 2 can
have VE 2, VLAN 3 can have VE 3, and so on.
Maximum Number of Supported Virtual Ethernet Interfaces

The number of VE interfaces supported on a single port varies depending on the specific platform.
Example of Tagged and Untagged Ports

In the following example, two physical Ethernet ports are enabled. The first Ethernet port (interface
ethernet 1) will be configured as a tagged port with two network interfaces, while the second Ethernet
port (interface ethernet 7) will be configured as an untagged port with one network interface.
1. Enable the physical Ethernet ports:

ACOS(config-if:ethernet:1)# enable

2. Configure VLAN 10. Bind Ethernet port 1 to a tagged VLAN 10. The 802.1Q tag is 10. Bind a net-
work interface to the tagged port:
page 40
VLAN Overview
ACOS(config) #vlan 10
ACOS(config-vlan:10)# tagged ethernet 1
ACOS(config-vlan:10)# router-interface ve 10
ACOS(config-vlan:10)# exit
3. Configure VLAN 11. Bind Ethernet port 1 to a tagged VLAN 11. The 802.1Q tag is 11. Bind a net-
work interface to the tagged port:
ACOS(config)# vlan 11
4. Configure VLAN 5. Bind Ethernet port 7 to an untagged VLAN 5. Bind a network interface to the
untagged port:
ACOS(config-vlan:5)# untagged ethernet 7
5. Show the VLAN configuration:
ACOS# show config vlan

...
vlan 5
untagged ethernet 7
router-interface ve 5
!
vlan 10
tagged ethernet 1
!
vlan 11
tagged ethernet 1
!
6. Show the VLANs:
ACOS# show vlans

Total VLANs: 4
VLAN 1, Name [DEFAULT VLAN]:

Untagged Ethernet Ports: 2 3 4 5 6 8
Tagged Ethernet Ports: None
page 41
VLAN-to-VLAN Bridging
Untagged Logical Ports: None

Tagged Logical Ports: None
VLAN 5, Name [None]:

Untagged Ethernet Ports: 7
Tagged Ethernet Ports: None
Router Interface: ve 5
VLAN 10, Name [none]:

Untagged Ethernet Ports: None
Tagged Ethernet Ports: 1
VLAN 11, Name [none]:

Untagged Ethernet Ports: None
Tagged Ethernet Ports: 1
This section contains the following topics:
• Overview of VLAN-to-VLAN Bridging
• VLAN-to-VLAN Bridging Configuration Notes
• VLAN-to-VLAN Bridging Configuration Examples
Overview of VLAN-to-VLAN Bridging

VLAN-to-VLAN bridging allows an ACOS device to selectively bridge traffic among multiple VLANs. The
ACOS device selectively forwards packets from one VLAN to another based on the VLAN-to-VLAN
bridging configuration on the ACOS device. This feature allows the traffic flow between VLANs to be
page 42
tightly controlled through the ACOS device without the need to reconfigure the hosts in the separate
VLANs.
VLAN-to-VLAN bridging is useful in cases where reconfiguring the hosts on the network either into the
same VLAN, or into different IP subnets, is not desired or is impractical.
You can configure a bridge VLAN group to forward one of the following types of traffic:
• IP traffic only (the default) – This option includes typical traffic between end hosts, such as ARP
requests and responses.
This option does not forward multicast packets.
• All traffic – This option forwards all types of traffic.
Figure 2 shows an example topology of VLAN-to-VLAN bridging:
page 43
FIGURE 2 VLAN-to-VLAN Bridging (with VRRP-A)
In this example, the ACOS devices are bridging traffic between VLAN 4 and VLAN 5.
VLAN-to-VLAN Bridging Configuration Notes

VLAN-to-VLAN bridging is supported on ACOS devices deployed in transparent mode (Layer 2) or in
gateway mode (Layer 3).
Each VLAN to be bridged must be configured on the ACOS device. The normal rules for tagging apply:
• If an interface belongs to only one VLAN, the interface can be untagged.
• If the interface belongs to more than one VLAN, the interface must be tagged.
Each VLAN can belong to only a single bridge VLAN group.
page 44
Each bridge VLAN group can have a maximum of 8 member VLANs. Traffic from any VLAN in the group
is bridged to all other VLANs in the group. The total number of bridge VLAN groups on the system
(including those in L3V partitions) cannot exceed 255.
If the ACOS device is deployed in gateway mode, a Virtual Ethernet (VE) interface is required in the
bridge VLAN group.
VLAN-to-VLAN Bridging Configuration Examples

To configure VLAN-to-VLAN bridging:
1. Configure each of the VLANs to be bridged. In each VLAN, add the ACOS device’s interfaces to the
VLAN.
2. Configure a bridge VLAN group. Add the VLANs to the group.
If the ACOS device is deployed in routed mode, add a Virtual Ethernet (VE) interface to the group.
Optionally, you can assign a name to the group. You also can change the types of traffic to be
bridged between VLANs in the group.
3. If the ACOS device is deployed in routed mode, configure an IP address on the VE to place the
ACOS device in the same subnet as the bridged VLANs.
CLI Example – Transparent Mode

The commands in this section configure an ACOS device deployed in transparent mode to forward IP
traffic between VLANs 2 and 3.
The following commands configure the VLANs:
The following commands configure the bridge VLAN group:
ACOS(config)# bridge-vlan-group 1
ACOS(config-bridge-vlan-group:1)# vlan 2 to 3
ACOS(config-bridge-vlan-group:1)# exit
page 45
CLI Example – Routed Mode with VRRP-A

VLAN-to-VLAN bridging can also be configured with VRRP-A by specifying a VRID under the bridge
VLAN configuration. Using the topology defined in Figure 2:
• Only the active device in the VRID will respond to ARP requests from devices in the bridged VLAN.
• The active VRRP-A device forwards any traffic passing through the bridge VLAN (destined for
10.1.1.1), and processes any traffic destined for the bridge VLAN VE IP address (10.1.1.2).
• The standby VRRP-A device drops any traffic passing through the bridge VLAN (destined for
10.1.1.1), but will processes any traffic destined for the bridge VLAN VE IP address (10.1.1.2).
• On a failover, the new active device will forward any traffic passing through the bridge VLAN (des-
tined for 10.1.1.3).
The commands in this section configure the topology shown in Figure 2; two ACOS devices deployed in
routed mode to forward IP traffic between VLANs 4 and 5 on IP subnet 10.10.1.x.
Configure VRRP-A, for Device 1:
ACOS1(config)# vrrp-a common

ACOS1(config-common)# device-id 1
ACOS1(config-common)# set-id 1
ACOS1(config-common)# enable
ACOS1(config-common)# exit
ACOS1(config)# vrrp-a l3-inline-mode
ACOS1(config)# vrrp-a restart-port-list
ACOS1(config-restart-port-list)# ethernet 7 to 8
ACOS1(config-restart-port-list)# exit
ACOS1(config)# vrrp-a vrid-lead lead
ACOS1(config-vrid-lead:lead)# partition shared vrid 0
ACOS1(config-vrid-lead:lead)# exit
ACOS1(config)#
Enabling l3-inline-mode and restart-port-list in the configuration are mandatory for VLAN-to-VLAN
bridging with VRRP-A. All interfaces which are part of the bridge VLAN group must be included in the
restart-port-list.
The vrid-lead configuration is used for L3V partitions to follow the vrid-lead of the shared partition.
Since only one VRID can be configured in a given partition when l3-inline-mode is enabled, all L3V par-
titions will end up following same VRID of the shared partition.
To configure the vrid-lead in an L3V partition (for example, partition p1):
ACOS[p1](config-vrid:0)# vrrp-a vrid 0

ACOS[p1](config-vrid:0)# follow vrid-lead lead
ACOS[p1](config-vrid:0)#
page 46
Configure VRRP-A for Device 2:
ACOS2(config)# vrrp-a common

ACOS2(config-common)# device-id 2
ACOS2(config-common)# set-id 1
ACOS2(config-common)# enable
ACOS2(config-common)# exit
ACOS2(config)# vrrp-a l3-inline-mode
ACOS2(config)# vrrp-a restart-port-list
ACOS2(config-restart-port-list)# ethernet 2 to 3
ACOS2(config-restart-port-list)# exit
ACOS2(config)# vrrp-a vrid-lead lead
ACOS2(config-vrid-lead:lead)# partition shared vrid 0
ACOS2(config-vrid-lead:lead)# exit
ACOS2(config)#
On each ACOS device, the following commands configure the VLANs (example shown for Device 1):
ACOS1(config)# vlan 4
ACOS1(config-vlan:4)# tagged ethernet 2
ACOS1(config-vlan:4)# exit
ACOS1(config)# vlan 5
ACOS1(config-vlan:5)# tagged ethernet 3
ACOS1(config-vlan:5)# exit
On each ACOS device, the following commands configure the bridge VLAN group, which includes a VE
(example shown for Device 1):
ACOS1(config)# bridge-vlan-group 1
ACOS1(config-bridge-vlan-group:1)# vlan 4 to 5
ACOS1(config-bridge-vlan-group:1)# router-interface ve 4
ACOS1(config-bridge-vlan-group:1)# exit
On ACOS device 1, The following commands assign an IP address to the VE:
ACOS1(config)# interface ve 4
ACOS1(config-if:ve:4)# ip address 10.1.1.2 /24
ACOS1(config-if:ve:4)# exit
On ACOS device 2, The following commands assign an IP address to the VE:
ACOS2(config)# interface ve 4
page 47
ACOS2(config-if:ve:4)# ip address 10.1.1.3 /24

ACOS2(config-if:ve:4)# exit
page 48
Part II
Layer 3 Networking
• “Dynamic Host Configuration Protocol (DHCP)” on page 51

Dynamic Host Configuration Protocol (DHCP)
This chapter contains the following topics:
• Overview of DHCP
• Enable DHCP
• Configure DHCP Relays
Overview of DHCP
Dynamic Host Configuration Protocol (DHCP) is a mechanism commonly used by clients to auto-dis-
cover their addressing and other configuration information when connected to a network. On ACOS
devices, DHCP configuration supports IP address, subnet masks, default gateway, and classless static
routes (option 121) from the DHCP server.
You can enable use of DHCP to dynamically configure IP addresses on the following types of inter-
faces:
• Management interface – A single IP address can be assigned.
• Ethernet data interfaces – Multiple IP addresses can be assigned.
• Virtual ethernet interfaces – Multiple IP addresses can be assigned.
• Trunk interfaces – Multiple IP addresses can be assigned.
Virtual servers and IP NAT pools are also able to use the DHCP-assigned address of a given data inter-
face. If this option is enabled, ACOS updates the VIP or pool address any time the specified data inter-
face’s IP address is changed by DHCP.
Notes
• DHCP can be enabled on an interface only if that interface does not already have any statically
assigned IP addresses.
• On ACOS devices deployed in gateway (Layer 3) mode, Ethernet data interfaces can have multi-
ple IP addresses. An interface can have a combination of dynamically assigned addresses (by
DHCP) and statically configured addresses. However, if you plan to use both methods of address
configuration, static addresses can be configured only after you finish using DHCP to dynami-
cally configure addresses. To use DHCP in this case, you must first delete all the statically config-
ured IP addresses from the interface.
page 51
Enable DHCP
• On vThunder models, if single-IP mode is used, DHCP can be enabled only at the physical inter-
face level.
• On devices deployed in Transparent (Layer 2) mode:
• you can enable DHCP on the management interface and at the global level.
• The VIP address and pool NAT address (if used) should match the global data IP address of the
device. Make sure to enable this option when configuring the VIP or pool.
Enable DHCP
Using the GUI
1. Hover over Network in the navigation bar, and select Interface from the drop-down menu.
2. Depending on the type of interface on which to configure this feature, select LAN, Virtual Ethernet
or Trunk from the menu bar.
3. Click Edit in the actions column for the interface on which to configure this feature.
4. Expand the IP section to reveal additional configuration options.
5. Select the checkbox in the DHCP field.
6. Click Update.
Using the CLI
To enable DHCP on an interface, use the ip address dhcp command at the configuration level for the
interface:

ACOS(config-if:ethernet:1)# ip address dhcp
Configure DHCP Relays

• Overview of DHCP Relays
• Configure DHCP Relays
page 52
Overview of DHCP Relays

This section describes DHCP relay support and how to configure it.
You can configure the ACOS device to relay DHCP traffic between DHCP clients and DHCP servers
located in different VLANs or subnets.
DHCP relay is supported only for the standard DHCP protocol ports:
• Boot protocol server (BOOTPS) – UDP port 67
• Boot protocol client (BOOTPC) – UDP port 68
DHCP relay service is supported for IPv4 and IPv6.
DHCP is a Client-Server protocol and relies on broadcast communication between the client and server
for packet exchanges. Accordingly, the clients and the servers must be in the same broadcast domain
(Layer 2 VLAN) for this to work, since Layer 3 routers typically do not forward broadcasts. However, in
most deployments it is not practical to have a DHCP server in each Layer 2 VLAN. Instead, it is typical
to use a common DHCP server for all VLANs and subnets in the network.
Notes
• In the current release, the helper-address feature provides service for DHCP packets only.
• The interface on which the helper address is configured must have an IP address.
• The helper address can not be the same as the IP address on any interface or an IP address used
for SLB.

To enable DHCP communication between different VLANs or subnets, you can use a DHCP relay. A
DHCP relay acts as a mediator between the DHCP client and the DHCP server when they are not in the
same broadcast domain.
To configure the ACOS device as a DHCP relay, configure the DHCP server IP address as a helper
address on the IP interface connected to DHCP clients. The ACOS device intercepts broadcast DHCP
packets sent by clients on the interface configured with the helper address.
The ACOS device then places the receiving interface’s IP address (not the helper address) in the relay
gateway address field, and forwards the DHCP packet to the server. When the DHCP server replies, the
ACOS device forwards the response to the client.
Use the GUI to Configure a DHCP Relay

To configure a helper address for the IP interface connected to the DHCP clients:
page 53
5. Specify an IP address for the IP Helper Address field.
6. Click Add.
7. You can add up to 2 helper addresses per interface.
8. Click Update.
Use the CLI to Configure a DHCP Relay

The following commands configure two helper addresses. The helper address for DHCP server
100.100.100.1 is configured on Ethernet interface 1 and on Virtual Ethernet (VE) interfaces 5 and 7. The
helper address for DHCP server 20.20.20.102 is configured on VE 9.
NOTE: You can configure up to 2 IP helper addresses per Ethernet interface.

ACOS(config-if:ethernet:1)# ip helper-address 100.100.100.1
ACOS(config)# interface ve 5
ACOS(config-if:ve:5)# ip helper-address 100.100.100.1
ACOS(config-if:ve:5)# exit
Use the show ip helper-address command shows summary DHCP relay information:
ACOS(config)# show ip helper-address

Interface Helper-Address RX TX No-Relay Drops
--------- -------------- ------------ ------------ ------------ ------------
eth1 100.100.100.1 0 0 0 0
ve5 100.100.100.1 1669 1668 0 1
ve7 1668 1668 0 0
ve8 100.100.100.1 0 0 0 0
ve9 20.20.20.102 0 0 0 0
page 54
Use the detail parameter to view additional detailed DHCP relay information:
ACOS# show ip helper-address detail

IP Interface: eth1
------------
Helper-Address: 100.100.100.1
Packets:
RX: 0
BootRequest Packets : 0
BootReply Packets : 0
TX: 0
No-Relay: 0
Drops:
Invalid BOOTP Port : 0
Invalid IP/UDP Len : 0
Invalid DHCP Oper : 0
Exceeded DHCP Hops : 0
Invalid Dest IP : 0
Exceeded TTL : 0
No Route to Dest : 0
Dest Processing Err : 0
IP Interface: ve5
------------
Helper-Address: 100.100.100.1
Packets:
RX: 16
TX: 14
No-Relay: 0
Drops:
Invalid Dest IP : 0
Exceeded TTL : 0
page 55
IP Interface: ve7
------------
Helper-Address: None
Packets:
RX: 14
TX: 14
No-Relay: 0
Drops:
Invalid Dest IP : 0
Exceeded TTL : 0
Descriptions for the fields in both outputs are available in the Command Line Interface Reference.
The following command clears the DHCP relay counters:
ACOS# clear ip helper-address statistics
page 56
Part III
Routing Protocols
• “Open Shortest Path First (OSPF)” on page 59

• “Intermediate System to Intermediate System (IS-IS)” on page 69
• “Border Gateway Protocol (BGP)” on page 73
• “Bidirectional Forwarding Detection” on page 85
• “Internet Group Multicast Protocol (IGMP) Queries” on page 99
Open Shortest Path First (OSPF)
The ACOS device supports the following OSPF versions:
• OSPFv2 for IPv4
• OSPFv3 for IPv6
This chapter provides configuration examples. For detailed CLI syntax information, see the Command
Line Interface Reference.
NOTE: It is recommended to set a fixed router-ID for all dynamic routing proto-
cols you plan to use on the ACOS device, to prevent router-ID changes
caused by VRRP-A failover.
Support for Multiple OSPFv2 and OSPFv3 Processes

The ACOS device supports up to 65535 OSPFv2 processes on a single ACOS device. Only a single OSP-
Fv2 process can run on a given interface.
Each IPv6 link can run up to 65535 OSPFv3 processes, on the same link.
Each OSPF process is completely independent of the other OSPF processes on the device. They do not
share any information directly. However, you can configure redistribution of routes between them.
Support for OSPFv2 and OSPFv3 on the Same Interface or

Link
You can configure OSPFv2 and OSPFv3 on the same interface or link. OSPFv2 configuration com-
mands affect only the IPv4 routing domain, while OSPFv3 configuration commands affect only the
IPv6 routing domain.
page 59
OSPF MIB Support
OSPF MIB Support

The following OSPF MIBs are supported:
• RFC 1850 – OSPFv2 Management Information Base
• draft-ietf-ospf-ospfv3-mib-08 – OSPFv3 Management Information Base
OSPF Configuration Example

The configuration excerpts in this example configure OSPFv2 and OSPFv3 on an ACOS device.
Interface Configuration
The following commands configure two physical Ethernet data interfaces. Each interface is configured
with an IPv4 address and an IPv6 address. Each interface also is added to OSPF area 0 (the backbone
area).
The link-state metric (OSPF cost) of Ethernet 2 is set to 30, which is higher than the default, 10. Based
on the cost difference, OSPF routes through Ethernet 1 will be favored over OSPF route through Ether-
net 2, because the OSPF cost of Ethernet 1 is lower.
ip address 2.2.10.1 255.255.255.0
ipv6 address 5f00:1:2:10::1/64
ipv6 router ospf area 0 tag 1
!
ip address 3.3.3.1 255.255.255.0
ipv6 address 5f00:1:2:20::1/64
ip ospf cost 25
The following commands configure two Virtual Ethernet (VE) interfaces. On VE 3, an IPv4 address is
configured. On VE 4, an IPv4 address and an IPv6 address are configured.
OSPFv2 authentication is configured on VE 3, and the OSPF cost is set to 20.
On VE 4, the OSPF cost is set to 15.
interface ve 3
ip address 1.1.1.2 255.255.255.0
page 60
ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 abc
ip ospf cost 20
!
interface ve 4
ip address 1.1.60.2 255.255.255.0
ipv6 address 5f00:1:1:60::2/64
ip ospf cost 15
Global OSPF Parameters

The following commands configure global settings for OSPFv2 process 2. The router ID is set to
2.2.2.2. Subnets 1.1.x.x, 2.2.10.x, and 3.3.3.x are added to the backbone area. Redistribution is enabled
for static routes, routes to VIPs, IP source NAT addresses, and floating IP addresses. In addition, an
extra VRRP-A priority cost is configured, and the SPF timer is changed.
router ospf 2
router-id 2.2.2.2
ha-standby-extra-cost 25
timers spf exp 500 50000
redistribute static metric 5 metric-type 1
redistribute vip only-flagged 500 metric-type 1
redistribute ip-nat
redistribute floating-ip metric-type 1
network 1.1.0.0 0.0.255.255 area 0
network 2.2.10.0 0.0.0.255 area 0
network 3.3.3.0 0.0.0.255 area 0
The following commands configure global settings for OSPFv3 process 1. The router ID is set to
3.3.3.3. A stub area is added, redistribution is enabled, and the SPF timer is changed.
router ipv6 ospf 1

router-id 3.3.3.3
redistribute static metric 5 metric-type 1
redistribute ip-nat
redistribute floating-ip
area 1 stub
timers spf exp 500 50000
page 61
Clearing Specific OSPF Neighbors

The OSPF feature provides the option to clear all or specific OSPF neighbors.
You can clear neighbors by specifying various filters:
clear ip ospf [process-id]

{
process |
neighbor {all | neighbor-id | interface {interface-ip-address [neighbor-ip-address]}}
}
clear ipv6 ospf [process-tag]

{
process |
neighbor {all | neighbor-id | interface-name [neighbor-id]}
}
The options listed in the syntax stand for following:
• process-id—Specifies the IPv4 OSPFv2 process to run on the device, and can be 1-65535.
• process-tag—Specifies the IPv6 OSPFv3 process to run on the IPv6 link, and can be 1-65535.
• neighbor-id— Specified the router-id of the OSPF device.
• neighbor-ip-address— Specifies the IP address of the interface for the neighboring device.
• interface-ip-address— Specifies the IP address of the interface of the device on which the OSPF
neighbor exists.
Using OSPFv2, the CLI enables you to indicate an interface IP Address of the ACOS device. Using OSP-
Fv3, the CLI enables you to specify the interface name for a specific neighbor.
Use the following commands to effect changes to clear OSPF neighbor information:
The following command clears all OSPF neighbors:
clear ip ospf [process-id] neighbor all
To clear all neighbors to a specific router:
clear ip ospf [process-id] neighbor neighbor-router-id
To clear all neighbors on an IPv4 interface:
clear ip ospf [process-id] neighbor interface interface-ip-address
To clear a neighbor on a specified interface to a specified router:
clear ip ospf [process-id] neighbor interface interface-ip-address neighbor-router-id
To clear all IPv6 neighbors:
page 62
clear ipv6 ospf [process-tag] neighbor all
To clear all neighbors to a specific router:
clear ipv6 ospf [process-tag] neighbor neighbor-router-id
To clear all neighbors on a specified interface:
clear ipv6 ospf [process-tag] neighbor interface-name
To clear all neighbors on a specified interface to a specific router:
clear ipv6 ospf [process-tag] neighbor interface-name neighbor-router-id
Configuration Examples
The following command clears all OSPFv2 neighbors:
ACOS(config)#clear ip ospf neighbor all
The following command clears all neighbors to a specific router:
ACOS(config)#clear ip ospf neighbor 192.1.1.1
The following command clears all neighbors on an interface:
ACOS(config)#clear ip ospf neighbor interface 10.1.1.10
The following command clears a neighbor on a specified interface to a specified router:
ACOS(config)#clear ip ospf neighbor interface 10.1.1.10 192.1.1.10
The following command clears all OSPFv3 neighbors:
ACOS(config)#clear ipv6 ospf 5 neighbor all
The following command clears all neighbors to a specific router:
ACOS(config)#clear ipv6 ospf neighbor 192.1.1.1
The following command clears all OSPFv3 neighbors on a specified

interface:
ACOS(config)#clear ipv6 ospf neighbor ethernet 1
The following command clears all neighbors on a specified interface to a specific router:
ACOS(config)#clear ipv6 ospf neighbor ethernet 1 192.1.1.1
page 63
OSPF Logging
OSPF Logging
Router logging is disabled by default. You can enable router logging to one or more of the following
destinations:
• CLI terminal (stdout)
• Local logging buffer
• Local file
• External log servers
NOTE: Log file settings are retained across reboots but debug settings are not.
NOTE: Enabling debug settings that produce lots of output, or enabling all
debug settings, is not recommend for normal operation.
Configuring Router Logging for OSPF

To configure router logging for OSPF:
1. Enable output options.

2. Set severity level and facility.
3. Enable debug options to generate output.
For additional syntax information, including show and clear commands for router logging, see the
Enable output options

To enable output to the local logging buffer, use the following command at the global configuration
level of the CLI:
router log log-buffer
To enable output to a local file, use the following command at the global configuration level of the CLI:
[no] router log file {name string | per-protocol | rotate num | size Mbytes}
To enable output to a remote log server, use the following command at the global configuration level of
the CLI:
logging host ipaddr [ipaddr...] [port protocol-port]
page 64
OSPF Logging
Up to 10 remote logging servers are supported.
Set severity level and facility

The default severity level for router logging is 7 (debugging). The default facility is local0.
To change set the severity level for messages output to the terminal, use the following command at the
global configuration level of the CLI:
logging monitor severity-level
The severity-level can be one of the following:
• 0 or emergency
• 1 or alert
• 2 or critical
• 3 or error
• 4 or warning
• 5 or notification
• 6 or information
• 7 or debugging
To change the severity level for messages output to the local logging buffer, use the following com-
mand at the global configuration level of the CLI:
logging buffered severity-level
To change the severity level for messages output to external log servers, use the following command at
the global configuration level of the CLI:
logging syslog severity-level
To change the facility, use the following command at the global configuration level of the CLI:
logging facility facility-name
The facility-name can be one of the following:
• local0
• local1
• local2
• local3
• local4
page 65
OSPF Logging
• local5
• local6
• local7
Enable debug options to generate output

To enable debugging for OSPF, use the following commands at the global configuration level or Privi-
leged EXEC level of the CLI:
debug a10 [ipv6] ospf

debug [ipv6] ospf type
The ipv6 option enables debugging for OSPFv3. Without the ipv6 option, debugging is enabled for
OSPFv2.
The type specifies the types of OSPF information to log, and can be one or more of the following:
• all – Enables debugging for all information types listed below.
• events – Enables debugging for OSPF events.
• ifsm – Enables debugging for the OSPF Interface State Machine (IFSM).
• lsa – Enables debugging for OSPF Link State Advertisements (LSAs).
• nfsm – Enables debugging for the OSPF Neighbor State Machine (NFSM).
• nsm – Enables debugging for the Network Services Module (NSM). The NSM deals with use of
ACLs, route maps, interfaces, and other network parameters.
• packet – Enables debugging for OSPF packets.
• route – Enables debugging for OSPF routes.
For each level, both debug commands are required.
CLI Example
The following commands configure OSPFv2 logging to a local file.
ACOS(config)#router log file name ospf-log

ACOS(config)#router log file per-protocol
ACOS(config)#router log file size 100
ACOS(config)#debug a10 ospf all
ACOS(config)#debug ospf packet
These commands create a router log file named “ospf-log”. The per-protocol option will log messages
for each routing protocol separately. The log file will hold a maximum 100 MB of data, after which the
messages will be saved in a backup and the log file will be cleared.
page 66
OSPF Logging
The following command displays the contents of the local router log file:
ACOS(config)#show router log file ospfd

2010/04/21 09:57:20 OSPF: IFSM[ve 3:1.1.1.2]: Hello timer expire
2010/04/21 09:57:20 OSPF: SEND[Hello]: To 224.0.0.5 via ve
3:1.1.1.2,
length
64
2010/04/21 09:57:20 OSPF:
-----------------------------------------------------
2010/04/21 09:57:20 OSPF: Header
2010/04/21 09:57:20 OSPF: Version 2
2010/04/21 09:57:20 OSPF: Type 1 (Hello)
2010/04/21 09:57:20 OSPF: Packet Len 48
2010/04/21 09:57:20 OSPF: Router ID 2.2.2.2
2010/04/21 09:57:20 OSPF: Area ID 0.0.0.0
2010/04/21 09:57:20 OSPF: Checksum 0x0
2010/04/21 09:57:20 OSPF: Instance ID 0
2010/04/21 09:57:20 OSPF: AuType 2
2010/04/21 09:57:20 OSPF: Cryptographic Authentication
2010/04/21 09:57:20 OSPF: Key ID 1
2010/04/21 09:57:20 OSPF: Auth Data Len 16
2010/04/21 09:57:20 OSPF: Sequence number 1271830931
2010/04/21 09:57:20 OSPF: Hello
2010/04/21 09:57:20 OSPF: NetworkMask 255.255.255.0
2010/04/21 09:57:20 OSPF: HelloInterval 10
2010/04/21 09:57:20 OSPF: Options 0x2 (-|-|-|-|-|-|E|-)
2010/04/21 09:57:20 OSPF: RtrPriority 1
2010/04/21 09:57:20 OSPF: RtrDeadInterval 40
2010/04/21 09:57:20 OSPF: DRouter 1.1.1.200
2010/04/21 09:57:20 OSPF: BDRouter 1.1.1.2
2010/04/21 09:57:20 OSPF: # Neighbors 1
2010/04/21 09:57:20 OSPF: Neighbor 31.31.31.31
2010/04/21 09:57:20 OSPF:
-----------------------------------------------------
2010/04/21 09:57:21 OSPF: IFSM[ethernet 2:3.3.3.1]: Hello timer
expire
2010/04/21 09:57:21 OSPF: SEND[Hello]: To 224.0.0.5 via ethernet
2:3.3.3.1,
length 48
2010/04/21 09:57:21 OSPF:
-----------------------------------------------------
2010/04/21 09:57:21 OSPF: Header
2010/04/21 09:57:21 OSPF: Version 2
page 67
OSPF Logging
2010/04/21 09:57:21 OSPF: Type 1 (Hello)

2010/04/21 09:57:21 OSPF: Packet Len 48
2010/04/21 09:57:21 OSPF: Router ID 2.2.2.2
2010/04/21 09:57:21 OSPF: Area ID 0.0.0.0
2010/04/21 09:57:21 OSPF: Checksum 0x49eb
2010/04/21 09:57:21 OSPF: Instance ID 0
2010/04/21 09:57:21 OSPF: AuType 0
2010/04/21 09:57:21 OSPF: Hello
2010/04/21 09:57:21 OSPF: NetworkMask 255.255.255.0
2010/04/21 09:57:21 OSPF: HelloInterval 10
2010/04/21 09:57:21 OSPF: Options 0x2 (-|-|-|-|-|-|E|-)
2010/04/21 09:57:21 OSPF: RtrPriority 1
2010/04/21 09:57:21 OSPF: RtrDeadInterval 40
2010/04/21 09:57:21 OSPF: DRouter 3.3.3.2
2010/04/21 09:57:21 OSPF: BDRouter 3.3.3.1
2010/04/21 09:57:21 OSPF: # Neighbors 1
2010/04/21 09:57:21 OSPF: Neighbor 81.81.81.81
...
page 68
Intermediate System to Intermediate System (IS-IS)
This chapter describes how to integrate your ACOS device in an IS-IS network environment.
This chapter provides IS-IS configuration examples. For detailed CLI syntax information, see “Config
Commands: Router – IS-IS” on page 279.
The following topics are covered in this chapter:
• Basic IS-IS Example Topology
• Configuring IS-IS
• Verifying Your IS-IS Configuration
Basic IS-IS Example Topology

The example topology in Figure 3 shows the ACOS device in a level-1 IS-IS topology.
FIGURE 3 ACOS Device in a Basic IS-IS Topology
page 69
Configuring IS-IS
Configuring IS-IS
To configure IS-IS in the sample topology (Figure 3), first enable IS-IS in the ACOS device, enabling it to
send Hello packets to other IS-IS devices in the same area:
ACOS(config)# router isis

ACOS(config-isis)# net 47.0000.0000.0000.0001.00
ACOS(config-isis)# is-type level-1
ACOS(config-isis)# redistribute vip only-flagged level-1
ACOS(config-isis)# exit
ACOS(config)#
The router isis command places you in IS-IS configuration mode. The net command configures the
IS-IS instance on the ACOS device to be in the same area as the upstream router (in this case, 47.0000
as the area-id and 0000.0000.0001 as the system-id). The ACOS device must have the same area-id as
the one configured on the router in order for it to bring up level-1 adjacencies.
The is-type command configures this instance as a level-1 instance; the same is accomplished by mak-
ing sure the area-id in the net command matches the area-id on the router.
The redistribute command allows the VIP to the server farm to be advertised as a route in this IS-IS
area.
NOTE: If you are configuring IS-IS for IPv6, you should also add the metric-
style wide command in your basic configuration.
Next, configure IS-IS on the individual interfaces. To configure IS-IS on an interface, use the interface
command to access the configuration level for the interface, then use the ip router isis | ipv6 router isis
commands. Below is an example to enable IS-IS for IPv4:

ACOS(config-if:ethernet:1)# ip address 10.1.1.10 /24
ACOS(config-if:ethernet:1)# ip router isis
To enable IS-IS for IPv6, use IPv6 commands. For example:

ACOS(config-if:ethernet:1)# ipv6 address 2000::1/64
ACOS(config-if:ethernet:1)# ipv6 router isis
page 70
Verifying Your IS-IS Configuration

To view IS-IS settings, use the commands described in “IS-IS Show Commands” on page 294.
page 71
page 72
Border Gateway Protocol (BGP)
The ACOS device supports BGP4+ for both IPv4 and IPv6.
This chapter provides configuration examples. For detailed CLI syntax information, see the Command
Line Interface Reference.
• BGP Route Redistributions
• Using Route Maps to Permit or Deny Updates
• Using Route Maps for Traffic Engineering
• Route Selection Based on Local Preference
• Globally-Enabled Default Route Origination
• Equal-Cost Multi-path ECMP Support
• Route-Map High Availability for Interior Gateway Protocols
BGP Route Redistributions

The routers in a BGP autonomous system (AS) advertise their routes to other BGP speakers (either
internally or externally) through updates exchanged during peering sessions. These updates, or BGP
route redistributions, can be used to distribute information about the topology and metrics for the
neighboring routers.
The route redistributions can be for either static routes, which are manually-configured by an admin, or
the route redistributions can be for dynamic routes that the router has acquired through the normal
operation of the BGP protocol, such as routes learned through BGP peering sessions with other rout-
ers.
page 73
Using Route Maps to Permit or Deny Updates
Using Route Maps to Permit or Deny Updates

A BGP route map functions much like a filter. Route maps offer a way to permit or deny the exchange
of information to neighboring BGP peers, and route maps can be used by network administrators to
reduce the amount of information that is exchanged during BGP peering sessions.
Without route maps, every router on the Internet would share all of its information about every other
router to which it is connected, and the sheer volume of traffic would bring the Internet to a grinding
halt, so route maps offer a way to throttle the amount of information that is shared among BGP peers.1
Route maps are configured with one or more rules. Each rule consists of a set of match criteria and an
associated action (permit or deny). The route map can have multiple rules, which are categorized in
ascending order. Once the BGP route map is placed into action, it can be used to filter inbound or out-
bound routing traffic. If traffic is received and there is a positive match for the criteria in one of the
rules, then the action associated with that match criteria will be applied. Assuming the associated
action is to alter the local preference for routes from that peer, then ACOS will make this change before
redistributing these route to other BGP peers.
Using Route Maps for Traffic Engineering

The rules in the route map are not just used to “permit” or “deny” peering sessions in the binary manner
described above. Route maps can also be used for “traffic engineering”. This is accomplished by modi-
fying the information a BGP speaker receives from other BGP peers before the altered information is
propagated via the route redistribution process. In other words, route maps can be configured to mod-
ify the properties of the routing information they receive before sending that modified data on its way.
For example, if you know that a neighboring autonomous system has old equipment that could impede
or slow your network’s traffic, it might be beneficial if you could administratively tell the equipment in
your autonomous system to avoid that other network.
Route maps allow you to accomplish this goal by rewriting the properties or metrics associated with the
paths to this other network.
You could set up one or more match criteria to identify traffic from this slower and older network, such
that if a positive match occurs, ACOS would increase the cost (or decrease the weight) for the paths to
this other network. Doing so would bias traffic away from these paths and encourage the use of other
paths capable of circumventing the slow network.
1.
BGP route summarization, or route aggregation, offers another way to reduce the number of routes that are shared by
consolidating blocks of IP addresses before redistribution. This prevents excessive fragmentation of blocks of IP
addresses and gives ISPs more control over the blocks of IP addresses they own. Route aggregation also helps to con-
serve the limited number of IPv4 addresses.
page 74
Route Selection Based on Local Preference
In this way, ACOS does not simply refuse to accept the route redistributions received from BGP peers in
the slower network. Instead of accepting the routing information received at face value, ACOS “tweaks”
or rewrites the metrics associated with the paths to make them less attractive before passing them
along to the surrounding BGP peers.

Route selection can use the local preference as a match criteria in a route map. While vetting route
updates, if there is a positive match for the criteria, this triggers an action associated with the match
criteria and helps determine whether BGP updates will be sent to one or more BGP peers.
A route map acts as a filter for the redistribution of BGP routes sent to peers. Rules are set up within
the route map, consisting of match criteria (the metric upon which we are searching) and an associ-
ated action (for example, setting the local preference value). If a positive match is found then the action
associated with that rule is applied.
For example, you could set a rule within a route map to look for updates from a particular BGP peer
(based on IP address, router ID, or perhaps all routers in a particular Autonomous System Number), and
you could then prevent ACOS from propagating, or redistributing, these updates to the other BGP peers
in its ASN.
Instead of completely blocking routing updates from a nearby ASN, you could specify an action within
the route map that would modify the various metrics to make the associated paths less preferred. For
example, if you knew that a particular BGP peer is an older router that could hinder network perfor-
mance, you could increase the cost of the paths to/from that router by increasing the cost of those
paths by increasing the metric number. Similarly, you could achieve the same goal (of reducing the
attractiveness of the paths associated with this older router and thus directing traffic away from it) by
decreasing the weight for routes learned from this router.
CLI Example
The following commands configure a route map called “RED”. The sequence number for this route-map
is “10”. The rule looks for route updates that have a local preference value of exactly 5000. If a match
occurs, then the action for this route map is to “permit” BGP updates to occur with this router.
ACOS(config)# route-map RED permit 10

ACOS(config-route-map)# match local-preference 5000
At this point, you could apply the route map to an ACOS device that has BGP enabled. You could spec-
ify the AS that this ACOS device belongs to (“333”), the BGP neighbor (10.1.1.1), the name of the route
map (“RED”), and specify whether this route map is affecting inbound or outbound route updates (in),
as shown in the sample commands below.
router bgp 333

redistribute dynamic
neighbor 10.1.1.1 remote-as 333
page 75
neighbor 10.1.1.1 route-map RED in
page 76
Globally-Enabled Default Route Origination
Globally-Enabled Default Route Origination

When you are in router BGP mode, the default-information originate CLI command is available to
advertise the default route.
Use the GUI to Configure Globally-Enabled Default Route Origination
BGP configuration is not supported in the GUI.
Use the CLI to Configure Globally-Enabled Default Route Origination
To configure a BGP routing process to distribute a default route, use the default-information origi-
nate command in the address family or router configuration mode. A valid default route must exist and
be verified to complete this configuration or the default route will not be advertised:
ACOS(config)# router bgp 10

ACOS(config-bgp:10)# default-information originate
Equal-Cost Multi-path ECMP Support

Equal-cost multi-path (ECMP) support for BGP is available; by default, ECMP support is disabled. You can enable support for
up to 10 equal-cost paths per route destination. Traffic to the destination prefix is then shared across all the installed paths.
Based on your configuration, BGP will install up to the maximum number of routes in the forwarding
information base (FIB).
Use the maximum-paths command at the BGP configuration level to specify the maximum number of
ECMP paths to a given route destination allowed for BGP: The default maximum-path value is 1. This
value will not be displayed in the show running-config command. With the default setting (maximum-
paths 1), BGP will install the single best ECMP route into the FIB used by the ACOS device to forward
traffic.
NOTE: See the “maximum-paths” CLI command in the Command Line Interface Reference for
more information about enabling this feature at the global configuration level for all
protocols.
The example below shows the BGP portion of an ACOS device configuration. The first set of output
shows a device running IPv4 while the second set of output shows a device running IPv6. In the IPv4
output, the lines of output “neighbor 10.10.10.197 remote-as 197” through “neighbor
60.60.60.197 remote-as 197” show that the ACOS routing engine learned of this route from mul-
tiple neighbors.

ACOS(config-bgp:100)# bgp router-id 100.100.100.100
page 77
Equal-Cost Multi-path ECMP Support
ACOS(config-bgp:100)# maximum-paths 8
ACOS(config-bgp:100)# neighbor 10.10.10.197 remote-as 197
ACOS(config-bgp:100)# neighbor 3310::197 remote-as 197
ACOS(config-bgp:100)# address-family ipv6
ACOS(config-bgp:100-ipv6)# maximum-paths 7
ACOS(config-bgp:100-ipv6)# neighbor 3310::197 activate
ACOS(config-bgp:100-ipv6)# exit-address-family
ACOS(config-bgp:100)#
The show ip fib command shows that the ACOS device’s forwarding information base (FIB) was able
to learn of 6 different routes to the same destination (7.7.7.0/ 24). Each route had an equal cost (dis-
tance = 20), and each route was learned through a different Ethernet port.
ACOS# show ip fib

Prefix Next Hop Interface Distance
------------------------------------------------------------------------
7.7.7.0 /24 60.60.60.197 ethernet6 20
7.7.7.0 /24 50.50.50.197 ethernet5 20
7.7.7.0 /24 40.40.40.197 ethernet4 20
7.7.7.0 /24 30.30.30.197 ethernet3 20
7.7.7.0 /24 20.20.20.197 ethernet2 20
7.7.7.0 /24 10.10.10.197 ethernet1 20
The show ip bgp command displays paths learned through BGP. The ACOS device was connected to 6
different routes, and the Metric column shows that the cost is the same for all routes.
ACOS# show ip bgp

BGP table version is 14, local router is 98.98.98.98
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, l - labeled
page 78
Route-Map High Availability for Interior Gateway Protocols
S Stale, m multipath
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path

*> 7.7.7.0/24 10.10.10.197 0 0 197 ?
*m 20.20.20.197 0 0 197 ?
*m 30.30.30.197 0 0 197 ?
*m 40.40.40.197 0 0 197 ?
*m 50.50.50.197 0 0 197 ?
*m 60.60.60.197 0 0 197 ?
The show ip route database command displays essentially the same information as shown above.
The ACOS device has a FIB that is populated with 6 different routes, of equal cost, to the same destina-
tion.
ACOS# show ip route database

Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
> - selected route, * - FIB route, p - stale info
B *> 7.7.7.0/24 [20/0] via 10.10.10.197, ethernet 1, 00:13:38

*> [20/0] via 20.20.20.197, ethernet 2, 00:13:38
*> [20/0] via 30.30.30.197, ethernet 3, 00:13:38
*> [20/0] via 40.40.40.197, ethernet 4, 00:13:38
*> [20/0] via 50.50.50.197, ethernet 5, 00:13:38
*> [20/0] via 60.60.60.197, ethernet 6, 00:13:38
Route-Map High Availability for Interior Gateway

Protocols
Feature History
ACOS 2.7.2 introduced support for a route-map option that performed matching based on the HA or
VRRP-A VRID group, and also based on whether the device was the active or standby in the group. This
option was used to control BGP route redistribution and advertisement decisions using the ACOS
device’s high availability state.
page 79
ACOS 2.7.2-P4 extended this feature to support all Interior Gateway Protocols (IGPs) such as OSPFv2,
OSPFv3, ISISv4/6, RIP and RIPng.
This feature is now supported in ACOS 4.0.1 and beyond.
NOTE: Prior to ACOS 2.7.2, a route map could perform filtering based on metrics
such as BGP community, IP address, or metric value. However, the 2.7.2
release was the first release in which filtering (or matching) could be per-
formed based on the status of an ACOS device in a high availability con-
figuration.
High availability configuration is only available with VRRP-A beginning

with ACOS 4.0 and beyond; the legacy HA configuration is no longer sup-
ported.
Route-Map High Availability Overview

This mechanism can be useful in certain network environments; for example, when a network uses
VRRP-A for redundancy and the active ACOS device in the VRRP-A group will be upgraded. Such an
upgrade requires the active ACOS device to change its status to standby, and the standby device must
become active.
In this scenario, the ability to perform route map matching based on high availability status offers a
unique way to use BGP (or other IGPs) route redistribution to advertise the paths to the newly-active
ACOS device after switchover has occurred.
You can use the BGP protocol to modify some of the route settings by way of the route map. By chang-
ing the weights or local preference of certain routing paths, you can influence the routes that are adver-
tised or withdrawn in route updates from the ACOS device to its BGP neighbors.
Alternatively, you can just wait for the old routes to time out, at which point they will be automatically
withdrawn from the routing table of the neighboring routers. This will have the effect of directing net-
work traffic to the newly-active ACOS device.
VRRP-A VRID Group Matching

Figure 4 shows a hypothetical network topology with two ACOS devices using VRRP-A for redundancy.
Here are a few other noteworthy points:
• The leftmost ACOS device is Active and the rightmost ACOS device is Standby.
• The diagram shows a Layer 3 router above the ACOS devices. The router is in autonomous sys-
tem 200, and it is using BGP to share routing updates with the ACOS load balancers. The ACOS
devices are also running BGP and are located within AS 100.
page 80
• Static routes connect the ACOS devices to a Layer 3 router, which directs traffic to and from the
real servers.
FIGURE 4 Topology Using BGP Route Map (with VRRP-A High Availability Matching)
In a network environment like that shown above in Figure 4, the Active ACOS device must be relegated
to “standby” mode before it can be upgraded. In turn, the Standby device must also be made “active”.
When this switchover occurs, it is imperative that the routers running BGP receive updated routing
information. This updated routing information will cause the routes to the formerly-active ACOS device
to be avoided, and the routers must also be provided with new routing information about the paths traf-
fic can use to reach the newly active ACOS device.
page 81
CLI Example
The following gives an example of a route map configuration. It is based on the network diagram
shown in Figure 4, which has two ACOS devices using VRRP-A for redundancy. To upgrade one of the
active ACOS devices, its status must be changed to standby (and the standby device must be made
active). Then, the new routing information must be pushed to the router above, which is also running
BGP.
Configurations on the Active ACOS device
The CLI commands below are used to configure VRRP-A on the first (Active) ACOS device.
vrrp-a common
device-id 1
set-id 1
enable
The following CLI commands assign an IP address of 20.1.1.1 to Ethernet interface 1 on the ACOS
device.
interface eth 1
ip address 20.1.1.1
The following CLI commands are used to create a route map called “test1” with a sequence number of
10. A rule is added that checks for a positive match for the active ACOS device in the VRRP-A group 1.
If a positive match is found, then this ACOS device can share its route redistributions with any BGP
peers that pass the match criteria.
route-map test1 permit 10

match group 1 active
The following CLI commands are used at the global configuration level to enable the BGP protocol and
specify the Autonomous System (AS) number of “100” for the Active ACOS device. The BGP peer is
specified in remote AS 200, and the hop count needed to reach this external BGP router is not to
exceed 255 hops. The outbound redistribution of static routes would be allowed to the BGP peer at
30.1.1.1, based upon the match criteria (and associated actions) in the route-map called “test1”.
router bgp 100

redistribute static
neighbor 30.1.1.1 ebgp-multihop 255
neighbor 30.1.1.1 route-map test1 out
The following CLI commands are used to configure a static route from the Active ACOS device to the
real servers in the subnet 1.1.1.0 /24, by way of the next-hop router at IP 11.1.1.1.
ip route 1.1.1.0 /24 11.1.1.1
page 82
Configurations on the Standby ACOS device
The command below configure VRRP-A on the Standby ACOS device.
vrrp-a common
device-id 2
set-id 1
enable
The following CLI commands assign the IP 21.1.1.1 to Ethernet interface 1 on the Standby ACOS
device.
interface eth 1
ip address 21.1.1.1
The CLI commands below create a route map called “test1” with a sequence number of 10. A rule is
added to check for a match for the active ACOS device in the HA (or VRRP-A) group 1. If a positive
match is found, then this ACOS device may share its route redistributions with its BGP peers.
route-map test1 permit 10

match group 1 active
The following CLI commands are used at the global configuration level to enable the BGP protocol and
specify an Autonomous System (AS) number of “100” for the Standby ACOS device. The BGP peer is
specified in remote AS 200, and the hop count needed to reach this external BGP router is not to
exceed 255 hops. The outbound redistribution of static routes could be sent to the BGP peer at
30.1.1.1, based upon the match criteria (and the associated actions) in route-map “test1”.
router bgp 100

redistribute static
neighbor 30.1.1.1 ebgp-multihop 255
neighbor 30.1.1.1 route-map test1 out
The following CLI commands are used to configure a static route from the Standby ACOS device to the
real servers in the subnet 1.1.1.0 /24, by way of the next-hop router at IP 12.1.1.1.
ip route 1.1.1.0 /24 12.1.1.1
NOTE: In the above configuration, only an Active ACOS device can redistribute
its static routes. The Standby ACOS device does not redistribute its
static routes. The reason for this is that the match criteria “permits” the
Active device in an HA (or VRRP-A) pair to send out (redistribute) its
routes. There is no rule in the route map with an explicit “deny” action, but
the deny is implicit, because any Standby HA devices would fail to match
the criteria in the route map, so the Standby HA device would fail to
match the criteria and its routing updates would not be shared.
page 83
page 84
Bidirectional Forwarding Detection
Bidirectional Forwarding Detection (BFD) provides very fast failure detection for routing protocols.
When BFD is enabled, the ACOS device periodically sends BFD control packets to the neighboring
devices that are also running BFD. If a neighbor stops sending BFD control packets, the ACOS device
quickly brings down the BFD session(s) with the neighbor, and recalculates paths for routes affected by
the down neighbor.
BFD provides a faster failure detection mechanism than the timeout values used by routing protocols.
Routing protocol timers are multiple seconds long, whereas BFD provides sub-second failover.
The A10 implementation of BFD is based on the following RFCs:
• RFC 5880, Bidirectional Forwarding Detection (BFD)
• RFC 5881, Bidirectional Forwarding Detection (BFD) for IPv4 and IPv6 (Single Hop)
• RFC 5882, Generic Application of Bidirectional Forwarding Detection (BFD)
• RFC 5883, Bidirectional Forwarding Detection (BFD) for Multihop Paths
Support in this Release
The current release has the following BFD support:
• Basic BFD protocol (packet processing, state machine, and so on)
• BGP client support
• Multihop
• BFD Asynchronous mode
• OSPFv2/v3 client support
• Static route support
• IS-IS client support
• BFD Demand mode
• Full Echo function support
• Authentication
page 85
BFD Parameters
BFD Parameters
BFD is disabled by default. You can enable it on a global basis.
BFD Echo
BFD echo enables a device to test data path to the neighbor and back. When a device generates a BFD
echo packet, the packet uses the routing link to the neighbor device to reach the device. The neighbor
device is expected to send the packet back over the same link.
BFD Timers
You can configure BFD timers at the following configuration levels:
• Global
• Interface
If you configure the timers on an individual interface, the interface’s settings are used instead of the
global settings. Likewise, if the BFD timers are not set on an interface, that interface uses the global
settings. For BGP loopback neighbors, BFD always uses the global timer.
The DesiredMinTXInterval, RequiredMinRxInterval and DetectMult timer fields can be configured at the
interface and the global configuration level. However, the actual timer will vary depending on the Finite
State Machine (FSM) state, through negotiation, and whether or not echo has been enabled.
BGP Support
If you run BGP on the ACOS device, you can enable BFD-based fallover for individual BGP neighbors.
Configuring BFD
Static Route Support

A static route flap can occur when you enable BFD in global mode or when you configure a static BFD
session.
In the following example, you will see that the static routes experience a flap when BFD is enabled. The
fields to note are flagged in bold:
ACOS(config)# show ipv6 route

IPv6 Routing Table
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
page 86
Configuring BFD
i - IS-IS, B - BGP
Timers: Uptime
C 3ffe:100::/64 via ::, ve 10, 00:01:28

C 3ffe:1111::/64 via ::, loopback 1, 00:01:30
S 3ffe:2222::/64 [1/0] via 3ffe:100::20, ve 10, 00:00:25 <===value before flap
timer
ACOS(config)#bfd enable <===enable BFD
ACOS(config)# show ipv6 route
IPv6 Routing Table
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
i - IS-IS, B - BGP
Timers: Uptime
C 3ffe:100::/64 via ::, ve 10, 00:01:32

S 3ffe:2222::/64 [1/0] via 3ffe:100::20, ve 10, 00:00:01 <==value after flap
ACOS(config)#
To enable BFD, use the following command at the global configuration level of the CLI:
ACOS(config)#bfd enable
To enable BFD echo, use the following command at the global configuration level of the CLI:
ACOS(config)#bfd echo
To configure BFD timers, use the following commands. These commands are available at the global
configuration level and at the configuration level for individual interfaces.
[no] bfd interval ms min-rx ms multiplier num
The interval value can be 48-1000 ms, and is 800 ms by default. The min-rx value can be 48-1000 ms,
and is 800 ms by default. The multiplier value can be 3-50 and is 4 by default.
Configuring BFD Parameters for BGP

To enable BFD-based fallover for a BGP neighbor, use the following command at the BGP configuration
level:
[no] neighbor ipaddr fall-over bfd [multihop]
page 87
Configuring BFD
To display BFD information for BGP neighbors, use the following command:
show ip bgp neighbor
Displaying BFD Information

To display summarized BFD neighbor information, use the following command:
show bfd neighbors
To display detailed BFD neighbor information, use the following command:
show bfd neighbors detail
To display BFD statistics, use the following command:
show bfd statistics
To clear BFD statistics, use the following command:
clear bfd statistics
Disable BFD
To disable BFD, enter the following command in global configuration mode:
ACOS(config)# no bfd enable
Enter the command to stop processing all BFD packets.
Configure BFD with OSPF (for IPv4)

To enable BFD with OSPF on an interface, enter one of the following sets of commands:
To enable BFD on an individual interface:

ACOS(config-if:ethernet:1)# ip address 20.0.0.1 255.255.255.0
ACOS(config-if:ethernet:1)# ip ospf bfd
To enable BFD on a virtual interface:
page 88
Configuring BFD

ACOS(config-if:ve:100)# ip ospf bfd
To enable BFD on a trunk:

ACOS(config-if:trunk:1)# ip ospf bfd
To enable BFD for all OSPF-enabled interfaces, enter the following commands:
ACOS(config)# router ospf 1

ACOS(config-ospf:1)# bfd all-interfaces
To selectively disable BFD per interface, enter the following command:

ACOS(config-if:ethernet:1)# ip ospf bfd disable
To configure a multihop neighbor over a virtual-link, enter the following command:
ACOS(config-ospf:1)# area 1 virtual-link 40.0.0.1 fall-over bfd
Sample Configuration
Your running configuration will display your current BFD with OSPF configuration:
!
ip address 20.0.0.1 255.255.255.0
ip ospf bfd
!
ip address 30.0.0.1 255.255.255.0
!
!
router ospf 1
bfd all-interfaces
network 20.0.0.0/24 area 0
network 30.0.0.0/24 area 0
area 1 virtual-link 40.0.0.1 fall-over bfd
page 89
Configuring BFD
!
!
bfd enable
!
Configure BFD with OSPF (for IPv6)

To enable BFD with OSPF for IPv6 support on an interface, enter one of the following sets of com-
mands:

ACOS(config-if:ethernet:1)# ipv6 router ospf area 0 tag 1
ACOS(config-if:ethernet:1)# ipv6 ospf bfd

ACOS(config-if:ve:100)# ipv6 ospf bfd

ACOS(config-if:trunk:1)# ipv6 ospf bfd
To enable BFD for all OSPFv3-enabled interfaces, enter the following commands:
ACOS(config)# router ipv6 ospf 1

ACOS(config-ospf:1)# bfd all-interfaces

ACOS(config-if:ethernet:1)# ipv6 ospf bfd disable
To configure a multihop neighbor over a virtual-link, enter the following command:
ACOS(config-ospf:1)# area 1 virtual-link 2.2.2.2 fall-over bfd
page 90
Configuring BFD
Your running configuration will display your current BFD with OSPF for IPv6 configuration:
!
ipv6 address 2001::1/64
ipv6 ospf bfd
!
ipv6 address 3001::1/64
!
!
router ipv6 ospf 1
router-id 1.1.1.1
bfd all-interfaces
area 1 virtual-link 2.2.2.2 fall-over bfd
!
!
bfd enable
!
Configure BFD with IS-IS (for IPv4)

To enable BFD with ISIS on an interface, enter one of the following sets of commands:

ACOS(config-if:ethernet:1)# ip router isis
ACOS(config-if:ethernet:1)# isis bfd

ACOS(config-if:ve:100)# isis bfd

ACOS(config-if:trunk:1)# isis bfd
page 91
Configuring BFD
To enable BFD for all IS-IS-enabled interfaces, enter the following commands:

ACOS(config-isis)# bfd all-interfaces

ACOS(config-if:ethernet:1)# isis bfd disable
Your running configuration will display your current BFD with ISIS configuration:
!
ip address 20.0.0.1 255.255.255.0
ip router isis
isis bfd
!
ip address 30.0.0.1 255.255.255.0
ip router isis
isis bfd
!
!
router isis
bfd all-interfaces
net 49.0001.0000.0000.0001.00
!
!
bfd enable
!
Configure BFD with IS-IS (for IPv6)

To enable BFD with ISIS for IPv6 support on an interface, enter one of the following sets of commands:

ACOS(config-if:ethernet:1)# isis bfd
page 92
Configuring BFD

ACOS(config-if:ve:100)# ipv6 address 2ffe:123::1/64
ACOS(config-if:ve:100)# ipv6 router isis
ACOS(config-if:ve:100)# isis bfd

ACOS(config-if:trunk:1)# isis bfd
To enable BFD for all IS-IS-enabled interfaces, enter the following commands:

ACOS(config-isis)# bfd all-interfaces

ACOS(config-if:ethernet:1)# isis bfd disable
Your running configuration will display your current BFD with ISIS (for IPv6 support) configuration:
!
interface ve 100
ipv6 address 2ffe:123::1/64
ipv6 router isis
isis bfd
!
router isis
bfd all-interfaces
net 49.0001.0000.0000.0002.00
!
bfd enable
Configure BFD with BGP

When BFD is configured with BGP, it is configured on a per neighbor basis. This is different from the
OSPF or ISIS configuration with BFD. Use the following commands to configure BFD with BGP:
page 93
Configuring BFD

ACOS(config-bgp:1)# neighbor 1.2.3.4 fall-over bfd
To configure a multihop BFD neighbor, use the following command:
ACOS(config-bgp:1)# neighbor 1.2.3.4 fall-over bfd multihop
Your running configuration will display your current BFD with BGP configuration:
!
router bgp 1
neighbor 1.2.3.4 fall-over bfd multihop
!
!
bfd enable
!
Configuring Static BFD

The following sections describe how to configure global IPv4 static BFD and both global and link-local
IPv6 static BFD.
IPv4 Static BFD (Global)

From the global configuration mode, use the following command to add a static BFD entry for the spec-
ified IPv4 nexthop:
ACOS(config)# ip route static bfd 20.0.0.1 20.0.0.2
In the above command, the first parameter is the IPv4 address of the local interface. You can only use
the IP addresses for interfaces to setup the BFD session. The second parameter is the IPv4 address of
the remote interface that serves as the gateway for the static route.
IPv6 Static BFD (Global)

ified IPv6 nexthop:
ACOS(config)#ipv6 route static bfd 2001::1 2001::2
page 94
Configuring BFD
In the above command, the first parameter is the IPv6 address of the local interface. You can only use
the IP addresses for interfaces to setup the BFD session. The second parameter is the IPv6 address of
the remote interface that serves as the gateway for the static route.
IPv6 Static BFD (Link-Local)

ified link-local IPv6 nexthop:
ACOS(config)# ipv6 route static bfd ve 100 fe80::1
In the above command, the first parameter is the local interface name (Ethernet, VE, or a specified
trunk), and the second parameter is the remote link-local IPv6 address that serves as the gateway.
Configuring BFD Intervals
Global Interval Configuration

From the global configuration mode, use the following command to modify the global interval timer val-
ues:
ACOS(config)# bfd interval 500 min-rx 500 multiplier 4
This command will help configure the interval for any one of the following three parameters and will be
applied to all BFD sessions:
• DesiredMinTxInterval
• RequiredMinRxInterval
• Multiplier
Interface Interval Configuration

From the interface configuration mode, use the following command to modify the interface interval
timer values:
ACOS(config-if:ve:10)# bfd interval 500 min-rx 500 multiplier 4
NOTE: For a BFD session for BGP using a loopback address, for an OSPFv2 vir-
tual link, and for an OSPFv3 virtual link, the ACOS device will always use
the global timer configuration, immaterial of the timer that is configured
at the interface level.
page 95
Configuring BFD
Enable Authentication
Authentication Per interface

To configure authentication per interface, from the interface configuration mode, apply one of the fol-
lowing authentication schemes to OSPF, OSPFv3, IS-IS, or static BFD neighbors.
bfd authentication 1 md5 password-string
You may choose an authentication method from the following available choices:
• Simple password
• Keyed MD5
• Meticulous Keyed MD5
• Keyed SHA1
• Meticulous Keyed SHA1
Authentication Per Neighbor (for BGP only)

The following command is configured under the BGP configuration mode:

ACOS(config-bgp:10)# neighbor 1.2.3.4 fall-over bfd authentication 1 md5 password-string
Enable Echo and Demand function
Enable the Echo Function

From the global configuration mode, enable the BFD echo:
ACOS(config)# bfd echo
Enable the Echo Function Per Interface

After you configure the global BFD echo, from the interface configuration mode, you can enable BFD
echo on a per interface basis using the following command:
ACOS(config-if:ethernet:1)# bfd echo
page 96
Viewing BFD Status
Enable Demand Mode

From the interface configuration mode, you can enable the demand mode to work in conjunction with
the echo function using the following command:
ACOS(config-if:ethernet:1)# bfd echo demand
When demand mode is enabled, after a BFD session is established, a system will be able to verify con-
nectivity with another system at will instead of routinely. Instead of constantly receiving BFD control
packets, the system will request that the other system stop sending BFD Control packets. To verify
connectivity again, the system will explicitly send a short sequence of BFD Control packets to the other
system and receive a response. Demand mode can be configured to work either independently in each
direction, or bidirectionally at the same time.
Asynchronous Mode
The Asynchronous mode is the default mode of operation for BFD. In this mode, systems establish
connectivity and know of each other’s existence by periodically exchanging BFD Control packets. A
session between two connected systems is only declared down after several packets in a row are not
received by the other system. BFD will operate in this mode if you do not configure or enable echo or
demand.
Viewing BFD Status

BFD status information and details can be viewed using the show bfd command along with additional
options. Refer to “show bfd” in the Command Line Interface Reference for more information.
page 97
Viewing BFD Status
page 98
Internet Group Multicast Protocol (IGMP) Queries
The current implementation of the ACOS software supports the generation of generic Internet Group
Multicast Protocol version 2 (IGMPv2) membership query requests. ACOS devices will now generate
IGMP membership queries and facilitate multicast deployments.
NOTE: The ACOS software does not support the complete IGMP protocol or the
generation of generic membership queries for IGMPv3 or Multicast Lis-
tener Discovery (MLDv2).
Previous releases of the ACOS software did not provide support for the IGMPv2 protocol at all, hence it
did not provide IGMP membership query support.
IGMPv2 provides the following capabilities:
• IGMP membership queries are only generated when IPv4 addresses are configured. If any IPv6
interface addresses are recognized, no queries will be generated.
• Generates generic IGMPv2 membership query request packets.
• The devices will not process any responses for this query request.
• Uses the default values for membership query request wherever possible.
• Provides the ability to configure the time interval for generation of these membership queries per
interface.
• Provides support for this feature with Layer 3 Virtualization (L3V).
IGMP membership queries are supported in routed mode only and will not be supported in non-routed
mode.
page 99
FIGURE 5 IGMP Membership Queries (Routed and Non-Routed Mode)
In Routed Mode
In Figure 5, the interface for devices 1 and 2 are acting in routed mode, that is, the IP address has been
configured on the interface. When the interface is in routed mode, the device can be configured to gen-
erate IGMPv2 membership queries out of this interface. However, when an IGMP membership query is
received on an interface in routed mode, it will be ignored.
In Non-Routed Mode
In Figure 5, the Device 2 device is acting as a switch and both Eth 11 and Eth12 on the Device 2 device
are in non-routed mode. Eth1 on the Device 1 device and Eth2 on the Device 2 device are configured in
routed mode. Hence Eth1 interface on the Device 1 device and Eth2 on the Device 3 device can be con-
figured to generate IGMP Membership Queries.
In this case, when the Device 2 device receives IGMP Membership Queries on Eth11 (generated by the
Device 1 device) and Eth 12 (generated by the Device 3 device) it will accept these packets and just
switch them as it would any other packet. More importantly, it will not drop these packets since Eth11
and Eth12 on Device 2 are acting in non-routed (switched) mode.
Configuring IGMP Membership Queries

The GUI and the CLI provide a way to configure IGMPv2 membership request queries from the physical,
virtual or trunk interface configuration level.
Use the GUI to Configure IGMP Membership Queries

To configure IGMPv2 membership request queries on an interface:
page 100
5. Select the Generate Membership Query field.

6. In the Membership Query Interval field, specify the time interval (1-255 seconds) after which the
device using this interface will initiate an IGMP membership query request.
7. In the Maximum Response Time field, specify the time interval, in 1/10 of a second, before which
receiving devices will send the ICMP query message response.
8. Click the Update button.
NOTE: These timers are valid only for a particular interface. They must be con-
figured per interface.
Use the CLI to Configure IGMP Membership Queries

To configure IGMP membership request queries on a physical interface, use the ip igmp command
from interface configuration level. For example:
ACOS(config-if)# interface ethernet 2

ACOS(config-if:ethernet:2)# ip igmp generate-membership-query 10 max-resp-time 50
To view your IGMP membership request query configuration for a a physical interface, do the following:
ACOS(config)# show interfaces ethernet 2

Ethernet 2 is up, line protocol is up
Hardware is GigabitEthernet, Address is 001f.a004.2e71
Internet address is 192.168.1.1, Subnet mask is 255.255.255.0
Configured Speed auto, Actual 1Gbit, Configured Duplex auto, Actual fdx
IGMP Membership Query is enabled, IGMP Membership Queries sent 3
Flow Control is disabled, IP MTU is 1500 bytes
Port as Mirror disabled, Monitoring this Port disabled
0 packets input, 0 bytes
Received 0 broadcasts, Received 0 multicasts, Received 0 unicasts
0 input errors, 0 CRC 0 frame
0 runts 0 giants
3003 packets output 264264 bytes
Transmitted 0 broadcasts 3003 multicasts 0 unicasts
0 output errors 0 collisions
300 second input rate: 0 bits/sec, 0 packets/sec, 0% utilization
300 second output rate: 12768 bits/sec, 18 packets/sec, 0% utilization
To configure IGMP membership request queries on an virtual Ethernet interface, do the following:
page 101

ACOS(config-if:ve:50)# ip address 10.10.10.219 /24
ACOS(config-if:ve:50)# ip igmp generate-membership-query 10 max-resp-time 50
To view your IGMP membership request query configuration for a virtual Ethernet interface, do the fol-
lowing:
ACOS(config)# show interfaces ve 50

VirtualEthernet 50 is up, line protocol is up
Hardware is VirtualEthernet, Address is 001f.a004.2e72
Router Interface for L2 Vlan 50
IP MTU is 1500 bytes
0 packets input 0 bytes
Transmitted 0 broadcasts, Transmitted 0 multicasts, Transmitted 0 unicasts
300 second input rate: 0 bits/sec, 0 packets/sec
300 second output rate: 0 bits/sec, 0 packets/sec
page 102
Part IV
Command Line Interface Reference
• “Config Commands: Interface” on page 105

• “Config Commands: VLAN” on page 159
• “Config Commands: IP” on page 163
• “Config Commands: IPv6” on page 193
• “Config Commands: Router – RIP” on page 207
• “Config Commands: Router – OSPF” on page 235
• “Config Commands: Router – IS-IS” on page 279
• “Config Commands: Router – BGP” on page 301
Config Commands: Interface
This chapter describes the CLI commands for configuring ACOS interface parameters:
• access-list
• bfd
• cpu-process
• disable
• duplexity
• enable
• flow-control
• icmp-rate-limit
• icmpv6-rate-limit
• ip address
• ip address dhcp
• ip allow-promiscuous-vip
• ip cache-spoofing-port
• ip control-apps-use-mgmt-port
• ip default-gateway
• ip helper-address
• ip igmp
• ip nat
• ip ospf
• ip rip authentication
• ip rip receive version
• ip rip receive-packet
• ip rip send version
• ip rip send-packet
page 105
• ip rip split-horizon
• ip router isis | ipv6 router isis
• ip slb-partition-redirect
• ip stateful-firewall
• ip ttl-ignore
• ipv6 (on management interface)
• ipv6 access-list
• ipv6 address
• ipv6 enable
• ipv6 nat inside
• ipv6 nat outside
• ipv6 ndisc router-advertisement
• ipv6 ospf cost
• ipv6 ospf dead-interval
• ipv6 ospf hello-interval
• ipv6 ospf mtu-ignore
• ipv6 ospf neighbor
• ipv6 ospf network
• ipv6 ospf priority
• ipv6 ospf retransmit-interval
• ipv6 ospf transmit-delay
• ipv6 rip split-horizon
• ipv6 router isis
• ipv6 router ospf
• ipv6 router rip
• ipv6 stateful-firewall
• ipv6 ttl-ignore
• isis authentication
• isis bfd
page 106
• isis circuit-type
• isis csnp-interval
• isis hello
• isis hello-interval
• isis hello-interval-minimal
• isis hello-multiplier
• isis lsp-interval
• isis mesh-group
• isis metric
• isis network
• isis password
• isis priority
• isis restart-hello-interval
• isis retransmit-interval
• isis wide-metric
• l3-vlan-fwd-disable
• lldp enable
• lldp notification
• lldp tx-dot1-tlvs
• lldp tx-tlvs
• load-interval
• lw-4o6
• media-type-copper
• monitor
• mtu
• name
• ports-threshold
• remove-vlan-tag
• snmp-server
page 107
• trunk-group
To access this configuration level, enter the interface command at the Global configuration level.
If the ACOS device is a member of an aVCS virtual chassis, specify the interface number as follows:
DeviceID/num, where DeviceID is the device’s aVCS ID and num is the interface or trunk number.
Common commands available at all configuration levels (clear, debug, do, end, exit, no, show, write) are
described in the Command Line Interface Reference.
access-list
Description Apply an Access Control List (ACL) to an interface.
Syntax [no] access-list [num | name name] in
Parameter Description
num Number or ID of a configured ACL.
name Name of a configured ACL.
in Applies the ACL to inbound traffic received on the interface.
Default N/A
Mode Interface
Usage The ACL must be configured before you can apply it to an interface. To configure an ACL, see
“access-list” in the Command Line Interface Reference.
You can apply ACLs to Ethernet data interfaces, Virtual Ethernet (VE) interfaces, the
management interface, trunks, and virtual server ports. Applying ACLs to the out-of-band
management interface is not supported.
You can apply ACLs only to the inbound traffic direction. This restriction ensures that ACLs
are used most efficiently by filtering traffic as it attempts to enter the ACOS device, before
being further processed by the device.
Example The following commands configure a standard ACL to deny traffic from subnet 10.10.10.x,
and apply the ACL to the inbound traffic direction on Ethernet interface 4:
ACOS(config)# access-list 1 deny 10.10.10.0 0.0.0.255

ACOS(config-if:ethernet:4)# access-list 1 in
page 108
bfd
Description Enable or disable BFD on an individual interface.
Syntax [no] bfd {

authentication key-id {auth-type} |
echo [demand] |
interval ms min-rx ms multiplier num
}
authentication key-id { The authentication option specifies the authentication type to be used
md5 | for BFD. You can specify a key-id from 0-255. The authentication options
meticulous-md5 | include the following:
meticulous-sha1 |
md5 – Keyed MD5
sha1 |
•
simple}
• meticulous-md5 – Meticulous keyed MD5
• meticulous-sha1 –Meticulous keyedSHA1
• sha1 – Keyed SHA1
• simple – Simple password
echo [demand] Specify echo mode. You can enable the demand mode to work in conjunc-
tion with the echo function. When demand mode is enabled (and a BFD
session has been established), the system will be able to verify connectiv-
ity with another system at will instead of routinely.
interval ms min-rx ms The interval value is the transmit timer, and it specifies the rate at which
multiplier num the ACOS device sends BFD control packets to its BFD neighbors. You can
specify 48-1000 milliseconds (ms). The default is 800 ms. This timer is
used in Asynchronous mode only.
The min-rx option is the detection timer, and this allows you to specify
the maximum number of ms the ACOS device will wait for a BFD control
packet from a BFD neighbor. The min-rx value can be 48-1000 ms, and is
800 ms by default. This timer is used in Asynchronous mode only.
The multiplier value is the wait multiplier, and this enables you to spec-
ify the maximum number of consecutive times the ACOS device will wait
for a BFD control packet from a neighbor. If the multiplier value is reached,
the ACOS device concludes that the routing process on the neighbor is
down. The multiplier value can be 3-50 and is 4 by default.
Mode Interface
Usage If you configure the timers on an individual interface, the interface’s settings are used instead
of the global settings. Likewise, if the BFD timers are not set on an interface, that interface
uses the global settings. For BGP loopback neighbors, BFD always uses the global timer.
NOTE: For a BFD session for BGP using a loopback address, for an OSPFv2 virtual link, and
for an OSPFv3 virtual link, the ACOS device will always use the global timer regard-
less of the timer that is configured at the interface level.
page 109
Example The following example shows enabling BFD on an interface:
ACOS(config-if:ethernet:1)# bfd authentication 1 md5 password-string
The following example shows a BFD session for BGP:

ACOS(config-bgp:1)# neighbor 1.2.3.4 fall-over bfd authentication 1 md5 password-string
cpu-process
Description Enable software-based switching or routing of Layer 2/Layer 3 traffic.
NOTE: This command is only applicable on FTA-enabled devices.
Syntax [no] cpu-process
Default Disabled. Traffic is switched or routed in hardware.
Mode Interface
disable
Description Disable an interface.
Syntax disable
Default The management interface is enabled by default. Data interfaces are disabled by default.
Mode Interface
Usage This command applies to all interface types: Ethernet data interfaces, out-of-band Ethernet
management interface, Virtual Ethernet (VE) interfaces, and loopback interfaces.
The command also applies to trunks. When you disable a trunk at the interface configuration
level for the trunk, Layer 3 forwarding is disabled on the trunk.
In L3V deployments, tagged VLAN ports can be enabled or disabled only from the shared
partition.
Example The following command disables Ethernet interface 3:

ACOS(config-if:ethernet:3)# disable
Example The following commands access the interface configuration level for trunk 7 and disable
Layer 3 forwarding on the trunk:
page 110
ACOS(config-if:trunk:7)# disable
duplexity
Description Set the duplex mode for an Ethernet interface.
Syntax [no] duplexity {Full | Half | auto}
Paramete
r Description
Full Full-duplex mode.
Half Half-duplex mode.
auto The mode is negotiated based on the mode of the other end of the
link.
Default auto
Mode Interface
Usage This command applies only to physical interfaces (Ethernet ports or the management port).
Example The following command changes the mode on Ethernet interface 6 to half-duplex:

ACOS(config-if:ethernet:6)# duplexity Half
enable
Description Enable an interface.
Syntax enable
Default The management interface is enabled by default. Data interfaces are disabled by default.
Mode Interface
Usage This command applies to all interface types: Ethernet data interfaces, out-of-band Ethernet
management interface, Virtual Ethernet (VE) interfaces, trunks, and loopback interfaces.
In L3V deployments, tagged VLAN ports can be enabled or disabled only from the shared
partition.
Example The following command enables Ethernet interface 3:

page 111
flow-control
Description Enable 802.3x flow control on a full-duplex Ethernet interface.
Syntax [no] flow-control
Default Disabled. The ACOS Ethernet interface auto-negotiates flow control settings with the other
end of the link.
Mode Interface
Usage This command can cause the interface to briefly go down, then come back up again.
icmp-rate-limit
Description Configure ICMP rate limiting, to protect against denial-of-service (DoS) attacks.
Syntax [no] icmp-rate-limit normal-rate [lockup max-rate lockup-time]
normal-rate Maximum number of ICMP packets allowed per second on the
interface. If the ACOS interface receives more than the normal
rate of ICMP packets, the excess packets are dropped until the
next one-second interval begins. The normal rate can be 1-
65535 packets per second.
max-rate Maximum number of ICMP packets allowed per second before
the ACOS device locks up ICMP traffic on the interface. When
ICMP traffic is locked up, all ICMP packets on the interface are
dropped until the lockup expires. The maximum rate can be 1-
65535 packets per second. The maximum rate must be larger
than the normal rate.
lockup-time Number of seconds for which the ACOS device drops all ICMP
traffic on the interface, after the maximum rate is exceeded.
The lockup time can be 1-16383 seconds.
Default None
Mode Global Config
Usage This command configures ICMP rate limiting on a physical, virtual Ethernet, trunk, or loop-
back interface. To configure ICMP rate limiting globally, see “icmp-rate-limit” in the Com-
mand Line Interface Reference. To configure it in a virtual server template, see “slb template
virtual-server” in the Command Line Interface Reference. If you configure ICMP rate limiting fil-
ters at more than one of these levels, all filters are applicable.
page 112
Log messages are generated only if the lockup option is used and lockup occurs.
Otherwise, the ICMP rate-limiting counters are still incremented but log messages are not
generated.
Example The following command configures ICMP rate limiting on Ethernet interface 3:

ACOS(config-if:ethernet:3)# icmp-rate-limit 1024 lockup 1200 10
icmpv6-rate-limit
Description Configure ICMPv6 rate limiting, to protect against denial-of-service (DoS) attacks.
Syntax [no] icmpv6-rate-limit normal-rate [lockup max-rate lockup-time]
normal-rate Maximum number of ICMPv6 packets allowed per second on
the interface. If the ACOS interface receives more than the nor-
mal rate of ICMPv6 packets, the excess packets are dropped
until the next one-second interval begins. The normal rate can
be 1-65535 packets per second.
lockup Maximum number of ICMPv6 packets allowed per second
max-rate before the ACOS device locks up ICMPv6 traffic on the inter-
face. When ICMPv6 traffic is locked up, all ICMPv6 packets on
the interface are dropped until the lockup expires. The maxi-
mum rate can be 1-65535 packets per second. The maximum
rate must be larger than the normal rate.
lockup-time Number of seconds for which the ACOS device drops all
ICMPv6 traffic on the interface, after the maximum rate is
exceeded. The lockup time can be 1-16383 seconds.
Default None
Mode Global Config
Usage This command configures ICMPv6 rate limiting on a physical, virtual Ethernet, trunk, or loop-
back interface. To configure ICMPv6 rate limiting globally, see “icmpv6-rate-limit” in the Com-
mand Line Interface Reference. To configure it in a virtual server template, see “slb template
virtual-server” in the Command Line Interface Reference. If you configure ICMPv6 rate limiting
filters at more than one of these levels, all filters are applicable.
Log messages are generated only if the lockup option is used and lockup occurs.
Otherwise, the ICMPv6 rate-limiting counters are still incremented but log messages are not
generated.
Example The following command configures ICMPv6 rate limiting on Ethernet interface 3:
page 113
ACOS(config-if:ethernet:3)# icmpv6-rate-limit 1024 lockup 1200 10
ip address
Description Assign an IP address to an interface.
Syntax [no] ip address ipaddr {subnet-mask | /mask-length}
Default There are no IP addresses configured by default.
Mode Interface
Usage This command applies only when the ACOS device is used in gateway mode.
You can configure multiple IP addresses on Ethernet and Virtual Ethernet (VE) data interfaces,
trunks, and on loopback interfaces, on ACOS devices deployed in gateway (route) mode.
Each IP address must be unique on the ACOS device. Addresses within a given subnet can be
configured on only one interface on the device. (The ACOS device can have only one data
interface in a given subnet.)
IP addresses are added to an interface in the order you configure them. The addresses
appear in show command output and in the configuration in the same order.
The first IP address you add to an interface becomes the primary IP address for the interface.
If you remove the primary address, the next address in the list (the second address to be
added to the interface) becomes the primary address.
It does not matter which address is the primary address. OSPF can run on all subnets
configured on a data interface.
The ACOS device automatically generates a directly connected route to each IP address. If
you enable redistribution of directly connected routes, those protocols can advertise the
routes to the IP addresses.
The ACOS device allows the same IP address to be configured as the ACOS device’s global IP
address, and as a NAT pool address. However, in Layer 2 (transparent) deployments, if you do
configure the same address in both places, and later delete one of the addresses, you must
reload the ACOS device to place the change into effect.
Example The following command assigns IP address 10.2.4.69 to Ethernet interface 9:
Example The following commands configure multiple IP addresses on an Ethernet data interface, dis-
play the addresses, then delete the primary IP address and display the results.

page 114

ACOS(config-if:ethernet:1)# show ip interfaces ethernet 1
Ethernet 1 ip addresses:
10.10.10.1 /24 (Primary)
10.10.20.2 /24
20.20.20.1 /24
ACOS(config-if:ethernet:1)#no ip address 10.10.20.2 /24
ACOS(config-if:ethernet:1)#show ip interfaces ethernet 1
Ethernet 1 ip addresses:
10.10.10.1 /24 (Primary)
20.20.20.1 /24
ip address dhcp
Description Enable Dynamic Host Configuration Protocol (DHCP) to configure multiple IP addresses on
an Ethernet data interface.
Syntax [no] ip address dhcp
Default Disabled
Mode Interface
Usage You can configure VIPs and IP NAT pools to use the DHCP-assigned address of a given data
interface. If this option is enabled, ACOS updates the VIP or pool address any time the speci-
fied data interface’s IP address is changed by DHCP.
Notes About This Command
• DHCP can be enabled on an interface only if that interface does not already have any
statically assigned IP addresses.
• On ACOS devices deployed in gateway (Layer 3) mode, Ethernet data interfaces can
have multiple IP addresses. An interface can have a combination of dynamically
assigned addresses (by DHCP) and statically configured addresses. However, if you plan
to use both methods of address configuration, static addresses can be configured only
after you finish using DHCP to dynamically configure addresses. To use DHCP in this
case, you must first delete all the statically configured IP addresses from the interface.
• On virtual appliance models, if single-IP mode is used, DHCP can be enabled only at the
physical interface level.
• On devices deployed in Transparent (Layer 2) mode:
• you can enable DHCP on the management interface and at the global level.
• The VIP address and pool NAT address (if used) should match the global data IP
address of the device. Make sure to enable this option when configuring the VIP or
pool.
page 115
ip allow-promiscuous-vip
Description Enable client traffic received on this interface and addressed to TCP port 80 to be load bal-
anced for any VIP address.
Syntax [no] ip allow-promiscuous-vip
Default Disabled
Mode Interface
Usage This feature also requires configuration of a virtual server that has IP address 0.0.0.0. For more
information, see the Application Delivery and Server Load Balancing Guide.
ip cache-spoofing-port
Description Configure the interface to support a spoofing cache server. A spoofing cache server uses the
client’s IP address instead of its own as the source address when obtaining content
requested by the client.
Syntax [no] ip cache-spoofing-port
Default Disabled
Mode Interface
Usage This command applies to the Transparent Cache Switching (TCS) feature. Enter the com-
mand on the interface that is attached to the spoofing cache. For more information about
TCS, including additional configuration requirements and examples, see the Application
Delivery and Server Load Balancing Guide.
Example The following command configures interface 9 to support a spoofing cache server that is
attached to the interface.
ACOS(config-if:ethernet:9)# ip cache-spoofing-port
ip control-apps-use-mgmt-port
Description Enable use of the management interface as the source interface for automated manage-
ment traffic.
NOTE: This command is valid for the management interface only.
Syntax [no] ip control-apps-use-mgmt-port
page 116
Default By default, use of the management interface as the source interface for automated manage-
ment traffic is disabled.
Mode Interface
Usage The ACOS device uses separate route tables for management traffic and data traffic.
• Management route table – Contains all static routes whose next hops are connected to
the management interface. The management route table also contains the route to the
device configured as the management default gateway.
• Main route table – Contains all routes whose next hop is connected to a data interface.
Also contains copies of all static routes in the management route table, excluding the
management default gateway route. Only the data routes are used for load-balanced
traffic.
By default, the ACOS device attempts to use a route from the main route table for
management connections originated on the ACOS device. The ip control-apps-use-
mgmt-port command enables the ACOS device to use the management route table for
these connections instead.
The ACOS device will use the management route table for reply traffic on connections
initiated by a remote host that reaches the ACOS device on the management port. For
example, this occurs for SSH or HTTP connections from remote hosts to the ACOS device.
Example The following command enables use of the management interface as the source interface
for automated management traffic:
ACOS(config-if:management)# ip control-apps-use-mgmt-port
ip default-gateway
Description Specify the default gateway for the out-of-band management interface.
NOTE: This command is valid for the management interface only.
Syntax [no] ip default-gateway ipaddr
Default None
Mode Interface
Usage Configuring a default gateway for the management interface provides the following bene-
fits:
• Ensures that reply management traffic sent by the ACOS device travels through the cor-
rect gateway
• Keeps reply management traffic off the data interfaces
The default gateway configured on the management interface applies only to traffic sent
from this interface. For traffic sent through data interfaces, either the globally configured
default gateway is used instead (if the ACOS device is deployed in transparent mode) or an IP
route is used (if the ACOS device is deployed in route mode).
page 117
To configure the default gateway for data interfaces on an ACOS device deployed in
transparent mode, use the ip default-gateway command at the Global configuration
level. (See “ip default-gateway” in the Command Line Interface Reference.)
NOTE: Normally, if the ACOS device is deployed in transparent mode, outbound traffic
through the management interface is limited to the same subnet. However, out-
bound traffic through data interfaces is not restricted to the same subnet. To per-
form operations that require exchanging files with a host (upgrade, import, export,
and so on) that is in a different subnet from the management interface:
• Use the ip control-apps-use-mgmt-port command to configure automated

management traffic such as syslog messages and SNMP traps.
• For management traffic that you initiate using a command, use the use-mgmt-port
option with the command.
Example The following commands configure an IP address and default gateway for the management
interface:
ACOS(config)# interface management

ACOS(config-if:management)# ip address 10.10.20.1 /24
ACOS(config-if:management)# ip default-gateway 10.10.20.1
ip helper-address
Description Configure a helper address for Dynamic Host Configuration Protocol (DHCP).
Syntax [no] ip helper-address ipaddr
Replace ipaddr with the IP address of the DHCP server.
Default None
Mode Interface
Usage In the current release, the helper-address feature provides service for DHCP packets only.
The ACOS interface on which the helper address is configured must have an IP address.
The helper address can not be the same as the IP address on any ACOS interface or an IP
address used for SLB.
The current release supports DHCP relay service for IPv4 only.
Example The following commands configure two helper addresses. The helper address for DHCP
server 100.100.100.1 is configured on ACOS Ethernet interface 1 and on Virtual Ethernet (VE)
interfaces 5 and 7. The helper address for DHCP server 20.20.20.102 is configured on VE 9.

ACOS(config-if:ethernet:1)# ip helper-address 100.100.100.1
page 118

ACOS(config-if:ve9)# ip helper-address 20.20.20.102
ip igmp
Description Configure IGMPv2 membership request queries.
Syntax [no] ip igmp generate-membership-query query-timer max-resp-time

response-timer
query-timer Sets the time interval (1-255 seconds) after which your
device (using the interface under which you are configuring
this feature) will initiate an IGMP membership query
request. The default query timer is 125 seconds. This
means that IGMP membership queries will be sent every
125 seconds from the configured interface.
response-timer Sets the time interval (in 1/10 of a second) before which
receiving devices will send an ICMP query message
response to indicate intention to join the IGMP group or not.
The default response timer is 100. This means that receiv-
ing devices have 10 seconds in which to indicate if they will
join the IGMP membership group or not.
Default None
Mode Interface
Usage The configured timer is valid only per interface and it must be set for each individual inter-
face.
Example To configure IGMP membership request queries on a physical interface, do the following:
ACOS(config-if)# interface ethernet 2

ACOS(config-if:ethernet:2)# ip igmp generate-membership-query 10 max-resp-time 50
To view your IGMP membership request query configuration for a a physical interface, do the
following:
ACOS(config)# show interfaces ethernet 2

Ethernet 2 is up, line protocol is up
page 119
Hardware is GigabitEthernet, Address is 001f.a004.2e71

Configured Speed auto, Actual 1Gbit, Configured Duplex auto, Actual fdx
Flow Control is disabled, IP MTU is 1500 bytes
Port as Mirror disabled, Monitoring this Port disabled
0 packets input, 0 bytes
0 input errors, 0 CRC 0 frame
0 runts 0 giants
Transmitted 0 broadcasts 3003 multicasts 0 unicasts
0 output errors 0 collisions
300 second input rate: 0 bits/sec, 0 packets/sec, 0% utilization
300 second output rate: 12768 bits/sec, 18 packets/sec, 0% utilization
Example To configure IGMP membership request queries on an virtual Ethernet interface, do the fol-
lowing:
ACOS(config-if:ve:50)# ip address 10.10.10.219 /24
ACOS(config-if:ve:50)# ip igmp generate-membership-query 10 max-resp-time 50
To view your IGMP membership request query configuration for a virtual Ethernet interface,
do the following:
ACOS(config)# show interfaces ve 50

VirtualEthernet 50 is up, line protocol is up
Hardware is VirtualEthernet, Address is 001f.a004.2e72
Router Interface for L2 Vlan 50
0 packets input 0 bytes
Transmitted 0 broadcasts, Transmitted 0 multicasts, Transmitted 0 unicasts
300 second input rate: 0 bits/sec, 0 packets/sec
300 second output rate: 0 bits/sec, 0 packets/sec
page 120
Example To configure IGMP membership request queries on a trunk, do the following:

ACOS(config-if:trunk:3)# enable
ACOS(config-if:trunk:3)# ip address 11.11.11.219 /24
ACOS(config-if:trunk:3)# ip igmp generate-membership-query 20 max-resp-time 80
ACOS(config-if:trunk:3)# exit
To view your IGMP membership request query configuration for a trunk, do the following:
ACOS(config)# show interfaces trunk 3

Trunk 3 is up, line protocol is up
Hardware is TrunkGroup, Address is 001f.a011.1a4f
page 121
ip nat
Description Enable source Network Address Translation (NAT) on an interface.
Syntax [no] ip nat {inside | outside}
inside Specifies that this interface is connected to the internal hosts
on the private network that need to be translated into external
addresses for routing.
outside Specifies that this interface is connected to the external net-
work or Internet. Before sending traffic from an inside host out
on this interface, the ACOS device translates the host’s private
address into a public, routable address.
Default None
Mode Interface
Usage On an ACOS device deployed in transparent mode, this command is valid only on Ethernet
data ports. On an ACOS device deployed in route mode, this command is valid on Ethernet
data ports, Virtual Ethernet (VE) interfaces, and trunks.
To use source NAT, you also must configure global NAT parameters. See the ip nat
commands in “Config Commands: IP” on page 163.
In addition, on some AX series models, if Layer 2 IP NAT is required, you also must enable CPU
processing on the interface. (See “cpu-process” on page 110.) This applies to AX models
AX 3200-12, AX 3400, AX 5200-11, and AX 5630.
Example The following commands configure IP source NAT for internal addresses in the 10.1.1.x/24
subnet connected to interface 14. The addresses are translated into addresses in the range
10.153.60.120-150 before traffic from the internal hosts is sent onto the Internet on interface
15. Likewise, return traffic is translated back from public addresses into the private host
addresses.
ACOS(config)# access-list 3 permit 10.1.1.0 0.0.0.255

ACOS(config)# ip nat pool 1 10.153.60.120 10.153.60.150 netmask /24
ACOS(config)# ip nat inside source list 3 pool 1
ACOS(config-if:ethernet:14)# ip nat inside
ACOS(config-if:ethernet:15)# ip nat outside
page 122
ip ospf
Description Configure OSPF interface settings.
Syntax [no] ip ospf {

[ipaddr] authentication [message-digest | null] |
[ipaddr] authentication-key key-string |
bfd [disable] |
[ipaddr] cost number |
[ipaddr] database-filter all out |
[ipaddr] dead-interval seconds |
disable all |
[ipaddr] hello-interval seconds |
[ipaddr] message-digest-key key-id md5 key-string |
mtu size |
[ipaddr] mtu-ignore |
network type |
[ipaddr] priority priority |
[ipaddr] retransmit-interval seconds |
[ipaddr] transmit-delay seconds
}
ipaddr Configures the parameter only for the specified IP address. Without
this option, the parameter is configured for all IP addresses on the
interface.
authentication ype of authentication used to validate OSPF route updates sent or
received on this interface:
• message-digest – Message Digest 5 (MD5)

• null – No authentication is used.
If you enter the authentication command without either of the options

above, a simple key is used for authentication.
authentication-key key-string Password used by the interface to authenticate link-state messages
exchanged with neighbor OSPF routers. Applies to simple authentica-
tion only. Can be a string up to 8 characters long, with no blanks.
bfd Sets BFD on the interface.
BFD on the interface is disabled by default.

cost number Numeric cost for using the interface, 1-65535.
By default, an interface’s cost is calculated based on the interface’s

bandwidth. If the auto-cost reference bandwidth is set to its default
value (100 Mbps), the default interface cost is 10.
database-filter all out Blocks flooding of LSAs to the OSPF interface.
This is disabled by default; LSA flooding is permitted
page 123
dead-interval seconds Number of seconds that neighbor OSPF routers will wait for a new
OSPF Hello packet from ACOS before declaring this OSPF router (the
ACOS device) to be down, 1-65535 seconds.
The default is 40 seconds.

disable all Disables all OSPF packet processing on the interface.
hello-interval seconds Number of seconds between transmission of OSPF Hello packets on
this interface, 1-65535 seconds.

message-digest-key key-id md5 Set of MD passwords used by the interface to authenticate link-state
key-string messages exchanged with neighbor OSPF routers. You can enter up to
four key strings. Applies only to MD authentication. Key strings can be
up to 16 characters long, with no blanks.
mtu Specifies the Maximum Transmission Unit (MTU) for OSPF packets
transmitted on the interface. You can specify 576-65535 bytes.
By default, the IP MTU set on the interface is used.

mtu-ignore Disables MTU size checking during Database Description (DD)
exchange. This option is useful when the MTU at the remote end of the
link is larger than the maximum MTU supported on the local end of the
link.
By default, MTU size checking is enabled. If the MTU size in DD packets

from a neighbor does not match the interface MTU, adjacency is not
established
network type OSPF network type from the default for the media. You can specify one
of the following:
• broadcast – Broadcast network.

• non-broadcast – Non-broadcast multiaccess (NBMA) network.
• point-to-multipoint – Point-to-multipoint network.
• point-to-point – Point-to-point network.
The default network type depends on the media type.

priority number Eligibility of this OSPF router to be elected as the designated router
(DR) or backup designated router (BDRs) for the routing domain, 0-255.
1 is the lowest priority and 255 is the highest priority.
The default priority is 1.
page 124
retransmit-interval seconds Number of seconds between retransmissions of link-state advertise-
ments (LSAs) to adjacent routers for this interface, 1-65535 seconds.

transmit-delay seconds Number of seconds it takes to transmit Link State Update packets
(route updates) on this interface, 1-65535 seconds. This amount is
added to the ages of LSAs sent in the updates.
Mode Interface
Usage The OSPF router with the highest priority is elected as the DR and the router with the second
highest priority is elected as the BDR. If more than one router has the highest priority, the
router with the highest OSPF router ID is selected. Priority applies only to multi-access net-
works, not to point-to-point networks. If you set the priority to 0, the Thunder Series does not
participate in DR and BDR election.
Example The following command sets the OSPF priority on Ethernet interface 10 to 100:

ACOS(config-if:ethernet:10)# ip ospf priority 100
ip rip authentication
Description Configure IPv4 RIP authentication on the interface.
Syntax [no] ip rip authentication

{
key-chain name [name ...] |
mode {md5 | text} |
string auth-string [auth-string ...]
}
key-chain name [name ...] Enables authentication using the specified key chains. (To configure a
key-chain file, use the key chain command at the global configuration
level of the CLI.)
mode {md5 | text} Authentication mode:
• md5 – Message Digest 5

• text – Clear text
string Enables authentication using the specified passwords.
auth-string [auth-string ...]
page 125
Default None
Mode Interface
ip rip receive version

Description Specify the RIP version allowed in RIP packets received on the interface.
Syntax [no] ip rip receive version {1 [2] | 2}
Specify the RIP version:
• 1 - RIP version 1.
• 2 - RIP version 2 (default).
Default See descriptions.
Mode Interface
ip rip receive-packet
Description Enable the interface to receive RIP packets.
Syntax [no] ip rip receive-packet
Default Enabled
Mode Interface
ip rip send version

Description Specify the RIP version allowed to be sent on the interface.
Syntax [no] ip rip send version {1 [2] | 2}
Specify the RIP version:
• 1 - RIP version 1.
• 2 - RIP version 2 (default).
Mode Interface
page 126
ip rip send-packet
Description Enable the interface to send RIP packets.
Syntax [no] ip rip send-packet
Default Enabled
Mode Interface
ip rip split-horizon
Description Configure the split-horizon method. Split horizon prevents the ACOS device from advertising
a route to the neighbor that advertised the same route to the ACOS device.
Syntax [no] ip rip split-horizon {poisoned | disable | enable}
poisoned Enables advertisement of a route to the neighbor that advertised
the route to the ACOS device, but sets the metric value to infinity,
thus making the route advertised by the ACOS device unusable by
the neighbor (poisoned reverse).
Without this option, advertisement of a route to the neighbor that

advertised the route to the ACOS device is not allowed.
disable Disable the split-horizon method.
enable Enables split-horizon, but without the poisoned reverse.
Default Split-horizon with poison is enabled.
Mode Interface
ip router isis | ipv6 router isis

Description Enable Intermediate System to Intermediate System (IS-IS) routing on the interface.
Syntax [no] {ip | ipv6} router isis [tag]
Default Not set
Mode Interface
page 127
ip slb-partition-redirect
Description Enable routing redirection on an ingress Ethernet data port that will receive traffic addressed
to the VIP in a private partition.
Syntax [no] ip slb-partition-redirect
Default Not set
Mode Interface
Example The following example enables routing redirection on ethernet interface 4 so that traffic
addressed to partition p69 will be received on the partition.

ACOS(config-if:ethernet:4)# ip slb-partition-redirect
ACOS(config)# ip route 10.2.4.0 /24 partition p69
ACOS(config)# active-partition p69
ACOS(config)# ip route 0.0.0.0 /24 partition shared
ip stateful-firewall
Description Configure stateful firewall direction for this interface.
Syntax [no] ipv6 stateful-firewall {inside | outside [access-list num]}
inside Inside (private) interface for the stateful firewall.
outside Outside (public) interface for the stateful firewall.
access-list Access list id. You can specify 1-199.
Mode Interface
Example The following configures stateful firewall on Ethernet interface 1.
ACOS(config-if:ethernet:1)# ip stateful-firewall outside access-list 1
page 128
ip ttl-ignore
Description Configures the device to not decrement TTL field contents for IPv4 traffic passing through.
By default TTL decrements for traffic passing through the ACOS device.
Syntax [no] ip ttl-ignore
Default Not set
Mode Interface
Example The following example programs the device to not decrement TTL field contents for traffic
passing through the ACOS device.

ACOS(config-if:ethernet:4)# ip ttl-ignore
ipv6 (on management interface)

Description Configure an IP version 6 address and default gateway on the management interface.
Syntax [no] ipv6 address ipaddr/mask-length
Syntax [no] ipv6 default-gateway gateway-ipaddr
Default None.
Mode Interface
Usage The ipv6 default-gateway command applies only to the management interface. To
configure IPv6 on a data interface, see “ipv6 address” on page 130.
Example The following commands configure an IPv6 address and default gateway on the manage-
ment port:
ACOS(config-if:management)# ipv6 address 2001:db8:11:2/32

ACOS(config-if:management)# ipv6 default-gateway 2001:db8:11:1/32
page 129
ipv6 access-list
Description Apply an IPv6 Access Control List (ACL) to an interface.
Syntax [no] ipv6 access-list name in
name Name of a configured IPv6 ACL.
in Applies the ACL to inbound IPv6 traffic received on the inter-
face.
Default N/A
Mode Interface
ipv6 address
Description Configure an IPv6 address on the interface.
Syntax [no] ipv6 address ipv6-addr/prefix-length [link-local] [anycast]
ipv6-addr Valid unicast IPv6 address.
prefix-length Prefix length, up to 128.
link-local Configures the address as the link-local IPv6 address for the
interface, instead of a global address. Without this option, the
address is a global address.
anycast Configures the address as an anycast address. An anycast
address can be assigned to more than one interface. A packet
sent to an anycast address is routed to the “nearest” interface
with that address, based on the distance in the routing proto-
col.
Default None.
Mode Interface
Usage Use this command to configure the link-local and global IP addresses for the interface.
• The ipv6 address command, used without the link-local option, configures a
global address. If you use the link-local option, the address is instead configured as
the link-local address.
• To enable automatic configuration of the link-local IPv6 address instead, use the ipv6
enable command.
page 130
To configure IPv6 on the management interface, see “ipv6 (on management interface)” on
page 129.
Example The following command configures a global IPv6 address on Ethernet interface 8:
ACOS(config-if:ethernet:8)# ipv6 address e101::1112/64
Example The following command overrides any auto-generated link-local address on interface 6 and
explicitly configures a new link-local address:
ACOS(config-if:ethernet:6)# ipv6 address fe80::1/64 link-local
ipv6 enable
Description Enable automatic configuration of a link-local IPv6 address on the interface.
Syntax [no] ipv6 enable
Default Disabled
Mode Interface
Usage Use this command to enable automatic configuration of the link-local IPv6 address.
To manually configure the address instead, see “ipv6 address” on page 130.
Example The following command enables an automatically generated link-local IPv6 address on
Ethernet interface 6:

ACOS(config-if:ethernet:6)# ipv6 enable
ipv6 nat inside

Description Enable inside NAT on the interface.
Syntax [no] ipv6 nat inside
Default Disabled
Mode Interface
page 131
ipv6 nat outside

Description Enable outside NAT for IPv6 on the interface.
Syntax [no] ipv6 nat outside
Default Disabled
Mode Interface
ipv6 ndisc router-advertisement

Description Configure IPv6 neighbor router discovery (RFC 4861).
Syntax [no] ipv6 ndisc router-advertisement

{
default-lifetime seconds |
disable |
enable |
hop-limit num |
managed-configuration-flag {enable | disable}|
max-interval seconds |
min-interval seconds |
mtu {disable | bytes} |
other-configuration-flag {enable | disable} |
prefix ipv6-addr/prefix-length
[not-autonomous | not-on-link |
preferred-lifetime seconds |
valid-lifetime seconds] |
rate-limit num |
reachable-time ms |
retransmit-timer seconds |
vrid num
}
default-lifetime seconds Specifies the number of seconds for which router advertisements sent on
this interface are valid. You can specify 0 or 4-9000 seconds. The value
can not be less than the maximum advertisement interval. If you specify 0,
the host will not use this interface (IPv6 router) as a default route.
The default lifetime is 1800 seconds.

disable Disables IPv6 router discovery (default).
enable Enables IPv6 router discovery (by default, this is disabled).
hop-limit num Specifies the default hop count value that should be used by hosts. For a
given packet, the hop count is decremented at each router hop. If the hop
count reaches 0, the packet becomes invalid.
You can specify 0-255. If you specify 0, the value is unspecified by this
IPv6 router.
The default is 255.
page 132
managed-configuration-flag Set the 1-bit “managed address configuration” flag, which enables
{enable | disable} addresses to be available via DHCP.
For more information see RFC 4861, “Neighbor Discovery for IP version 6”:
https://tools.ietf.org/html/rfc4861
max-interval seconds Specifies the maximum number of seconds between transmission of
unsolicited router advertisement messages on this interface. You can
specify 4-1800 seconds.

min-interval seconds Specifies the minimum number of seconds between transmission of unso-
licited router advertisement messages on this interface. You can specify 3-
1350 seconds.

mtu {disable | bytes} Specifies the MTU value to include in the MTU options field. You can spec-
ify 1200-9216 bytes or disabled.
NOTE: If this option is disabled, no MTU value is included.
This is disabled by defaul.t

other-configuration-flag Set the 1-bit “other address configuration” flag, which indicates that “other”
{enable | disable} information is available via DHCP.
For more information see RFC 4861, “Neighbor Discovery for IP version 6”:
https://tools.ietf.org/html/rfc4861
prefix Specifies the IPv6 prefixes to advertise on this interface. A maximum of 32
ipv6-addr/prefix-length prefixes can be advertised on an interface.
[options]
The following options are supported:
• not-autonomous – Disables support for auto-configuration of IPv6

addresses by clients. This is disabled by default.
• not-on-link – Disables the On-Link flag. When enabled, the On-Link
flag indicates that the prefix is assigned to this interface. If you enable
this option, the valid-lifetime is 2592000 seconds (30 days). This is
enabled by default.
• preferred-lifetime seconds – Specifies the number of seconds for
which auto-generated addresses remain preferred. You can specify
0-4294967295 seconds. The default is 604800.
• valid-lifetime seconds – specifies the number of seconds for which
advertisement of the prefix is valid. You can specify 1-4294967295 sec-
onds. The default is 2592000.
page 133
rate-limit num Specifies the maximum number of router solicitation requests per second
that will be processed on the interface. You can specify 1-100000 mes-
sages per second.
The default rate limit is 00000 messages per second

reachable-time ms Specifies the number of milliseconds (ms) for which the host should
assume a neighbor is reachable, after receiving a reachability confirmation
from the neighbor.
You can specify 0-3600000 ms. If you specify 0, the value is unspecified
by this IPv6 router.
The default is 0.
retransmit-timer seconds Specifies the number of seconds a host should wait between sending
neighbor solicitation messages.
You can specify 0-4294967295 seconds. If you specify 0, the value is

unspecified by this IPv6 router.
The default is 0.
vrid num Specifies a VRID for which to send router advertisements.
By default, no VRID is set; advertisement are sent regardless of VRID.
Default IPv6 router discovery is disabled by default. The command options have the default values
specified in the table above.
Mode Interface
Usage When router discovery is enabled, the ACOS device:

• Sends IPv6 router advertisements out the IPv6 interfaces on which router discovery is
enabled. IPv6 hosts that receive the router advertisements will use the ACOS device as
their default gateway.
• Replies to IPv6 router solicitations received by IPv6 interfaces on which router discovery
is enabled.
IPv6 router discovery is not supported in transparent mode. The ACOS device must be
deployed in gateway mode.
When IPv6 router discovery is enabled on an interface, any new IPv6 addresses that you add
to the interface are automatically added to the set of prefixes to advertise.
Router advertisements are sent to the all-nodes multicast address at an interval that is
uniformly distributed between the minimum and maximum advertisement intervals. If a
host sends a router solicitation message, the ACOS device sends a router advertisement as a
unicast to that host instead.
The source address of router advertisements is always a link-local IPv6 address.
page 134
For the reachable-time, hop-limit, and retransmit-timer options, the ACOS

device recommends the configured value to hosts but does not itself use the value.
Example The following commands configure an IPv6 address on Ethernet interface 1, enable IPv6
router discovery, change the minimum and maximum advertisement intervals, and add two
prefixes to the prefix advertisement list.

ACOS(config-if:ethernet:1)# ipv6 ndisc router-advertisement enable
ACOS(config-if:ethernet:1)# ipv6 ndisc router-advertisement max-interval 300
ACOS(config-if:ethernet:1)# ipv6 ndisc router-advertisement min-interval 150
ACOS(config-if:ethernet:1)# ipv6 ndisc router-advertisement prefix 2001::/64 on-link
ACOS(config-if:ethernet:1)# ipv6 ndisc router-advertisement prefix 2001:a::/96 on-link
ipv6 ospf cost

Description Explicitly set the link-state metric (cost) for this OSPF interface.
Syntax [no] ipv6 ospf cost num
Replace num with the cost (1-65535).
Default By default, an interface’s cost is calculated based on the interface’s bandwidth. If the auto-
cost reference bandwidth is set to its default value (100 Mbps), the default interface cost is
10.
Mode Interface
ipv6 ospf dead-interval

Description Specify the maximum time to wait for a reply to a hello message, before declaring the neigh-
bor to be offline.
Syntax [no] ipv6 ospf dead-interval seconds
Replace seconds with the number of seconds this OSPF router will wait for a reply to a hello
message sent out this interface to an OSPF neighbor, before declaring the neighbor to be
offline. You can specify 1-65535 seconds.
Default 40
Mode Interface
page 135
ipv6 ospf hello-interval

Description Specify the time to wait between sending hello packets to OSPF neighbors.
Syntax [no] ipv6 ospf hello-interval seconds
Replace seconds with the number of seconds this OSPF router will wait between
transmission of hello packets out this interface to OSPF neighbors. You can specify 1-65535
seconds.
Default 10
Mode Interface
ipv6 ospf mtu-ignore

Description Disable checking of the maximum transmission unit (MTU) during OSPFv3 Database Descrip-
tion (DD) exchange.
Syntax [no] ipv6 ospf mtu-ignore [instance-id num]
Replace num with a specific an OSPFv3 process, 0-255. If you do not use this option, MTU
checking on the interface is disabled for all OSPFv3 processes.
Default MTU checking is enabled by default.
Mode Interface
ipv6 ospf neighbor

Description Configure an OSPFv3 neighbor that is located on a non-broadcast network reachable
through this interface.
Syntax [no] ipv6 ospf neighbor ipv6-addr

[
cost num [instance-id num] |
instance-id num |
poll-interval seconds [priority num] [instance-id num] |
priority num [poll-interval seconds] [instance-id num]
]
ipv6-addr IPv6 address of the OSPF neighbor.
cost num Specifies the link-state metric to the neighbor, 1-65535.
There is no default cost set.
page 136
poll-interval Number of seconds this OSPFv3 interface will wait for a reply
seconds to a hello message sent to the neighbor, before declaring the
neighbor to be offline. You can specify 1-4294967295 sec-
onds.

priority num Router priority of the neighbor, 1-255.
The default priority is 0.
Default No neighbors on non-broadcast networks are configured by default. When you configure
one, the other parameters have the default settings described in the table above.
ipv6 ospf network

Description Specify the network type.
Syntax [no] ipv6 ospf network

{broadcast | non-broadcast | point-to-multipoint | point-to-point}
[instance-id num]
broadcast Broadcast network.
non-broadcast Non-broadcast multiaccess (NBMA) network.
point-to-multipoint Point-to-multipoint network.
point-to-point Point-to-point network.
num Specifies an OSPFv3 process, 0-255. If you do not use
this option, MTU checking on the interface is disabled
for all OSPFv3 processes.
Default Depends on the media type.
Mode Interface
ipv6 ospf priority

Description Priority of this OSPF router (and process) on this interface for becoming the designated
router for the OSPF domain.
Syntax [no] ipv6 ospf priority num
Replace num with the priority of this OSPF process on this interface, 0-255. The lowest
priority is 0 and the highest priority is 255.
page 137
Default 1
Mode Interface
Usage If more than one OSPF router has the highest priority, the router with the highest router ID is
selected as the designated router.
ipv6 ospf retransmit-interval

Description Specify the time to wait before resending an unacknowledged packet out this interface to
an OSPF neighbor.
Syntax [no] ipv6 ospf retransmit-interval seconds
Replace seconds with the number of seconds this OSPF router waits before resending an
unacknowledged packet out this interface to a neighbor. You can specify 1-65535 seconds.
Default 5
Mode Interface
ipv6 ospf transmit-delay

Description Specify the time to wait between sending packets out this interface to an OSPF neighbor.
Syntax [no] ipv6 ospf transmit-delay seconds
Replace seconds with the number of seconds this OSPF router waits between transmission of
packets out this interface to OSPF neighbors. You can specify 1-65535 seconds.
Default 1
Mode Interface
ipv6 rip split-horizon

Description Configure the split-horizon method. Split horizon prevents the ACOS device from advertising
a route to the neighbor that advertised the same route to the ACOS device.
page 138
Syntax [no] ipv6 rip split-horizon {poisoned | disable | enable}
poisoned Enables advertisement of a route to the neighbor that advertised
the route to the ACOS device, but sets the metric value to infinity,
thus making the route advertised by the ACOS device unusable by
the neighbor (poisoned reverse).
Without this option, advertisement of a route to the neighbor that

advertised the route to the ACOS device is not allowed.
disable Disable the split-horizon method.
enable Enables split-horizon, but without the poisoned reverse.
Default Split-horizon with poison is enabled.
Mode Interface
ipv6 router isis

Description Configure options for Intermediate System to Intermediate System (IS-IS) on an IPv6 data
interface.
Syntax [no] ipv6 router isis [ISO routing area tag name]
Default None
Mode Interface
ipv6 router ospf

Description Configure an OSPFv3 area.
Syntax [no] ipv6 router ospf

{
area {num | ipaddr} [tag tag [instance-id num]] |
tag tag area {num | ipaddr} [instance-id num]
}
Mode Interface
Usage For OSPFv3, the area tag ID configured on an interface must be the same as the tag ID for the
OSPF instance.
ipv6 router rip

Description Configure RIP routing for IPv6.
Syntax [no] ipv6 router rip
page 139
Mode Interface
ipv6 stateful-firewall
Description Configure stateful firewall direction for this interface.
Syntax [no] ipv6 stateful-firewall {inside | outside [access-list num]}
inside Inside (private) interface for the stateful firewall.
outside Outside (public) interface for the stateful firewall.
access-list Access list id. You can specify 1-199.
Mode Interface
Example ACOS(config-if:ethernet:1)#ipv6 stateful-firewall outside access-

list 1
ipv6 ttl-ignore
Description Configures the device to not decrement TTL field contents for IPv6 traffic passing through.
By default TTL decrements for traffic passing through the ACOS device.
Syntax [no] ipv6 ttl-ignore
Default Not set
Mode Interface
Example The following example programs the device to not decrement TTL field contents for traffic
passing through the ACOS device.

ACOS(config-if:ethernet:4)# ipv6 ttl-ignore
isis authentication
Description Configure authentication for this IS-IS interface.
Syntax [no] isis authentication send-only [level-1 | level-2]
[no] isis authentication mode md5 [level-1 | level-2]
page 140
[no] isis authentication key-chain name [level-1 | level-2]
send-only Disables checking for keys in IS-IS packets received by this interface.
[level-1 | level-2]
• level-1 – Disables key checking only for Level-1 (intra-area) IS-IS traffic.
• level-2 – Disables key checking only for Level-2 (inter-area) IS-IS traffic.
mode md5 Enabled MD5 authentication.
[level-1 | level-2]
• level-1 – Enables MD5 only for Level-1 (intra-area) IS-IS traffic.
• level-2 – Enables MD5 only for Level-2 (inter-area) IS-IS traffic.
key-chain name Specifies the name of the certificate key chain to use for authenticating IS-IS
[level-1 | level-2] traffic.
• level-1 – Applies to Level-1 (intra-area) IS-IS traffic.

• level-2 – Applies to Level-2 (inter-area) IS-IS traffic.
Default Clear-text authentication is enabled by default. MD5 authentication is disabled by default.

No key chain is set by default. The send-only option is disabled by default. For all options
that accept the level-1, level-1-2, or level-2 keyword, the default is level-1.
Mode IS-IS
Usage This command overrides the globally configured authentication settings for the IS-IS
instance.
Use the send-only option to temporarily disable key checking, then use the key-chain
option to specify the key chain. To use MD5, use the md5 option to disable clear-text
authentication and enable MD5 authentication. After key-chains are installed on the other IS-
IS routers, disable the send-only option.
Example The following command disables MD5 authentication for IS-IS on interface VE 2. Clear-text
authentication will be used instead.
ACOS(config-if:ve:3)# no isis authentication mode md5
isis bfd
Description Disable BFD.
Syntax [no] isis bfd disable
Default Takes the value from the global BFD configuration.
Mode Interface
page 141
isis circuit-type
Description Specify the IS-IS routing level (circuit type) for this interface.
Syntax [no] isis circuit-type [level-1 | level-1-2 | level-2]
Specify the IS-IS routing level:
• level-1 - Intra-area adjacencies are formed

• level-1-2 - both intra-area and inter-area adjacencies are formed
• level-2 - Inter-area adjacencies are formed
Default level-1
Mode Interface
isis csnp-interval
Description Configure the interval between transmission of complete sequence number PDUs (CSNPs).
Syntax [no] isis csnp-interval seconds [level-1 | level-2]
seconds Specifies the number of seconds to wait between trans-
mission of CSNPs. You can specify 0-65535 seconds.
level-1 | Specifies the IS-IS routing level to which the interval setting
level-2 applies:
• level-1 – Intra-area
• level-2 – Inter-area
The default is level-1.
Default 10 seconds, for both level-1 and level-2
Mode Interface
Usage This command is valid only on broadcast interfaces (network type broadcast).
isis hello
Description Enable padding of IS-IS Hello packets.
Syntax [no] isis hello padding
Default Enabled
Mode Interface
page 142
Usage When padding is enabled, extra bytes are added to IS-IS Hello packets to make them equal
to the MTU size of the interface. This option informs neighbors of the interface’s MTU, so that
neighbors do not send Hello packets that are longer than the MTU.
isis hello-interval
Description Configure the interval between transmission of IS-IS Hello packets on this interface.
Syntax [no] isis hello-interval seconds [level-1 | level-2]
seconds Specifies the number of seconds between transmission of Hello
packets to neighbors. You can specify 0-65535 seconds.
level-1 | Specifies the IS-IS routing level to which the interval setting applies:
level-2
Mode Interface
isis hello-interval-minimal
Description Base the hello interval value on the hello multiplier value.
Syntax [no] isis hello-interval-minimal [level-1 | level-2]
level-1 | Specifies the IS-IS routing level to which the interval setting applies:
level-2
Mode Interface
Usage The minimal option bases the hello interval on the hello multiplier, by setting the hold
time to 1, and dividing the hold time by the hello multiplier:
hello-interval = hold-time % hello-multiplier
hello-interval = 1 % hello-multiplier
page 143
(For more information, see “isis hello-multiplier” on page 144.)
isis hello-multiplier
Description Configure the multiplier used for calculating the neighbor hold time for Hello packets.
Syntax [no] isis hello-multiplier num [level-1 | level-2]
num Specifies the multiplier. You can specify 2-100.
level-1 | level-2 Specifies the IS-IS routing level to which the multiplier
setting applies.:
Default 3
Mode Interface
Usage The hold time specifies the maximum number of seconds IS-IS neighbors should allow
between Hello packets from this IS-IS interface. If the neighbor does not receive a Hello
packet before the hold time expires, the neighbor terminates the adjacency with this IS-IS
router on this interface.
To calculate the hold time, IS-IS multiplies the IS-IS hello interval by the multiplier:
hello-interval x hello-multiplier = hold-time
The hold-time value is included in Hello packets sent to IS-IS neighbors.
NOTE: If the minimal option is used with the isis hello-interval command, the
hold time is set to 1. This overrides the hold time calculated based on the hello-
multiplier value.
isis lsp-interval
Description Configure the minimum LSP transmission interval.
Syntax [no] isis lsp-interval ms
Replace ms with the minimum number of milliseconds IS-IS will wait between transmission
of LSPs (1-4294967295).
Default 33 ms
Mode Interface
page 144
Usage The LSP transmission interval helps avoid high CPU utilization on IS-IS neighbors during LSP
floods, by allowing the neighbors time to send, receive, and process LSPs.
isis mesh-group
Description Configure mesh-group membership to control LSP flooding from this interface.
Syntax [no] isis mesh-group {group-num | blocked}
group-num Specifies the mesh group number. You can specify
1-4294967295. LSPs are flooded to all Level-1 or Level-2 IS-IS
neighbors (as applicable), except to the neighbors who are in the
same mesh group. LSPs are not flooded to the neighbors who
are in the same mesh group as this interface.
blocked Blocks flooding of LSPs on this interface.
Default None
Mode Interface
isis metric
Description Configure the default IS-IS metric (cost) for the interface.
Syntax [no] isis metric num [level-1 | level-2]
num Specifies the cost of using this interface as a link in an IS-
IS route. You can specify 1-63.
level-1 | level-2 Specifies the IS-IS routing level to which the default met-
ric setting applies:
Default 10, for Level-1 and Level-2 routing levels
Mode Interface
Usage The default metric is used for SPF calculation. Links with lower metrics are preferred to links
with higher metrics.
The default metric is applicable only when the metric style is narrow. (See “metric-style” on
page 287.)
page 145
isis network
Description Configure the network type.
Syntax [no] isis network {broadcast | point-to-point}
broadcast The network is a broadcast network.
point-to-point The network is a point-to-point network.
Default broadcast
Mode Interface
isis password
Description Configure the plain-text password for authentication of Hello packets sent and received on
this interface.
Syntax [no] isis password string [level-1 | level-2]
string Specifies the password.
level-1 | level-2 Specifies the IS-IS routing level to which the password
applies:
Default None
Mode Interface
Usage The password is applicable only if the authentication type is plain-text. (See “isis authentica-
tion” on page 140.)
page 146
isis priority
Description Configure this interface’s priority for Designated Integrated System (DIS) election.
Syntax [no] isis priority num [level-1 | level-2]
num Specify the priority (0-127).
level-1 | level-2 Specifies the IS-IS routing level to which the priority
applies:
Mode Interface
Usage During DIS election, the IS-IS router with the highest priority is elected as the DIS for the LAN.
If more than one IS-IS router has the highest priority, the router that has the IS-IS interface
with the highest MAC address is elected as the DIS.
The priority is applicable only if the network type is broadcast. (See “isis network” on
page 146.)
page 147
isis restart-hello-interval
Description Configure the amount of time this interface waits for acknowledgement from neighbors of
its notification to restart IS-IS, before resending the notification.
Syntax [no] isis restart-hello-interval seconds [level-1 | level-2]
seconds Specifies the number of seconds IS-IS waits to receive an
acknowledgment of its restart notification. You can spec-
ify 1-65535 seconds.
level-1 | level-2 Specifies the IS-IS routing level to which the interval
applies:
Default 3 seconds, for Level-1 and Level-2 routing levels
Mode Interface
Usage To notify its IS-IS neighbors of an intent to restart the IS-IS process, the ACOS device inserts a
Restart TLV in IS-IS Hello packets sent to neighbors on this interface. If the an acknowledge-
ment of the restart notification is not received on this interface before the restart hello inter-
val expires, IS-IS resends the notification.
isis retransmit-interval
Description Configure the interval between transmission of LSPs on point-to-point links.
Syntax [no] isis retransmit-interval seconds
Replace seconds with the number of seconds IS-IS waits before resending an LSP that was
dropped (0-65535). Use a value that is greater than the expected round-trip delay between
any two routers on the attached network.
Default 5
Mode Interface
Usage The retransmit interval is applicable only if the network type is point-to-point. (See “isis net-
work” on page 146.)
page 148
isis wide-metric
Description Configure the length of a wide metric on the interface.
Syntax [no] isis wide-metric num [level-1 | level-2]
num Specifies the metric length. You can specify 1-16777214.
level-1 | level-2 Specifies the IS-IS routing level to which the metric
applies:
Mode Interface
Usage The wide metric is applicable only if the metric style is set to wide or transition. (See “metric-
style” on page 287.)
l3-vlan-fwd-disable
Description Disable Layer 3 forwarding between VLANs on tis interface.
Syntax [no] l3-vlan-fwd-disable
Default By default, the ACOS device can forward Layer 3 traffic between VLANs.
Mode Interface
Usage This command is applicable only on ACOS devices deployed in gateway (route) mode. If the
option to disable Layer 3 forwarding between VLANs is configured at any level, the ACOS
device can not be changed from gateway mode to transparent mode, until the option is
removed.
The command is applicable to inbound traffic on the interface.
The command is valid on physical Ethernet interfaces, Virtual Ethernet (VE) interfaces, trunks,
and on the lead interface in trunks.
However, if the command is configured on a physical Ethernet interface, that interface can
not be added to a trunk or VE.
If the command is used on a trunk or VE and that trunk or VE is removed from the
configuration, the command is also removed from all physical Ethernet interfaces that were
members of the trunk or VE. Likewise, if a VLAN is removed, the command is removed from
any physical Ethernet interfaces that were members of the VLAN.
page 149
To display statistics for this option, use the show slb switch command. For more
information, see “show slb switch” in the Command Line Interface Reference.
lldp enable
Description Configure this interface to send only, receive only, or send and receive LLDP data packets.
Specify rx to configure the interface to only receive LLDP data packets; specify tx to
configure the interface to only send LLDP data packets. If neither is specified, the interface
can both receive and send LLDP data packets.
Syntax [no] lldp enable [rx] [tx]
Default Not enabled.
Mode Port configuration mode
lldp notification
Description Configure this port to send notifications.
Syntax [no] lldp notification enable
Mode Interface
lldp tx-dot1-tlvs
Description The TLVs VLAN name and link-aggregation are dictated by 802.1ab Annex E.
Syntax [no] lldp tx-dot1-tlvs [vlan] [link-aggregation]
vlan Assign a name to the VLAN and map the VLAN ID to the
VLAN.
link-aggregation Link-aggregation TLV, dictated by 802.1ab 2005 and
802.1ab 2009.
Default Since 802.1ab 2009 and 802.1ab2005 are inherently different, some older devices do support
these TLVs by default. The TLVs will not automatically be included in the transmitted frame.
Mode Interface
page 150
lldp tx-tlvs
Description Configure the transmission TLV packets to exclude. All basic TLVs will be included by default.
Syntax [no] lldp tx tlvs exclude {

management-address |
port-description |
system-capabilities |
system-description |
system-name
}
Mode Interface
load-interval
Description Change the interval for utilization statistics for the interface.
Syntax [no] load-interval seconds
You can specify 5-300 seconds.
You must specify the amount in 5-second intervals. For example, 290 and 295 are valid
interval values. However, 291, 292, 293, and 294 are not valid interval values.
Default 300 seconds
Mode Interface
Usage This command applies only to data interfaces.
To display interface utilization statistics, see the “show interfaces” and “show statistics”
commands in the Command Line Interface Reference.
Example The following command changes the utilization statistics interval for Ethernet interface 1 to
200 seconds:

ACOS(config-if:ethernet:1)# load-interval 200
page 151
lw-4o6
Description Configure an LW-4over6 interface.
Syntax [no] lw-4o6 {inside | outside}
inside Configure an LW-4over6 inside interface.
outside Configure an LW-4over6 outside interface.
Mode Interface
media-type-copper
Description Configure a 40G port if you want to use a copper 40G DAC cable.
This command is only available on devices with 40G interfaces.
Syntax [no] media-type-copper
Default 40G ports on ACOS devices are configured to use fiber cables by default.
Mode Interface
monitor
Description Configure an Ethernet interface to send a copy of its traffic to another Ethernet interface.
Before using this command, you must have first configured a mirror port to accept the
copied (mirrored) traffic. For more information, see the “mirror-port” command in the
page 152
Syntax [no] monitor {both | input | output} [vlan vlan-id]
both Send a copy of both inbound and outbound traffic to the mirror port.
The mirror port must have already been configured to send both
inbound and outbound mirrored traffic from this monitored port. For
example:
ACOS(config)# mirror-port 1 ethernet 1 both

input Send inbound traffic only to the mirror port.
The mirror port must have already been configured to send inbound
mirrored traffic from this monitored port. For example:
ACOS(config)# mirror-port 2 ethernet 2 input

output Send outbound traffic only to the mirror port.
The mirror port must have already been configured to accept out-
bound mirrored traffic from this monitored port. For example:
ACOS(config)# mirror-port 3 ethernet 3 output

vlan If applicable, specify the VLAN to which the monitored port belongs.
vlan-id
Default By default, no traffic is mirrored.
Mode Interface
Usage This command is valid only on Ethernet data interfaces. To specify the port where mirrored
traffic should be sent, use the mirror-port command at the global Config level. For more
information, see the “mirror-port” command in the Command Line Interface Reference.
NOTE: Only one mirror port is supported. All mirrored traffic for the directions you specify
goes to that port.
Example The following commands enable monitoring of input traffic on Ethernet port 5, and enable
the monitored traffic to be copied (“mirrored”) to Ethernet port 3:
ACOS(config)# mirror-port 2 ethernet 3

ACOS(config-if:ethernet:5)# monitor input 2
page 153
mtu
Description Change the Maximum Transmission Unit (MTU) for an Ethernet interface.
Syntax [no] mtu bytes
Replace bytes with the largest packet size that can be forwarded out the interface (1200-
1500).
NOTE: See Usage section below for details on jumbo frame support.
Default 1500 bytes
Mode Interface
Usage This command applies to the Ethernet data interfaces.
If the ACOS device needs to forward a packet that is larger than the MTU of the ACOS egress
interface to the next hop, but the Do Not Fragment bit is set in the packet, the ACOS device
drops the packet and sends an ICMP Destination Unreachable code 4 (Fragmentation
required, and DF set) message to the sender.
To display a counter of how many outbound packets have been dropped because they were
longer than the outbound interface's MTU, use the following command:
show slb switch [detail | ethernet port-num [detail]]
The counter is labeled “MTU exceeded Drops”. The counter includes packets that had the Do
Not Fragment bit set and packets that did not have the bit set.
You can enable jumbo support on a global basis. In this case, the MTU is not automatically
changed on any interfaces, but you can increase the MTU on individual interfaces.
• On FTA models, you can increase the MTU on individual Ethernet interfaces up to
12000 bytes.
• On non-FTA models, you can increase the MTU on individual Ethernet interfaces up to
9216 bytes.
name
Description Assign a name to the interface.
Syntax [no] name string
Replace string with the name for the interface, 1-63 characters.
page 154
Default None
Mode Interface
Usage This command applies to physical and virtual Ethernet data interfaces, tunnels, and trunks.
This command does not apply to the management interface.
Example The following commands assign the name "WLAN-interface" to an interface and show the
result:
ACOS(config-if:ve:1)# name WLAN-interface
ACOS(config-if:ve:1)# show ip interfaces
Port IP Netmask PrimaryIP Name
-------------------------------------------------------------------
---------
mgm 192.168.20.136 255.255.255.0 Yes
ve1 192.168.217.1 255.255.255.0 Yes WLAN-interface
ve2 50.50.50.1 255.255.255.0 Yes
ports-threshold
Description Configure the minimum port threshold for a trunk.
Syntax [no] ports-threshold number-of-ports

[timer seconds [do-auto-recovery]]
number-of-ports Minimum number of ports that must be up in order for
the trunk to remain up. If the number of up ports falls
below the configured threshold, the ACOS device auto-
matically disables the trunk’s member ports. The ports
are disabled in the running-config. You can specify 2-8.
timer Number of seconds to wait after a port goes down
seconds before marking the trunk down, if the configured thresh-
[do-auto-recovery] old is exceeded. You can set the ports-threshold timer to
1-300 seconds.
The do-auto-recovery option brings the trunk back Up

when the required number of ports comes back up.
Without this option, the trunk remains disabled until you
re-enable it. This option is applicable only to LACP
trunks.
page 155
Mode Interface
Usage This command is applicable only to trunk interfaces.
remove-vlan-tag
Description Remove the VLAN tag from packets to ensure that packets going out of the interface will be
untagged.
NOTE: This command is not available on non-FPGA platforms, and is also not available on
the A10 Thunder Series 3230S(S), 3430(S), and 5330(S) platforms.
Syntax [no] remove-vlan-tag
Default Disabled
Mode Interface
Example Ensure packets going out of ethernet interface 2 are untagged:

ACOS(config-if:ethernet:2)# remove-vlan-tag
snmp-server
Description Specify a data interface to use as the source interface for SNMP traps.
Syntax [no] snmp-server trap-source
Default Management interface
Mode Interface
Usage Select a data interfaces from which to send SNMP traps. The interface can be any of the fol-
lowing types:
• Ethernet
• VLAN / VE
• Loopback
When the ACOS device sends an SNMP trap from the specified data interface, the “agent-
address” in the SNMP trap is the data interface’s IP address.
page 156
Implementation Details:
• This feature does not support IPv6.

• This feature supports SNMPv1 but not SNMPv2c or SNMPv3.
Example The following command attempts to set a loopback interface as the SNMP trap source. How-
ever, the feature has already been enabled on Ethernet port 1, and only one interface can be
enabled for SNMP traps, so this example shows that the existing trap source will be overwrit-
ten with the new one:
ACOS(config)# interface loopback 1

ACOS(config-if:loopback:1)# snmp-server trap-source
The trap source already exists for interface eth1. Do you want to
overwrite? [yes/no]:yes
ACOS(config-if:loopback:1)#
trunk-group
Description Add the interface to a trunk group.
Syntax [no] trunk-group TrunkID [static | lacp | lacp-udld]
TrunkID Trunk number, 1-4096.
NOTE: the maximum number of trunk instances that can be

configured on an interface is 16; each TrunkID specified is
mapped to the next available instance (1-16).
static Adds the interface to a static trunk.
lacp Adds the interface to a dynamic trunk.
lacp-udld Adds the interface to a dynamic trunk that uses Unidirectional
Link Detection.
Default static
Mode Interface
Usage Use this command on each Ethernet data port you want to add to the trunk. When finished,
use the interface trunk TrunkID command to access the configuration level for the
trunk interface.
For more information about trunk configuration, see “Link Trunking” on page 17.
page 157
page 158
Config Commands: VLAN
The commands in this chapter configure parameters on individual VLANs:
• name
• router-interface
• shared-vlan
• tagged
• untagged
To access this CLI level, enter the vlan command from the Global configuration level. For example:
ACOS(config-vlan:4)#
If the ACOS device is a member of an aVCS virtual chassis, specify the VLAN ID as follows: DeviceID/
vlan-id, where DeviceID is the
device’s aVCS ID and vlan-id is the VLAN ID.
name
Description Assign a name to the VLAN.
Syntax [no] name string
Replace string with the name for the VLAN, 1-63 characters.
Default The default name for VLAN 1 is “DEFAULT VLAN”. For other VLANs, if a name is not configured,
“None” appears in place of the name.
Mode VLAN
Example The following commands assign the name “Test100” to VLAN 100 and show the result:

ACOS(config-vlan:100)# name Test100
ACOS(config-vlan:100)# show vlan
Total VLANs: 3
VLAN 1, Name [DEFAULT VLAN]:
page 159
Untagged Ports: 3 4 5 6 7 9 10
Tagged Ports: None
VLAN 100, Name [Test100]:

Untagged Ports: 1
Tagged Ports: None
VLAN 200, Name [None]:

Untagged Ports: 2
Tagged Ports: None
router-interface
Description Add a virtual Ethernet (VE) router interface to the VLAN. A VE is required in order to configure
an IP address on a VLAN.
Syntax [no] router-interface ve ve-num
Replace ve-num with the VE number, 2-4094. The VE number must be the same as the VLAN
number.
Default By default, a VLAN does not have a VE.
Mode VLAN
Usage This command is valid only on ACOS devices deployed in route mode.
The VE interface on a VLAN must have the same number as the VLAN. For example, in VLAN
69, the VE number also must be 69.
MAC Address Assignment
The MAC addresses used by the ACOS device’s physical Ethernet data ports also are used for
VEs. (See the “system ve-mac-scheme” command in the Command Line Interface Reference.)
Example The following command configures VE 4 on VLAN 4:
page 160
shared-vlan
Description Enable the shared management VLAN functionality for the VLAN.
Syntax [no] shared-vlan
Default Disabled
Mode VLAN
Example The following command configures VLAN 100 as a shared VLAN:

ACOS(config-vlan:100)# shared-vlan
tagged
Description Add tagged ports to a VLAN. A tagged port can be a member of more than one VLAN. An
untagged port can be a member of only a single VLAN.
Syntax [no] tagged

{ethernet port-num [to port-num] | trunk trunk-num [to trunk-num]}
port-num Add the specified tagged ethernet port to the VLAN.
To add a range of ports, use the to port-num option.

trunk-num Add the specified tagged trunk to the VLAN.
To add a range of trunks, use the to trunk-num option.
Default A VLAN has no ports by default.
Mode VLAN
Usage A port can be a tagged member of a maximum of 128 VLANs.
Example The following command adds ports 4 and 5 to VLAN 4 as tagged ports:
ACOS(config-vlan:4)# tagged ethernet 4 to 5
untagged
Description Add untagged ports to a VLAN. An untagged port can be a member of only a single VLAN.
Syntax [no] untagged

{
ethernet port-num [to port-num] |
page 161
lif lif-num |
trunk trunk-num [to trunk-num] |
}
port-num Add the specified untagged ethernet port to the VLAN.
To add a range of ports, use the to port-num option.

lif-num Add the specified logical interface to the VLAN.
trunk-num Add the specified untagged trunk to the VLAN.
To add a range of trunks, use the to trunk-num option.
Default VLAN 1 contains all ports by default. New VLANs do not contain any ports by default.
Mode VLAN
Example The following command adds port 6 and ports 8-10 to VLAN 4 as an untagged ports:
ACOS(config-vlan:4)# untagged ethernet 6
ACOS(config-vlan:4)# untagged ethernet 8 to 10
page 162
Config Commands: IP
The IP commands configure global IPv4 parameters.
• ip access-list
• ip address
• ip anomaly-drop
• ip as-path
• ip community-list
• ip default-gateway
• ip dns
• ip extcommunity-list
• ip frag buff
• ip frag cpu-threshold
• ip frag max-packets-per-reassembly
• ip frag max-reassembly-sessions
• ip frag timeout
• ip icmp disable
• ip map-list
• ip mgmt-traffic
• ip nat alg pptp
• ip nat icmp
• ip nat inside source
• ip nat pool
• ip nat pool-group
• ip nat range-list
• ip nat template logging
• ip nat translation
page 163
• ip nat-global reset-idle-tcp-conn
• ip prefix-list
• ip reroute
• ip route
• ip tcp syn-cookie threshold
• ip-list
• ipv4-in-ipv6 frag
NOTE: To configure global IPv6 parameters, see “Config Commands: IPv6” on

page 193.
ip access-list
Description Configures an IPv4 access control list (ACL).
Syntax [no] ip access-list acl-name
Replace acl-name with the name of the IP ACL, 1-16 characters.
This command changes the CLI to the configuration level for the specified IPv4 ACL, where
the following commands are available:
{
[sequence-number]
{[remark string] |
[deny | permit | l3-vlan-fwd-disable]}
{traffic-type}
{traffic-source}
{traffic-destination}
{more-options}
}
page 164
Match Option Description

sequence-number Sequence number of this rule in the ACL. You can use this option to resequence the
rules in the ACL.
remark string Adds a remark to the ACL (1-63 characters). The remark appears at the top of the
ACL when you display it in the CLI. To use blank spaces in the remark, enclose the
entire remark string in double quotes. The ACL must already exist before you can
configure a remark for it. An ACL and its individual rules can have multiple remarks.
deny | Specify the action to take for traffic that matches the ACL:
permit |
l3-vlan-fwd-disable • deny - Drops any traffic that matches the ACL applied to interfaces or used for
management access.
• permit - Allows any traffic that matches the ACL applied to interfaces or used for
management access. For ACLS used for IP source NAT, this option specifies the
inside host addresses to be translated into external addresses.
NOTE: If you are configuring an ACL for source NAT, use the permit action. For
ACLs used with source NAT, the deny action does not drop traffic, it simply does
not use the denied addresses for NAT translations.
• l3-vlan-fwd-disable - Disables Layer 3 forwarding between VLANs for IP

addresses that match the ACL rule.
traffic-type Specifies the type of traffic to match:
• geo-location – Matches on geo-location name.

• icmp [type {type-option} [code {any-code | code-num}]] – Matches on
ICMP traffic. (For information about the type and code options, see the “object-
group service” command in the Command Line Interface Reference.)
• ip – Matches on any type of IP traffic.
• object-group group-name – Matches on the values in the specified service
object group. (See the “object-group service” command in the Command Line
Interface Reference.)
• tcp – Matches on TCP traffic.
• udp – Matches on UDP traffic.
page 165
Match Option Description

traffic-source Specifies the source address(es) on which to match:
• any – The ACL matches on all source IP addresses.

• host host-src-ipaddr – The ACL matches only on the specified host IP
address.
• net-src-ipaddr {filter-mask | /mask-length} – The ACL matches on any
host in the specified subnet. The filter-mask specifies the portion of the address
to filter:
• Use 0 to match.
• Use 255 to ignore.
For example, the following filter-mask filters on a 24-bit subnet: 0.0.0.255
Alternatively, you can use mask-length to specify the portion of the address to
filter. For example, you can specify “/24” instead “0.0.0.255” to filter on a 24-bit
subnet.
• object-group group-name – Matches on the addresses in the specified net-

work object group. (See the “object-group service” command in the Command
Line Interface Reference.)
eq src-port | These options are available for both TCP or UDP only; they specify the source proto-
gt src-port | col ports on which to match:
lt src-port |
range • eq src-port – The ACL matches on traffic from the specified source port.
start-src-port
• gt src-port – The ACL matches on traffic from any source port with a higher
end-src-port
number than the specified port.
• lt src-port – The ACL matches on traffic from any source port with a lower
number than the specified port.
• range start-src-port end-src-port – The ACL matches on traffic from any
source port within the specified range.
traffic-destination Specifies the destination address(es) on which to match. (The options are the same
as those for source address.)
more-options Specifies additional match criteria:
• fragments – Matches on packets in which the More bit in the header is set (1)
or has a non-zero offset.
• vlan vlan-id – Matches on the specified VLAN. VLAN matching occurs for
incoming traffic only.
• dscp num – Matches on the 6-bit Diffserv value in the IP header, 1-63.
• established – Matches on TCP packets in which the ACK or RST bit is not set.
This option is useful for protecting against attacks from outside. Since a TCP
connection from the outside does not have the ACK bit set (SYN only), the con-
nection is dropped. Similarly, a connection established from the inside always
has the ACK bit set. (The first packet to the network from outside is a SYN/ACK.)
• log [transparent-session-only] – Configures the ACOS device to generate
log messages when traffic matches the ACL.
The transparent-session-only option limits logging for an ACL rule to creation and
deletion of transparent sessions for traffic that matches the ACL rule.
page 166
Mode Configuration mode.
Usage The support for named IPv4 ACLs supplements the support for IPv4 ACLs configured by ID.
You can use a named IPv4 ACL in any place a standard or extended IPv4 ACL is supported. In
the CLI, use the name option in front of the IPv4 ACL name.
Introduced in Release 2.7.1
Example The following commands configure a named, extended IPv4 ACL called “Deny-Rules” to
deny traffic sent from subnet 10.10.10.x to 10.10.20.5:80, and apply the ACL to inbound traffic
received on Ethernet interface 7:
ACOS(config)# ip access-list Deny-Rules

ACOS(config-ext-access-list:Deny-Rules)# deny tcp 10.10.10.0 0.0.0.255 10.10.20.5 /32 eq
80
ACOS(config-ext-access-list:Deny-Rules)# exit
ACOS(config-if:ethernet:7)# access-list name Deny-Rules in
ip address
Description Configure the global IP address of the ACOS device, when the device is deployed in transpar-
ent mode (Layer 2 mode).
Syntax [no] ip address ipaddr {subnet-mask | /mask-length}
Default None.
Mode Configuration mode
Usage This command applies only when the ACOS device is deployed in transparent mode. To
assign IP addresses to individual interfaces instead (gateway mode), use the ip address
command at the interface configuration level. (See “ip address” on page 114.)
If the ACOS device is a member of an aVCS virtual chassis, use the device-context
command to specify the device in the chassis to which to apply this command.
Loopback Interface Support for OSPF
If an IP address is configured on a loopback interface, and the address is in a subnet that is

also configured as an OSPF network subnet, the loopback interface is automatically included
in the OSPF subnet.
The ACOS device’s table of OSPF interfaces will include the loopback interface. Likewise, the
ACOS device will include the loopback interface in link-state advertisements sent to
neighbor OSPF routers.
Multiple OSPF Networks on the Same Interface Not Supported
page 167
The ACOS device does not support multiple OSPF networks on a data interface. One OSPF
network configuration can enable at most one network per interface.
For example, assume a data port has 3 IP addresses configured that belong to 3 separate
subnets, S1, S2, and S3. If you configure network S4 with area A.B.C.D, and S4 contains S1, S2,
and S3, then only S1 will be running OSPF. S2 and S3 will not be known to other OSPF
routers.
To work around this limitation, enable OSPF redistribution of directly connected routes so
that OSPF will redistribute S2 and S3 via the network running on S1.
Example The following command configures global IP address 10.10.10.4/24:
ACOS(config)# ip address 10.10.10.4 /24
page 168
ip anomaly-drop
Description Enable filtering for IP packets that exhibit predictable, well-defined anomalies. You can ena-
ble filtering for the following types of IP anomalies:
Syntax [no] ip anomaly-drop {parameter} variable if applicable
bad-content Bad content threshold. You can specify a value of 1-
127.
drop-all Drop all IP anomaly packets.
frag Drop all fragmented packets.
ip-option Drop packets with IP options.
land-attack Drop IP packets with the same source and destination
addresses.
out-of-sequence Out of sequence packet threshold. You can specify a
value of 1-127.
packet-deformity Drop packets with deformity. You can specify layer-3
or layer-4.
ping-of-death Drop oversize ICMP packets.
security-attack Drop packets causing a security attack. You can spec-
ify layer-3 or layer-4.
tcp-no-flag Drop TCP packets with no flag.
tcp-syn-fin Drop TCP packets with both syn and fin flags set.
tcp-syn-frag Drop fragmented TCP packets with a syn flag set.
zero-window Zero window size threshold.
Default All options are disabled by default.
Example ACOS(config)# ip anomaly-drop security-attack layer-3
page 169
ip as-path
Description Configure an AS-path list for BGP.
Syntax [no] ip as-path access-list regular-expression {deny | permit}
regular-expression Access list name.
deny | permit Action to perform on matching entries.
Default None
ip community-list
Description Specify BGP community attributes.
Syntax [no] ip community-list num

{deny | permit}
[community-number]
[local-AS]
[no-advertise]
[no-export]
Syntax [no] ip community-list {expanded | standard} list-name

{deny | permit}
[community-number]
[local-AS]
[no-advertise]
[no-export]
num List number.
{expanded | standard} List type and name.
list-name
deny | permit Action to perform for matching communities.
community-number Community number.
local-AS Advertises routes only within the local Autonomous
System (AS), not to external BGP peers.
no-advertise Does not advertise routes.
no-export Does not advertise routes outside the AS boundary.
page 170
Default None
Example Example configuration:
ACOS(config)# ip community-list standard list-name permit 10 no-advertise
ip default-gateway
Description Specify the default gateway to use to reach other subnets, when the ACOS device is
deployed in transparent mode (Layer 2 mode).
Syntax [no] ip default-gateway ipaddr
Default None.
Usage This command applies only when the ACOS device is used in transparent mode. If you
instead want to use the device in gateway mode (Layer 3 mode), configure routing.
To configure the default gateway for the out-of-band management interface, use the
interface management command to go to the configuration level for the interface, then
enter the ip default-gateway command. (See “ip default-gateway” on page 117.)
Example The following command configures an ACOS device deployed in transparent mode to use
router 10.10.10.1 as the default gateway for data traffic:
ACOS(config)# ip default-gateway 10.10.10.1
page 171
ip dns
Description Configure DNS servers and the default domain name (DNS suffix) for hostnames on the
ACOS device.
Syntax [no] ip dns {primary | secondary} ipaddr
[no] ip dns suffix string
Default None
Usage This command applies to transparent mode and gateway mode.
This command can only be used in the shared partition.
Example The following command sets primary DNS server 20.20.20.5:
ACOS(config)# ip dns primary 20.20.20.5
ip extcommunity-list
Description Configure an extended community list for BGP.
Syntax [no] ip extcommunity-list num

{deny | permit}
{rt | soo {AS-num:nn | ipaddr:nn}}
Syntax [no] ip extcommunity-list

{expanded | standard} list-name
{deny | permit}
{rt | soo {AS-num:nn | ipaddr:nn}}
num List number.
{expanded | standard} List type and name.
list-name
deny | permit Action to perform for matching communities.
rt | soo Community type and ID:
{AS-num:nn | ipaddr:nn}
• rt – Route-target extended community.
• soo – Site-of-origin extended community.
Default None

ACOS(config)# ip extcommunity-list standard list-name permit soo 10:20
page 172
ip frag buff
Description Maximum buffer size used for fragmentation.
Syntax [no] ip frag buff num
Replace num with the maximum number of buffers the ACOS device will allow for
fragmentation sessions. You can specify 10000-3000000 (3 million). The specified maximum
applies to both IPv4 and IPv6.
Default The default range on 64-bit ACOS models is 5% of total buffers
Usage If the ACOS device is a member of an aVCS virtual chassis, use the device-context com-
mand to specify the device in the chassis to which to apply this command.
ip frag cpu-threshold
Description Set the CPU usage threshold at which to stop processing fragmented packets.
Syntax [no] ip frag cpu-threshold high max-use low min-use
max-use The max CPU usage percentage allowed, specified as a number
between 0 and 100. When CPU usage exceeds this threshold,
the CPU will stop processing fragments.
min-use The minimum CPU usage percentage that needs to be main-
tained before the CPU starts processing fragments again. This
value is specified as a number between 0 and 100.
Default The default high is 75% and the default low is 60%.
Mode Configuration mode.
ip frag max-packets-per-reassembly
Description Maximum number of fragmented packets allowed per reassembly(0 is unlimited) (default 0)
Syntax [no] ip frag max-packets-per-assembly num
Replace num with the maximum number of fragmented packets the ACOS device will allow
per reassembly. You can specify 2-16.
Default 0
page 173
ip frag max-reassembly-sessions
Description Configure the IP fragment queue size.
Syntax [no] ip frag max-reassembly-sessions num
Replace num with the maximum number of simultaneous fragmentation sessions the ACOS
device will allow. You can specify 1-200000. The specified maximum applies to both IPv4 and
IPv6.
Default 100000
ip frag timeout
Description Configure the timeout for IP packet fragments.
Syntax [no] ip frag timeout ms
Replace ms with the number of milliseconds (ms) the ACOS device buffers fragments for
fragmented IP packets. If any fragments of an IP packet do not arrive within the specified
time, the fragments are discarded and the packet is not re-assembled. You can specify 4-
16000 ms (16 seconds), in 10-ms increments.
Default 1000 ms (1 second)
ip icmp disable
Description Disable ICMP messages.
Syntax [no] ip icmp disable {redirect | unreachable}
redirect Disables sending of ICMP Redirect messages.
unreachable Disables sending of ICMP Destination Unreachable messages.
Default Both types of ICMP messages are enabled.
page 174
Example The following command disables sending of IPv4 ICMP Redirect messages:
ACOS(config)# ip icmp disable redirect
ip map-list
Description Configure IP Map List name.
Syntax [no] ip map-list name
Replace name with the name of the IP Map List. You can specify 1-63.
Default Not set
ip mgmt-traffic
Description Allows a loopback interface IP address to be used as the source interface for management
traffic originated by the ACOS device.
Syntax [no] ip mgmt-traffic

{all | ftp | ntp | rcp | snmp | ssh | syslog | telnet | tftp | web}
source-interface loopback num
To apply the command only to a specific type of traffic (SNMP, NTP, and so on), use the option
for that traffic type. To apply the command to all management traffic types, use the all
option.
Default Not set
Usage Notes about the implementation of this command:

• Loopback interface IP address – The loopback interface you specify when configuring
this feature must have an IP address configured on it. Otherwise, this feature does not
take effect.
• Management interface – If use of the management interface as the source for manage-
ment traffic is also enabled, the loopback interface takes precedence over the manage-
ment interface. The loopback interface’s IP address will be used instead of the
management interface’s IP address as the source for the management traffic.
• Likewise, the use-mgmt-port option has no effect.
• Ping traffic – Configuration for use of a loopback interface as the source for manage-
ment traffic does not apply to ping traffic. By default, ping packets are sourced from the
best interface based on the route table. You can override the default interface selection
by specifying a loopback or other type of interface as part of the ping command.
page 175
• Layer 2/3 Virtualization – This feature is supported only for loopback interfaces that
belong to the shared partition. When this feature is configured, management traffic ini-
tiated from a private partition will use the IP address of the specified loopback interface
as the source address, and will use the shared partition’s data routing table to select the
outbound interface.
Limitations
• The current release has the following limitations related to this feature:
• Floating loopback interfaces are not supported.
• IPv6 interfaces are not supported.
• aVCS is not supported.
Example The following commands configure an IP address on loopback interface 2:
ACOS(config)# interface loopback 2

ACOS(config-if:loopback:2)# ip address 10.10.10.66 /24
ACOS(config-if:loopback:2)# exit
Example The following command configures the ACOS device to use loopback interface 2 as the
source interface for management traffic of all types listed above:
ACOS(config)# ip mgmt-traffic all loopback 2
ip nat alg pptp

Description Disable or re-enable NAT Application-Layer Gateway (ALG) support for the Point-to-Point
Tunneling Protocol (PPTP). This feature enables clients and servers to exchange Point-to-
page 176
Point (PPP) traffic through the ACOS device over a Generic Routing Encapsulation (GRE) tun-
nel. PPTP is used to connect Microsoft Virtual Private Network (VPN) clients and VPN hosts.
Syntax ip nat alg pptp {enable | disable}
Default Enabled
Usage NAT ALG for PPTP has additional configuration requirements. For information, see the “NAT
ALG Support for PPTP” section in the “Network Address Translation” chapter of the Applica-
tion Delivery and Server Load Balancing Guide.
ip nat icmp
Description Configure NAT ICMP settings.
Syntax [no] ip nat icmp {always-source-nat-errors | respond-to-ping}
always-source-nat-errors Enable NAT for ICMP messages from inside routers. By default, source IP
addresses of ICMP error messages sent by inside routers are not translated
into NAT addresses.
respond-to-ping Enable ping replies from NAT pool addresses. By default, ping requests
sent to LSN NAT pool addresses are dropped.
Default Disabled
page 177
ip nat inside source

Description Configure inside Network Address Translation (NAT).
Syntax [no] ip nat inside source {

class-list name |
list acl-name pool pool-or-group-name
[msl seconds] [respond-to-user-mac] |
static inside-ipaddr nat-ipaddr
[disable | enable] [vrid num]
}
class-list name Specifies a class list. Entries in the class list map internal IP addresses to IP
NAT pools.
list acl-name Specifies an Access Control List (ACL) that matches on the inside
addresses to be translated. (To configure the ACL, see the “access-list”
commands in the Command Line Interface Reference.)
pool pool-or-group-name Dynamically assigns addresses from a range defined in a pool or pool
[msl seconds] group.
[respond-to-user-mac]
The msl option sets the TCP Maximum Segment Life (MSL) for source-NAT
connections that use the specified pool or pool group. This option is useful
for NAT connections to devices with older TCP/IP stacks, where the MSL is
up to 2 minutes, resulting in a wait of up to 240 seconds (4 minutes) after a
FIN before the endpoint can enter a new connection. You can set the MSL
to 1-1800 seconds.
The respond-to-user-mac option causes existing connections to follow

the active ACOS device to use the inside client’s MAC address, instead of
the routing table, to select the next hop for the reply.
NOTE: This option is valid only for the current session. After the client’s
MAC address expires, the ACOS device will use the routing table to select
the next hop. If the session has traffic from the inside client, the ACOS
device will learn the inside client's MAC address again.
static Statically maps the specified inside address to a specific NAT address.
inside-ipaddr nat-ipaddr
disable | enable Disables or re-enables the static mapping.
vrid num VRRP-A VRID.
Default None
Usage For static NAT mappings, the following limitations apply:

• Application Layer Gateway (ALG) is not supported.
• Syn-cookies are not supported.
page 178
• VRRP-A session synchronization is not supported. However, sessions will not be inter-
rupted by failover.
Example The following command configures static inside NAT translation of 10.10.10.55 to
192.168.20.44:
ACOS(config)# ip nat inside source static 10.10.10.55 192.168.20.44
ip nat pool
Description Configure a named set of IP addresses for use by NAT.
Syntax [no] ip nat pool pool-name

start-ipaddr end-ipaddr
netmask {subnet-mask | /mask-length}
[gateway ipaddr]
[ip-rr]
[scaleout-device-id device-id]
[vrid num]
pool-name Name of the address pool.
start-ipaddr Beginning (lowest) IP address in the range.
end-ipaddr Ending (highest) IP address in the range.
netmask Network mask for the IP addresses in the pool.
{subnet-mask | /mask-length}
gateway ipaddr Default gateway to use for NATted traffic.
ip-rr Uses pool IP addresses in round robin fashion. Without this option, IP
address selection from a NAT pool depends on the incoming tuple and
the usage of the NAT pool.
scaleout-device-id device-id Configure the Scale Out device ID to which this IP NAT pool will be
bound (1-64).
vrid num VRRP-A VRID. In the shared partition, you can specify 1-31 or default.
In private partitions, you can specify default.
Default None.
Usage The pool can be used by other ip nat commands. The IP addresses must be IPv4 addresses.
To configure a pool of IPv6 addresses, see “ipv6 nat pool” on page 199.
To enable inside or outside NAT on interfaces, see “ip nat” on page 122.
When you use the gateway option, the gateway you specify is used as follows:
• For forward traffic (traffic from a client to a server), the NAT gateway is used if the source
NAT address (the address from the pool) and the server address are not in the same IP
subnet.
page 179
• On reverse traffic (reply traffic from a server to a client), the NAT gateway is used if all
the following conditions are true:
• The session is using translated addresses (is source NATted).
• The source protocol port is in the source NAT subnet.
• The destination is not in the source NAT subnet.
For conditions under which the NAT gateway is needed, if no NAT gateway is configured, the
ACOS device uses the default gateway configured for the ACOS device’s other traffic instead.
Example The following command configures an IP address pool named “pool1” that contains
addresses from 30.30.30.1 to 30.30.30.254:
ACOS(config)# ip nat pool pool1 30.30.30.1 30.30.30.254 netmask /24
ip nat pool-group
Description Configure a set of IP pools for use by NAT. Pool groups enable you to use non-contiguous IP
address ranges, by combining multiple IP address pools.
Syntax [no] ip nat pool-group pool-group-name [vrid num]
pool-group-name Name of the pool group.
This command changes the CLI to the configuration level for the specified pool group,
where the following command is available:
member pool-name
Replace pool-name with the name of a configured IP address pool.
Default None.
Usage To use a non-contiguous range of addresses, configure a separate pool for each contiguous
portion of the range, then configure a pool group that contains the pools.
The addresses within an individual pool still must be contiguous, but you can have gaps
between the ending address in one pool and the starting address in another pool. You also
can use pools that are in different subnets.
For SLB, a pool group can contain up to 5 pools. Pool group members must belong to the
same protocol family (IPv4 or IPv6). A pool can be a member of multiple pool groups.
If a pool group contains pools in different subnets, the ACOS device selects the pool that
matches the outbound subnet. For example, if there are two routes to a given destination, in
different subnets, and the pool group has a pool for one of those subnets, ACOS selects the
pool that is in the subnet for the outbound route.
page 180
The ACOS device selects the pool whose addresses are in the same subnet as the next-hop
interface used by the data route table to reach the server.
Example The following commands create a pool group containing 3 pools:
ACOS(config)# ip nat pool-group group1

ACOS(config-pool-group:group1)# member pool1
ip nat range-list
Description Configure a range of IP addresses to use with static NAT.
Syntax [no] ip nat range-list list-name

local-ipaddr /mask-length
global-ipaddr /mask-length
count number
[list acl-label]
[vrid num]
list-name Name of the static NAT address range.
local-ipaddr /mask-length Beginning (lowest) IP address in the range of local addresses.
global-ipaddr /mask-length Beginning (lowest) IP address in the range of global addresses.
count number Number of addresses to be translated, 1-200000. The range contains a
contiguous block of the number of addresses you specify.
The block of local addresses starts with the address you specify for local-
ipaddr. Likewise, the block of global addresses begins with the address you
specify for global-ipaddr.
list acl-label Specifies an Access Control List (ACL) that matches on the range-list
addresses to be translated. (To configure the ACL, see the “access-list”
commands in the Command Line Interface Reference.)
Valid options for acl-label include:
• <0-199> —Specifies a numbered ACL.
• name acl-name — Specifies a named ACL.
Default None.
Usage You can configure up to 2000 ranges. You can specify IPv4 or IPv6 addresses within a range.
Example The following command configures an IP address range named “nat-list-1” that maps up to
100 local addresses starting from 10.10.10.97 to Internet addresses starting from
192.168.22.50:
page 181
ACOS(config)# ip nat range-list nat-list-1 10.10.10.97 /16 192.168.22.50 /16 count 100
ip nat template logging

Description Configure a template for external logging of SLB traffic events.
Syntax [no] ip nat template logging template-name
This command changes the CLI to the configuration level for the specified NAT logging
template, where the following commands are available.
Command Description
[no] facility facility-name Specifies the logging facility to use. For a list of available facili-
ties, enter the following command: facility ?
The default facility is local0.

[no] include-destination Includes the destination IP addresses and protocol ports in NAT
port mapping logs.
[no] include-rip-rport Includes the IP and port of real server in logs (SLB function
only).
[no] log port-mappings Enables logging for NAT mapping.
{creation | disable}
• creation—Log only the creation of NAT mappings. By
default, both NAT mapping creation and deletion are logged.
• disable—Disable the logging of NAT mappings.
NOTE: The “no” form of the command returns the logging

method to its default, Syslog.
[no] service-group Specifies the service group for the external log servers.
group-name
[no] severity severity-level Specifies the severity level to assign to LSN traffic logs gener-
ated using this template. Use the severity ? command to
view the available severity levels. You can enter the name or the
number of a severity level.
The default severity is 7 (debugging).

[no] source-port Specifies the source protocol port the ACOS device uses to
{source-port | any} send out log messages to the external log servers (1-65535).
NOTE: This does not conflict with the real server port, which is
the destination port of the logging packet.
If the any option is configured, the ACOS device randomly

selects a source-port for each logging packet.
The default source port is 514 (for UDP only).
page 182
NOTE: The source-port command is only applicable to syslog over UDP, and does not
apply to TCP traffic. With syslog over TCP traffic, the source port is determined by
ACOS through Smart NAT.
Default There is no NAT logging template by default. When you configure one, the template options
have the default values as described in the table above.
Usage The template keeps track as to which external clients were mapped to the NAT IP and load
balances multiple IP address requests. Therefore it can be used once VIPs are configured.
Example The following commands show a configuration for external logging of SLB NAT activity.
ACOS(config)# ip nat pool pool1 20.0.0.1 20.0.0.1 netmask /32

ACOS(config)# ip nat template logging testlog
ACOS(config-nat logging)# log port-mappings both
ACOS(config-nat logging)# log session
ACOS(config-nat logging)# include-destination
ACOS(config-nat logging)# include-rip-rport
ACOS(config-nat logging)# service-group log
ACOS(config-nat logging)# exit
ACOS(config)# slb server rs1 20.0.0.6
ACOS(config-real server)# port 80 tcp
ACOS(config-real server-node port)# exit
ACOS(config-real server)# exit
ACOS(config)# slb server rs2 20.0.0.8
ACOS(config-real server)# port 80 tcp
ACOS(config)# slb server ls1 20.0.0.7
ACOS(config-real server)# port 514 udp
ACOS(config)# slb service-group sg1 udp
ACOS(config-slb svc group)# member ls1 514
ACOS(config-slb svc group-member:514)# exit
ACOS(config-slb svc group)# exit
ACOS(config)# slb virtual-server vip1 10.0.0.111
ACOS(config-slb vserver)# template logging testlog
ACOS(config-slb vserver)# show log
Log Output:
Apr 15 14:27:04 Apr 15 14:27:03 ACOS NAT-TCP-C: 10.0.0.12:25235 ->

20.0.0.1:2097 RS 20.0.0.7:80#015
page 183
...
ip nat translation
Description Configure NAT timers.
Syntax [no] ip nat translation

{
icmp-timeout {age seconds | fast} |
ignore-tcp-msl |
service-timeout {tcp | udp} portnum {age seconds | fast} |
tcp-timeout seconds |
udp-timeout seconds
}
page 184
icmp-timeout Specifies the minimum number of seconds NATted ICMP sessions can remain
{age seconds | fast} idle before being terminated. You can specify 2-15000 seconds, or fast. The fast
option terminates the session as soon as a response is received.
The default is fast.

ignore-tcp-msl Immediately reuse TCP sockets after session termination, without waiting for the
Maximum Session Life (MSL) time to expire.
This is disabled for by default.

service-timeout Specifies the minimum number of seconds NATted sessions on a specific proto-
{tcp | udp} portnum col port can remain idle before being terminated. The timeout set for an individual
{age seconds | fast} protocol port overrides the global TCP or UDP timeout for NATted sessions. You
can specify 2-15000 seconds, or fast. The fast option terminates the session as
soon as a response is received.
By default, this is not set. For all service ports except UDP 53, the tcp-timeout or
udp-timeout setting is used. For UDP port 53, the SLB MSL time is used.
tcp-timeout seconds Timeout for TCP sessions that are not ended normally by a FIN or RST. You can
specify 2-15000 seconds:

udp-timeout seconds The supported values and timer behavior for UDP sessions are the same as those
for tcp-timeout (described above).
Usage The timeout value you specify is the minimum number of seconds the session can remain
idle. It takes up to 60 seconds following expiration of the configured timeout value for the
session to be removed.
If you specify 2-30 seconds, the timeout takes place very rapidly, as close to the configured
timeout as possible.
If you specify 31-15000 seconds, the timeout value must be divisible by 60, and can be a
minimum of 1 minute. If the timeout is set to a value in the range 31-59, the timeout value is
rounded up to 60. Values in the range 61-14999 are rounded down to the nearest multiple of
60.
Example The following command changes the TCP timeout to 120 seconds:
ACOS(config)# ip nat translation tcp-timeout 120
page 185
ip nat-global reset-idle-tcp-conn
Description Enable client and server TCP Resets for NATted TCP sessions that become idle.
Syntax [no] ip nat-global reset-idle-tcp-conn
Default Disabled.
ip prefix-list
Description Configure an IPv4 prefix list.
Syntax [no] prefix-list list-name

[description string]
[seq sequence-num]
{deny | permit}
{any | ipaddr/mask-length}
[ge prefix-length] [le prefix-length]
list-name Name of the IP prefix list. The name can not contain blanks.
description string Description of the IP prefix list.
seq sequence-num Changes the sequence number of the IP prefix-list rule. The sequence num-
ber can be 1-4294967295.
deny | permit Action to take for IP addresses that match the prefix list.
any | ipaddr /mask-length IP address and number of mask bits, from left to right, on which to match. If
you omit the ge and le options (described below), the mask-length is also
the subnet mask on which to match.
ge prefix-length Specifies a range of prefix lengths on which to match. Any prefix length
equal to or greater than the one specified will match. For example, ge 25
will match on any of the following mask lengths: /25, /26, /27, /28, /29, /30,
/31, or /32.
le prefix-length Specifies a range of prefix lengths on which to match. Any prefix length
less than or equal to the one specified will match. The lowest prefix length
in the range is the prefix specified with the IP address. For example,
192.168.1.0/24 le 28 will match on any of the following mask lengths: /
24, /25, /26, /27, or /28.
Default N/A
Usage You can use IP prefix lists to provide input to the OSPFv2 command “area area-id filter-list” on
page 255.
How Matching Occurs
page 186
Matching begins with the lowest numbered IP prefix-list rule and continues until the first
match is found. The action in the first matching rule is applied to the IP address. For example,
if the IP prefix list contains the following two rules, rule 5 is used for IP address 192.168.1.9,
even though the address also matches rule 10.
ip prefix-list 5 permit any

ip prefix-list 10 deny 192.168.1.0/24
The ge prefix-length and le prefix-length options enable you to specify a range of mask
lengths on which to match. If you do not use either option, the mask-length in the address (/
24 in the example above) specifies both the following:
• Number of bits to match, from left to right

• Mask length on which to match
If you use one or both of the ge or le options, the mask-length specifies only the number of
bits to match. The ge or le option specifies the mask length(s) on which to match.
The following rule matches on any address whose first octet is 10 and whose mask-length is
8:
ip prefix-list match_on_8bit_mask_only permit 10.0.0.0/8
IP address 10.10.10.10/8 would match this rule but 10.10.10.10/24 would not.
The following rule uses the le option to extend the range of mask lengths that match:
ip prefix-list match_on_24bit_mask_or_less permit 10.0.0.0/8 le 24
This rule matches on any address that has 10 in the first octet, and whose mask length is 24
bits or less. IP addresses 10.10.10.10/8 and 10.10.10.10/24 would both match this rule.
The following rule permits any address from any network that has a mask 16-24 bits long.
ip prefix-list match_any_on_16-24bit_mask permit 0.0.0.0/0 ge 16 le

24
Implied Deny any Rule
The IP prefix list has an implied deny any rule at the end. This rule is not visible and can not
be changed or deleted. If an IP address does not match any of the rules in the IP prefix list,
the ACOS device uses the implied deny any rule to deny the address.
Sequence Numbering
As described above, the sequence of rules in the IP prefix list can affect whether a given
address matches a permit rule or a deny rule.
When you configure the first IP prefix-list rule, the ACOS device assigns sequence number 5
to the rule by default. After that, the sequence number for each new rule is incremented by
5. If you explicitly set the sequence number of a rule, subsequent rules are still sequenced in
increasing increments of 5. For example, if you set the sequence number of the first rule to 7,
the next rule is 12 by default.
page 187
You can explicitly set the sequence number of a rule when you configure the rule. You also
can change the sequence number of a rule that is already configured.
Example The following commands add descriptions to some IP prefix-list rule and display the results:
ACOS(config)# ip prefix-list aaa description Here_is_a_string_to_describe_the_rule.

ACOS(config)# ip prefix-list ccc description And_here_is_a_string_to_describe_this_rule.
ACOS(config)# show running-config | section ip prefix-list
ip prefix-list aaa description Here_is_a_string_to_describe_the_rule.
ip prefix-list aaa seq 5 permit any
ip prefix-list bbb seq 10 permit 192.168.1.0/24
ip prefix-list ccc description And_here_is_a_string_to_describe_this_rule.
ip prefix-list ccc seq 15 deny 10.10.10.0/8 le 24
ip reroute
Description Enter the ip reroute mode to suppress the reroute for a particular protocol.
Syntax [no] ip reroute
Usage When routes are added, use of this command specifies not to trigger a route table version
change update for the protocol that will be configured in ip reroute mode. See suppress-pro-
tocols for further information.
Example The following command enters ip reroute mode:
ACOS(config)# ip reroute
ACOS(config-reroute)#
ip route
Description Configure a static IP route.
Syntax [no] ip route destination-ipaddr {subnet-mask | /mask-length}

{
next-hop-ipaddr
[distance]
[description string] |
lif num next-hop-ipaddr
[distance]
partition partition-name
[vrid vrid]
tunnel num next-hop-ipaddr
[distance]
page 188
}
Syntax [no] ip route static bfd local-ipaddr remote-ipaddr
destination-ipaddr Specifies the destination of the route. To configure a default route, spec-
{subnet-mask | /mask-length} ify 0.0.0.0/0.
next-hop-ipaddr Specifies the next-hop router to use to reach the route destination. The
address must be in the same subnet as the ACOS device.
distance Distance value for the route, 1-255. Note that The distance value has no
significance for management routes and will be displayed as zero.
partition partition-name Forwards the traffic to the specified L3V partition as the next hop. The
[vrid vrid] vrid option specifies the VRRP-A VRID, if applicable.
description string Description of the static route.
Default There are no static routes configured by default.
Usage If a destination can be reached by an explicit route (a route that is not a default route), then
the explicit route is used. If an explicit route is not available to reach a given destination, the
default route is used (if a default route is configured).
Example The following command configures a default route using gateway 10.10.10.1 and the default
metric:
ACOS(config)# ip route 0.0.0.0/0 10.10.10.1
page 189
ip tcp syn-cookie threshold

Description Modify the threshold for TCP handshake completion. The TCP handshake threshold is appli-
cable when SYN cookies are active.
Syntax [no] ip tcp syn-cookie threshold seconds
seconds Number of seconds allowed for a TCP handshake to be com-
pleted. If the handshake is not completed within the allowed
time, the ACOS device drops the session. You can specify 1-100
seconds.
Default 4 seconds
Usage The TCP handshake threshold is applicable only when software-based SYN cookies are
active. To enable support for software-based SYN cookies, use the syn-cookie enable
command at the virtual port level. (See the “syn-cookie” command in the Command Line
Interface Reference for more information.)
Example The following command changes the TCP TCP handshake threshold to 15 seconds:
ACOS(config)# ip tcp syn-cookie threshold 15
ip-list
Description Configure an IP list.
Syntax [no] ip-list name
Replace name with the name of the IP list, 1-63 characters.
Default None
ipv4-in-ipv6 frag
Description Configure IPv4-in-IPv6 fragmentation parameters.
Syntax [no] ipv4-in-ipv6 frag
Default None
page 190
Config Commands: IP Reroute
This chapter describes the commands for configuring IP reroute.
To access this configuration level, enter the ip reroute command at the Global configuration level. For
example:
The following commands are available:
• suppress-protocols
suppress-protocols
Description Suppress the reroute trigger for a particular protocol.
Syntax [no] suppress-protocols protocol
protocol • connected - Physically connected
• ebgp - External Border Gateway Protocol
• ibgp - Internal Border Gateway Protocol
• isis - Intermediate System to Intermediate System protocol
• ospf - Open Shortest Path First protocol
• rip - Routing Information Protocol
• static - Static route
Mode IP reroute mode
Usage Specify the protocol for suppressing route table version change updates.
Example The following command enters ip reroute mode and then suppresses route table updates
for static routes:
ACOS(config-reroute)# suppress-protocols static
ACOS(config-reroute-suppress-protocols)# end
ACOS# config
ACOS(config)# ip route 3.3.3.0 /24 4.4.4.3
page 191
page 192
Config Commands: IPv6
The IPv6 commands configure global IPv6 parameters.
• ipv6 access-list
• ipv6 address
• ipv6 default-gateway
• ipv6 frag timeout
• ipv6 icmpv6 disable
• ipv6 nat icmpv6 respond-to-ping
• ipv6 nat inside source list
• ipv6 nat pool
• ipv6 nat pool-group
• ipv6 neighbor
• ipv6 ospf display route single-line
• ipv6 prefix-list sequence-number
• ipv6 route
• ipv6 route
• ipv6-in-ipv4 frag
NOTE: To configure global IPv4 parameters, see “Config Commands: IP” on

page 163.
page 193
ipv6 access-list
Description Configure an extended IPv6 ACL.
Syntax [no] ipv6 access-list name
This command changes the CLI to the configuration level for the ACL, where the following
ACL-related commands are available.
Syntax [no] [seq-num] {permit | deny}

{ipv6 | icmp | geo-location name | object-group name}
{any | host host-src-ipv6addr | net-src-ipv6addr /mask-length |

object-group name}
{any | host host-dst-ipv6addr | net-dst-ipv6addr /mask-length |

object-group name}
[fragments] [vlan vlan-id] [dscp num]
[log]
Syntax [no] [seq-num] {permit | deny} {tcp | udp}
{any | host host-src-ipv6addr | net-src-ipv6addr /mask-length |

object-group name}
[eq src-port | gt src-port | lt src-port |
range start-src-port end-src-port]
{any | host host-dst-ipv6addr | net-dst-ipv6addr /mask-length |

object-group name}
[eq src-port | gt src-port | lt src-port |
range start-src-port end-src-port]
[fragments] [vlan vlan-id] [dscp num]

[established]
[log]
seq-num Sequence number of this rule in the ACL. You can use this option
to resequence the rules in the ACL.
deny | permit Action to take for traffic that matches the ACL:
• deny – Drops the traffic.

• permit – Allows the traffic.
ipv6 | icmp | geo-location name | Type of traffic on which to match.
object-group name
tcp | udp
page 194
any | Source IP address(es) to filter.
host host-src-ipv6addr |
net-src-ipv6addr /prefix-length | • any – The ACL matches on all source IP addresses.
object-group name
• host host-src-ipv6addr – The ACL matches only on the
specified host IPv6 address.
• net-src-ipv6addr /prefix-length – The ACL matches on
any host in the specified subnet.
• object-group name – The ACL matches on the object group.
eq src-port | For tcp or udp, the source protocol ports to filter.
gt src-port |
lt src-port | • eq src-port – The ACL matches on traffic from the specified
range start-src-port end-src-port source port.
• gt src-port – The ACL matches on traffic from any source
port with a higher number than the specified port.
• lt src-port – The ACL matches on traffic from any source
port with a lower number than the specified port.
• range start-src-port end-src-port – The ACL matches
on traffic from any source port within the specified range.
any | Destination IP address(es) to filter.
host host-dst-ipv6addr |
net-dst-ipv6addr /mask-length |
object-group name
eq dst-port | For tcp or udp, the destination protocol ports to filter.
gt dst-port |
lt dst-port | • eq dst-port – The ACL matches on traffic from the specified
range start-dst-port end-dst-port destination port.
• gt dst-port – The ACL matches on traffic from any destina-
tion port with a higher number than the specified port.
• lt dst-port – The ACL matches on traffic from any destina-
tion port with a lower number than the specified port.
• range start-dst-port end-dst-port – The ACL matches
on traffic from any destination port within the specified range.
fragments Matches on packets in which the More bit in the header is set (1)
or has a non-zero offset.
vlan vlan-id Matches on the specified VLAN. VLAN matching occurs for
incoming traffic only.
dscp num Matches on the 6-bit Diffserv value in the IP header, 1-63.
established Matches on TCP packets in which the ACK or RST bit is not set.
This option is useful for protecting against attacks from outside.
Since a TCP connection from the outside does not have the ACK
bit set (SYN only), the connection is dropped. Similarly, a connec-
tion established from the inside always has the ACK bit set. (The
first packet to the network from outside is a SYN/ACK.)
log Configures the ACOS device to generate log messages when traf-
fic matches the ACL.
Syntax [no] remark string
page 195
The remark command adds a remark to the ACL. The remark appears at the top of the ACL
when you display it in the CLI. The string can be 1-63 characters. To use blank spaces in the
remark, enclose the entire remark string in double quotes.
Default None
ipv6 address
Description Configure the global IPv6 address of the ACOS device, when the device is deployed in trans-
parent mode (Layer 2 mode).
Syntax [no] ipv6 address ipv6-addr/prefix-length [link-local] [anycast]
ipv6-addr Valid unicast IPv6 address.
prefix-length Prefix length, up to 128.
link-local Configures the address as the link-local IPv6 address for the interface, instead of a
global address. Without this option, the address is a global address.
anycast Configures the address as an anycast address. An anycast address can be assigned to
more than one interface. A packet sent to an anycast address is routed to the “nearest”
interface with that address, based on the distance in the routing protocol.
Default N/A
Usage This command applies only when the ACOS device is deployed in transparent mode. To
assign IPv6 addresses to individual interfaces instead (gateway mode), use the ipv6
address command at the interface configuration level. (See “ipv6 address” on page 130.)
Example The following command configures global IPv6 address 2001:db8::1521:31ab/32:
ACOS(config)# ipv6 address 2001:db8::1521:31ab/32
ipv6 default-gateway
Description Specify the default gateway to use to reach other IPv6 networks, when the ACOS device is
used in transparent mode (Layer 2 mode).
Syntax [no] ipv6 default-gateway ipv6-addr
Replace ipv6-addr with the IPv6 address of the next-hop gateway.
page 196
Default N/A
Usage This command applies only when the ACOS device is used in transparent mode. If you
instead want to use the device in gateway mode (Layer 3 mode), configure routing.
Example The following command configures default IPv6 gateway 2001:db8::1521:31ac:
ACOS(config)# ipv6 default-gateway 2001:db8::1521:31ac
ipv6 frag timeout

Description Configure the timeout for IPv6 packet fragments.
Syntax [no] ipv6 frag timeout ms
Replace ms with the number of milliseconds (ms) the ACOS device buffers fragments for
fragmented IPv6 packets. If any fragments of an IPv6 packet do not arrive within the
specified time, the fragments are discarded and the packet is not re-assembled. You can
specify 4-16000 ms (16 seconds), in 10-ms increments.
Default 1000 ms (1 second)
page 197
ipv6 icmpv6 disable

Description Disable ICMPv6 messages.
Syntax [no] ipv6 icmpv6 disable {redirect | unreachable}
redirect Disables sending of ICMPv6 Redirect messages.
unreachable Disables sending of ICMPv6 Destination Unreachable mes-
sages.
Default Both types of ICMP messages are enabled.
Example The following command disables sending of IPv6 ICMP Destination Unreachable messages:
ACOS(config)# ipv6 icmpv6 disable unreachable
ipv6 nat icmpv6 respond-to-ping

Description Enable ACOS to respond to ping requests sent to NAT addresses owned by the ACOS device.
Syntax [no] ipv6 icmpv6 respond-to-ping
Default Disabled.
ipv6 nat inside source list

Description Inside configuration for IPv6 NAT.
Syntax [no] ipv6 nat inside source list list-name pool pool-name
list-name Name of the source list.
Default N/A
page 198
ipv6 nat pool

Description Configure a named set of IPv6 addresses for use by Network Address Translation (NAT).
Syntax [no] ipv6 nat pool pool-name start-ipv6-addr end-ipv6-addr

netmask mask-length
[gateway ipaddr]
[ip-rr]
[vrid num]
start-ipaddr Beginning (lowest) IP address in the range.
end-ipaddr Ending (highest) IP address in the range.
netmask Network mask for the IP addresses in the pool, 64-128.
mask-length
gateway Next-hop gateway address.
ipv6-addr
ip-rr Uses pool IP addresses in round robin fashion. Without this
option, IP address selection from a NAT pool depends on the
incoming tuple and the usage of the NAT pool.
Default None.
Example The following command configures an IPv6 address pool named “ipv6pool2”:
ACOS(config)# ipv6 nat pool ipv6pool2 abc1::1 abc1::10 netmask 96
ipv6 nat pool-group

Description Configure a set of IPv6 pools for use by NAT. Pool groups enable you to use non-contiguous
IP address ranges, by combining multiple IPv6 address pools.
Syntax [no] ipv6 nat pool-group pool-group-name

[vrid num]
pool-group-name Name of the pool group.
This command changes the CLI to the configuration level for the specified pool group,
where the following command is available:
page 199
member pool-name
Replace pool-name with the name of a configured IP address pool.
Default None.
Usage To use a non-contiguous range of addresses, configure a separate pool for each contiguous
portion of the range, then configure a pool group that contains the pools.
The addresses within an individual pool still must be contiguous, but you can have gaps
between the ending address in one pool and the starting address in another pool. You also
can use pools that are in different subnets.
For SLB, a pool group can contain up to 5 pools. Pool group members must belong to the
same protocol family (IPv4 or IPv6). A pool can be a member of multiple pool groups.
If a pool group contains pools in different subnets, the ACOS device selects the pool that
matches the outbound subnet. For example, of there are two routes to a given destination,
in different subnets, and the pool group has a pool for one of those subnets, ACOS selects
the pool that is in the subnet for the outbound route.
The ACOS device selects the pool whose addresses are in the same subnet as the next-hop
interface used by the data route table to reach the server.
ipv6 neighbor
Description Configure a static IPv6 neighbor.
Syntax [no] ipv6 neighbor ipv6-addr macaddr

{ethernet port-num | trunk TrunkID | tunnel tunnel-num}
[vlan vlan-id]
ipv6-addr IPv6 unicast address of the neighbor.
macaddr MAC address of the IPv6 neighbor.
ethernet port-num Ethernet interface connected to the neighbor.
trunk trunkID Trunk interface connected to the neighbor.
tunnel tunnel-num Tunnel interface connected to the neighbor. You can specify 1-128.
vlan-id VLAN for which to add the IPv6 neighbor entry. If you do not specify the VLAN, the
entry is added for all VLANs.
page 200
Default N/A
Usage The neighbor must be directly connected to the ACOS device’s Ethernet port you specify, or
connected through a Layer 2 switch.
Example The following command configures IPv6 neighbor 2001:db8::1111:2222 with MAC address
abab.cdcd.efef, connected to the ACOS device’s Ethernet port 5:
ACOS(config)# ipv6 neighbor 2001:db8::1111:2222 abab.cdcd.efef ethernet 5
ipv6 ospf display route single-line

Description Change how IPv6 routes are displayed in the show ipv6 ospf route output.
Syntax [no] ipv6 ospf display route single-line
Default By default, this option is disabled. Routes are displayed on multiple lines.
ipv6 prefix-list sequence-number

Description Configure an IPv6 prefix list.
Syntax [no] prefix-list list-name

[seq sequence-num]
{deny | permit}
{any | ipav6ddr/prefix-length}
[ge prefix-length] [le prefix-length]
list-name Name of the IP prefix list. The name can not contain blanks.
description string Description of the IP prefix list.
seq sequence-num Changes the sequence number of the IP prefix-list rule. The sequence num-
ber can be 1-4294967295.
deny | permit Action to take for IP addresses that match the prefix list.
any | ipav6ddr/prefix- IP address and number of mask bits, from left to right, on which to match. If
length you omit the ge and le options (described below), the mask-length is also
the subnet mask on which to match.
page 201
ge prefix-length Specifies a range of prefix lengths on which to match. Any prefix length
equal to or greater than the one specified will match. For example, ge 25
will match on any of the following mask lengths: /25, /26, /27, /28, /29, /30,
/31, or /32.
le prefix-length Specifies a range of prefix lengths on which to match. Any prefix length
less than or equal to the one specified will match. The lowest prefix length
in the range is the prefix specified with the IP address. For example,
192.168.1.0/24 le 28 will match on any of the following mask lengths: /
24, /25, /26, /27, or /28.
Default N/A
Usage You can use IP prefix lists to provide input to the OSPFv2 command “area area-id filter-list” on
page 255.
The rules for matching and sequence numbering are the same as those for IPv4 prefix lists.
(See “ip prefix-list” on page 186.)
iv6p reroute
Description Enter the ipv6 reroute mode to suppress the reroute for a particular protocol.
Syntax [no] ipv6 reroute
Usage When routes are added, use of this command specifies not to trigger a route table version
change update for the protocol that will be configured in ip reroute mode. See suppress-pro-
tocols for further information.
Example The following command enters ip reroute mode:
ACOS(config)# ipv6 reroute
ipv6 route
Description Configure a static IPv6 route.
Syntax [no] ipv6 route ipv6addr/prefix-length next-hop-ipv6addr

[ethernet num | trunk num | ve num]
[distance]
page 202
[no] ipv6 route static bfd [ethernet num | trunk num | ve num]
ipv6addr next-hop-ipv6addr
ipv6addr IPv6 unicast address of the route destination.
prefix-length Prefix length, 1-128.
next-hop-ipv6addr IPv6 unicast address of the next-hop gateway to the des-
tination.
distance Distance value for the route, 1-255.
string Description of the static route.
Default N/A
Usage The ethernet, trunk, and ve options are available only if the ipv6addr is a link-local
address. Otherwise, the options are not displayed in the online help and are not supported.
• If you use an individual Ethernet port, the port can not be a member of a trunk or a VE.
If you use a trunk, the trunk can not be a member of a VE.
• After you configure the static route, you can not change the interface’s membership in
trunks or VEs. For example, if you configure a static route that uses Ethernet port 6’s link-
local address as the next hop, it is not supported to later add the interface to a trunk or
VE. The static route must be removed first.
Example The following command configures a static IPv6 route to destination 2001:db8::3333:3333/
32, though gateway 2001:db8::3333:4444:
ACOS(config)# ipv6 route 2001:db8::3333:3333/32 2001:db8::3333:4444
Example The following command configures a default IPv6 route:
ACOS(config)# ipv6 route ::/0 abc1::1111
Example The following command configures an IPv6 static route that uses Ethernet port 6’s link-local
address as the next hop:
ACOS(config)# ipv6 route abaa:3::0/64 fe80::2 ethernet 6
page 203
ipv6-in-ipv4 frag
Description Configure IPv6-in-IPv4 fragmentation parameters.
Syntax [no] ipv6-in-ipv4 frag
Default None
Syntax Configuration mode
page 204
Config Commands: IPv6 Reroute
This chapter describes the commands for configuring IP reroute.
To access this configuration level, enter the iv6p reroute command at the Global configuration level.
For example:

• suppress-protocols
suppress-protocols
Description Suppress the reroute trigger for a particular protocol.
Syntax [no] suppress-protocols protocol
protocol • connected - Physically connected
• ebgp - External Border Gateway Protocol
• ibgp - Internal Border Gateway Protocol
• isis - Intermediate System to Intermediate System protocol
• ospf - Open Shortest Path First protocol
• rip - Routing Information Protocol
• static - Static route
Mode IP reroute mode
Usage Specify the protocol for suppressing route table version change updates.
Example The following command enters ipv6 reroute mode and then suppresses route table updates
for static routes:

ACOS(config-reroute)# suppress-protocols static
ACOS(config-reroute-suppress-protocols)# end
ACOS# config
ACOS(config)# ip route 3.3.3.0 /24 4.4.4.3
page 205
page 206
Config Commands: Router – RIP
This chapter describes the syntax for the Routing Information Protocol (RIP) commands. The com-
mands are described in the following sections:
• Enabling RIP
• Interface-level RIP Commands
• IPv4 RIP Configuration Commands
• IPv6 RIP Configuration Commands
• RIP Show Commands
• RIP Clear Commands
Enabling RIP
You can enable RIP for IPv4 and RIP for IPv6. Each version runs independently of the other. The ACOS
device supports a single IPv4 RIP process and a single IPv6 RIP process.
NOTE: Optionally you also can enable RIPv1. RIPv1 and RIPv2 can be enabled
separately for inbound and outbound RIP traffic.
Enabling RIP for IPv4

To enable RIP for IPv4:
1. Use the router rip global configuration command to enable RIP and access the configuration
level for global IPv4 RIP parameters:
ACOS(config)# router rip
ACOS(config-rip)#
2. From RIP routing configuration mode, use the network command to enable individual networks or
interfaces. For example:
ACOS(config-rip)# network 192.168.10.10/24
page 207
Interface-level RIP Commands
ACOS(config-rip)# network ethernet 3
This is the minimum required configuration. Additional configuration may be required depending on
your deployment.
Enabling RIP for IPv6

To enable RIP for IPv6:
1. Use the router ipv6 rip global configuration command to enable RIP and access the configura-
tion level for global IPv4 RIP parameters:
ACOS(config)# router ipv6 rip
ACOS(config-rip)#
2. To enable IPv6 RIP on an individual interface:

g. Access the interface. For example:
h. Use the following command to enable IPv6 RIP on the interface:

ACOS(config-if:ethernet:6)# ipv6 router rip
your deployment.

In addition to global parameters, RIP has parameters on the individual interface level. To configure RIP
on an interface, use the interface command to access the configuration level for the interface, then use
the ip rip or ipv6 rip command. (See “Config Commands: Interface” on page 105.)
IPv4 RIP Configuration Commands

The configuration commands in the following sections are applicable to IPv4 RIP.
Global IPv4 RIP Commands
The commands in this section apply globally to the IPv4 RIP process.
page 208
To access the configuration level for a IPv4 RIP process, use the router rip command at the global
configuration level of the CLI.
on an interface, use the interface command to access the configuration level for the interface, then use
the ip rip command. (See “Config Commands: Interface” on page 105.)
cisco-metric-behavior
Description Enable Cisco-compatible metric behavior. This option affects the display of metric values in
the RIP routing table.
Syntax [no] cisco-metric-behavior {enable | disable}
enable The metric values displayed for routes in the RIP routing table
are the values before modification by this RIP router (the ACOS
device).
disable The metric values displayed for routes in the RIP routing table
are the values after modification by this RIP router (the ACOS
device).
Default disable
Mode IPv4 RIP
default information originate

Description Enable generation of a default route into RIP.
Syntax [no] default information originate
Default Disabled
Mode IPv4 RIP
default-metric
Description Configure the default metric value for routes that are redistributed into IPv4 RIP.
Syntax [no] default-metric num
page 209
Replace num with the default metric, 1-16.
Default 1
Mode IPv4 RIP
distance
Description Set the administrative distance for IPv4 RIP routes.
Syntax [no] distance num [ipaddr/mask-length [acl-id]]
num Administrative distance, 1-255.
ipaddr/mask-length Network prefix and mask length. The specified distance
is applied only to routes with a matching source
address.
acl-id ACL ID. The specified distance is applied only to routes
that match the source IP address in the ACL.
NOTE: In the ACL, use the permit action, not the deny action.
Default The default distance is 120.
Mode IPv4 RIP
Usage The administrative distance specifies the trustworthiness of routes. In cases where there are
multiple routes to the same destination, from different routing protocols, the administrative
distance can be used as a tie-breaker.
A low administrative distance value indicates a high level of trust. Likewise, a high
administrative distance value indicates a low level of trust. For example, setting the
administrative distance value for external routes to 255 means those routes are very
untrustworthy and should not be used.
page 210
distribute-list
Description Configure filtering of route updates.
Syntax [no] distribute-list {acl-id | prefix list-name} {in | out} [inter-

face]
acl-id | ACL or prefix list that specifies the routes to filter. The
prefix list-name action you use in the ACL or prefix list determines whether
matching routes are allowed:
permit – Matching routes are allowed.
deny – Matching routes are prohibited.

in | out Traffic direction for which to filter updates:
in – Inbound route updates are filtered.
out – Outbound route updates are filtered.

interface Interface on which updates are filtered. You can specify
the following types of interfaces:
• ethernet portnum – Ethernet data interface.

• loopback [num] – Loopback interface. If you do not
specify an interface number, route updates are filtered
out on all loopback interfaces.
• trunk trunknum – Trunk interface.
• ve ve-num – Virtual Ethernet (VE) interface.
If no interface is specified, the filter applies to all inter-

faces.
NOTE: The internal option is not applicable.
Default Route updates are not filtered out.
Mode IPv4 RIP
Usage Distribute lists can be global or interface-specified:

• If you do not specify an interface with the distribute list, the list is global.
• If you do specify an interface with the distribute list, the list applies only to routes
received (in) or advertised (out) on that interface.
The ACOS device can have one global inbound distribute list and one global outbound
distribute list. Likewise, each interface can have one inbound distribute list and one
outbound distribute list.
page 211
For inbound updates, if the interface on which the update is received has a distribute list,
that distribute list is checked before the global distribute list. Likewise, for outbound updates,
the distribute list on the outbound interface is checked before the global distribute list. The
action (permit or deny) in the first distribute list that matches is used.
ACL Implicit Deny Rule
Every ACL has an implicit “deny any” rule at the end. Traffic that does not match any of the
explicitly configured rules in an ACL will match the implicit deny rule.
Example The following commands allow incoming RIP routes only for network 30.30.30.0/24, and only
when received through Ethernet interface 4:
ACOS(config)#ip prefix-list rip-subnet-only permit 30.30.30.0/24

ACOS(config)#router rip
ACOS(config-router)#distribute-list prefix rip-subnet-only in ether-
net 4
Example The following commands allow advertisement of RIP routes only for network 10.0.0.0/8, and
only when advertised through VE interface 45:
ACOS(config)# access-list 23 permit 10.0.0.0 0.255.255.255

ACOS(config-rip)# distribute-list 23 out ve 45
maximum-prefix
Description Specify the maximum number of routes allowed in the IPv4 RIP route table.
Syntax [no] maximum-prefix num [threshold]
num Maximum number of RIP routes allowed. You can specify 1-2048.
threshold Percentage of the maximum number of routes at which a warning
is generated. You can specify 1-100. The warnings appear in the
routing log.
Default 256. The default threshold is 75 percent.
Mode IPv4 RIP
neighbor
Description Specify a neighboring IPv4 RIP router.
Syntax [no] neighbor ipaddr
Replace ipaddr with the IP address of the neighboring IPv4 RIP router.
page 212
Default None
Mode IPv4 RIP
Usage Enter the command separately for each IPv4 RIP neighbor.
network
Description Enable IPv4 RIP on a network.
Syntax [no] network {ipaddr/mask-length | interface}
ipaddr/mask-length Prefix and mask length of a IPv4 RIP network.
interface Interface on which to enable RIP. You can specify the
following types of interfaces:

specify an interface number, RIP is enabled on all
loopback interfaces.
If no interface is specified, RIP is enabled on all the

interfaces.
Default None
Mode IPv4 RIP
page 213
offset-list
Description Increase the metric for specific routes.
Syntax [no] offset-list acl-id {in | out} offset [interface]
acl-id ACL that matches on the routes for which to increase the met-
ric.
in | out Direction to which to apply the metric:
• in – Applies the additional metric value to routes received in

updates from RIP neighbors.
• out – Applies the additional metric value to routes adver-
tised to RIP neighbors.
offset Additional metric to add to routes. You can specify 0-16.
interface Interface on which to increase the metric. You can specify the

• loopback [num] – Loopback interface. If you do not specify
an interface number, the metric is increased on all loopback
interfaces.
If no interface is specified, the metric is increased on all inter-

faces.
Default Not set. The metric that is otherwise applied to the route by the RIP process is used.
Mode IPv4 RIP
passive-interface
Description Block RIP broadcasts from being sent on an interface.
Syntax [no] passive-interface interface
Replace interface with the interface on which to block RIP broadcasts. You can specify the

• loopback [num] – Loopback interface. If you do not specify an interface number, RIP
broadcasts are blocked on all loopback interfaces.
page 214
Default None. RIP broadcasts are not blocked on any interfaces.
Mode IPv4 RIP
recv-buffer-size
Description Configure the receive buffer size for RIP UDP packets.
Syntax [no] recv-buffer-size bytes
Replace bytes with the maximum RIP UDP packet size allowed. You can specify 8192-
2147483647 bytes.
Default 8192
Mode IPv4 RIP
page 215
redistribute
Description Redistribute route information from other sources into RIP.
Syntax [no] redistribute

{
bgp [options] |
connected [options] |
floating-ip [options] |
ip-nat-list [options] |
ip-nat [options] |
isis [options] |
lw4o6 [options] |
ospf [options] |
static [options] |
vip [only-flagged | only-not-flagged [options]]
}
bgp [options] Redistributes route information from Border Gateway Protocol (BGP) into RIP.
For options, see the end of this parameter list.
connected [options] Redistributes route information for directly connected networks into RIP. For
options, see the end of this parameter list.
floating-ip [options] Redistributes route information for floating IP addresses into RIP. For options, see
the end of this parameter list.
ip-nat-list [options] Redistributes routes into RIP for reaching translated NAT addresses allocated
from a range list. For options, see the end of this parameter list.
ip-nat [options] Redistributes routes into RIP for reaching translated NAT addresses allocated
from a pool. For options, see the end of this parameter list.
isis [options] Redistributes route information from Intermediate System to Intermediate Sys-
tem (IS-IS) into RIP. For options, see the end of this parameter list.
lw406 [options] Redistributes routes into OSPF for Lightweight 4over6. (This is an IPv6 Migration
feature.)
ospf [options] Redistributes route information from Open Shortest Path First (OSPF) into RIP.
page 216
static [options] Redistributes routes into RIP for reaching networks through static routes. For
vip Redistributes routes into RIP for reaching virtual server IP addresses.
[only-flagged |
only-not-flagged To control which VIPs are redistributed, use one of the following options:
[options]]
• only-flagged – Redistributes only the VIPs on which the redistribution-
flagged command is used.
• only-not-flagged – Redistributes all VIPs except those on which the redis-
tribution-flagged command is used.
For more information, see the “Usage” information for this command.
• options - Optional parameters supported for the options listed above:

• metric num – Metric for the route, 0-16. There is no default.
• route-map map-name – Name of a route map. (To configure a route map,
use the route-map command at the global configuration level of the CLI.)
Default Disabled. By default, RIP routes are not redistributed. For other defaults, see above.
Mode IPv4 RIP
Usage When you enable redistribution, routes to all addresses of the specified type are redistrib-
uted. The vip option can be used to control which routes to VIPs are redistributed into RIP.
VIP Redistribution
You can exclude redistribution of individual VIPs using one or the other of the following
methods.
• If more VIPs will be excluded than will be allowed to be redistributed:

• At the configuration level for each of the VIPs to allow to be redistributed, enter the
following command: redistribution-flagged
• At the configuration level for the RIP process, enter the following command:
redistribute vip only-flagged
• If fewer VIPs will be excluded than will be allowed to be redistributed:
• At the configuration level for each of the VIPs to exclude from redistribution, enter
the following command: redistribution-flagged
• At the configuration level for the RIP process, enter either of the following com-
mands: redistribute vip only-not-flagged or redistribute vip
NOTE: In the configuration, the redistribute vip command is automatically con-

verted into the redistribute vip only-not-flagged command. When you
display the configuration, it will contain the redistribute vip only-not-
flagged command, not the redistribute vip command.
page 217
VIP Redistribution Usage Examples:
• If you have 10 VIPs and all of them need to be redistributed by RIP, use the redis-
tribute vip command at the configuration level for the RIP process.
• If you have 10 VIPs but only 2 of them need to be redistributed, use the redistribu-
tion-flagged command at the configuration level for each of the 2 VIPs, then use
the redistribute vip only-flagged command at the configuration level for the
RIP process.
• If you have 10 VIPs and need to redistribute 8 of them, use the redistribution-
flagged command at the configuration level for the 2 VIPs that should not be redis-
tributed. Enter the redistribute vip only-not-flagged command at the con-
figuration level for the RIP process. (In this case, alternatively, you could enter
redistribute vip instead of redistribute vip only-not-flagged.)
Example The following commands redistribute floating IP addresses and VIP addresses into RIP:
ACOS(config-router)# redistribute floating-ip

ACOS(config-router)# redistribute vip
Example The following commands flag a VIP, then configure RIP to redistribute only that flagged VIP.
The other (unflagged) VIPs will not be redistributed.
ACOS(config)# slb virtual-server vip1

ACOS(config-slb vserver)# redistribution-flagged
ACOS(config-slb vserver)# exit
ACOS(config-rip)# redistribute vip only-flagged
route
Description Configure static RIP routes.
Syntax [no] route ipaddr/prefix-length
Replace ipaddr/prefix-length with the destination of the route.
Default None
Mode IPv4 RIP
timers
Description Configure RIP timers.
page 218
Syntax [no] timers basic update timeout garbage-collection
update Amount of time between transmission of RIP route updates to
neighbors. You can specify 5-2147483647 seconds.

timeout Maximum number of seconds the ACOS device waits for an
update to a RIP route before the route becomes invalid. You can
An invalid route remains in the route table and is not actually

removed until the garbage-collection timer expires. (See below.)

garbage-col- Amount of time after a route becomes invalid that the route
lection remains in the route table before being removed. You can spec-
ify 5-2147483647 seconds.
Mode IPv4 RIP
Usage All RIP routers in the network should use the same timer values. However, the timers should
not be synchronized among multiple routers, since this can cause unnecessary collisions.
version
Description Specify the RIP version to run.
Syntax [no] version {1 [2] | 2}
1 RIP version 1.
2 RIP version 2.
Default 2
Mode IPv4 RIP
Usage The version you specify runs on all RIP interfaces on the ACOS device.
CAUTION: RIPv1 is less secure than RIPv2. It is recommended to run RIPv2 if your other routers
support it.
page 219

The configuration commands in the following sections are applicable to IPv6 RIP.
Global IPv6 RIP Commands
The commands in this section apply globally to the IPv6 RIP process.
To access the configuration level for a IPv6 RIP process, use the router ipv6 rip command at the
global configuration level of the CLI:
ACOS(config)# router ipv6 rip

ACOS(config-rip)#
on an interface, use the interface command to access the configuration level for the interface, then
use the ip rip or ipv6 rip command. (See “Config Commands: Interface” on page 105.)
aggregate-address
Description Configure an aggregate of multiple IPv6 RIP routes.
Syntax [no] aggregate-address ipv6addr/mask-length
Replace ipv6addr/ mask-length with the IPv6 address and prefix length of the aggregate. The
aggregate route will be used instead of the individual routes to destinations that match the
aggregate’s address and prefix.
Default None
Mode IPv6 RIP
page 220
cisco-metric-behavior
Description Enable Cisco-compatible metric behavior. This option affects the display of metric values in
the RIP routing table.
Syntax [no] cisco-metric-behavior {enable | disable}
enable The metric values displayed for routes in the RIP routing table
are the values before modification by this RIP router (the ACOS
device).
disable The metric values displayed for routes in the RIP routing table
are the values after modification by this RIP router (the ACOS
device).
Default disable
Mode IPv6 RIP
default-information originate
Description Enable generation of a default route into RIP.
Syntax [no] default-information originate
Default Disabled
Mode IPv6 RIP
default-metric
Description Configure the default metric value for routes that are redistributed into IPv6 RIP.
Replace num with the default metric, 1-16.
Default 1
Mode IPv6 RIP
page 221
distribute-list
Description Configure filtering of route updates.
Syntax [no] distribute-list {acl-id | prefix list-name} {in | out}

[interface]
acl-id | ACL or prefix list that specifies the routes to filter. The
prefix list-name action you use in the ACL or prefix list determines whether
matching routes are allowed:
• permit – Matching routes are allowed.

• deny – Matching routes are prohibited.
in | out Traffic direction for which to filter updates:
• in – Inbound route updates are filtered.

• out – Outbound route updates are filtered.
interface Interface on which updates are filtered. You can specify
the following types of interfaces:

specify an interface number, route updates are filtered
out on all loopback interfaces.
If no interface is specified, the filter applies to all inter-

faces.
Default Route updates are not filtered out.
Mode IPv6 RIP
Usage Distribute lists can be global or interface-specified:

• If you do not specify an interface with the distribute list, the list is global.
• If you do specify an interface with the distribute list, the list applies only to routes
received (in) or advertised (out) on that interface.
The ACOS device can have one global inbound distribute list and one global outbound
distribute list. Likewise, each interface can have one inbound distribute list and one
outbound distribute list.
For inbound updates, if the interface on which the update is received has a distribute list,
that distribute list is checked before the global distribute list. Likewise, for outbound updates,
the distribute list on the outbound interface is checked before the global distribute list. The
action (permit or deny) in the first distribute list that matches is used.
page 222
ACL Implicit Deny Rule
Every ACL has an implicit “deny any” rule at the end. Traffic that does not match any of the
explicitly configured rules in an ACL will match the implicit deny rule.
page 223
neighbor
Description Specify a neighboring IPv6 RIP router.
Syntax [no] neighbor ipv6addr interface
ipv6addr Link-local IPv6 address of the neighboring IPv6 RIP router.
interface Interface on which the neighbor can be reached. You can spec-
ify the following types of interfaces:
Default None
Mode IPv6 RIP
Usage Enter the command separately for each IPv4 RIP neighbor.
offset-list
Description Increase the metric for specific routes.
Syntax [no] offset-list acl-id {in | out} offset [interface]
acl-id ACL that matches on the routes for which to increase the met-
ric.
in | out Direction to which to apply the metric:
in – Applies the additional metric value to routes received in

updates from RIP neighbors.
out – Applies the additional metric value to routes advertised

to RIP neighbors.
offset Additional metric to add to routes. You can specify 0-16.
interface Interface on which to increase the metric. You can specify the

• loopback [num] – Loopback interface. If you do not specify
an interface number, the metric is increased on all loopback
interfaces.
If no interface is specified, the metric is increased on all inter-

faces.
page 224
Default Not set. The metric that is otherwise applied to the route by the RIP process is used.
Mode IPv6 RIP
passive-interface
Description Block RIP broadcasts from being sent on an interface.
Syntax [no] passive-interface interface
Replace interface with the interface on which to block RIP broadcasts. You can specify the

• loopback [num] – Loopback interface. If you do not specify an interface number, RIP
broadcasts are blocked on all loopback interfaces.
Default None. RIP broadcasts are not blocked on any interfaces.
Mode IPv6 RIP
recv-buffer-size
Description Configure the receive buffer size for RIP UDP packets.
Syntax [no] recv-buffer-size bytes
Replace bytes with the maximum RIP UDP packet size allowed. You can specify 8192-
2147483647 bytes.
Default 8192
Mode IPv6 RIP
redistribute
Description Redistribute route information from other sources into RIP.
page 225

{
bgp [options] |
ip-nat [options] |
isis [options] |
ospf [options] |
static [options] |
vip [only-flagged | only-not-flagged [options]]
}
bgp [options] Redistributes route information from Border Gateway Protocol (BGP) into RIP.
connected [options] Redistributes route information for directly connected networks into RIP. For
floating-ip [options] Redistributes route information for floating IP addresses into RIP. For options,
see the end of this parameter list.
ip-nat [options] Redistributes routes into RIP for reaching translated NAT addresses allocated
from a pool. For options, see the end of this parameter list.
ip-nat-list [options] Redistributes routes into RIP for reaching translated NAT addresses allocated
from a range list. For options, see the end of this parameter list.
isis [options] Redistributes route information from Intermediate System to Intermediate Sys-
tem (IS-IS) into RIP. For options, see the end of this parameter list.
ospf [options] For options, see the end of this parameter list.
static [options] Redistributes routes into RIP for reaching networks through static routes. For
vip Redistributes routes into RIP for reaching virtual server IP addresses.
[only-flagged |
only-not-flagged | To control which VIPs are redistributed, use one of the following options:
[options]]
• only-flagged – Redistributes only the VIPs on which the redistribution-
flagged command is used.
• only-not-flagged – Redistributes all VIPs except those on which the redis-
See “Usage” below for more information.
• options - Optional parameters supported for the options listed above:

• metric num – Metric for the route, 0-16. There is no default.
• route-map map-name – Name of a route map. (To configure a route map,
use the route-map command at the global configuration level of the CLI.)
Default Disabled. By default, RIP routes are not redistributed. For other defaults, see above.
Mode IPv6 RIP
page 226
uted. The vip option can be used to control which routes to VIPs are redistributed into RIP.
VIP Redistribution
methods.

• At the configuration level for the RIP process, enter the following command:
redistribute vip only-flagged
• At the configuration level for the RIP process, enter either of the following com-
mands: redistribute vip only-not-flagged or redistribute vip

• If you have 10 VIPs and all of them need to be redistributed by RIP, use the redis-
tribute vip command at the configuration level for the RIP process.
RIP process.
figuration level for the RIP process. (In this case, alternatively, you could enter
redistribute vip instead of redistribute vip only-not-flagged.)
route
Description Configure static RIP routes.
Syntax [no] route ipv6addr/prefix-length
Replace ipv6addr/prefix-length with the destination of the route.
Default None
Mode IPv6 RIP
page 227
route-map
Description Configure a list of interfaces to use as input to other RIP commands.
Syntax [no] route-map map-name {in | out} interface
map-name Name of the route map.
in | out Direction to which the map applies:
in – Applies to incoming routes received in updates from RIP

neighbors.
out – Applies to routes advertised to RIP neighbors.

interface Interface to which to apply the route map. You can specify the fol-
lowing types of interfaces:

• loopback [num] – Loopback interface. If you do not specify an
interface number, the route map is applied to all loopback inter-
faces.
Default None
Mode IPv6 RIP
page 228
RIP Show Commands
timers
Description Configure RIP timers.
Syntax [no] timers basic update timeout garbage-collection
update Amount of time between transmission of RIP route
updates to neighbors. You can specify 5-2147483647
seconds.

timeout Maximum number of seconds the ACOS device waits
for an update to a RIP route before the route becomes
invalid. You can specify 5-2147483647 seconds.
An invalid route remains in the route table and is not

actually removed until the garbage-collection timer
expires. (See below.)
The defaul tis 180 seconds.

garbage-collection Amount of time after a route becomes invalid that the
route remains in the route table before being removed.
You can specify 5-2147483647 seconds.
Mode IPv6 RIP
Usage All RIP routers in the network should use the same timer values. However, the timers should
not be synchronized among multiple routers, since this can cause unnecessary collisions.
RIP Show Commands

This section lists the RIP show commands:
• show ip rip database
• show ipv6 rip database
page 229
RIP Show Commands
show ip rip database

Description Display the RIP IPv4 route database.
Syntax show ip rip database
Mode All
Example The following command displays the IPv4 RIP database:
ACOS(config)# show ip rip database

Codes: R - RIP, Rc - RIP connected, Rs - RIP static, K - Kernel,
C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP,
v - VIP, V - VIP selected, N - IP NAT group,
n - IP NAT, f - Floating IP
Network Next Hop Metric From If Time

Rc 1.0.3.0/24 1 ethernet 5
R 1.0.4.0/24 12.0.0.2 2 12.0.0.2 ethernet 2 02:59
Rc 12.0.0.0/24 1 ethernet 2
page 230
RIP Show Commands
Codes R - RIP
Rc - RIP connected
Rs - RIP static
K - Kernel
C - Connected
S - Static
O - OSPF
I - IS-IS
B - BGP,
v - VIP
V - VIP selected
N - IP NAT group,
n - IP NAT
f - Floating IP
Network Destination network and subnet mask.
Next Hop Next hop IP address.
Metric Cost of the route.
From IP address of the originating router.
If Outgoing interface.
Time Remaining lifetime of the route.
show ipv6 rip database

Description Display the RIP IPv4 route database.
Syntax show ipv6 rip database
Mode All
Example The following command displays the IPv6 RIP database:
ACOS(config)# show ipv6 rip database
page 231
RIP Show Commands
Codes: R - RIP, Rc - RIP connected, Rs - RIP static, Ra - RIP aggregated,

Rcx - RIP connect suppressed, Rsx - RIP static suppressed,
K - Kernel, C - Connected, S - Static, O - OSPF, I - IS-IS, B - BGP,
v - VIP, V - VIP selected, N - IP NAT group,
n - IP NAT, f - Floating IP
Network Next Hop If Met Tag Time

Rc 3000::/64 :: ethernet 2 1 0
Rc 3ff3::/64 :: ethernet 5 1 0
R 3ff4::/64 fe80::21f:a0ff:fe10:a4a6 ethernet 2 2 0 02:59
Codes R - RIP
Rc - RIP connected
Rs - RIP static
Ra - RIP aggregated
Rcx - RIP connect suppressed
Rsx - RIP static suppressed
K - Kernel
C - Connected
S - Static
O - OSPF
I - IS-IS
B - BGP,
v - VIP
V - VIP selected
N - IP NAT group,
n - IP NAT
f - Floating IP
Network Destination network and subnet mask.
Next Hop Next hop IP address.
page 232
RIP Clear Commands
If Outgoing interface.
Metric Cost of the route.
Tag Tag information of the route.
Time Remaining lifetime of the route.
RIP Clear Commands

This section lists the RIP clear commands:
• clear ip rip route
• clear ipv6 rip route
clear ip rip route

Description Clears routes from the IPv4 RIP table.
Syntax clear ip rip route {ipaddr/mask-length | rip}
ipaddr/mask-length Replace ipaddr/mask-length to clear the route to the
specified network.
rip Clears all RIP routes from the table.
Mode Privileged EXEC or any configuration level
clear ipv6 rip route

Description Clears routes from the IPv6 RIP table.
Syntax clear ipv6 rip route

{ipv6addr/mask-length | rip}
ipv6addr/mask-length Clears the route to the specified network.
rip Clears all RIP routes from the table.
Mode Privileged EXEC or any configuration level
page 233
RIP Clear Commands
page 234
Config Commands: Router – OSPF
This chapter describes the commands for configuring global OSPFv2 and OSPFv3 parameters.
The following sections are covered:
• Enabling OSPF
• Configuration Commands Applicable to OSPFv2 or OSPFv3
• Configuration Commands Applicable to OSPFv2 Only
• Configuration Commands Applicable to OSPFv3 Only
• OSPF Show Commands
Enabling OSPF
To enable OSPF, use one of the following commands at the global configuration level of the CLI. Each
command changes the CLI to the configuration level for the specified OSPFv2 process ID or OSPFv3
process tag.
Enable OSPFv2
To enable OSPFv2, use the following command:
ACOS(config)# router ospf [process-id]
The process-id specifies the IPv4 OSPFv2 process to run on the ACOS device, and can be 1-65535.
Enable OSPFv3
To enable OSPFv3, use the following command:
ACOS(config)# router ipv6 ospf [tag]
The tag specifies the IPv6 OSPFv3 process to run on the IPv6 link, and can be 1-65535.
page 235
Configuration Commands Applicable to OSPFv2 or OSPFv3
NOTE: For OSPFv3, the area tag ID configured on an interface must be the same
as the tag ID for the OSPF instance.
Interface-level OSPF Commands
In addition to global parameters, OSPF has parameters on the individual interface level. To configure
OSPF on an interface, use the interface command to access the configuration level for the interface,
then use the ip ospf or ipv6 ospf command. (See “Config Commands: Interface” on page 105.)
Show Commands
To display OSPF settings, use the show {ip | ipv6} ospf command.
Configuration Commands Applicable to OSPFv2 or

OSPFv3
The following configuration commands are applicable to OSPFv2 and OSPFv3:
• area area-id default-cost
• area area-id range
• area area-id stub
• area area-id virtual-link
• auto-cost reference bandwidth
• bfd
• clear
• default-information originate
• default-metric
• distribute-internal
• ha-standby-extra-cost
• log-adjacency-changes
• max-concurrent-dd
page 236
• passive-interface
• redistribute
• router-id
• timers spf exp
The commands in this section apply throughout the OSPFv2 process or OSPFv3 process in which the
commands are entered.
area area-id default-cost

Description Specify the cost of a default summary route sent into a stub area.
Syntax [no] area area-id default-cost num
area-id Area ID, either an IP address or a number.
num Cost of the default summary route, 0-16777214.
Default The default is 1.
Mode OSPFv2 or OSPFv3
Example The following command assigns a cost of 4400 to default summary routes injected into stub
areas:
ACOS(config-ospf:1)#area 5.5.5.5 default-cost 4400
page 237
area area-id range

Description Summarize routes at an area boundary.
Syntax [no] area area-id range ipaddr/mask-length

[advertise | not-advertise]
area area-id Beginning area ID (either an IP address or a number).
range Ending area ID.
ipaddr Subnet address for the range.
/mask-length Network mask length for the range.
advertise Generates Type 3 summary LSAs for the areas in the range.
not-advertise Does not generate Type 3 summary LSAs. The networks are
hidden from other networks.
Default There is no default range configuration. When you configure a range, the default advertise-
ment string is advertise.
Example The following command configures a range and disables advertisement of routes into the
areas:
ACOS(config-ospf:1)#area 8.8.8.8 range 10.10.10.10/16 not-advertise
area area-id stub

Description Configure a stub area.
Syntax [no] area area-id stub [no-summary]
area-id Area ID.
no-summary ABRs do not send summary LSAs into the stub area.
Default None
Example The following command configures a stub area with area ID 10.2.4.5:
ACOS(config-ospf:1)#area 10.2.4.5 stub
page 238
area area-id virtual-link

Description Configure a link between two backbone areas that are separated by non-backbone areas.
Syntax [no] area area-id virtual-link ipaddr

[authentication]
[authentication-key string [string ...]]
[dead-interval seconds]
[fall-over bfd]
[hello-interval seconds]
[message-digest-key num md5 string [string ...]]
page 239
[retransmit-interval seconds]
[transmit-delay seconds]
ipaddr IP address of the OSPF neighbor at the other end of the link.
authentication Enables authentication on the link.
authentication-key string Specifies a simple text password for authenticating OSPF traf-
[string ...] fic between this router and the neighbor at the other end of the
virtual link. The string is an 8-character authentication pass-
word.
dead-interval seconds Number of seconds this OSPF router will wait for a reply to a
hello message sent to the neighbor on the other end of the vir-
tual link, before declaring the neighbor to be offline. You can

fall-over bfd Enable fall-over detection.
hello-interval seconds Number of seconds this OSPF router waits between sending
hello messages to the neighbor on the other end of the virtual
link. You can specify 1-65535 seconds.

message-digest-key num Specifies an MD5 key, 1-255. The string is a 16-character
md5 string [string ...] authentication password.
retransmit-interval seconds Number of seconds this OSPF router waits before resending an
unacknowledged packet to the neighbor on the other end of the
virtual link. You can specify 1-65535 seconds.

transmit-delay seconds Number of seconds this OSPF router waits between sending
packets to the neighbor on the other end of the virtual link. You
can specify 1-65535 seconds.
Default None. When you configure a virtual link, it has the default settings described in the table
above.
page 240
auto-cost reference bandwidth

Description Change the reference bandwidth used by OSPF to calculate default metrics.
Syntax [no] auto-cost reference-bandwidth mbps
Replace mbps with the reference bandwidth, in Mbps. You can specify 1-4294967.
Default 10000 Mbps
Usage By default, OSPF calculates the OSPF metric for an interface by dividing the reference band-
width by the interface bandwidth. This command differentiates high-bandwidth links from
lower-bandwidth links. If multiple links have high bandwidth, specify a larger reference
bandwidth so that the cost of those links is differentiated from the cost of lower-bandwidth
links.
bfd
Description Enable BFD on all interfaces for which OSPF is running.
Syntax [no] bfd all-interfaces
Default Disabled
clear
Description Clear all or specific OSPF neighbors.
Syntax clear ip ospf [process-id]

{
process |
neighbor
{all | neighbor-id | interface
{interface-ip-address [neighbor-ip-address]}}
}
clear ipv6 ospf [process-tag]

{
process |
neighbor
{all | neighbor-id |
page 241
interface-name [neighbor-id]}
}
process-id Specifies the IPv4 OSPFv2 process to run on the
device, and can be 1-65535.
process-tag Specifies the IPv6 OSPFv3 process to run on the IPv6
link, and can be 1-65535.
neighbor-id Router-id of the OSPF device.
neighbor-ip-address IP address of the interface for the neighboring device.
interface-ip-address IP address of the interface of the device on which the
OSPF neighbor exists.
Default N/A
Usage Using OSPFv2, the CLI enables you to indicate an interface IP Address of the ACOS device.
Using OSPFv3, the CLI enables you to specify the interface name for a specific neighbor.
Example The following command clears all OSPFv2 neighbors:
ACOS(config)#clear ip ospf neighbor all
Example The following command clears all neighbors to a specific router:
ACOS(config)#clear ip ospf neighbor 192.1.1.1
Example The following command clears all neighbors on an interface:
ACOS(config)#clear ip ospf neighbor interface 10.1.1.10
Example The following command clears a neighbor on a specified interface to a specified router:
ACOS(config)#clear ip ospf neighbor interface 10.1.1.10 192.1.1.10
Example The following command clears all OSPFv3 neighbors:
ACOS(config)#clear ipv6 ospf 5 neighbor all
Example The following command clears all neighbors to a specific router:
ACOS(config)#clear ipv6 ospf neighbor 192.1.1.1
Example The following command clears all OSPFv3 neighbors on a specified

interface:
ACOS(config)#clear ipv6 ospf neighbor ethernet 1
Example The following command clears all neighbors on a specified interface to a specific router:
page 242
ACOS(config)#clear ipv6 ospf neighbor ethernet 1 192.1.1.1
Description Create a default route into the OSPF domain.

[always]
[metric num]
[metric-type {1 | 2}]
[route-map name]
always Configures the ACOS device to automatically declare itself a
default gateway for other OSPF routers, even if the ACOS device
does not have a default route to 0.0.0.0/0.
metric num Metric for the default route, 0-16777214.
metric-type External link type associated with the default route advertised
{1 | 2} into the OSPF routing domain:
• 1 - Type 1 external route.

• 2 - Type 2 external route.
route-map Name of a route map. (To configure a route map, see the “route-
map-name map” command in the Command Line Interface Reference.
Default This option is disabled by default. If you enable it, the default metric is 10. The default metric
type is 2.
Mode OSPFV2 and OSPFV3
Usage When default-information originate is configured under OSPF, an external LSA for default
route is generated if the Routing Information Base has a default route.
Example The following command creates a default route into the OSPF domain with a metric of 20:
ACOS(config-router)#default-information originate metric 20
default-metric
Description Set the numeric cost that is assigned to OSPF routes by default. The metric (cost) is added to
routes when they are redistributed.

Replace num with the default cost, 0-16777214.
page 243
Default 20
Example The following command configures a default metric of 6666:
ACOS(config-router)#default-metric 6666
page 244
distribute-internal
Description Enable redistribution of ACOS-specific resources as internal routes (type-1 LSAs).
Syntax [no] distribute-internal

{lw4o6 [options] | floating-ip | ip-nat | ip-nat-list | vip | vip-
only-flagged} area area-id [cost num]
Default Distribute-internal for router IPv6 OSPF:
Syntax [no] distribute-internal

{lw4o6 [options] | nat64 | floating-ip | ip-nat | ip-nat-list | vip
| vip-only-flagged}
Description
lw4o6 [options] Redistributes LW4o6 routes into OSPF.
nat64 Redistributes NAT64 routes into OSPF.
floating-ip Redistributes routes into OSPF for reaching floating IP
[options] addresses.
ip-nat Redistributes routes into OSPF for reaching translated
NAT addresses allocated from a pool.
ip-nat-list Redistributes routes into OSPF for reaching translated
NAT addresses allocated from a range list.
vip Redistributes routes into OSPF for reaching virtual server
IP addresses.
vip-only-flagged Same as the vip option, but applies only to VIPs on which
the redistribution-flagged option is enabled.
Default Disabled. By default, OSPF routes are not redistributed. For other defaults, see above.
Usage Routes that are redistributed into OSPF as external routes are redistributed as type-5 link state
advertisement (LSAs). Routes that are redistributed into OSPF as internal routes are redistrib-
uted as type-1 LSAs.
You can enable either external or internal redistribution for a given ACOS-specific resource
type.
Example The following command enables internal distribution into OSPF area 0, of routes to all VIPs
configured on the ACOS device, and assigns cost 11 to the routes:
ACOS(config-router)#distribute-internal vip area 0 cost 11
Example The following command enables internal distribution into OSPF area 1, of routes to VIPs that
have the redistribution-flagged option, and assigns cost 21 to the routes:
ACOS(config-router)#distribute-internal vip-only-flagged area 1 cost
page 245
21
Example The following command enables internal distribution into OSPF area 5, of routes to floating
IP addresses, and assigns cost 555 to the routes:
ACOS(config-router)#distribute-internal floating-ip area 5 cost 555
Example The following command displays the OSPF IPv4 route table. The routes configured for inter-
nal distribution are indicated by “internal”.
ACOS(config-router)#show ip ospf route
OSPF process 11: counter = 6

Codes: C - connected, D - Discard, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
C 6.1.1.0/24 [10] is directly connected, ve 6, Area 0.0.0.0

C 111.1.1.2/32 [21] is directly connected, internal vip-only-
flagged, Area 0.0.0.1
C 111.1.1.3/32 [11] is directly connected, internal vip, Area
0.0.0.0
C 114.1.1.1/32 [21] is directly connected, internal vip-only-
flagged, Area 0.0.0.1
C 200.1.1.2/32 [555] is directly connected, internal floating-ip,
Area 0.0.0.5
page 246
ha-standby-extra-cost
Description Enable OSPF awareness of VRRP-A.
Syntax [no] ha-standby-extra-cost cost [group group-num]
cost Extra cost to add to the ACOS device’s OSPF interfaces, if the
VRRP-A status of one or more of the device’s VRIDs is Standby
(1-65535).
If the resulting cost value is more than 65535, the cost is set to
65535.
group-num A specific VRRP-A VRID that will incur the specified cost; if
none are specified, all VRIDs will incur the extra cost.
NOTE: This option is only available for OSPFv2.
Default Not set. The OSPF protocol on the ACOS device is not aware of the VRRP-A state (Active or
Standby) of the ACOS device.
Usage Enter the command on each of the ACOS devices in the VRRP-A VRID..
log-adjacency-changes
Description Log changes in adjacency state.
Syntax log-adjacency-changes {detail | disable}
detail Enable the logging of all changes in adjacency state.
disable Disable logging.
Default Logging is enabled in brief mode by default.
Mode OSPFv3
Usage In brief mode, the following state changes are logged:

• FULL -> XXXX
• XXXX -> FULL
• XXXX -> DOWN
page 247
In detail mode, all state changes will be logged. In disable mode, no state changes are
logged.
Example Enable the logging of all adjacency state changes.
ACOS(config)#router ipv6 ospf 2

ACOS(config-ospf:2)#log-adjacency-changes detail
max-concurrent-dd
Description Set the maximum number of OSPF neighbors that can be processed concurrently during
database exchange between this OSPF router and its OSPF neighbors.
Syntax [no] max-concurrent-dd num
Replace num with the maximum number of neighbors that can be processed at the same
time during database exchange. You can specify 1-65535.
Default Not set (no limit)
Usage This command is useful in cases where router performance is being adversely affected by
processing of neighbor adjacencies.
passive-interface
Description Disable Link-State Advertisements (LSAs) from being sent on an interface.
Syntax [no] passive-interface

{ethernet portnum | lif num | loopback num | ve ve-num}
Default LSAs are enabled. (No interfaces are passive.)
Example The following command configures a passive interface on the Virtual Ethernet (VE) interface
on VLAN 3:
ACOS(config-router)#passive-interface ve 3
redistribute
Description Enable distribution of routes from other sources into OSPF.

{
bgp [options] |
page 248
ip-nat [ipaddr/mask-length
floating-IP-forward-address ipaddr] [options] |
isis [options] |
lw4o6 [options] |
ospf [process-id] [options] |
rip [options] |
static [options] |
vip [ipaddr floating-IP-forward-address ipaddr |
{only-flagged | only-not-flagged}] [options]
}
bgp [options] Redistributes routes into OSPF for reaching BGP. For options,
see the end of this parameter list.
connected [options] Redistributes routes into OSPF for reaching directly connected
networks. For options, see the end of this parameter list.
floating-ip [options] Redistributes routes into OSPF for reaching floating IP
addresses. For options, see the end of this parameter list.
ip-nat Redistributes routes into OSPF for reaching translated NAT
[ipaddr/mask-length | addresses allocated from a pool.
floating-IP-forward-address ipaddr]
[options] By default, the forward address for all redistributed NAT pool
addresses is 0.0.0.0. To set a floating IP address as the for-
ward address, use the ipaddr/mask-length] option to specify the
NAT pool address. The floating-IP-forward-address ipaddr
option specifies the forward address to use when redistributing
the route to the NAT pool address.

ip-nat-list [options] Redistributes routes into OSPF for reaching translated NAT
addresses allocated from a range list. For options, see the end
of this parameter list.
isis [options] Redistributes routes into OSPF for IS-IS.
lw406 [options] Redistributes routes into OSPF for Lightweight 4over6. (This is
an IPv6 Migration feature.)
ospf [process-id] [options] Redistributes routes into this OSPFv2 process for reaching net-
works in another OSPFv2 process. For options, see the end of
this parameter list.
rip [options] Redistributes routes into OSPF for RIP.
page 249
static [options] Redistributes routes into OSPF for reaching networks through
static routes. For options, see the end of this parameter list.
vip Redistributes routes into OSPF for reaching virtual server IP
[ipaddr addresses.
floating-IP-forward-address ipaddr |
{only-flagged | only-not-flagged}] By default, the forward address for all redistributed VIPs is
[options]
0.0.0.0. To set a floating IP address as the forward address,
use the ipaddr option to specify the VIP address. Use the
floating-IP-forward-address option to specify the forward
address to use when redistributing the route to the VIP.
To control which VIPs are redistributed, use one of the follow-

ing options:
• only-flagged – Redistributes only the VIPs on which the

redistribution-flagged command is used.
• only-not-flagged – Redistributes all VIPs except those on
which the redistribution-flagged command is used.
For more information, see the “Usage” section for this com-
mand.
• options - Optional parameters supported for the options

above:
• metric-type {1 | 2} – External link type associated
with the route advertised into the OSPF routing domain (1
for Type 1 external route, or 2 for Type 2 external route).
• metric num – Metric for the route, 0-16777214. The
default is 20.
• route-map map-name – Name of a route map. (To config-
ure a route map, see the “route-map” command in the
• tag num – Includes the specified tag value in external
Link-State Advertisements (LSAs). Inter-domain routers
running Border Gateway Protocol (BGP) can be configured
to make routing decisions based on the tag value. The tag
value can be 0-4294967295. The default is 0.
Default Disabled. By default, OSPF routes are not redistributed. For other defaults, see above.
uted. You can use the vip option to control which routes to VIPs are redistributed into OSPF.
By default, the ACOS device uses 0.0.0.0 as the forward address in routes that are
redistributed in OSPF type-5 link state advertisement (LSAs). In this case, other OSPF routers
find a route to reach the ACOS device (which is acting as OSPF ASBR), then use the
corresponding next-hop address as the next hop for the destination network. You can
specify a floating IP address to use as the forward address, for individual NAT pools or VIPs.
(See the syntax above.)
page 250
VIP Redistribution
methods.

• At the configuration level for the OSPFv2 process or OSPFv3 process, enter the fol-
lowing command: redistribute vip only-flagged
• At the configuration level for the OSPFv2 process or OSPFv3 process, enter either of
the following commands: redistribute vip only-not-flagged or redis-
tribute vip

• If you have 10 VIPs and all of them need to be redistributed by OSPF, use the redis-
tribute vip command at the configuration level for the OSPF process.
OSPFv2 process or OSPFv3 process.
figuration level for the OSPFv2 process or OSPFv3 process. (In this case, alternatively,
you could enter redistribute vip instead of redistribute vip only-not-
flagged.)
• If the route map configured under slb is not defined then the prefix is not redistributed
(implicit deny).
Example The following commands redistribute floating IP addresses and VIP addresses into OSPF:
ACOS(config-router)# redistribute floating-ip

ACOS(config-router)# redistribute vip
Example The following commands flag a VIP, then configure OSPF to redistribute only that flagged VIP.
The other (unflagged) VIPs will not be redistributed.
ACOS(config)# slb virtual-server vip1

ACOS(config-slb vserver)# redistribution-flagged
page 251
ACOS(config)# router ospf

ACOS(config-ospf)# redistribute vip only-flagged
Example The following command enables redistribution of VIPs, and sets tag value 555 to be included
in external LSAs that advertise the route to the VIP:
ACOS(config-router)# redistribute vip metric-type 1 metric 1 tag 555
Example The following command enables redistribution using the route-map under the slb virtual
server and view the routes
ACOS(config)# slb virtual-server v1 5.5.5.5

ACOS(config-slb vserver)# redistribute route-map RMAP
router-id
Description Set the value used by this OSPF router to identify itself when exchanging route information
with other OSPF routers.
Syntax [no] router-id ipaddr
NOTE: The syntax for this command is slightly different for OSPFv2. See “ospf router-id” on
page 264.
Default The default router ID is the highest-numbered IP address configured on any of the ACOS
device’s loopback interfaces. If no loopback interfaces are configured, the highest-numbered
IP address configured on any of the ACOS device’s other Ethernet data interfaces is used.
NOTE: Setting the router ID is required for OSPFv3 and is strongly recommended for OSP-
Fv2.
Usage The ACOS device has only one router ID. The address does not need to match an address
configured on the ACOS device. However, the address must be an IPv4 address and must be
unique within the routing domain.
New or changed router IDs require a restart of the OSPF process. To restart the OSPF process,
use the clear ip ospf process command.
Example The following commands set the router ID to 3.3.3.3 and reload OSPF to place the new router
ID into effect:

ACOS(config-ospf)# router-id 3.3.3.3
ACOS(config-ospf)# clear ip ospf process
page 252
Configuration Commands Applicable to OSPFv2 Only
timers spf exp

Description Change Shortest Path First (SPF) timers used for route recalculation following a topology
change. This command enables exponential back-off delays for route recalculation.
Syntax [no] timers spf exp min-delay max-delay
min-delay Specifies the minimum number of milliseconds (ms) the OSPF
process waits after receiving a topology change, before recalcu-
lating its OSPF routes. You can specify 0-2147483647.
max-delay Specifies the maximum number of milliseconds (ms) the OSPF
process waits after receiving a topology change, before recalcu-
lating its OSPF routes. You can specify 0-2147483647.
Default The default min-delay is 500 ms. The default max-delay is 50000 ms.
Usage After you enter this command, any pending route recalculations are rescheduled based on
the new timer values.

The following configuration commands are applicable to OSPFv2 only.
• area area-id authentication
• area area-id filter-list
• area area-id multi-area-adjacency
• area area-id nssa
• area area-id shortcut
• compatible rfc1583
• distance
• distribute-list
• host ipaddr area
• maximum-area
• neighbor
page 253
• network
• ospf abr-type
• ospf router-id
• overflow database
• summary-address
The commands in this section apply throughout the OSPFv2 process in which the commands are
entered.
area area-id authentication

Description Enable authentication for an OSPF area.
Syntax [no] area area-id authentication [message-digest]
The message-digest option enables MD5 authentication. If you omit this option, simple
text authentication is used.
Default Disabled. No authentication is used.
Mode OSPFv2
page 254
area area-id filter-list

Description Filter the summary routes advertised by this OSPF router, if it is acting as an Area Border
Router (ABR).
Syntax [no] area area-id filter-list

{access acl-id {in | out} | prefix list-name {in | out}}
access acl-id ID of an Access Control List (ACL). The only routes that are
{in | out} advertised are routes to the subnets permitted by the ACL.
prefix list-name ID of an IP prefix list. The only routes that are advertised
{in | out} are routes to the subnets that match the list.
Default Not set.
Mode OSPFv2
Usage You can specify an ACL or an IP prefix list. To configure an ACL, see the “access-list” command
in the Command Line Interface Reference, or “ipv6 access-list” on page 194. To configure a pre-
fix list, see “ip prefix-list” on page 186.
area area-id multi-area-adjacency

Description Enables support for multiple OSPF area adjacencies on the specified interface.
Syntax [no] area area-id multi-area-adjacency

{ethernet portnum | loopback num | management | ve ve-num}
neighbor ipaddr
Default Disabled. By default, only one OSPF adjacency is allowed on an interface for a given OSPF
process.
Mode OSPFv2
Usage This command is applicable only if this OSPF router is an ABR.
area area-id nssa

Description Configure a not-so-stubby area (NSSA).
Syntax [no] area area-id nssa

[
default-information-originate
[metric num] [metric-type {1 | 2}] |
no-redistribution |
no-summary |
page 255
translator-role {always | candidate | never}

]
area-id Area ID.
default-information-originate Generates a Type 7 LSA into the NSSA area. (This option takes effect
[metric num] only on Area Border Routers (ABRs)):
[metric-type {1 | 2}]
• metric num – Metric for the default route, 0-16777214. The default
is 20.
• metric-type {1 | 2} – External link type associated with the
route advertised into the OSPF routing domain:
• 1 – Type 1 external route
• 2 – Type 2 external route
no-redistribution Disables redistribution of routes into the area.
no-summary Disables sending summary LSAs into the NSSA.
translator-role Specifies the types of LSA translation performed by this OSPF router
{always | candidate | never} for the NSSA:
• always – If this OSPF router is an NSSA border router, the router

will always translate Type 7 LSAs into Type 5 LSAs, regardless of
the translator state of other NSSA border routers.
• candidate – If this OSPF router is an NSSA border router, the router
is eligible to be elected the Type 7 NSSA translator.
• never – This OSPF router is ineligible to be elected the Type 7 NSSA
translator.
Default None
Mode OSPFv2
Example The following command configures an NSSA with area ID 6.6.6.6:

ACOS(config-ospf)# area 6.6.6.6 nssa
page 256
area area-id shortcut

Description Configure short-cutting through an area.
Syntax [no] area area-id shortcut {default | disable | enable}
area-id Area ID.
default Enables the default shortcut behavior. (See below.)
disable Disables shortcutting through the area.
enable Forces shortcutting through the area.
Default None
Mode OSPFv2
Usage A shortcut enables traffic to go through a non-backbone area with a lower metric, regardless
of whether the ABR router is attached to the backbone area.
compatible rfc1583
Description Enable calculation of summary route costs per RFC 1583.
Syntax [no] compatible rfc1583
Default Disabled. Summary route costs are calculated based on RFC 2328.
Mode OSPFv2
page 257
distance
Description Set the administrative distance for OSPF routes, based on route type.
Syntax [no] distance

{num | ospf {external | inter-area | intra-area} num}
num Sets the administrative distance for all route types. You can
specify 1-255.
ospf Sets the administrative distance for specific route types:
{external |
inter-area | • external – Routes that OSPF learns from other routing
intra-area} domains by redistribution.
num • intra-area – Routes within the same OSPF area.
• inter-area – Routes between OSPF areas.
You can use the ospf option with one or more of its subop-
tions. For each route type, you can specify 1-255.
Default For all route types, the default administrative distance is 110.
Mode OSPFv2
Usage The administrative distance specifies the trustworthiness of routes. A low administrative dis-
tance value indicates a high level of trust. Likewise, a administrative distance value indicates
a low level of trust. For example, setting the administrative distance value for external routes
to 255 means those routes are very untrustworthy and should not be used.
distribute-list
Description Filter the networks received or sent in route updates.
Syntax [no] distribute-list acl-id

{
in |
page 258
out {connected | floating-ip | ip-nat |

ip-nat-list | ospf | static | vip}
acl-id ID of an ACL. Only the networks permitted by the ACL will be
allowed.
in Uses the specified ACL to filter routes received by OSPF from
other sources. The filter applies to routes from all sources.
out Uses the specified ACL to filter routes advertised by OSPF to
route-type other routing domains. The route-type can be one of the follow-
ing:
• connected – Filters advertisement of directly connected net-

works.
• floating-ip – Filters advertisement of networks for floating IP
addresses.
• ip-nat – Filters advertisement of networks that are translated
NAT addresses allocated from a pool.
• ip-nat-list – Filters advertisement of networks that are trans-
lated NAT addresses allocated from a range list.
• ospf [process-id] – Filters advertisement of networks to
another OSPF process.
• static [only-flagged | only-not-flagged] – Filters advertisement
of networks reached by static routes.
• vip [only-flagged | only-not-flagged] – Filters advertisement of
networks to reach VIPs.
• By default, the option applies to all VIPs. To restrict the option
to a subset of VIPs, use one of the following options:
• only-flagged – Redistributes only the VIPs on which the redis-
Default None
Mode OSPFv2
page 259
host ipaddr area

Description Configure a stub host entry for an area.
Syntax [no] host ipaddr area area-id [cost num]
ipaddr IP address of the host.
area area-id OSPF area where the host is located.
cost num Cost of the stub host entry, 0-65535.
Default None
Mode OSPFv2
Usage Routes to the host are listed in router LSAs as stub links.
Description Log adjacency changes.
Syntax [no] log-adjacency-changes {detail | disable}
detail Log changes in adjacency state.
disable Disable logging of adjacency state changes.
Default Enabled by default.
Mode OSPFv2
Example The following example disables logging of adjacency state changes:

ACOS(config-ospf)# log-adjacency-changes disable
maximum-area
Description Set the maximum number of OSPF areas supported for this OSPF process.
Syntax [no] maximum-area num
Replace num with the maximum number of areas allowed for this OSPF process. You can
specify 1-4294967294.
page 260
Default 4294967294
Mode OSPFv2
page 261
neighbor
Description Configure an OSPF neighbor that is located on a non-broadcast network.
Syntax [no] neighbor ipaddr

[
cost num |
poll-interval seconds [priority num] |
priority num [poll-interval seconds]
]
ipaddr IP address of the OSPF neighbor.
cost num Specifies the link-state metric to the neighbor, 1-65535.
By default, no cost is set.

poll-interval Number of seconds this OSPF router will wait for a reply to a
seconds hello message sent to the neighbor, before declaring the
neighbor to be offline. You can specify 1-65535 seconds.

priority num Router priority of the neighbor, 1-255.
By default, no priority is set.
Default No neighbors on non-broadcast networks are configured by default. When you configure
one, the other parameters have the default settings described in the table above.
Mode OSPFv2
Usage This command is required only for neighbors on networks. Adjacencies to neighbors on
other types of networks are automatically established by the OSPF protocol.
It is recommended to set the poll-interval to a much higher value than the hello interval.
network
Description Enable OSPF routing for an area, on interfaces that have IP addresses in the specified area
subnet.
Syntax [no] network

ipaddr {/mask-length | wildcard-mask}
page 262
area area-id
[instance-id num]
ipaddr Subnet of the area. You can specify the subnet in CIDR format (ipaddr/
{/mask-length | wildcard-mask} mask-length) or as ipaddr wildcard-mask. In a wildcard-mask, 0s repre-
sent the network portion and 1s represent the host portion. For exam-
ple, for a subnet that has 254 hosts and a 24-bit network mask, the
wildcard-mask is 0.0.0.255.
area area-id Area ID.
instance-id num Range of OSPF instances for which to enable OSPF routing for the
area, 0-255. If you omit this option, OSPF routing is enabled for all
OSPF instances that are running on interfaces that have IP addresses
in the specified area subnet.
Default None
Mode OSPFv2
Example The following command configures an OSPF network:

ACOS(config-ospf)# network 10.10.20.20/24 area 10.10.20.30
ospf abr-type
Description Specify the Area Border Router (ABR) type.
Syntax [no] ospf abr-type {cisco | ibm | shortcut | standard}
cisco Alternative ABR using Cisco implementation (RFC 3509).
ibm Alternative ABR using IBM implementation (RFC 3509).
shortcut Shortcut ABR (draft-ietf-ospf-shortcut-abr-02.txt).
standard Standard ABR behavior (RFC 2328)
Default cisco
Mode OSPFv2
page 263
ospf router-id
Description Set the value used by this OSPF router to identify itself when exchanging route information
with other OSPF routers.
Syntax [no] ospf router-id ipaddr
Default For OSPFv2, the default router ID is the highest-numbered IP address configured on any of
the ACOS device’s loopback interfaces. If no loopback interfaces are configured, the highest-
numbered IP address configured on any of the ACOS device’s other Ethernet data interfaces
is used.
NOTE: Setting the router ID is strongly recommended for OSPFv2.
Mode OSPFv2
Usage The ACOS device has only one router ID. The address does not need to match an address
configured on the ACOS device. However, the address must be an IPv4 address and must be
unique within the routing domain.
New or changed router IDs require a restart of the OSPF process. To restart the OSPF process,
use the clear ip ospf process command.
Example The following commands set the router ID to 2.2.2.2 and reload OSPF to place the new router
ID into effect:

ACOS(config-ospf)# router-id 2.2.2.2
ACOS(config-ospf)# clear ip ospf process
page 264
overflow database
Description Specify the maxim number of LSAs or the maximum size of the external database.
Syntax [no] overflow database

{max-lsa [hard | soft] | external max-lsa recover-time}
max-lsa [hard | soft] Specifies the maximum number of LSAs per OSPF process, 0-
4294967294.
To configure the action to take if the LSA limit is exceeded:
• hard – Shut down the OSPF process for the process.

• soft – Issue a warning message without shutting down the OSPF
process for the process.
external max-lsa recover-time Specifies the maximum number of AS-external-LSAs the OSPF router
can receive, 0-2147483647. The recover-time option specifies the
number of seconds OSPF waits before attempting to recover after
max-lsa is exceeded. You can specify 0-65535 seconds. To disable
recovery, specify 0.
Default The default max-lsa is 2147483647.
Mode OSPFv2
summary-address
Description Summarize or disable advertisement of external routes for a specific IP address range. A sum-
mary-address helps reduce the size of the OSPF link-state database.
Syntax [no] summary-address ipaddr/mask {not-advertise | tag num}
ipaddr/mask Specifies the address range.
not-advertise Disables advertisement of routes for the specified range.
tag num Includes the specified tag value in external LSAs for IP
addresses within the specified range. The tag value can be
0-4294967295. The default tag value is 0.
Default None
Mode OSPFv2
page 265

All the global OSPF commands that are applicable to OSPFv3 are also applicable to OSPFv2. (See “Con-
figuration Commands Applicable to OSPFv2 or OSPFv3” on page 236.)
OSPF Show Commands

This section lists the OSPF show commands:
• show {ip | ipv6} ospf
• show ip ospf border-routers
• show ip ospf database
• show ipv6 ospf database
• show {ip | ipv6} ospf interface
• show {ip | ipv6} ospf neighbor
• show ip ospf redistributed
• show {ip | ipv6} ospf route
• show ip route acos
• show ip route acos
• show ipv6 ospf topology
page 266
OSPF Show Commands
show {ip | ipv6} ospf

Description Display configuration information and statistics for OSPFv2 processes or OSPFv3 processes.
Syntax show ip ospf [process-id]
show ipv6 ospf [tag]
process-id Specifies the OSPFv2 process. If you omit this option, settings
for all configured OSPFv2 processes are displayed.
tag Specifies the OSPFv3 process. If you omit this option, settings
for all configured OSPFv3 processes are displayed.
Mode Privileged EXEC and all configuration levels
Example The following command shows information for OSPFv2 process 0:
ACOS#show ip ospf 0
Routing Process "ospf 0" with ID 1.1.1.1
Process uptime is 3 hours 12 minutes
Process bound to VRF default
Conforms to RFC2328, and RFC1583 Compatibility flag is disabled
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Graceful Restart
This router is an ASBR (injecting external routing information)
SPF schedule delay min 0.500 secs, SPF schedule delay max 50.0 secs
Refresh timer 10 secs
Number of incoming current DD exchange neighbors 0/5
Number of outgoing current DD exchange neighbors 0/5
Number of external LSA 0. Checksum 0x000000
Number of opaque AS LSA 0. Checksum 0x000000
Number of non-default external LSA 0
External LSA database is unlimited.
Number of LSA originated 2
Number of LSA received 79
Number of areas attached to this router: 1
Area 1 (NSSA)
Number of interfaces in this area is 2(2)
Number of fully adjacent neighbors in this area is 2
Number of fully adjacent virtual neighbors through this area
is 0
Area has no authentication
SPF algorithm last executed 02:07:40.860 ago
SPF algorithm executed 16 times
page 267
OSPF Show Commands
Number of LSA 10. Checksum 0x06b2fa

NSSA Translator State is disabled
Shortcutting mode: Default, S-bit consensus: ok
show ip ospf border-routers

Description Display route information for OSPFv2 ABRs and ASBRs.
Syntax show ip ospf border-routers
Example The following command shows route information for ABRs and ASBRs:
ACOS#show ip ospf border-routers
OSPF process 0 internal Routing Table
Codes: i - Intra-area route, I - Inter-area route
i 9.1.1.1 [10] via 10.1.1.2, ethernet 1, ASBR, Area 0.0.0.0
OSPF process 1 internal Routing Table
Codes: i - Intra-area route, I - Inter-area route
show ip ospf database

Description Displays information about the OSPFv2 databases on the device.
NOTE: The options are different for OSPFv3. See “show ipv6 ospf database” on page 270.
Syntax show ip ospf database

[
adv-router ipaddr |
{asbr-summary | external | network | nssa-external |
opaque-area | opaque-as | opaque-link | router | summary}
[[ipaddr [adv-router ipaddr] [self-originate]] |
[adv-router ipaddr] | [self-originate]] |
max-age |
page 268
OSPF Show Commands
self-originate
]
adv-router ipaddr Displays LSA information for the specified advertising
router.
asbr-summary Displays information about ASBR summary LSAs.
max-age Displays information for the LSAs that have reached the
maximum age allowed, which is 3600 seconds.
self-originate Displays information for LSAs originated by this OSPF
router.
external Displays information about external LSAs.
network Displays information about network LSAs.
nssa-external Displays information about NSSA external LSAs.
opaque-area Displays information about Type-10 Opaque LSAs. Type-
10 Opaque LSAs are LSAs with local-area scope (link
state type 10), and are not flooded outside the local area.
opaque-as Displays information about Type-11 LSAs, which are
flooded throughout the Autonomous System (AS).
opaque-link Displays information about Type-9 LSAs. Type-9 LSAs
have link-local scope, and are not flooded beyond the
local network.
router Displays information about router LSAs.
summary Displays information about summary LSAs.
The following suboptions are available for the external, network, nssa-external,
opaque-area, opaque-as, opaque-link, router, and summary options:
ipaddr Displays LSA information for a specific link-state ID
(expressed as an IP address).
adv-router ipaddr Displays LSA information for the specified advertising
router.
self-originate Displays information for LSAs originated by this OSPF
router.
Example The following command shows the OSPFv2 database:
ACOS#show ip ospf database
Router Link States (Area 0.0.0.1 [NSSA])
page 269
OSPF Show Commands
Link ID ADV Router Age Seq# CkSum Link count

1.1.1.1 1.1.1.1 1105 0x800000c9 0xcb72 2
2.2.2.2 2.2.2.2 638 0x80000008 0xdb92 2
3.3.3.3 3.3.3.3 1998 0x800000cb 0x47c1 2
4.4.4.4 4.4.4.4 1717 0x800000f6 0xe1d2 3
Net Link States (Area 0.0.0.1 [NSSA])
Link ID ADV Router Age Seq# CkSum

10.0.0.1 3.3.3.3 1998 0x80000006 0xec1b
11.0.0.1 3.3.3.3 203 0x80000005 0x14ef
13.0.0.2 4.4.4.4 1717 0x80000006 0xbf3c
14.0.0.1 4.4.4.4 1962 0x80000004 0xf207
Summary Link States (Area 0.0.0.1 [NSSA])
Link ID ADV Router Age Seq# CkSum Route

0.0.0.0 3.3.3.3 1998 0x800000a3 0x99ed 0.0.0.0/0
NSSA-external Link States (Area 0.0.0.1 [NSSA])
Link ID ADV Router Age Seq# CkSum Route

Tag
1.0.100.1 1.1.1.1 1105 0x8000008e 0x942a E2 1.0.100.1/
32 0
show ipv6 ospf database

Description Displays information about the OSPFv3 databases on the device.
Syntax show ipv6 ospf [tag] database

[
external [adv-router ipaddr] |
grace [adv-router ipaddr] |
inter-prefix [adv-router ipaddr] |
inter-router [adv-router ipaddr] |
intra-prefix [adv-router ipaddr] |
link [adv-router ipaddr] |
network [adv-router ipaddr] |
router [adv-router ipaddr]
]
external Displays information about external LSAs.
page 270
OSPF Show Commands
grace Displays information about grace LSAs, used during graceful
restart.
inter-prefix Displays information about Inter-Area-Prefix LSAs.
inter-router Displays information about Inter-Area-Router LSAs.
intra-prefix Displays information about Intra-Area-Prefix LSAs.
links Displays information about link LSAs.
network Displays information about network LSAs.
router Displays information about router LSAs.
[adv-router] Displays LSA information for the specified advertising router.
ipaddr
Example The following command shows the OSPFv3 database:
ACOS#show ipv6 ospf database
OSPFv3 Router with ID (100.1.1.1) (Process *null*)
Link-LSA (Interface ethernet 1)
Link State ID ADV Router Age Seq# CkSum Prefix

0.0.0.3 9.1.1.1 498 0x8000000c 0xfa01 1
0.0.0.3 100.1.1.1 31 0x80000001 0xf29e 1
Router-LSA (Area 0.0.0.0)
Link State ID ADV Router Age Seq# CkSum Link

0.0.0.0 9.1.1.1 19 0x8000000d 0x9356 1
0.0.0.0 100.1.1.1 18 0x80000003 0x7127 1
Network-LSA (Area 0.0.0.0)
Link State ID ADV Router Age Seq# CkSum

0.0.0.3 9.1.1.1 19 0x80000001 0x7d29
Intra-Area-Prefix-LSA (Area 0.0.0.0)
Link State ID ADV Router Age Seq# CkSum Prefix Ref-

erence
0.0.0.2 9.1.1.1 18 0x80000001 0x5d5f 1 Net-
work-LSA
page 271
OSPF Show Commands
AS-external-LSA
Link State ID ADV Router Age Seq# CkSum

0.0.0.4 9.1.1.1 1508 0x80000017 0x6aad E2
0.0.0.1 100.1.1.1 29 0x80000001 0xcd18 E2
show {ip | ipv6} ospf interface

Description Display OSPF information for an interface.
Syntax show {ip | ipv6} ospf interface

{ethernet portnum | lif num | loopback num | management |
trunk num | tunnel num | ve ve-num}
Example The following command shows OSPFv3 information for interface Ethernet 1:
ACOS#show ipv6 ospf interface

ethernet 1 is up, line protocol is up
Interface ID 3
IPv6 Prefixes
fe80::21f:a0ff:fe04:d7e4/64 (Link-Local Address)
1000::1/32
OSPFv3 Process (*null*), Area 0.0.0.0, Instance ID 0
Router ID 100.1.1.1, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State Backup, Priority 1
Designated Router (ID) 9.1.1.1
Interface Address fe80::21f:a0ff:fe04:b1f0
Backup Designated Router (ID) 100.1.1.1
Interface Address fe80::21f:a0ff:fe04:d7e4
Timer interval configured, Hello 10, Dead 40, Wait 40, Retrans-
mit 5
Hello due in 00:00:02
Neighbor Count is 1, Adjacent neighbor count is 1
show {ip | ipv6} ospf neighbor

Description Display information about OSPF neighbors.
Syntax show ip ospf neighbor

[ipaddr [detail]] |
[all] |
page 272
OSPF Show Commands
[detail [all]] |
[interface interface-num]]
Syntax show ipv6 ospf [tag] neighbor

[ipaddr [detail]] |
[detail [all]] |
[interface interface-num]
NOTE: The all option applies only to OSPFv2.
process-id Specifies the OSPFv2 process. If you omit this option,
information for all configured OSPFv2 processes are dis-
played.
tag Specifies the OSPFv3 process. If you omit this option,
information for all configured OSPFv3 processes are dis-
played.
ipaddr [detail] Displays information for the specified neighbor. For
detailed information, use the detail option. For summary
information, omit the detail option.
all Includes neighbors whose status is Down. Without this
option, down neighbors are not included in the output.
detail [all] Displays detailed information for all neighbors. To include
down neighbors in the output, use the all option.
interface ipaddr Displays information for neighbors reachable through the
specified IP interface.
Example The following command shows information for OSPFv2 neighbors:
ACOS#show ip ospf neighbor
OSPF process 0:
Neighbor ID Pri State Dead Time Address Interface Instance ID
9.1.1.1 1 Full/Backup 00:00:34 10.1.1.2 ethernet 1 0
show ip ospf redistributed

Description Display the routes that are being redistributed into OSPFv2.
Syntax show ip ospf [process-id] redistributed

[
bgp |
connected |
floating-ip |
ip-nat |
ip-nat-list |
isis |
page 273
OSPF Show Commands
kernel |
lw4o6 |
ospf [|process-id] |
rip
selected-vip
static |
vip
]
process-id Specifies the OSPFv2 process. If you omit this option, informa-
tion for all configured OSPF processes is displayed.
bgp Displays redistributed routes from BGP.
connected Displays redistributed routes to directly-connected networks.
floating-ip Displays redistributed routes to floating IP addresses.
ip-nat Displays redistributed routes to IP addresses assigned from an
IP NAT pool.
ip-nat-list Displays redistributed routes to IP addresses assigned from an
IP NAT range list.
isis Displays redistributed routes from IS-IS.
kernel Displays redistributed kernel routes.
lw4o6 Displays redistributed Lightweight 4over6 routes.
ospf Displays redistributed routes from other OSPFv2 processes.
[process-id]
rip Displays redistributed routes from RIP.
selected-vip Displays redistributed routes to SLB VIPs that are explicitly
flagged for redistribution. This option is applicable if the only-
flagged option was used with the redistribute vip command.
static Displays redistributed static routes.
vip Displays redistributed routes to SLB VIPs that are implicitly
flagged for redistribution. This option is applicable if the only-
not-flagged option was used with the redistribute vip command.
Usage For more information on VIP redistribution, see “Usage” in “redistribute” on page 248.
page 274
OSPF Show Commands
show {ip | ipv6} ospf route

Description Display information for OSPFv2 routes.
Syntax show ip ospf [process-id] route
show ipv6 ospf [tag] route
tion for all configured OSPFv2 processes are displayed.
tag Specifies the OSPFv3 process. If you omit this option, informa-
Example The following command shows OSPFv2 IPv4 routes and OSPFv3 IPv6 routes:
ACOS#show ip ospf route

IA 0.0.0.0/0 [2] via 10.0.0.1, ve 1, Area 0.0.0.1
O 1.0.4.0/24 [2] via 13.0.0.2, ve 2, Area 0.0.0.1
C 10.0.0.0/24 [1] is directly connected, ve 1, Area 0.0.0.1
O 11.0.0.0/24 [2] via 10.0.0.1, ve 1, Area 0.0.0.1
ACOS#show ipv6 ospf route

OSPFv3 Process (*null*) Total = 1
Codes: C - connected, D - Discard, O - OSPF, IA - OSPF inter area
Destination Metric
Next-hop
C 1000::/32 10
directly connected, ethernet 1, Area 0.0.0.0
E2 9111::/32 10/20
via fe80::21f:a0ff:fe04:b1f0, ethernet 1
show ip route acos

Description Display ACOS information in the routing table.
Syntax show ip route acos
Mode EXEC
Example The following command shows the sample output:
ACOS#show ip route access
page 275
OSPF Show Commands
Codes: V - VIP, VF - VIP Flagged, N - IP NAT

NR - IP NAT Range List, F - Floating IP
N64 - NAT64, LW - LW4o6
VF 5.5.5.5/32 (appl-redist-rmap RMAP)
VF 6.6.6.6/32
show ipv6 ospf topology

Description Display OSPFv3 topology information.
Syntax show ipv6 ospf [tag] topology [area area-id]
tion for all configured OSPFv3 processes is displayed.
area area-id Displays OSPFv3 topology information for the specified area.
Example The following command shows the OSPFv3 topology:
ACOS#show ipv6 ospf topology
OSPFv3 Process (*null*)

OSPFv3 paths to Area (0.0.0.0) routers
Router ID Bits Metric Next-Hop Interface
9.1.1.1 E 10 9.1.1.1 ethernet 1
100.1.1.1 E --
page 276
OSPF Show Commands
show {ip | ipv6} ospf virtual-links

Description Display virtual link information.
Syntax show ip ospf [process-id] virtual-links
show ipv6 ospf [tag] virtual-links
Example The following command shows information for OSPFv2 virtual links:
ACOS#show ip ospf virtual-link

Virtual Link VLINK1 to router 143.0.0.143 is up
Transit area 0.0.0.1 via interface ethernet 1
Local address 13.0.0.2/32
Remote address 13.0.0.1/32
Transmit Delay is 1 sec, State Point-To-Point,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit
5
Hello due in 00:00:10
Adjacency state Full
ACOS#show ipv6 ospf virtual-links

Virtual Link VLINK1 to router 5.6.7.8 is up
Transit area 0.0.0.1 via interface eth0, instance ID 0
Local address 3ffe:1234:1::1/128
Remote address 3ffe:5678:3::1/128
Transmit Delay is 1 sec, State Point-To-Point,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
page 277
OSPF Show Commands
page 278
Config Commands: Router – IS-IS
This chapter describes the commands for configuring global Intermediate System to Intermediate Sys-
tem (IS-IS) parameters.
The following sections are covered:
• IS-IS Configuration Commands
• IS-IS Show Commands
described in the System Configuration and Administration Guide.
IS-IS Configuration Commands

This section describes the IS-IS configuration commands:
• address-family
• adjacency-check
• area-password
• authentication
• bfd
• distance
• domain-password
• ha-standby-extra-cost
• ignore-lsp-errors
• is-type
• lsp-gen-interval
• lsp-refresh-interval
page 279
• max-lsp-lifetime
• metric-style
• net
• passive-interface
• protocol-topology
• redistribute
• set-overload-bit
• spf-interval-exp
• summary-address
address-family
Description Configure this IS-IS instance to exchange multicast IPv6 addresses with other IS-IS routers.
Syntax [no] address-family ipv6
This command changes the CLI to the address-family configuration level, where the
following commands are available.
Command Description
adjacency-check Enables IS-IS router adjacency based on Type-Length-Value (TLV)
fields in IS-IS Hello packets between routers.
default-information originate Enables advertisement of the default route in Link State Packets
(LSPs) sent by this IS-IS instance.
distance Sets the administrative distance, 1-255, for IS-IS routes.
exit-address-family Exits from the address-family configuration level.
[no] multi-topology Enables multi-topology mode. The transition option accepts and
[level-1 | level-1-2 | level-2] generates both IS-IS IPv6 and multi-topology IPv6 TLVs.
[transition]
redistribute option Enables distribution of routes from other sources into IS-IS. For
available options, see “redistribute” on page 290.
summary-prefix ipv6-addr/prefix Configures an IPv6 summary prefix.
[level-1 | level-1-2 | level-2]
Default Disabled. When you enable IPv6 exchange, the unicast option is disabled by default.
Mode IS-IS
Example The following command enables exchange of IPv6 multicast addresses with other IS-IS rout-
ers, and enables the default route to be advertised.
ACOS(config)#router isis
page 280
ACOS(config-isis)#address-family ipv6
ACOS(config-isis-ipv6)#default-information originate
adjacency-check
Description Enable IS-IS router adjacency based on Type-Length-Value (TLV) fields in IS-IS Hello packets
between routers.
Syntax [no] adjacency-check
Default Enabled.
Mode IS-IS
area-password
Description Configure the password for authenticating IS-IS traffic between Level-1 routers.
Syntax [no] area-password string

[authenticate snp {send-only | validate}]
authenticate snp Uses the password for authentication of Sequence Num-
ber Packets (SNPs).
send-only Inserts the password into SNP PDUs before sending
them, but does not check for the password in SNP PDUs
received from other routers.
validate Inserts the password into SNP PDUs before sending
them, and also checks for the password in SNP PDUs
Default None. If you configure a Level-1 password, the snp option is disabled by default.
Mode IS-IS
Usage This command applies only to Level-1. To configure authentication for Level-2, see “domain-
password” on page 284.
Example The following command configures IS-IS to use password “isisl1pwd” to authenticate Level-1
IS-IS traffic within the area, including inbound and outbound SNP PDUs:
ACOS(config-isis)#area-password isisl1pwd authenticate snp validate
page 281
authentication
Description Configure authentication for this IS-IS instance.
Syntax [no] authentication send-only [level-1 | level-2]
[no] authentication mode md5 [level-1 | level-2]
[no] authentication key-chain name [level-1 | level-2]
send-only [level-1 | level-2] Disables checking for keys in IS-IS packets received by this IS-IS
instance.
• level-1 – Disables key checking only for Level-1 (intra-area) IS-IS

traffic.
• level-2 – Disables key checking only for Level-2 (inter-area) IS-IS
traffic.
mode md5 [level-1 | level-2] Enables MD5 authentication.
• level-1 – Enables MD5 only for Level-1 (intra-area) IS-IS traffic.

• level-2 – Enables MD5 only for Level-2 (inter-area) IS-IS traffic.
key-chain name Specifies the name of the certificate key chain to use for authenticating
[level-1 | level-2] IS-IS traffic.
• level-1 – Applies only to Level-1 (intra-area) IS-IS traffic.

• level-2 – Applies only to Level-2 (inter-area) IS-IS traffic.
Default Clear-text authentication is enabled by default. MD5 authentication is disabled by default.

No key chain is set by default. The send-only option is disabled by default. All options
apply to Level-1 and Level-2, unless you specify one level or the other. For all options that
accept the level-1, level-1-2, or level-2 keyword, the default is level-1.
Mode IS-IS
Usage Use the send-only option to temporarily disable key checking, then use the key-chain
option to specify the key chain. To use MD5, use the md5 option to disable clear-text authen-
tication and enable MD5 authentication. After key-chains are installed on the other IS-IS rout-
ers, disable the send-only option.
Example The following commands configure MD5 authentication for this IS-IS instance:
ACOS(config-isis)#authentication send-only
ACOS(config-isis)#authentication mode md5
ACOS(config-isis)#authentication key-chain chain1
ACOS(config-isis)#no authentication send-only
page 282
bfd
Description Enable BFD on all interfaces for which IS-IS is running.
Syntax [no] bfd all-interfaces
Default Disabled
Mode IS-IS
Description Enable advertisement of the default route in Link State Packets (LSPs) sent by this IS-IS
instance.
Default Disabled
Mode IS-IS
Usage If the IPv4 or IPv6 data route tables contain a default route, the default route is included in
Level-2 LSPs sent by this IS-IS instance. This command does not apply to Level-1 LSPs.
distance
Description Set the administrative distance for IS-IS routes.
Syntax [no] distance num [system-id]
num Specifies the distance, 1-255.
system-id Assigns the distance only to routes from the router with the
specified IS-IS system ID.
Default None
Mode IS-IS
Usage The administrative distance specifies the trustworthiness of routes. A low administrative dis-
tance value indicates a high level of trust. Likewise, a administrative distance value indicates
a low level of trust. For example, setting the administrative distance value for external routes
to 255 means those routes are very untrustworthy and should not be used.
page 283
domain-password
Description Configure the password for authenticating IS-IS traffic between Level-2 routers.
Syntax [no] domain-password string

[authenticate snp {send-only | validate}]
authenticate snp Uses the password for authentication of Sequence Num-
ber Packets (SNPs).
send-only Inserts the password into SNP PDUs before sending
them, but does not check for the password in SNP PDUs
validate Inserts the password into SNP PDUs before sending
them, and also checks for the password in SNP PDUs
Default None. If you configure a Level-2 password, the snp option is disabled by default.
Mode IS-IS
Usage This command applies only to Level-2. To configure authentication for Level-1, see “area-
password” on page 281.
Example The following command configures IS-IS to use password “isisl2pwd” to authenticate Level-2
IS-IS traffic, including inbound and outbound SNP PDUs:
ACOS(config-router)#domain-password isisl2pwd authenticate snp validate
ha-standby-extra-cost
Description Enable IS-IS awareness of VRRP-A.
Syntax [no] ha-standby-extra-cost num
Replace num with the extra cost to add to the ACOS device’s IS-IS interfaces, if the VRRP-A
status of one or more of the device’s VRIDs is Standby. You can specify 1-65535. If the
resulting cost value is more than 65535, the cost is set to 65535.
Default Not set. The IS-IS protocol on the ACOS device is not aware of the VRRP-A state (Active or
Standby) of the ACOS device.
Mode IS-IS
Usage Enter the command on each of the ACOS devices in the VRRP-A VRID.
page 284
ignore-lsp-errors
Description Disable checksum verification for inbound LSPs.
Syntax [no] ignore-lsp-errors
Default Disabled. The checksums of inbound LSPs are verified.
Mode IS-IS
is-type
Description Specify the IS-IS routing level for this IS-IS instance.
Syntax [no] is-type {level-1 | level-1-2 | level-2-only}
level-1 Level-1 (intra-area) only.
level-1-2 Level-1 and Level-2.
level-2-only Level-2 (inter-area) only.
Default Level-1.
Mode IS-IS
Usage Only one IS-IS instance on the ACOS device can run Level-2 routing.
Description Log adjacency changes.
Syntax [no] log-adjacency-changes {detail | disable}
detail Log changes in adjacency state.
disable Disable logging of adjacency state changes.
Default Enabled by default.
Mode IS-IS
Example The following example disables logging of adjacency state changes:
ACOS(config-isis)#log-adjacency-changes disable
page 285
lsp-gen-interval
Description Configure the minimum interval for LSP regeneration.
Syntax [no] lsp-gen-interval seconds [level-1 | level-2]
level-1 | level-2 Specifies the circuit type to which to apply the interval
configuration. The default is level-1.
seconds Specifies the minimum number of seconds between each
regeneration of the LSP. You can specify 1-120 seconds.
Default 30 seconds, for both Level-1 and Level2
Mode IS-IS
lsp-refresh-interval
Description Configure the LSP refresh interval.
Syntax [no] lsp-refresh-interval seconds
Replace seconds with the minimum number of seconds IS-IS must wait before refreshing
an LSP. You can specify 1-65535 seconds.
Default 900
Mode IS-IS
Usage The lsp-refresh-interval must be smaller than the max-lsp-lifetime.
max-lsp-lifetime
Description Configure the LSP maximum lifetime.
Syntax [no] max-lsp-lifetime seconds
Replace seconds with the maximum number of seconds an LSP can remain in the database
without being refreshed. You can specify 350-65535 seconds.
Default 1200
Mode IS-IS
Usage The max-lsp-lifetime must be larger than the lsp-refresh-interval.
page 286
metric-style
Description Configure the metric style to use for SPF calculation and for TLV encoding in LSPs.
Syntax [no] metric-style

{
narrow [[level-1 | level-1-2 | level-2]] |
transition [level-1 | level-1-2 | level-2] |
wide [[level-1 | level-1-2 | level-2] |
narrow-transition [level-1 | level-1-2 | level-2] |
wide-transition [level-1 | level-1-2 | level-2]}
narrow Supports 6-bit metric length for SPF calculation and TLV encoding.
The transition option also allows 24-bit metrics for SPF calculation, but not for
TLV encoding.
• level-1 – Supports 24-bit SPF calculation only for circuit type Level-1.
• level-1-2 – Supports 24-bit SPF calculation for circuit types Level-1 and Level-2.
(This is the default, if the transition option is used.)
transition Supports 6-bit and 24-bit metric lengths for SPF calculation and TLV encoding.
• level-1 – Supports both metric lengths only for circuit type Level-1.
• level-2 – Supports both metric lengths only for circuit type Level-2.
• level-1-2 – Supports both metric lengths for circuit types Level-1 and Level-2.
wide Supports 24-bit metric length for SPF calculation and TLV encoding.
The transition option also allows 6-bit metrics for SPF calculation, but not for TLV
encoding.
This command should be included in all IPv6 IS-IS configurations.
page 287
narrow-transition Supports 6-bit metric length for SPF calculation and TLV encoding.
The transition option also allows 24-bit metrics for SPF calculation, but not for
TLV encoding.
wide-transition Supports 24-bit metric length for SPF calculation and TLV encoding.
The transition option also allows 6-bit metrics for SPF calculation, but not for TLV
encoding.
Default Narrow, for Level-1 and Level-2 routing levels (level-1-2). For all options that accept the
level-1, level-1-2, or level-2 keyword, the default is level-1.
Mode IS-IS
net
Description Configure a Network Entity Title (NET) for the instance.
Syntax [no] net area-address.system-id.00
area-address Specifies the address of the IS-IS area.
system-id Specifies the system ID.
Default None
Mode IS-IS
Usage Each IS-IS instance must have at least 1 NET.
The total length of the NET can be 8-20 bytes.
• The last (right-most) byte must be 00.

• The system-id must be 6 bytes long. For Level-1, the system-id must be unique
within the area. For Level-2, the system-id must be unique within the entire domain.
• The area-address can be up to 13 bytes long.
page 288
You can configure more than one NET. This is useful in cases where you are reconfiguring the
network and need to temporarily merge or split existing areas.
If you configure more than 1 NET, the area-address must be unique in each NET but the
system-id must be the same.
passive-interface
Description Disable routing IS-IS routing updates on ACOS interfaces.
Syntax [no] passive-interface

{ethernet num | lif num | loopback num | trunk num | ve ve-num}
ethernet num Disables routing updates from being sent on the specified
Ethernet data port.
lif num Disables routing updates from being sent on the specified logi-
cal interface.
loopback num Disables routing updates from being sent on the specified loop-
back interface.
trunk num Disables routing updates from being sent on the specified trunk
interface.
ve ve-num Disables routing updates from being sent on the specified Vir-
tual Ethernet (VE) interface.
Default Disabled
Mode IS-IS
Usage This command removes all IS-IS configuration from the specified interface.
For proper operation of IS-IS, routing updates must be enabled on at least one interface.
protocol-topology
Description Enable IS-IS protocol topology support, which provides IPv4/IPv6/dual-stack support.
Syntax [no] protocol-topology
Default Disabled
Mode IS-IS
Usage For standard IS-IS support, leave this option disabled.
page 289
redistribute
Description Enable distribution of routes from other sources into IS-IS.

{
bgp [options] |
ip-nat [options] |
isis [options] |
lw4o6 [options] |
ospf [process-id] [options] |
rip [route-map map-name] |
static [options] |
vip [only-flagged | only-not-flagged] [options]
}
bgp [options] Redistributes route information from Border Gateway Protocol
(BGP) into IS-IS. For options, see the end of this parameter list.
connected [options] Redistributes routes into IS-IS for reaching directly connected net-
works.
floating-ip [options] Redistributes routes into IS-IS for reaching floating IP addresses.
ip-nat [options] Redistributes routes into IS-IS for reaching translated NAT
addresses allocated from a pool.
ip-nat-list [options] Redistributes routes into IS-IS for reaching translated NAT
addresses allocated from a range list.
isis [options] Redistributes routes back into IS-IS.
lw406 [options] Redistributes routes into IS-IS for Lightweight 4over6. (This is an
IPv6 Migration feature.)
ospf [process-id] [options] Redistributes OSPF routes into IS-IS.
rip [options] Redistributes routes into IS-IS for RIP.
static [options] Redistributes routes into IS-IS for reaching networks through
static routes.
page 290
vip TO control which VIPs are redistributed, use one of the following
[only-flagged | only-not-flagged] options:
[options]
• only-flagged – Redistributes only the VIPs on which the
redistribution-flagged command is used.
For more information, see the “Usage” description of this com-

mand.
[options] Optional parameters supported for all other options in this table:
• level-1 – Redistributes only at the IS-IS area level. (This is the

default IS-IS level.)
• level-1-2 – Redistributes at both the IS-IS area and domain
levels.
• level-2 – Redistributes only at the IS-IS domain level. (This is
the default.)
• metric num – Metric for the default route, 0-4261412864. The
default is 0.
• metric-type – Specifies the metric information used when
comparing the route to other routes:
• The external type uses the route’s metric for comparison.
• The internal type uses the route’s metric for comparison
and also uses the cost of the router that advertised the route
(this is the default).
• route-map map-name – Name of a route map. (To configure a
route map, use the route-map command. See “route-map” in
the System Configuration and Administration Guide.
Default Disabled. By default, IS-IS routes are not redistributed. For other defaults, see above.
Mode IS-IS
uted. Use the vip option to control which routes to VIPs are redistributed into IS-IS.
VIP Redistribution
methods.

• At the configuration level for IS-IS, enter the following command: redistribute
vip only-flagged
page 291
• At the configuration level for IS-IS, enter either of the following commands: redis-
tribute vip only-not-flagged or redistribute vip

• If you have 10 VIPs and all of them need to be redistributed by IS-IS, use the redis-
tribute vip command at the configuration level for IS-IS.
the redistribute vip only-flagged command at the configuration level for IS-
IS.
figuration level for IS-IS. (In this case, alternatively, you could enter redistribute
vip instead of redistribute vip only-not-flagged.)
Example The following commands redistribute floating IP addresses and OSPF routes into IS-IS:
ACOS(config-isis)#redistribute floating-ip
ACOS(config-isis)#redistribute ospf
set-overload-bit
Description Disable use of this IS-IS router as a transit router during SPF calculation.
Syntax [no] set-overload-bit
Syntax [no] set-overload-bit on-startup {seconds | wait-for-bgp}
Syntax [no] set-overload-bit suppress {[external] [interlevel]}
on-startup Sets the overload bit only after startup of the IS-IS instance, and clears the
{seconds | wait-for-bgp} bit based on one of the following options:
• seconds – Clears the overload bit after the specified number of sec-
onds. You can specify 5-86400 seconds.
• wait-for-bgp – Clears the overload bit after BGP signals that it has fin-
ished convergence.
• If BGP is not running, the overload bit is immediately cleared.
• If BGP is running but does not signal convergence within 10 minutes
after the IS-IS instance starts, the overload bit is cleared.
page 292
supress Suppresses redistribution of specific types of reachability information
{external | interlevel} during the overload state.
• external – Suppresses redistribution of IP prefixes learned from other

protocols. For example, redistribution of IP prefixes from OSPF is sup-
pressed.
• interlevel – Suppresses redistribution of IP prefixes learned from other
IS-IS levels. For example, redistribution of IP prefixes from Level-2 to
Level-1 is suppressed.
Default Disabled. The overload bit is not set, and this IS-IS router can be used as a transit (intermedi-
ate hop) router during SPF calculation.
Mode IS-IS
Usage IP prefixes that are directly connected to this IS-IS router continue to be reachable even
when the overload bit is set.
spf-interval-exp
Description Configure the minimum and maximum delay between receiving a link-state or IS-IS configu-
ration change, and SPF recalculation.
Syntax [no] spf-interval-exp min-delay max-delay [level-1 | level-2]
level-1 | level-2 Specifies the IS-IS level to which to apply the interval set-
ting.

min-delay Specifies the minimum number of milliseconds (ms) to
wait before SPF recalculation following a link-state or IS-
IS configuration change. You can specify 0-2147483647
ms.
max-delay Specifies the maximum number of ms to wait. You can
specify 0-2147483647 ms.
Default The default min-delay is 500 ms and the default max-delay is 50000 ms, for Level-1 and
Level-2 routing levels.
Mode IS-IS
page 293
IS-IS Show Commands
summary-address
Description Configure an IPv4 summary address to aggregate multiple IPv4 prefixes for advertisement.
Syntax [no] summary-address ipaddr/mask-length

[level-1 | level-1-2 | level-2]
ipaddr/mask-length Specifies the summary IPv4 address to advertise.
level-1 | Specifies the IS-IS routing level to which to advertise
level-1-2 | the summary address. If you do not specify a routing
level-2 level, the summary address is advertised at Level-2
only.
Default None
Mode IS-IS
Usage The summary address is advertised instead of the individual IP prefixes contained in the sum-
mary address. For example, if the IPv4 route table has routes to 192.168.1.x/24, 192.168.2.x/
24, and 192.168.11.x/24, you can configure IS-IS to advertise summary address 192.168.0.0/16
instead of each of the individual prefixes.
IS-IS Show Commands

This section describes the IS-IS show commands:
• show ip isis [tag] route
• show ipv6 isis [tag] route
• show ipv6 isis [tag] topology
• show isis counter
• show isis [tag] database
• show isis interface
• show isis [tag] topology
page 294
IS-IS Show Commands
show ip isis [tag] route

Description Display the IPv4 IS-IS route table.
Syntax show ip isis [tag] route
Replace tag with the IS-IS tag (area). If you do not specify a tag value, IPv4 routes for all areas
are displayed.
Mode All
Example The following command shows the IPv4 IS-IS route table:
ACOS(config)#show ip isis route
System wide total number of IS-IS IPv4 routes is 1 (Limit 8192)
Codes: C - connected, E - external, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, D - discard, e - external metric
Area (null):
Destination Metric Next-Hop Interface Tag
C 1.0.3.0/24 10 -- ethernet 5 --
L1 1.0.4.0/24 20 12.0.0.2 ethernet 2 0
C 12.0.0.0/24 10 -- ethernet 2 --
show ipv6 isis [tag] route

Description Display the IPv6 IS-IS route table.
Syntax show ipv6 isis [tag] route
Replace tag with the IS-IS tag (area). If you do not specify a tag value, IPv6 routes for all areas
are displayed.
Mode All
Example The following command shows the IPv6 IS-IS route table:
ACOS(config)#show ipv6 isis route

System wide total number of IS-IS IPv6 routes is 1 (Limit 8192)
Codes: C - connected, E - external, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, D - discard, e - external metric
Area (null):
C 3000::/64 [10]
page 295
IS-IS Show Commands
via ::, ethernet 2

C 3ff3::/64 [10]
via ::, ethernet 5
L1 3ff4::/64 [20]
via fe80::21f:a0ff:fe10:a4a6, ethernet 2
show ipv6 isis [tag] topology

Description Display IPv6 IS-IS topology information.
Syntax show ipv6 isis [tag] topology [l1 | l2 | level-1 | level-2]
Mode All
Example The following command shows IPv6 IS-IS topology information:
ACOS(config)#show ipv6 isis topology

Area (null):
IS-IS paths to level-1 routers
System Id Metric Next-Hop Interface SNPA
0000.0000.0001 --
0000.0000.0002 10 0000.0000.0002 ethernet 2 001f.a010.a4a6

0000.0000.0001 --
0000.0000.0002 10 0000.0000.0002 ethernet 2 001f.a010.a4a6
show isis counter

Description Display IS-IS statistics.
Syntax show isis counter
Mode All
Example The following command shows IS-IS counters:
ACOS(config)#show isis counter

Area (null):
IS-IS Level-1 isisSystemCounterEntry:
isisSysStatCorrLSPs: 0
isisSysStatAuthTypeFails: 0
isisSysStatAuthFails: 0
isisSysStatLSPDbaseOloads: 0
isisSysStatManAddrDropFromAreas: 0
page 296
IS-IS Show Commands
isisSysStatAttmptToExMaxSeqNums: 0
isisSysStatSeqNumSkips: 0
isisSysStatOwnLSPPurges: 0
isisSysStatIDFieldLenMismatches: 0
isisSysStatMaxAreaAddrMismatches: 0
isisSysStatPartChanges: 0
isisSysStatSPFRuns: 4
IS-IS Level-2 isisSystemCounterEntry:

isisSysStatCorrLSPs: 0
isisSysStatAuthTypeFails: 0
isisSysStatAuthFails: 0
isisSysStatLSPDbaseOloads: 0
isisSysStatManAddrDropFromAreas: 0
isisSysStatAttmptToExMaxSeqNums: 0
isisSysStatSeqNumSkips: 0
isisSysStatOwnLSPPurges: 0
isisSysStatIDFieldLenMismatches: 0
isisSysStatMaxAreaAddrMismatches: 0
isisSysStatPartChanges: 0
isisSysStatSPFRuns: 3
show isis [tag] database

Description Display the IS-IS database entries.
Syntax show isis [tag] database

[lspid]
page 297
IS-IS Show Commands
[detail | verbose]
[l1 | l2 | level-1 | level-2]
tag Specifies the IS-IS tag (area). If you do not specify a tag value,
database entries for all areas is displayed.
lspid Specifies the ID of a specific LSP to display.
detail Displays detailed contents of the LSPs. Without this option,
summary information is displayed.
verbose Displays verbose database information.
l1 | Specifies the IS-IS routing level for which to display database
l2 | entries.
level-1 |
level-2 The default is level-1.
Mode All
Example The following command shows the IS-IS database:
ACOS(config)#show isis database

IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
0000.0000.0001.00-00* 0x00000007 0x8223 857 0/0/0
0000.0000.0002.00-00 0x00000007 0x0F96 865 0/0/0
0000.0000.0002.02-00 0x00000004 0x01D4 865 0/0/0
IS-IS Level-2 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
0000.0000.0001.00-00* 0x00000003 0x77F4 884 0/0/0
0000.0000.0002.00-00 0x00000003 0x640A 879 0/0/0
0000.0000.0002.02-00 0x00000001 0x07D1 853 0/0/0
show isis interface

Description Display IS-IS information for interfaces.
Syntax show isis interface

[
counter |
ethernet port-num |
lif num |
loopback num |
trunk num |
page 298
IS-IS Show Commands
ve ve-num
}
counter Displays IS-IS interface status information and statistics.
ethernet port-num Displays IS-IS information for the specified Ethernet data
port.
lif num Displays IS-IS information for the specified logical inter-
face.
loopback num Displays IS-IS information for the specified loopback
interface.
trunk num Displays IS-IS information for the specified trunk inter-
face.
ve ve-num Displays IS-IS information for the specified VE interface.
Mode All
Example The following command shows IS-IS interface information:
ACOS(config)#show isis interface

Routing Protocol: IS-IS ((null))
Network Type: Broadcast
Circuit Type: level-1-2
Local circuit ID: 0x01
Extended Local circuit ID: 0x00000005
Local SNPA: 001f.a002.5bc9
MTU: 1500 (Jumbo enabled)
IP interface address:
12.0.0.1/24
IPv6 interface address:
3000::1/64
fe80::21f:a0ff:fe02:5bc9/64
Level-1 Metric: 10/10, Priority: 64, Circuit ID: 0000.0000.0002.02
Number of active level-1 adjacencies: 1
Next IS-IS LAN Level-1 Hello in 4 seconds
Routing Protocol: IS-IS ((null))
Network Type: Broadcast
Circuit Type: level-1-2
Local circuit ID: 0x02
Extended Local circuit ID: 0x0000000B
page 299
IS-IS Show Commands
Local SNPA: 001f.a002.5bcc

MTU: 1500 (Jumbo enabled)
IP interface address:
1.0.3.1/24
IPv6 interface address:
3ff3::1/64
fe80::21f:a0ff:fe02:5bcc/64
show isis [tag] topology

Description Display IPv4 IS-IS topology information.
Syntax show isis topology [l1 | l2 | level-1 | level-2]
You can specify one of l1, l2, level-1, or level-2 as the IS-IS routing level for which to
display topology information.
Default level-1
Usage All
Example The following command shows IPv4 IS-IS topology information:
ACOS(config)#show isis topology
Area (null):
0000.0000.0001 --
0000.0000.0002 10 0000.0000.0002 ethernet 2 001f.a010.a4a6

0000.0000.0001 --
0000.0000.0002 10 0000.0000.0002 ethernet 2 001f.a010.a4a6
ACOS(config)#
page 300
Config Commands: Router – BGP
This chapter describes the syntax for the Border Gateway Protocol (BGP) commands. The commands
are described in the following sections:
• “Enabling BGP” on page 302
• “BGP Configuration Commands” on page 303
• “BGP Show Commands” on page 337
• “BGP Clear Commands” on page 350
page 301
Enabling BGP
Enabling BGP
To enable BGP on the ACOS device:
1. Enable the protocol and specify the Autonomous System (AS) number, using the following com-
mand at the global configuration level of the CLI:
router bgp AS-num
The AS-num specifies the Autonomous System Number (ASN), which can be 1-4294967295. The
ACOS device supports configuration of one local AS.
2. Specify the ACOS device’s BGP router ID:

bgp router-id ipaddr
NOTE: It is strongly recommended to manually set a unique BGP router ID for

each BGP instance within the ACOS device's partitions.
3. Specify each of the ACOS device’s neighbor (peer) BGP routers:

neighbor neighbor-id remote-as AS-num
your deployment.
cols you plan to use on the ACOS device, to prevent router ID changes
caused by VRRP-A failover. If you do not explicitly configure the ACOS
device’s BGP router ID, BGP sessions may become reset whenever there
is an interface state change.
page 302
BGP Configuration Commands

The commands in this section apply globally to the BGP process running on the ACOS device.
The following sections are included:
• Commands at the Global Configuration Level
• Commands at the BGP Router Configuration Level
Commands at the Global Configuration Level

The commands in this section are available at the global configuration level of the CLI:
• bgp extended-asn-cap
• bgp nexthop-trigger
bgp extended-asn-cap
Description Enable the ACOS device to send 4-octet BGP Autonomous System Number (ASN) capabili-
ties.
Syntax [no] bgp extended-asn-cap
Default Disabled; 2-octet ASN capabilities are enabled instead.
bgp nexthop-trigger
Description Configure BGP nexthop tracking.
Syntax [no] bgp nexthop-trigger {delay seconds | enable}
seconds Specifies the how long BGP waits before walking the full BGP table
to determine which prefixes are affected by the nexthop changes,
after receiving a trigger about nexthop changes. You can specify 1-
100 seconds.
enable Enables nexthop tracking.
Default BGP nexthop tracking is disabled by default. When you enable it, the default delay is 5 sec-
onds.
page 303
Commands at the BGP Router Configuration Level

The commands in this section are available at the configuration level for the BGP routing process for
an AS.
To access the BGP router configuration level, use the router bgp command at the global configuration
level of the CLI:
ACOS(config)#router bgp 100

ACOS(config-bgp:100)#
• address-family
• aggregate-address
• auto-summary
• bgp always-compare-med
• bgp bestpath
• bgp dampening
• bgp default
• bgp deterministic-med
• bgp enforce-first-as
• bgp fast-external-failover
• bgp log-neighbor-changes
• bgp nexthop-trigger-count
• bgp router-id
• bgp scan-time
• distance
• maximum-paths
• neighbor neighbor-id activate
• neighbor neighbor-id advertisement-interval
• neighbor neighbor-id allowas-in
• neighbor neighbor-id as-origination-interval
page 304
• neighbor neighbor-id capability
• neighbor neighbor-id collide-established
• neighbor neighbor-id default-originate
• neighbor neighbor-id description
• neighbor neighbor-id disallow-infinite-holdtime
• neighbor neighbor-id distribute-list
• neighbor neighbor-id dont-capability-negotiate
• neighbor neighbor-id ebgp-multihop
• neighbor neighbor-id enforce-multihop
• neighbor neighbor-id fall-over
• neighbor neighbor-id filter-list
• neighbor neighbor-id maximum-prefix
• neighbor neighbor-id next-hop-self
• neighbor neighbor-id override-capability
• neighbor neighbor-id passive
• neighbor neighbor-id password
• neighbor neighbor-id peer-group
• neighbor neighbor-id prefix-list
• neighbor neighbor-id remote-as
• neighbor neighbor-id remove-private-as
• neighbor neighbor-id route-map
• neighbor neighbor-id send-community
• neighbor neighbor-id shutdown
• neighbor neighbor-id soft-reconfiguration
• neighbor neighbor-id strict-capability-match
• neighbor neighbor-id timers
• neighbor neighbor-id unsuppress-map
• neighbor neighbor-id update-source
• neighbor neighbor-id weight
page 305
• network
• redistribute
• synchronization
• timers
address-family
Description Configure address family parameters.
Syntax [no] address-family ivp6
This command changes the CLI to a new configuration level where the following commands
are available.
Command Description
[no] aggregate-address options See “aggregate-address” on page 308.
[no] auto-summary See “auto-summary” on page 308.
[no] bgp dampening options See “bgp dampening” on page 310.
[no] default-information originate See “default-information originate” on page 313.
[no] distance See “distance” on page 313.
[no] exit-address-family Exits the address-family configuration level.
[no] maximum-paths See “maximum-paths” on page 314.
page 306
Command Description
[no] neighbor options The following neighbor commands are supported under the
address-family configuration level:
• neighbor neighbor-id activate

• neighbor neighbor-id advertisement-interval
• neighbor neighbor-id allowas-in
• neighbor neighbor-id as-origination-interval
• neighbor neighbor-id capability
• neighbor neighbor-id collide-established
• neighbor neighbor-id default-originate
• neighbor neighbor-id description
• neighbor neighbor-id disallow-infinite-holdtime
• neighbor neighbor-id distribute-list
• neighbor neighbor-id dont-capability-negotiate
• neighbor neighbor-id ebgp-multihop
• neighbor neighbor-id enforce-multihop
• neighbor neighbor-id fall-over
• neighbor neighbor-id filter-list
• neighbor neighbor-id maximum-prefix
• neighbor neighbor-id next-hop-self
• neighbor neighbor-id override-capability
• neighbor neighbor-id passive
• neighbor neighbor-id password
• neighbor neighbor-id peer-group
• neighbor neighbor-id prefix-list
• neighbor neighbor-id remote-as
• neighbor neighbor-id remove-private-as
• neighbor neighbor-id route-map
• neighbor neighbor-id send-community
• neighbor neighbor-id shutdown
• neighbor neighbor-id soft-reconfiguration
• neighbor neighbor-id strict-capability-match
• neighbor neighbor-id timers
• neighbor neighbor-id unsuppress-map
• neighbor neighbor-id update-source
• neighbor neighbor-id weight
[no] network options See “network” on page 333.
[no] redistribute options See “redistribute” on page 334.
Default None
Mode BGP
page 307
aggregate-address
Description Configure an aggregate address.
Syntax [no] aggregate-address ipaddr/mask-length [as-set] [summary-only]
ipaddr/mask-length If you are using this command at the BGP configura-
tion level, specify an IPv4 aggregate network address.
If you are using the command at the address-family

configuration level, you must specify an IPv6 IP
aggregate network address.
as-set Generates AS set path information.
summary-only Filters more specific routes from updates.
Default None
Mode BGP or address-family
auto-summary
Description Enable sending of summarized routes to BGP peers.
Syntax [no] auto-summary
Default Disabled
Mode BGP
bgp always-compare-med
Description Enable comparison of the Multi Exit Discriminators (MEDs) for paths from neighbors in differ-
ent ASs.
Syntax [no] bgp always-compare-med
Default Disabled. By default, MED comparison is done only among paths from the same AS.
Mode BGP
page 308
bgp bestpath
Description Configure options to select the best of multiple paths for a route.
Syntax [no] bgp bestpath {as-path [ignore] | compare-routerid}
as-path Use the AS path when selecting the best path for a route.
AS path consideration is enabled by default.

ignore Ignore the AS path when selecting the best path for a route.
compare- Enables comparison of router IDs when comparing identical
routerid routes received from different neighbors. In this case, the route
from the neighbor with the lowest route ID is selected.
By default, BGP receives routes with identical eBGP paths from

eBGP peers and selects the first route received as the best path.
Mode BGP
page 309
bgp dampening
Description Configure the BGP response to route flapping, to minimize network disruption.
Syntax [no] bgp dampening {dampening-options | route-map map-name}
dampening-options Configures the dampening options:
• reachability-half-life—Specifies the reachability half-life, which is the time

it takes the penalty to decrease to one-half of its current value. You can specify 1-45
minutes.
The default is 15 minutes.
• reuse-start—Specifies the reuse limit value. When the penalty for a suppressed
route decays below the reuse value, the routes become unsuppressed. You can
specify 1-20000.
The default is 750.
• suppress-start—Specifies the suppress limit value. When the penalty for a route
exceeds the suppress value, the route is suppressed. You can specify 1-20000.
The default is 2000.
• max-suppress-duration—Specifies the maximum time that a dampened route

is suppressed. You can specify 1-255 minutes.
The default is 60 minutes (4 times the half-life time).

map-name Applies the dampening settings only to routes that match the specified route map.
Mode BGP
page 310
bgp default
Description Change BGP default settings.
Syntax [no] bgp default {ipv4-unicast | local-preference num}
ipv4-unicast Activates IPv4 unicast for communication with peers.
By default, this is enabled.

num Specifies the local preference value for routes. You can specify
0-4294967295.
The default is 100.
Mode BGP
bgp deterministic-med
Description Enable comparison of the Multi Exit Discriminator (MED) values during selection of a route
among routes advertised by different peers in the same AS.
Syntax [no] bgp deterministic-med
Default Disabled
Mode BGP
bgp enforce-first-as
Description Enable the ACOS device to deny any updates received from an external neighbor that do not
have the neighbor’s configured AS at the beginning of the AS_PATH.
Syntax [no] bgp enforce-first-as
Default Enabled
Mode BGP
page 311
bgp fast-external-failover
Description Enable immediate reset of a BGP session if the interface used for the BGP connection goes
down.
Syntax [no] bgp fast-external-failover
Default Enabled
Mode BGP
bgp log-neighbor-changes
Description Enable logging of status change messages without enabling BGP debugging.
Syntax [no] bgp log-neighbor-changes
Default Disabled
Mode BGP
bgp nexthop-trigger-count
Description Configure display of BGP nexthop-tracking status.
Syntax [no] bgp nexthop-trigger-count num
num Count value (0-127).
Mode BGP
bgp router-id
Description Configure the router ID.
Syntax [no] bgp router-id ipaddr
ipaddr IPv4 address.
Default If a loopback interface is configured, the router ID is set to the IP address of the loopback
interface. If there are multiple loopback interfaces, the loopback interface with the highest
numbered IP address is used.
page 312
If there are no loopback interfaces, the interface with the highest numbered IP address is
used.
Mode BGP
bgp scan-time
Description Set the interval for BGP route next-hop scanning.
Syntax [no] bgp scan-time seconds
seconds Amount of time between scans, in seconds (0-60 seconds).
Default 60
Mode BGP
Description Enable advertisement of the default route in packets sent by this BGP instance.
A valid default route must exist and be verified to complete this configuration or the default
route will not be advertised
Default Disabled
Mode BGP
distance
Description Configure the administrative distance for BGP. The administrative distance is a rating of trust-
worthiness of the BGP process relative to other routing processes running on the ACOS
device. The greater the distance, the lower the trust rating.
Syntax [no] distance

{
admin-distance ipaddr/mask-length [acl-id] |
page 313
bgp external internal local

}
admin-distance Overrides the configured administrative distance for specific prefixes.
ipaddr/mask-length
[acl-id] The acl-id option specifies an ACL that matches on the routes for which to
override the default administrative distance. If you do not use this option,
the distance is applied to all IPv4 BGP routes.
NOTE: This option is not available if you are configuring the distance at the
address-family configuration level.
bgp • external – Specifies the administrative distance (1-255) for BGP routes
external internal local learned from another AS.
The default external administrative distance is 20.
• internal – Specifies the administrative distance (1-255)for BGP routes

learned from a neighbor within the same AS.
The default internal administrative distance is 200.
• local – Specifies the administrative distance (1-255) for BGP routes

redistributed from another route source on this ACOS device.
The default local administrative distance is 200.
Mode BGP
maximum-paths
Description Specify the maximum number of ECMP paths to a given route destination allowed for BGP.
See “Equal-Cost Multi-path ECMP Support” on page 77 for more information.
Syntax [no] maximum-paths path-num
num Maximum number of paths to a given destination. You can specify
1-64.
Default 1. BGP will install the single best ECMP route into the FIB used by the ACOS device to forward
traffic.
Mode BGP
neighbor neighbor-id activate
page 314
Description Enable the exchange of address family routes with a neighboring BGP router.
Syntax [no] neighbor neighbor-id activate
neighbor-id ID of the neighbor, which can be one of the following types of
values:
• IPv4 address.
• IPv6 address.
• Name of a peer group.
Default N/A
Mode BGP
Usage After the TCP connection is opened with the neighbor, use this command to enable or disa-
ble the exchange of address family information with the neighboring router.
neighbor neighbor-id advertisement-interval

Description Configure the minimum interval between transmission of BGP route updates to a neighbor.
Syntax [no] neighbor neighbor-id advertisement-interval seconds
values:
• IPv4 address.
• IPv6 address.
seconds Minimum interval between route updates. You can specify 0-
600 seconds.
Default The advertisement interval has the following default settings:

• eBGP – 30 seconds
• iBGP – 5 seconds
Mode BGP
page 315
neighbor neighbor-id allowas-in

Description Allow re-advertisement of all prefixes containing duplicate AS numbers.
Syntax [no] neighbor neighbor-id allowas-in [occurrences]
values:
• IPv4 address.
• IPv6 address.
occurrences Maximum number of occurrences of a given AS number. You
can specify 1-10.
Default Disabled
Mode BGP
neighbor neighbor-id as-origination-interval

Description Configure the interval between transmission of AS origination route updates.
Syntax [no] neighbor neighbor-id as-origination-interval seconds
values:
• IPv4 address.
• IPv6 address.
seconds Time between AS origination route updates. You can specify 1-
600 seconds.
Default 15 seconds
Mode BGP
neighbor neighbor-id capability

Description Configure capability settings for the ACOS device’s BGP communication with a neighbor.
page 316
Syntax [no] neighbor neighbor-id capability

{dynamic | orf prefix-list {both | receive | send} | route-refresh}
neighbor-id ID of the neighbor, which can be one of the following types of values:
• IPv4 address.
• IPv6 address.
dynamic Enables the ACOS device to advertise or withdraw an address family capability
with the neighbor, without bringing down the BGP session with the peer.
orf prefix-list Enables Outbound Router Filtering (ORF) and advertises the ACOS device’s
{both | receive | send} ORF capability to the neighbor.
• both – ACOS device can send ORF entries to the neighbor, as well as
receive ORF entries from the neighbor.
• receive – ACOS device can receive ORF entries from the neighbor, but
can not send ORF entries to the neighbor.
• send – ACOS device can send ORF entries to the neighbor, but can not
receive ORF entries from the neighbor.
route-refresh Enables advertisement of route-refresh capability to the neighbor. When this
option is enabled, the ACOS device can dynamically request the neighbor to re-
advertise its Adj-RIB-Out.
Default None. (This assumes that the neighbor has no special capabilities or functions.)
Mode BGP
Usage BGP neighbors exchange ORFs reduce the number of updates exchanged between neigh-
bors. By filtering updates, this option minimizes generating and processing of updates.
The local router (ACOS device) advertises the ORF capability in send mode, and the remote
router receives the ORF capability in receive mode applying the filter as outbound policy.
The two routers exchange updates to maintain the ORF for each router. Only an individual
router or a peer group can be configured to be in receive or send mode. A peer-group
member cannot be configured to be in receive or send mode.
neighbor neighbor-id collide-established

Description Include the neighbor, if already in TCP established state, in conflict resolution if a TCP con-
nection collision is detected.
Syntax [no] neighbor neighbor-id collide-established
Replace neighbor-id with the ID of the neighbor, which can be one of the following types of
values:
• ipv4ipaddr – IPv4 address.

• ipv6addr – IPv6 address.
page 317
• tag – Name of a peer group.
Default Use this command only if necessary. Generally, the command is not required.
Inclusion of a neighbor with an established TCP connection into resolution of TCP

connection collision conflicts is automatically enabled when the neighbor is configured for
BGP graceful-restart.
Mode BGP
neighbor neighbor-id default-originate

Description Enable transmission of a default route (0.0.0.0) to a neighbor.
Syntax [no] neighbor neighbor-id default-originate [route-map map-name]
values:
• IPv4 address.
• IPv6 address.
map-name Route map that specifies the nexthop IP address.
Default Disabled
Mode BGP
neighbor neighbor-id description

Description Configure a description for a neighbor.
Syntax [no] neighbor neighbor-id description string [string ...]
values:
• IPv4 address.
• IPv6 address.
string String that describes the neighbor (up to 80 characters).
Default None
Mode BGP
page 318
neighbor neighbor-id disallow-infinite-holdtime

Description Disallow a neighbor to set the holdtime to “infinite” (0 seconds).
Syntax [no] neighbor neighbor-id disallow-infinite-holdtime
values:
• ipv4ipaddr – IPv4 address.

• ipv6addr – IPv6 address.
• tag – Name of a peer group.
Default Disabled. Infinite holdtime is allowed.
Mode BGP
neighbor neighbor-id distribute-list

Description Filter route updates to or from a neighbor.
Syntax [no] neighbor neighbor-id distribute-list ip-access-list {in | out}
neighbor-id ID of the neighbor, which can be one of the following types
of values:
• IPv4 address.
• IPv6 address.
ip-access-list Time between AS origination route updates. You can specify
1-600 seconds.
in | out Specifies the update direction to filter:
• in – Updates received from the neighbor are filtered.

• out – Updates sent to the neighbor are filtered before
transmission.
Default None. By default, updates are not filtered.
Mode BGP
page 319
neighbor neighbor-id dont-capability-negotiate

Description Disable capability negotiation with a neighbor.
Syntax [no] neighbor neighbor-id dont-capability-negotiate
values:
• ipv4ipaddr – IPv4 address

• ipv6addr – IPv6 address
• tag – Name of a peer group
Default Capability negotiation is enabled by default.
Mode BGP
neighbor neighbor-id ebgp-multihop

Description Allow BGP connections with external peers on indirectly connected networks.
Syntax [no] neighbor neighbor-id ebgp-multihop [count]
neighbor The IPv4 or IPv6 address of the neighbor router, or the router
tag (1-128 characters).
count The maximum hop count to reach the neighbor (1-255).
If no count is specified, the default hop count is 1.
Replace count with the maximum number of hops allowed, 1-255.
Default Disabled by default.
Mode BGP
neighbor neighbor-id enforce-multihop

Description Enforce eBGP neighbors to perform multihop.
Syntax [no] neighbor neighbor-id enforce-multihop
Default Enabled
Mode BGP
page 320
neighbor neighbor-id fall-over

Description Enable neighbor fall-over detection.
Syntax [no] neighbor neighbor-id fall-over bfd
Mode BGP
neighbor neighbor-id filter-list

Description Filter route updates to or from a neighbor based on AS path.
Syntax [no] neighbor neighbor-id filter-list

AS-path-access-list {in | out}
neighbor-id ID of the neighbor, which can be one of the following
types of values:
• IPv4 address.
• IPv6 address.
AS-path-access-list AS path list. To configure an AS path list, use the fol-
lowing command at the global configuration level of
the CLI:
ip as-path access-list
• in – Updates received from the neighbor are fil-

tered.
• out – Updates sent to the neighbor are filtered
before transmission.
Default None. By default, updates are not filtered.
Mode BGP
neighbor neighbor-id maximum-prefix

Description Configure the maximum number of network prefixes that can be received in route updates
from a neighbor.
NOTE: The actual maximum number of prefixes that can be configured varies depending
on the platform.
page 321
Syntax [no] neighbor neighbor-id maximum-prefix num [threshold]
neighbor-id ID of the neighbor, which can be one of the following types
of values:
• IPv4 address.
• IPv6 address.
num Maximum number of prefixes allowed. You can specify 1-
65536.
The default is 128.

threshold Percentage of the allowed maximum at which a warning
message is generated. You can specify 1-100.
The default is 75 percent.
Mode BGP
Usage If the maximum is reached, the ACOS device brings down the BGP session with the peer.
neighbor neighbor-id next-hop-self

Description Configure the ACOS device as the BGP next hop for a neighbor.
Syntax [no] neighbor neighbor-id next-hop-self
values:
• IPv4 address.
• IPv6 address.
Default Disabled
Mode BGP
page 322
neighbor neighbor-id override-capability

Description Override the results of capability negotiation with a neighbor.
Syntax [no] neighbor neighbor-id override-capability
values:
• IPv4 address.
• IPv6 address.
Default Disabled
Mode BGP
neighbor neighbor-id passive

Description Do not initiate a TCP connection with the specified neighbor, but allow the neighbor to initi-
ate a TCP connection with the ACOS device. Once the connection is up, BGP will work over
the connection.
Syntax [no] neighbor neighbor-id passive
values:
• IPv4 address.
• IPv6 address.
Default Disabled
Mode BGP
page 323
neighbor neighbor-id password

Description Enable MD5 authentication for sessions with a BGP neighbor.
Syntax [no] neighbor neighbor-id password encrypted string
values:
• IPv4 address.
• IPv6 address.
string The string can be up to 80 characters long. The string can
include the printable ASCII characters, which are [0-9], [a-z], and
[A-Z] and are fully defined by hexadecimal value range 0x20-
0x7e. The string can not begin with a blank space, and can not
contain any of the following special characters: ' " < > & \ /
?
The password string is encrypted when viewing the the running-

config and startup-config output.
Default Disabled
Mode BGP
Usage Message Digest 5 (MD5) authentication of TCP segments (as introduced in RFC 2385), pro-
vides protection of BGP sessions via the TCP MD5 Signature Option. This feature is enabled
on a per-neighbor basis for the individual BGP peer configuration, and a password is
required. The password must be the same on the ACOS device and on the peer (BGP neigh-
bor).
Example The following command enables MD5 for the connection with eBGP neighbor 10.10.10.22:

ACOS(config-bgp:123)# neighbor 10.10.10.22 password 1234567890abcde
page 324
neighbor neighbor-id peer-group

Description Add the ACOS device to a BGP peer group.
Syntax [no] neighbor neighbor-id peer-group group-name
values:
• IPv4 address.
• IPv6 address.
group-name Name of the peer group.
Default None
Mode BGP
neighbor neighbor-id prefix-list

Description Use a prefix list to filter route updates to or from a neighbor.
Syntax [no] neighbor neighbor-id prefix-list list-name {in | out}
values:
• IPv4 address.
• IPv6 address.
list-name Name of the prefix list.
• in – Updates received from the neighbor are filtered.

• out – Updates sent to the neighbor are filtered before trans-
mission.
Default By default, updates are not filtered.
Mode BGP
Usage Filtering by prefix list matches the prefixes of routes with those listed in the prefix list. If there
is a match, the route is used. An empty prefix list permits all prefixes. If a given prefix does not
match any entries of a prefix list, the route is denied access. When multiple entries of a prefix
page 325
list match a prefix, the entry with the smallest sequence number is considered to be a real
match.
The ACOS device begins the search at the top of the prefix list, with rule sequence number 1.
Once a match or deny occurs, the ACOS device does not need to go through the rest of the
prefix list. For efficiency the most common matches or denies are listed at the top.
The neighbor distribute-list command is an alternative to the neighbor prefix-list command.

Only one of these commands can be used for filtering to the same neighbor in any direction.
neighbor neighbor-id remote-as

Description Configure an internal or external BGP (iBGP or eBGP) TCP session with another router.
Syntax [no] neighbor neighbor-id remote-as AS-num
neighbor-id ID of the neighbor, which can be one of the following
types of values:
• IPv4 address.
• IPv6 address.
AS_num Neighbor’s AS number.
NOTE: AS number 23456 is a reserved 2-octet AS number. An old BGP speaker (2-byte
implementation) should be configured with 23456 as its remote AS number while
peering with a non-mappable new BGP speaker (4-byte implementation).
Default None
Mode BGP
page 326
neighbor neighbor-id remove-private-as

Description Remove the private AS number from outbound updates.
Syntax [no] neighbor neighbor-id remove-private-as
values:
• IPv4 address.
• IPv6 address.
Default Disabled
Mode BGP
neighbor neighbor-id route-map

Description Apply a route map to incoming or outgoing routes.
Syntax [no] neighbor neighbor-id route-map map-name {in | out}
values:
• IPv4 address.
• IPv6 address.
map-name Name of the route map.
in | out Specifies the traffic direction to which to apply the route map:
• in – The route map is applied to routes received from the

neighbor.
• out – The route map is applied to routes sent to the neigh-
bor.
Default None
Mode BGP
page 327
neighbor neighbor-id send-community

Description Send community attributes to a neighbor.
Syntax [no] neighbor neighbor-id send-community

[both | none | extended | standard]
values:
• IPv4 address.
• IPv6 address.
both Sends both standard and extended community attributes.
none Disable community attributes from being sent.
extended Sends only extended community attributes.
standard Sends only standard community attributes.
Default By default, both standard and extended community attributes are sent to a neighbor.
Mode BGP
Usage The community attribute groups destinations in a certain community and applies routing
decisions according to those communities. Upon receiving community attributes, the ACOS
device re-announces them to the neighbor.
Usage To prevent community attributes from being re-announced to the neighbor, use the “no”
form of this command.
page 328
neighbor neighbor-id shutdown

Description Disable a neighbor.
Syntax [no] neighbor neighbor-id shutdown
values:
• IPv4 address.
• IPv6 address.
Default None
Mode BGP
Usage This command shuts down any active session for the specified neighbor and clears all
related routing data.
neighbor neighbor-id soft-reconfiguration

Description Configure the ACOS device to begin storing updates, without any consideration of the
applied route policy.
Syntax [no] neighbor neighbor-id soft-reconfiguration inbound
values:
• IPv4 address.
• IPv6 address.
Default Disabled
Mode BGP
Usage Use this command to store updates for inbound soft reconfiguration. Soft-reconfiguration
can be used as an alternative to BGP route refresh capability. Using this command enables
local storage of all the received routes and their attributes. When a soft reset (inbound) is
performed on the neighbor, the locally stored routes are reprocessed according to the
inbound policy. The BGP neighbor connection is not affected.
page 329
neighbor neighbor-id strict-capability-match

Description Close the BGP connection to a neighbor if a capability value does not completely match the
value on the ACOS device.
Syntax [no] neighbor neighbor-id strict-capability-match
values:
• IPv4 address.
• IPv6 address.
Default Enabled
Mode BGP
neighbor neighbor-id timers

Description Configure the timers for a neighbor.
Syntax [no] neighbor neighbor-id timers

{interval holdtime | connect seconds}
values:
• IPv4 address.
• IPv6 address.
interval Amount of time in seconds between transmission of keepalive
messages to the neighbor. You can specify 0-65535 seconds.
The default interval is 60 seconds.
page 330
holdtime maximum amount of time in seconds the ACOS device will wait
for a keepalive message from the neighbor before declaring the
neighbor dead. You can specify 0-65535 seconds.

seconds Connect timer. You can specify 0-65535 seconds. In ACTIVE
state, the BGP router (ACOS device) will accept an incoming
connection request from the peer before the connect time
expires.
The default connect time is 0.
Mode BGP
page 331
neighbor neighbor-id unsuppress-map

Description Selectively leak more-specific routes to a neighbor.
Syntax [no] neighbor neighbor-id unsuppress-map map-name
values:
• IPv4 address.
• IPv6 address.
map-name Name of the route map used to select routes to be unsup-
pressed.
Default Disabled
Mode BGP
Usage When the aggregate-address command is used with the summary-only option, the more-
specific routes of the aggregate are suppressed to all neighbors. Use the unsuppress-map
command to selectively leak more-specific routes to a particular neighbor.
neighbor neighbor-id update-source

Description Allows BGP sessions to use specific source IP address or interface for TCP connections with a
neighbor.
Syntax [no] neighbor neighbor-id update-source source
values:
• IPv4 address.
• IPv6 address.
source Source IP address or interface name.
NOTE: It is highly recommended to specify an IP address

instead of an interface name. When multiple IP addresses are
configured at one interface, ACOS will choose the lowest IP
address as source IP address.
Default IP address of the outgoing interface to the neighbor.
page 332
Mode BGP
neighbor neighbor-id weight

Description Assign a weight value to routes learned from a neighbor.
Syntax [no] neighbor neighbor-id weight num
values:
• IPv4 address.
• IPv6 address.
num Weight value assigned to routes learned from the neighbor. You
can sepcify 0-65535.
Default Default weight: 0 (zero)
Mode BGP
Usage Use this command to specify a weight value, per address-family, to all routes learned from a
neighbor. The route with the highest weight gets preference when the same prefix is learned
from more than one peer.
Unlike the local-preference attribute, the weight attribute is relevant only to the local
router.
The weights assigned using the set weight command override the weights assigned
using this command.
When the weight is set for a peer group, all members of the peer group will have the same
weight. The command can also be used to assign a different weight to a particular peer-
group member. When a separately configured weight of the peer-group member is
unconfigured, its weight will be reset to its peer group’s weight.
network
Description Specify the networks to be advertised by the ACOS device’s BGP routing process.
Syntax [no] network {ipaddr/mask-length | ipaddr [mask network-mask]}

[backdoor]
page 333
[community community-list]
[route-map map-name]
ipaddr/mask-length | ipaddr IPv4 Network address and mask.
NOTE: If you are using this command

under the address-family configuration
level, you can only specify an IPv6 address
and mask length:
ipv6addr/mask-length
backdoor Specify a backdoor BGP route.
community community-list Match the specified BGP community list.
route-map map-name Route map used to set or modify a value.
Default None
Mode BGP
Usage A unicast network address without a mask is accepted if it falls into the natural boundary of
its class. A class-boundary mask is derived if the address matches its natural class-boundary.
redistribute
Description Redistribute route information from other sources into BGP.

{
connected [route-map map-name] |
floating-ip [route-map map-name] |
ip-nat [route-map map-name] |
ip-nat-list [route-map map-name] |
isis [route-map map-name] |
lw4o6 [options] |
nat64 [route-map map-name] |
ospf [route-map map-name] |
rip [route-map map-name] |
static [route-map map-name] |
vip
[only-flagged [route-map map-name] |
only-not-flagged [route-map map-name] |
page 334
[route-map map-name]]
}
connected [route-map map-name] Redistributes route information for directly connected net-
works into BGP. The route-map option specifies the name
of a configured route map.
floating-ip [route-map map-name] Redistributes route information for floating IP addresses
into BGP. The route-map option specifies the name of a
configured route map.
ip-nat [route-map map-name] Redistributes routes into BGP for reaching translated NAT
addresses allocated from a pool. The route-map option
specifies the name of a configured route map.
ip-nat-list [route-map map-name] Redistributes routes into BGP for reaching translated NAT
addresses allocated from a range list. The route-map
option specifies the name of a configured route map.
isis [route-map map-name] Redistributes route information from Intermediate System
to Intermediate System (IS-IS) into BGP. The route-map
lw406 [options] Redistributes routes into BGP for Lightweight 4over6. (This
is an IPv6 Migration feature.)
nat64 [route-map map-name] Redistributes routes into BGP for Nat64. The route-map
NOTE: This option is only available for the redistribute

command under the address-family configuration level.
ospf [route-map map-name] Redistributes route information from Open Shortest Path
First (OSPF) into BGP. The route-map option specifies the
name of a configured route map.
page 335
static [route-map map-name] Redistributes routes into BGP for reaching networks
through static routes. The route-map option specifies the
name of a configured route map.
vip Redistributes routes into BGP for reaching virtual server IP
[only-flagged [route-map map-name] | addresses.
only-not-flagged [route-map map-name] |
[route-map map-name]] To control which VIPs are redistributed, use one of the fol-
lowing options:
• only-flagged – Redistributes only the VIPs on which

the redistribution-flagged command is used.
• only-not-flagged – Redistributes all VIPs except those
on which the redistribution-flagged command is
used.
For more information, see the “Usage” section of this

command.
The route-map option specifies the name of a configured

route map.
Default None
Mode BGP
synchronization
Description Enable IGP synchronization of iBGP learned routes.
Syntax [no] synchronization
Default Disabled
Mode BGP
Usage Enable synchronization if the ACOS device should not advertise routes learned from iBGP
neighbors, unless those routes also are present in an IGP (for example, OSPF). Synchroniza-
page 336
BGP Show Commands
tion may be enabled when all the routers in an AS do not speak BGP and the AS is a transit
for other ASs.
timers
Description Configure the BGP keepalive and holdtime timer values.
Syntax [no] timers bgp interval holdtime
interval Specifies the amount of time between transmission of keepalive
messages to neighbors. You can specify 0-65535 seconds.
holdtime Specifies the maximum amount of time the ACOS device will wait
for a keepalive message from a neighbor before declaring the
neighbor dead. You can specify 0-65535 seconds.
Default The default interval is 30 seconds. The default holdtime is 90 seconds.
Mode BGP
BGP Show Commands

This section lists the BGP show commands:
• show ip bgp ipv4addr
• show bgp ipv6addr
• show [ip] bgp ipv4 {multicast | unicast}
• show bgp ipv4 neighbors
• show bgp ipv4 prefix-list
• show bgp ipv4 quote-regexp
• show bgp ipv4 summary
• show bgp ipv6
• show bgp nexthop-tracking
• show bgp nexthop-tree-details
• show ip bgp attribute-info
• show ip bgp cidr-only
page 337
BGP Show Commands
• show [ip] bgp community
• show ip bgp community-info
• show [ip] bgp community-list
• show [ip] bgp dampening
• show [ip] bgp filter-list
• show [ip] bgp inconsistent-as
• show [ip] bgp neighbors
• show bgp nexthop-tracking
• show bgp nexthop-tree-details
• show [ip] bgp paths
• show [ip] bgp prefix-list
• show [ip] bgp quote-regexp
• show [ip] bgp regexp
• show [ip] bgp route-map
• show ip bgp scan
• show [ip] bgp summary
• show ip bgp view
show ip bgp ipv4addr

Description Display BGP network information for IPv4.
Syntax show ip bgp {ipv4addr | ipv4addr/mask-length [longer-prefixes]}
ipv4addr | IPv4 prefix and mask length.
longer-prefixes Include prefixes that have a longer mask than the one
specified.
Mode All
Example Ths
ACOS#show ip bgp 192.10.23.67
page 338
BGP Show Commands
BGP table version is 7, local router ID is 80.80.80.80

Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal, S Stale
Origin codes: i - IGP, e - EGP,? - incomplete
Network Next Hop Metric LocPrf Weight Path
S>i10.70.0.0/24 192.10.23.67 0 100 0 ?
S>i30.30.30.30/32 192.10.23.67 0 100 0 ?
S>i63.63.63.1/32 192.10.23.67 0 100 0 ?
S>i67.67.67.67/32 192.10.23.67 0 100 0 ?
S>i172.22.10.0/24 192.10.23.67 0 100 0 ?
S>i192.10.21.0 192.10.23.67 0 100 0 ?
S>i192.10.23.0 192.10.23.67 0 100 0 ?
Total number of prefixes 7
show bgp ipv6addr

Description Display BGP network information for IPv6.
Syntax show bgp {ipv6addr | ipv6addr/mask-length [longer-prefixes]}
ipv6addr | IPv6 prefix and mask length.
longer-prefixes Include prefixes that have a longer mask than the one
specified.
Mode All
show [ip] bgp ipv4 {multicast | unicast}

Description Display BGP information for IPv4.
Syntax show [ip] bgp ipv4 {multicast | unicast}

[
ipv4addr |
ipv4addr/mask-length |
community [community-number] [exact-match]
[local-AS] [no-advertise] [no-export] |
community-list list-name [exact-match] |
dampening {dampened-paths | flap-statistics | parameters} |
filter-list list-name |
inconsistent-as |
neighbors [ipv4addr | ipv6addr
[advertised-routes | received prefix-filter | received-routes |
routes]] |
paths |
prefix-list list-name |
quote-regexp string |
regexp string [string ...] |
page 339
BGP Show Commands
route-map map-name |
summary
]
multicast | unicast Specifies the IPv4 address family for which to display information.
ipv4addr | ipv4addr/mask-length Network and mask information.
community [community-number] Displays routes matching the communities. Enter the community
[options] number in AA:NN format.
• exact-match – Displays only communities that exactly match.

• local-AS – Displays only communities that are not sent outside
the local AS.
• no-advertise – Displays only communities that are not sent
advertised to neighbors.
• no-export – Displays only communities that are not exported to
the next AS.
community-list list-name Displays routes matching the specified community list. The exact-
[exact-match] match option displays only the routes that have exactly the same
communities.
dampening {options} Displays route-flap dampening information. You must specify one of
the following options:
• dampened-paths – Displays paths suppressed due to dampen-

ing.
• flap-statistics – Displays flap statistics for routes.
• parameters – Displays details for configured dampening
parameters.
filter-list list-name Displays routes that match the specified filter list.
inconsistent-as Displays routes that have inconsistent AS Paths.
neighbors Displays detailed information about TCP and BGP neighbor connec-
[ipv4addr | ipv6addr [options]] tions.
• advertised-routes – Displays the routes advertised to a BGP

neighbor.
• received prefix-filter – Displays all received routes, both
accepted and rejected.
• received-routes – Displays the received routes from neigh-
bor. To display all the received routes from the neighbor, configure
BGP soft reconfiguration first.
• routes – Displays all accepted routes learned from neighbors.
paths Displays path information.
prefix-list list-name Displays routes that match the specified prefix list.
page 340
BGP Show Commands
quote-regexp string Displays routes that match the specified AS-path regular expression.
Enclose the regular expression string in double quotation marks
(example: “regexp-string-1”).
regexp string [string ...] Displays routes that match the specified AS-path regular expres-
sion(s).
route-map map-name Displays routes that match the specified route map.
summary Displays a summary of BGP neighbor status.
Mode All
show bgp ipv4 neighbors

Description Display information about IPv4 BGP neighbors.
Syntax show bgp ipv4 neighbors

[ipv4addr | ipv6addr
[advertised-routes |
received prefix-filter |
received-routes |
routes]]
ipv4addr | ipv6addr Network and mask information.
advertised-routes Displays the routes advertised to a BGP neighbor.
received Displays all received routes, both accepted and
prefix-filter rejected.
received-routes Displays the received routes from neighbor. To display
all the received routes from the neighbor, configure
BGP soft reconfiguration first.
routes Displays all accepted routes learned from neighbors.
Mode All
show bgp ipv4 prefix-list

Description Display IPv4 routes that match the specified prefix list.
Syntax show bgp ipv4 prefix-list list-name
Mode All
page 341
BGP Show Commands
show bgp ipv4 quote-regexp

Description Display IPv4 routes that match the specified AS-path regular expression. Enclose the regular
expression string in double quotation marks (example: “regexp-string-1”).
Syntax show bgp ipv4 quote-regexp string
Mode All
show bgp ipv4 summary

Description Display a summary of BGP IPv4 neighbor status.
Syntax show bgp ipv4 summary
Mode All
show bgp ipv6

Description Display BGP information for IPv6.
Syntax show bgp ipv6

[
ipv6addr |
community [community-number] [options]
[local-AS] [no-advertise] [no-export] |
community-list list-name [exact-match] |
dampening {dampened-paths | flap-statistics | parameters} |
filter-list list-name |
inconsistent-as |
multicast {ipv6addr | ipv6addr/mask-length [longer-prefixes]} |
neighbors [ipv4addr | ipv6addr
[advertised-routes | received prefix-filter | received-routes |
routes]] |
paths |
prefix-list list-name |
quote-regexp string |
regexp string [string ...] |
route-map map-name |
summary |
unicast {ipv6addr | ipv6addr/mask-length [longer-prefixes]} |
page 342
BGP Show Commands
view view-name
]
ipv6addr | Network and mask information.
community Displays routes for communities. Enter the community number in AA:NN for-
[community-number] mat.
[options]
• exact-match – Displays only communities that exactly match.

• local-AS – Displays only communities that are not sent outside the local
AS.
• no-advertise – Displays only communities that are not sent advertised
to neighbors.
• no-export – Displays only communities that are not exported to the next
AS.
community-list list-name Displays routes matching the specified community list. The exact-match
[exact-match] option displays only the routes that have exactly the same communities.
dampening {options} displays route-flap dampening information. You must specify one of the fol-
lowing options:
• dampened-paths – Displays paths suppressed due to dampening.

• flap-statistics – Displays flap statistics for routes.
• parameters – Displays details for configured dampening parameters.
filter-list list-name Displays routes that match the specified filter list.
inconsistent-as Displays routes that have inconsistent AS Paths.
multicast {ipv6addr | Displays IPv6 routes for the specified multicast address family.
[longer-prefixes]} The longer-prefixes option includes prefixes that have a longer mask than
the one specified.
neighbors Displays detailed information about TCP and BGP neighbor connections. The
[ipv4addr | ipv6addr following options are supported:
[options]]
• advertised-routes – Displays the routes advertised to a BGP neighbor.
• received prefix-filter – Displays all received routes, both accepted
and rejected.
• received-routes – Displays the received routes from neighbor. To dis-
play all the received routes from the neighbor, configure BGP soft reconfig-
uration first.
• routes – Displays all accepted routes learned from neighbors.
paths Displays BGP path information.
prefix-list list-name Displays routes that match the specified prefix list.
quote-regexp string Displays routes that match the specified AS-path regular expression. Enclose
the regular expression string in double quotation marks (example: “regexp-
string-1”).
page 343
BGP Show Commands
regexp string Displays routes that match the specified AS-path regular expression(s).
[string ...]
route-map map-name Displays routes that match the specified route map.
summary Displays a summary of BGP neighbor status.
unicast {ipv6addr | Displays IPv6 routes for the specified unicast address family. The longer-
ipv6addr/mask-length prefixes option includes prefixes that have a longer mask than the one spec-
[longer-prefixes]} ified.
view view-name Displays neighbors within the specified view.
Mode All
show bgp nexthop-tracking

Description Display the status of nexthop address tracking.
Syntax show bgp nexthop-tracking
Mode All
show bgp nexthop-tree-details

Description Display nexthop tree details.
Syntax show bgp nexthop-tree-details
Mode All
show ip bgp attribute-info

Description Display internal attribute hash information.
Syntax show ip bgp attribute-info
Mode All
show ip bgp cidr-only

Description Display routes with non-natural network masks.
Syntax show ip bgp cidr-only
Mode All
page 344
BGP Show Commands
show [ip] bgp community

Description Display routes for communities.
Syntax show [ip] bgp community [community-number]

[exact-match] [local-AS] [no-advertise] [no-export]
community-number Community number, in AA:NN format.
exact-match Displays only communities that exactly match.
local-AS Displays only communities that are not sent outside the
local AS.
no-advertise Displays only communities that are not sent advertised to
neighbors.
no-export Displays only communities that are not exported to the
next AS.
Mode All
show ip bgp community-info

Description Display all BGP community information.
Syntax show ip bgp community-info
Mode All
show [ip] bgp community-list

Description Display routes for a specific community list.
Syntax show [ip] bgp community-list list-name [exact-match]
list-name Displays routes matching the specified community list.
exact-match Displays only the routes that have exactly the same communi-
ties.
Mode All
page 345
BGP Show Commands
show [ip] bgp dampening

Description Display route-flap dampening information.
Syntax show [ip] bgp dampening

{dampened-paths | flap-statistics | parameters}
dampened-paths Displays paths suppressed due to dampening.
flap-statistics Displays flap statistics for routes.
parameters Displays details for configured dampening parameters.
Mode All
show [ip] bgp filter-list

Description Display routes that match a specific filter list.
Syntax show [ip] bgp filter-list list-name
Mode All
show [ip] bgp inconsistent-as

Description Display routes that have inconsistent AS Paths.
Syntax show [ip] bgp inconsistent-as
Mode All
show [ip] bgp neighbors

Description Display information about BGP neighbors.
Syntax show [ip] bgp neighbors

[
ipv4addr | ipv6addr
[
advertised-routes |
received prefix-filter |
received-routes |
routes |
page 346
BGP Show Commands
]
]
ipv4addr | ipv6addr Network and mask information.
advertised-routes Displays the routes advertised to a BGP neighbor.
received prefix-filter Displays all received routes, both accepted and rejected.
received-routes Displays the received routes from neighbor. To display all the received
routes from the neighbor, configure BGP soft reconfiguration first.
routes Displays all accepted routes learned from neighbors.
Mode All
Example The following example shows output for this command.
AOCS#show ip bgp neighbors

BGP neighbor is 192.10.23.67, remote AS 1, local AS 1, internal link
BGP version 4, remote router ID 172.22.10.10
BGP state = Established, up for 00:00:22
Last read 00:00:22, hold time is 240, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received (old and new)
Address family IPv4 Unicast: advertised and received
Received 3 messages, 0 notifications, 0 in queue
Sent 3 messages, 0 notifications, 0 in queue
Route refresh request: received 0, sent 0
Minimum time between advertisement runs is 5 seconds
For address family: IPv4 Unicast
BGP table version 1, neighbor version 1
Index 1, Offset 0, Mask 0x2
AF-dependant capabilities:
Graceful restart: advertised, received
Community attribute sent to this neighbor (both)
0 accepted prefixes
0 announced prefixes
Connections established 1; dropped 0
Graceful-restart Status:
Remote restart-time is 120 sec
Local host: 192.10.23.80, Local port: 33837
Foreign host: 192.10.23.67, Foreign port: 179
Nexthop: 192.10.23.80
Nexthop global: 1111::80
Nexthop local: fe80::203:47ff:fe97:bb79
BGP connection: non shared network
page 347
BGP Show Commands
show bgp nexthop-tracking

Description Use this command to display BGP nexthop-tracking status
Syntax show bgp nexthop-tracking
Mode All
show bgp nexthop-tree-details

Description Use this command to display BGP nexthop-tree details.
Syntax show bgp nexthop-tree-details
Mode All
show [ip] bgp paths

Description Display BGP path information.
Syntax show [ip] bgp paths
Mode All
show [ip] bgp prefix-list

Description Display routes that match a specific prefix list.
Syntax show [ip] bgp prefix-list list-name
Mode All
show [ip] bgp quote-regexp

Description Display routes that match the specified AS-path regular expression. Enclose the regular
expression string in double quotation marks (example: “regexp-string-1”).
Syntax show [ip] bgp quote-regexp string
Mode All
page 348
BGP Show Commands
show [ip] bgp regexp

Description Display routes that match the specified AS-path regular expression(s).
Syntax show [ip] bgp regexp string [string ...]
Mode All
show [ip] bgp route-map

Description Display routes that match the specified route map.
Syntax show [ip] bgp route-map map-name
Mode All
show ip bgp scan

Description Display BGP scan status.
Syntax show ip bgp scan
Mode All
Example Below is an example output for this command.
ACOS#show ip bgp scan

BGP scan is running
BGP scan interval is 60
BGP instance: AS is 11,DEFAULT
Current BGP nexthop cache:
BGP connected route:
10.10.10.0/24
10.10.11.0/24
show [ip] bgp summary

Description Display a summary of BGP neighbor status.
Syntax show [ip] bgp summary
Mode All
page 349
BGP Clear Commands
show ip bgp view

Description Display neighbors of a specific view.
Syntax show ip bgp view view-name

[
ipv4addr |
ipv4 {multicast | unicast} summary |
neighbors [ipv4addr | ipv6addr] |
summary
]
view-name Name of the view.
ipv4addr | ipv4addr/mask-length Prefix and mask.
ipv4 {multicast | unicast} summary Displays information for the specified IPv4 address family.
neighbors [ipv4addr | ipv6addr] Displays information for the specified neighbor.
summary Displays summary neighbor information.
Mode All
BGP Clear Commands

This section lists the BGP clear commands.
• clear [ip] bgp {* | AS-num}
• clear [ip] bgp ipv4addr
• clear [ip] bgp ipv6addr
• clear [ip] bgp external
• clear [ip] bgp ipv4
• clear [ip] bgp ipv6
• clear [ip] bgp peer-group
• clear [ip] bgp view
page 350
BGP Clear Commands
clear [ip] bgp {* | AS-num}

Description Reset the BGP connection to all neighbors or a specific neighbor.
Syntax clear [ip] bgp {* | AS-num}

[in [prefix-filter] | out | soft [in | out]]
in [prefix-filter] Clears incoming advertised routes. The prefix-filter
option pushes out prefix-list outbound routing filters,
and performs inbound soft reconfiguration.
out Clears outgoing advertised routes.
soft {in | out} Activates routing policy changes without resetting the
BGP neighbor connection.
in – Requests route updates from the specified neigh-

bor.
out – Sends route updates to the specified neighbor.
clear [ip] bgp ipv4addr

Description Reset the BGP connection for a specific IPv4 neighbor.
Syntax clear [ip] bgp ipv4addr


bor.
page 351
BGP Clear Commands
clear [ip] bgp ipv6addr

Description Reset the BGP connection for a specific IPv6 neighbor.
Syntax clear [ip] bgp ipv6addr


bor.
clear [ip] bgp external

Description Reset the BGP connection to external neighbors.
Syntax clear [ip] bgp external


bor.
page 352
BGP Clear Commands
clear [ip] bgp ipv4

Description Reset dampened routes or route-flap statistics counters and history for IPv4.
Syntax clear [ip] bgp ipv4 {multicast | unicast}

{dampening | flap-statistics}
[ipv4addr | ipv4addr/mask-length]
dampening Resets dampened routes.
flap-statistics Resets route-flap statistics and history.
ipv4addr | Resets dampened routes or route-flap statistics and
ipv4addr/mask-length history only for the specified IPv4 prefix.
clear [ip] bgp ipv6

Description Reset dampened routes or route-flap statistics counters and history for IPv6.
Syntax clear [ip] bgp ipv6 {

unicast {dampening [network] | flap-statistics network} |
{external | peer-group group-name | * | as-num | ipv4addr | ipv6addr}
page 353
BGP Clear Commands

}
unicast Resets unicast routes.
external Clear all external peers.
NOTE: This option is only available with clear bgp ipv6.

dampening [network] Resets all IPv6 dampened routes.
To reset dampened routes for an specific network, specify either an IPv6 net-
work (for example, “2003::”) or a network length (for example, “2003::/24”).
flap-statistics [network] Resets all IPv6 route-flap statistics and history.
To reset route-flap statistics and history for a specific network, specify either
an IPv6 network (for example, “2003::”) or a network length (for example,
“2003::/24”).
peer-group Clear all members of the specified peer group.
* Clear all peers.
as-num Clear all peers with the specified AS number.
ipv4-addr Clear the specified IPv4 BGP neighbor.
ipv6-addr Clear the specified IPv6 BGP neighbor.
in [prefix-filter] Clears incoming advertised routes. The prefix-filter option pushes out
prefix-list outbound routing filters, and performs inbound soft reconfigura-
tion.
soft {in | out} Activates routing policy changes without resetting the BGP neighbor con-
nection.
in – Requests route updates from the specified neighbor.
page 354
BGP Clear Commands
clear [ip] bgp peer-group

Description Reset the BGP connection to all members of a peer group.
Syntax clear [ip] bgp peer-group group-name

group-name Clear BGP connections to all members of the specified
group.

bor.
clear [ip] bgp view

Description Reset the BGP connection to a specific view.
Syntax clear [ip] bgp view view-name * [soft [in | out]]
view-name Clear BGP connections to the specified view.

bor.
For option information, see “clear [ip] bgp {* | AS-num}” on page 351.
page 355
BGP Clear Commands
page 356
page 357
CONTACT US
3 a10networks.com/contact
ACOS 4.1.4-P1 NETWORK CONFIGURATION GUIDE 2 APRIL 2018

A10 4.1.4-P1 Net PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

A10 4.1.4-P1 Net PDF

Uploaded by

Copyright:

Available Formats

ACOS 4.1.

A10 NETWORKS INC. SOFTWARE LICENSE AND END USER AGREEMENT

LAYER 2 NETWORKING ...........................................................................................................15

Link Trunking ............................................................................................................................. 17

Link Layer Discovery Protocol .................................................................................................... 35

Virtual LAN Support ................................................................................................................... 39

Default VLAN (VLAN 1) ............................................................................................................................. 39

LAYER 3 NETWORKING ...........................................................................................................49

Dynamic Host Configuration Protocol (DHCP) ........................................................................... 51

ROUTING PROTOCOLS ............................................................................................................57

Open Shortest Path First (OSPF) ................................................................................................ 59

Intermediate System to Intermediate System (IS-IS) ................................................................. 69

Border Gateway Protocol (BGP) ................................................................................................. 73

BGP Route Redistributions ..................................................................................................73

Bidirectional Forwarding Detection ............................................................................................ 85

Internet Group Multicast Protocol (IGMP) Queries ..................................................................... 99

In Non-Routed Mode ........................................................................................................................100

COMMAND LINE INTERFACE REFERENCE .................................................................................103

Config Commands: Interface .................................................................................................... 105

ipv6 ospf mtu-ignore .................................................................................................................136

Config Commands: VLAN ......................................................................................................... 159

Config Commands: IP ............................................................................................................... 163

Config Commands: IP Reroute ................................................................................................. 191

Config Commands: IPv6 ........................................................................................................... 193

ipv6 nat icmpv6 respond-to-ping ............................................................................................198

Config Commands: IPv6 Reroute ............................................................................................. 205

Config Commands: Router – RIP ............................................................................................. 207

Config Commands: Router – OSPF .......................................................................................... 235

ospf router-id ...............................................................................................................................264

Config Commands: Router – IS-IS ............................................................................................ 279

show isis counter .......................................................................................................................296

Config Commands: Router – BGP ............................................................................................ 301

neighbor neighbor-id override-capability ...............................................................................323

show ip bgp scan .......................................................................................................................349

This section contains the following:

• “Link Trunking” on page 17

The following topics are covered:

• Static Trunk Configuration

• Dynamic Trunk Configuration

You can configure the following types of trunks:

• Interface-Level Parameters for Trunks

• Unidirectional Link Detection

Interface-Level Parameters for Trunks

• When a member of the trunk links up.

• A port is added to or removed from the trunk.

The following LACP parameters are configurable:

• Global LACP Parameter

• Interface-Level LACP Parameters

• Unidirectional Link Detection

Global LACP Parameter

Interface-Level LACP Parameters

Unidirectional Link Detection

Static Trunk Configuration

• Use the GUI to Configure a Static Trunk

• Use the CLI to Configure a Static Trunk

An overview of the procedure for creating a trunk:

1. Add individual Ethernet data ports to the trunk.

Use the GUI to Configure a Static Trunk

1. Configure the Trunk

Configure the Trunk

6. Click Update button.

Configuring the Minimum Port Threshold

1. Click Trunk on the menu bar.