IP Addressing Services Commands

clear ipv6 access-list

To reset the IPv6 access list match counters, use the clear ipv6 access-list command in privileged EXEC mode.

clear ipv6 access-list [access-list-name]

Syntax Description

access-list-name

(Optional) Name of the IPv6 access list for which to clear the match counters. Names cannot contain a space or quotation mark, or begin with a numeric.

Command Default

No reset is initiated.

Command Modes

Privileged EXEC (#)  

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

The clear ipv6 access-list command is similar to the clear ip access-list counters command, except that it is IPv6-specific.

The clear ipv6 access-list command used without the access-list-name argument resets the match counters for all IPv6 access lists configured on the router.

This command resets the IPv6 global ACL hardware counters.

Examples

The following example resets the match counters for the IPv6 access list named marketing:

# clear ipv6 access-list marketing 

clear ipv6 dhcp

To clear IPv6 Dynamic Host Configuration Protocol (DHCP) information, use the clear ipv6 dhcp command in privileged EXEC mode:

clear ipv6 dhcp

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

The clear ipv6 dhcp command deletes DHCP for IPv6 information.

Examples

The following example :


# clear ipv6 dhcp

clear ipv6 dhcp binding

To delete automatic client bindings from the Dynamic Host Configuration Protocol (DHCP) for IPv6 server binding table, use the clear ipv6 dhcp binding command in privileged EXEC mode.

clear ipv6 dhcp binding [ipv6-address] [vrf vrf-name]

Syntax Description

ipv6-address

(Optional) The address of a DHCP for IPv6 client.

This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16-bit values between colons.

vrf vrf-name

(Optional) Specifies a virtual routing and forwarding (VRF) configuration.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

The clear ipv6 dhcp binding command is used as a server function.

A binding table entry on the DHCP for IPv6 server is automatically:

  • Created whenever a prefix is delegated to a client from the configuration pool.

  • Updated when the client renews, rebinds, or confirms the prefix delegation.

  • Deleted when the client releases all the prefixes in the binding voluntarily, all prefixes’ valid lifetimes have expired, or an administrator runs the clear ipv6 dhcp binding command.

If the clear ipv6 dhcp binding command is used with the optional ipv6-address argument specified, only the binding for the specified client is deleted. If the clear ipv6 dhcp binding command is used without the ipv6-address argument, then all automatic client bindings are deleted from the DHCP for IPv6 binding table. If the optional vrf vrf-name keyword and argument combination is used, only the bindings for the specified VRF are cleared.

Examples

The following example deletes all automatic client bindings from the DHCP for IPv6 server binding table:


# clear ipv6 dhcp binding

clear ipv6 dhcp client

To restart the Dynamic Host Configuration Protocol (DHCP) for IPv6 client on an interface, use the clear ipv6 dhcp client command in privileged EXEC mode.

clear ipv6 dhcp client interface-type interface-number

Syntax Description

interface-type interface-number

Interface type and number. For more information, use the question mark (? ) online help function.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

The clear ipv6 dhcp client command restarts the DHCP for IPv6 client on specified interface after first releasing and unconfiguring previously acquired prefixes and other configuration options (for example, Domain Name System [DNS] servers).

Examples

The following example restarts the DHCP for IPv6 client for Ethernet interface 1/0:


# clear ipv6 dhcp client Ethernet 1/0

clear ipv6 dhcp conflict

To clear an address conflict from the Dynamic Host Configuration Protocol for IPv6 (DHCPv6) server database, use the clear ipv6 dhcp conflict command in privileged EXEC mode.

clear ipv6 dhcp conflict {* | ipv6-address | vrf vrf-name}

Syntax Description

*

Clears all address conflicts.

ipv6-address

Clears the host IPv6 address that contains the conflicting address.

vrf vrf-name

Specifies a virtual routing and forwarding (VRF) name.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

When you configure the DHCPv6 server to detect conflicts, it uses ping. The client uses neighbor discovery to detect clients and reports to the server through a DECLINE message. If an address conflict is detected, the address is removed from the pool, and the address is not assigned until the administrator removes the address from the conflict list.

If you use the asterisk (*) character as the address parameter, DHCP clears all conflicts.

If the vrf vrf-name keyword and argument are specified, only the address conflicts that belong to the specified VRF will be cleared.

Examples

The following example shows how to clear all address conflicts from the DHCPv6 server database:


# clear ipv6 dhcp conflict *

clear ipv6 dhcp relay binding

To clear an IPv6 address or IPv6 prefix of a Dynamic Host Configuration Protocol (DHCP) for IPv6 relay binding, use the clear ipv6 dhcp relay binding command in privileged EXEC mode.

clear ipv6 dhcp relay binding {vrf vrf-name} {* | ipv6-address | ipv6-prefix}

clear ipv6 dhcp relay binding {vrf vrf-name} {* | ipv6-prefix}

Syntax Description

vrf vrf-name

Specifies a virtual routing and forwarding (VRF) configuration.

*

Clears all DHCPv6 relay bindings.

ipv6-address

DHCPv6 address.

ipv6-prefix

IPv6 prefix.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

The clear ipv6 dhcp relay binding command deletes a specific IPv6 address or IPv6 prefix of a DHCP for IPv6 relay binding. If no relay client is specified, no binding is deleted.

Examples

The following example shows how to clear the binding for a client with a specified IPv6 address:


# clear ipv6 dhcp relay binding 2001:0DB8:3333:4::5

The following example shows how to clear the binding for a client with the VRF name vrf1 and a specified prefix on a Cisco uBR10012 universal broadband device:

# clear ipv6 dhcp relay binding vrf vrf1 2001:DB8:0:1::/64

clear ipv6 eigrp

To delete entries from Enhanced Interior Gateway Routing Protocol (EIGRP) for IPv6 routing tables, use the clear ipv6 eigrp command in privileged EXEC mode.

clear ipv6 eigrp [as-number] [neighbor [ipv6-address | interface-type interface-number]]

Syntax Description

as-number

(Optional) Autonomous system number.

neighbor

(Optional) Deletes neighbor router entries.

ipv6-address

(Optional) IPv6 address of a neighboring router.

interface-type

(Optional) The interface type of the neighbor router.

interface-number

(Optional) The interface number of the neighbor router.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

Use the clear ipv6 eigrp command without any arguments or keywords to clear all EIGRP for IPv6 routing table entries. Use the as-number argument to clear routing table entries on a specified process, and use the neighbor ipv6-address keyword and argument, or the interface-type interface-number argument, to remove a specific neighbor from the neighbor table.

Examples

The following example removes the neighbor whose IPv6 address is 3FEE:12E1:2AC1:EA32:


# clear ipv6 eigrp neighbor 3FEE:12E1:2AC1:EA32

clear ipv6 mfib counters

To reset all active Multicast Forwarding Information Base (MFIB) traffic counters, use the clear ipv6 mfib counters command in privileged EXEC mode.

clear ipv6 mfib [vrf vrf-name] counters [group-name | group-address [source-address | source-name]]

Syntax Description

vrf vrf-name

(Optional) Specifies a virtual routing and forwarding (VRF) configuration.

group-name | group-address

(Optional) IPv6 address or name of the multicast group.

source-address | source-name

(Optional) IPv6 address or name of the source.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

After you enable the clear ipv6 mfib counters command, you can determine if additional traffic is forwarded by using one of the following show commands that display traffic counters:

  • show ipv6 mfib

  • show ipv6 mfib active

  • show ipv6 mfib count

  • show ipv6 mfib interface

  • show ipv6 mfib summary

Examples

The following example clears and resets all MFIB traffic counters:


# clear ipv6 mfib counters

clear ipv6 mld counters

To clear the Multicast Listener Discovery (MLD) interface counters, use the clear ipv6 mld counters command in privileged EXEC mode.

clear ipv6 mld [vrf vrf-name] counters [interface-type]

Syntax Description

vrf vrf-name

(Optional) Specifies a virtual routing and forwarding (VRF) configuration.

interface-type

(Optional) Interface type. For more information, use the question mark (? ) online help function.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

Use the clear ipv6 mld counters command to clear the MLD counters, which keep track of the number of joins and leaves received. If you omit the optional interface-type argument, the clear ipv6 mld counters command clears the counters on all interfaces.

Examples

The following example clears the counters for Ethernet interface 1/0:


# clear ipv6 mld counters Ethernet1/0

clear ipv6 mld traffic

To reset the Multicast Listener Discovery (MLD) traffic counters, use the clear ipv6 mld traffic command in privileged EXEC mode.

clear ipv6 mld [vrf vrf-name] traffic

Syntax Description

vrf vrf-name

(Optional) Specifies a virtual routing and forwarding (VRF) configuration.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

Using the clear ipv6 mld traffic command will reset all MLD traffic counters.

Examples

The following example resets the MLD traffic counters:


# clear ipv6 mld traffic

Command

Description

show ipv6 mld traffic

Displays the MLD traffic counters.

clear ipv6 mtu

To clear the maximum transmission unit (MTU) cache of messages, use the clear ipv6 mtu command in privileged EXEC mode.

clear ipv6 mtu

Syntax Description

This command has no arguments or keywords.

Command Default

Messages are not cleared from the MTU cache.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

If a router is flooded with ICMPv6 toobig messages, the router is forced to create an unlimited number of entries in the MTU cache until all available memory is consumed. Use the clear ipv6 mtu command to clear messages from the MTU cache.

Examples

The following example clears the MTU cache of messages:


# clear ipv6 mtu

clear ipv6 multicast aaa authorization

To clear authorization parameters that restrict user access to an IPv6 multicast network, use the clear ipv6 multicast aaa authorization command in privileged EXEC mode.

clear ipv6 multicast aaa authorization [interface-type interface-number]

Syntax Description

interface-type interface-number

Interface type and number. For more information, use the question mark (? ) online help function.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

Using the clear ipv6 multicast aaa authorization command without the optional interface-type and interface-number arguments will clear all authorization parameters on a network.

Examples

The following example clears all configured authorization parameters on an IPv6 network:


# clear ipv6 multicast aaa authorization FastEthernet 1/0

clear ipv6 nd destination

To clear IPv6 host-mode destination cache entries, use the clear ipv6 nd destination command in privileged EXEC mode.

clear ipv6 nd destination [vrf vrf-name]

Syntax Description

vrf vrf-name

(Optional) Specifies a virtual routing and forwarding (VRF) configuration.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

The clear ipv6 nd destination command clears IPv6 host-mode destination cache entries. If the vrf vrf-name keyword and argument pair is used, then only information about the specified VRF is cleared.

Examples

The following example shows how to clear IPv6 host-mode destination cache entries:

# clear ipv6 nd destination
      

clear ipv6 nd on-link prefix

To clear on-link prefixes learned through router advertisements (RAs), use the clear ipv6 nd on-link prefix command in privileged EXEC mode.

clear ipv6 nd on-link prefix [vrf vrf-name]

Syntax Description

vrf vrf-name

(Optional) Specifies a virtual routing and forwarding (VRF) configuration.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

Use the clear ipv6 nd on-link prefix command to clear locally reachable IPv6 addresses (e.g., on-link prefixes) learned through RAs. If the vrf vrf-name keyword and argument pair is used, then only information about the specified VRF is cleared.

Examples

The following examples shows how to clear on-link prefixes learned through RAs:

# clear ipv6 nd on-link prefix
      

clear ipv6 nd router

To clear neighbor discovery (ND) device entries learned through router advertisements (RAs), use the clear ipv6 nd router command in privileged EXEC mode.

clear ipv6 nd router [vrf vrf-name]

Syntax Description

vrf vrf-name

(Optional) Specifies a virtual routing and forwarding (VRF) configuration.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

Use the clear ipv6 nd router command to clear ND device entries learned through RAs. If the vrf vrf-name keyword and argument pair is used, then only information about the specified VRF is cleared.

Examples

The following example shows how to clear neighbor discovery ND device entries learned through RAs:


# clear ipv6 nd router
      

clear ipv6 neighbors

To delete all entries in the IPv6 neighbor discovery cache, except static entries and ND cache entries on non-virtual routing and forwarding (VRF) interfaces, use the clear ipv6 neighbors command in privileged EXEC mode.

clear ipv6 neighbors [interface type number [ipv6 ipv6-address] | statistics | vrf table-name [ipv6-address | statistics]]

clear ipv6 neighbors

Syntax Description

interface type number

(Optional) Clears the IPv6 neighbor discovery cache in the specified interface.

ipv6 ipv6-address

(Optional) Clears the IPv6 neighbor discovery cache that matches the specified IPv6 address on the specified interface.

statistics

(Optional) Clears the IPv6 neighbor discovery entry cache.

vrf

(Optional) Clears entries for a virtual private network (VPN) routing or forwarding instance.

table-name

(Optional) Table name or identifier. The value range is from 0x0 to 0xFFFFFFFF (0 to 65535 in decimal).

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

The clear ipv6 neighbor command clears ND cache entries. If the command is issued without the vrf keyword, then the command clears ND cache entries on interfaces associated with the default routing table (e.g., those interfaces that do not have a vrf forwarding statement). If the command is issued with the vrf keyword, then it clears ND cache entries on interfaces associated with the specified VRF.

Examples

The following example deletes all entries, except static entries and ND cache entries on non-VRF interfaces, in the neighbor discovery cache:


# clear ipv6 neighbors

The following example clears all IPv6 neighbor discovery cache entries, except static entries and ND cache entries on non-VRF interfaces, on Ethernet interface 0/0:


# clear ipv6 neighbors interface Ethernet 0/0 

The following example clears a neighbor discovery cache entry for 2001:0DB8:1::1 on Ethernet interface 0/0:


# clear ipv6 neighbors interface Ethernet0/0 ipv6 2001:0DB8:1::1

In the following example, interface Ethernet 0/0 is associated with the VRF named red. Interfaces Ethernet 1/0 and Ethernet 2/0 are associated with the default routing table (because they are not associated with a VRF). Therefore, the clear ipv6 neighbor command will clear ND cache entries on interfaces Ethernet 1/0 and Ethernet 2/0 only. In order to clear ND cache entries on interface Ethernet 0/0, the user must issue the clear ipv6 neighbor vrf red command.

interface ethernet0/0
  vrf forward red
  ipv6 address 2001:db8:1::1/64

interface ethernet1/0
   ipv6 address 2001:db8:2::1/64

interface ethernet2/0
   ipv6 address 2001:db8:3::1/64

clear ipv6 ospf

To clear the Open Shortest Path First (OSPF) state based on the OSPF routing process ID, use the cl ear ipv6 ospf command in privileged EXEC mode.

clear ipv6 ospf [process-id] {process | force-spf | redistribution}

Syntax Description

process-id

(Optional) Internal identification. It is locally assigned and can be any positive integer. The number used here is the number assigned administratively when enabling the OSPF routing process.

process

Restarts the OSPF process.

force-spf

Starts the shortest path first (SPF) algorithm without first clearing the OSPF database.

redistribution

Clears OSPF route redistribution.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

When the process keyword is used with the clear ipv6 ospf command, the OSPF database is cleared and repopulated, and then the shortest path first (SPF) algorithm is performed. When the force-spf keyword is used with the clear ipv6 ospf command, the OSPF database is not cleared before the SPF algorithm is performed.

Use the process-id option to clear only one OSPF process. If the process-id option is not specified, all OSPF processes are cleared.

Examples

The following example starts the SPF algorithm without clearing the OSPF database:


# clear ipv6 ospf force-spf

clear ipv6 ospf counters

To clear the Open Shortest Path First (OSPF) state based on the OSPF routing process ID, use the cl ear ipv6 ospf command in privileged EXEC mode.

clear ipv6 ospf [process-id] counters [neighbor [neighbor-interface | neighbor-id]]

Syntax Description

process-id

(Optional) Internal identification. It is locally assigned and can be any positive integer. The number used here is the number assigned administratively when enabling the OSPF routing process.

neighbor

(Optional) Neighbor statistics per interface or neighbor ID.

neighbor-interface

(Optional) Neighbor interface.

neighbor-id

(Optional) IPv6 or IP address of the neighbor.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

Use the neighbor neighbor-interface option to clear counters for all neighbors on a specified interface. If the neighbor neighbor-interface option is not used, all OSPF counters are cleared.

Use the neighbor neighbor-id option to clear counters at a specified neighbor. If the neighbor neighbor-id option is not used, all OSPF counters are cleared.

Examples

The following example provides detailed information on a neighbor router:


# show ipv6 ospf neighbor detail
 Neighbor 10.0.0.1
    In the area 1 via interface Serial19/0
    Neighbor:interface-id 21, link-local address FE80::A8BB:CCFF:FE00:6F00
    Neighbor priority is 1, State is FULL, 6 state changes
    Options is 0x194AE05
    Dead timer due in 00:00:37
    Neighbor is up for 00:00:15
    Index 1/1/1, retransmission queue length 0, number of retransmission 1
    First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0)
    Last retransmission scan length is 1, maximum is 1
    Last retransmission scan time is 0 msec, maximum is 0 msec

The following example clears all neighbors on the specified interface:


# clear ipv6 ospf counters neighbor s19/0

The following example now shows that there have been 0 state changes since the clear ipv6 ospf counters neighbor s19/0 command was used:


# show ipv6 ospf neighbor detail
 Neighbor 10.0.0.1
    In the area 1 via interface Serial19/0
    Neighbor:interface-id 21, link-local address FE80::A8BB:CCFF:FE00:6F00
    Neighbor priority is 1, State is FULL, 0 state changes
    Options is 0x194AE05
    Dead timer due in 00:00:39
    Neighbor is up for 00:00:43
    Index 1/1/1, retransmission queue length 0, number of retransmission 1
    First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0)
    Last retransmission scan length is 1, maximum is 1
    Last retransmission scan time is 0 msec, maximum is 0 msec

clear ipv6 ospf events

To clear the Open Shortest Path First (OSPF) for IPv6 event log content based on the OSPF routing process ID, use the cl ear ipv6 ospf events command in privileged EXEC mode.

clear ipv6 ospf [process-id] events

Syntax Description

process-id

(Optional) Internal identification. It is locally assigned and can be any positive integer. The number used here is the number assigned administratively when enabling the OSPF routing process.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

Use the optional process-id argument to clear the IPv6 event log content of a specified OSPF routing process. If the process-id argument is not used, all event log content is cleared.

Examples

The following example enables the clearing of OSPF for IPv6 event log content for routing process 1:


# clear ipv6 ospf 1 events

clear ipv6 pim reset

To delete all entries from the topology table and reset the Multicast Routing Information Base (MRIB) connection, use the clear ipv6 pim reset command in privileged EXEC mode.

clear ipv6 pim [vrf vrf-name] reset

Syntax Description

vrf vrf-name

(Optional) Specifies a virtual routing and forwarding (VRF) configuration.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

Using the clear ipv6 pim reset command breaks the PIM-MRIB connection, clears the topology table, and then reestablishes the PIM-MRIB connection. This procedure forces MRIB resynchronization.


Caution


Use the clear ipv6 pim reset command with caution, as it clears all PIM protocol information from the PIM topology table. Use of the clear ipv6 pim reset command should be reserved for situations where PIM and MRIB communication are malfunctioning.


Examples

The following example deletes all entries from the topology table and resets the MRIB connection:


# clear ipv6 pim reset

clear ipv6 pim topology

To clear the Protocol Independent Multicast (PIM) topology table, use the clear ipv6 pim topology command in privileged EXEC mode.

clear ipv6 pim [vrf vrf-name] topology [group-name | group-address]

Syntax Description

vrf vrf-name

(Optional) Specifies a virtual routing and forwarding (VRF) configuration.

group-name | group-address

(Optional) IPv6 address or name of the multicast group.

Command Default

When the command is used with no arguments, all group entries located in the PIM topology table are cleared of PIM protocol information.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

This command clears PIM protocol information from all group entries located in the PIM topology table. Information obtained from the MRIB table is retained. If a multicast group is specified, only those group entries are cleared.

Examples

The following example clears all group entries located in the PIM topology table:


# clear ipv6 pim topology

clear ipv6 pim traffic

To clear the Protocol Independent Multicast (PIM) traffic counters, use the clear ipv6 pim traffic command in privileged EXEC mode.

clear ipv6 pim [vrf vrf-name] traffic

Syntax Description

vrf vrf-name

(Optional) Specifies a virtual routing and forwarding (VRF) configuration.

Command Default

When the command is used with no arguments, all traffic counters are cleared.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

This command clears PIM traffic counters. If the vrf vrf-name keyword and argument are used, only those counters are cleared.

Examples

The following example clears all PIM traffic counter:


# clear ipv6 pim traffic

clear ipv6 prefix-list

To reset the hit count of the IPv6 prefix list entries, use the clear ipv6 prefix-list command in privileged EXEC mode.

clear ipv6 prefix-list [prefix-list-name] [ipv6-prefix/prefix-length]

Syntax Description

prefix-list-name

(Optional) The name of the prefix list from which the hit count is to be cleared.

ipv6-prefix

(Optional) The IPv6 network from which the hit count is to be cleared.

This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16-bit values between colons.

/ prefix-length

(Optional) The length of the IPv6 prefix. A decimal value that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address). A slash mark must precede the decimal value.

Command Default

The hit count is automatically cleared for all IPv6 prefix lists.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

The clear ipv6 prefix-list command is similar to the clear ip prefix-list command, except that it is IPv6-specific.

The hit count is a value indicating the number of matches to a specific prefix list entry.

Examples

The following example clears the hit count from the prefix list entries for the prefix list named first_list that match the network mask 2001:0DB8::/ 35.


# clear ipv6 prefix-list first_list 2001:0DB8::/35

clear ipv6 rip

To delete routes from the IPv6 Routing Information Protocol (RIP) routing table, use the clear ipv6 rip command in privileged EXEC mode.

clear ipv6 rip [name] [vrf vrf-name]

clear ipv6 rip [name]

Syntax Description

name

(Optional) Name of an IPv6 RIP process.

vrf vrf-name

(Optional) Clears information about the specified Virtual Routing and Forwarding (VRF) instance.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

When the name argument is specified, only routes for the specified IPv6 RIP process are deleted from the IPv6 RIP routing table. If no name argument is specified, all IPv6 RIP routes are deleted.

Use the show ipv6 rip command to display IPv6 RIP routes.

Use the clear ipv6 rip name vrf vrf-name command to delete the specified VRF instances for the specified IPv6 RIP process.

Examples

The following example deletes all the IPv6 routes for the RIP process called one:


# clear ipv6 rip one

The following example deletes the IPv6 VRF instance, called vrf1 for the RIP process, called one:


# clear ipv6 rip one vrf vrf1

*Mar 15 12:36:17.022: RIPng: Deleting 2001:DB8::/32
*Mar 15 12:36:17.022: [Exec]IPv6RT[vrf1]: rip <name>, Delete all next-hops for 2001:DB8::1
*Mar 15 12:36:17.022: [Exec]IPv6RT[vrf1]: rip <name>, Delete 2001:DB8::1 from table
*Mar 15 12:36:17.022: [IPv6 RIB Event Handler]IPv6RT[<red>]: Event: 2001:DB8::1, Del, owner rip, previous None

clear ipv6 route

To delete routes from the IPv6 routing table, use the clear ipv6 route command in privileged EXEC mode.

{clear ipv6 route {ipv6-address | ipv6-prefix/prefix-length} | *}

Syntax Description

ipv6-address

The address of the IPv6 network to delete from the table.

This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16-bit values between colons.

ipv6-prefix

The IPv6 network number to delete from the table.

This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16-bit values between colons.

/ prefix-length

The length of the IPv6 prefix. A decimal value that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address). A slash mark must precede the decimal value.

*

Clears all IPv6 routes.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

The clear ipv6 route command is similar to the clear ip route command, except that it is IPv6-specific.

When the ipv6-address or ipv6-prefix/ prefix- length argument is specified, only that route is deleted from the IPv6 routing table. When the * keyword is specified, all routes are deleted from the routing table (the per-destination maximum transmission unit [MTU] cache is also cleared).

Examples

The following example deletes the IPv6 network 2001:0DB8::/ 35:


# clear ipv6 route 2001:0DB8::/35

clear ipv6 spd

To clear the most recent Selective Packet Discard (SPD) state transition, use the clear ipv6 spd command in privileged EXEC mode.

clear ipv6 spd

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

The clear ipv6 spd command removes the most recent SPD state transition and any trend historical data.

Examples

The following example shows how to clear the most recent SPD state transition:


# clear ipv6 spd

fhrp delay

To specify the delay period for the initialization of First Hop Redundancy Protocol (FHRP) clients, use the fhrp delay command in interface configuration mode. To remove the delay period specified, use the no form of this command.

fhrp delay {[ minimum] [ reload] seconds}

no fhrp delay {[ minimum] [ reload] seconds}

Syntax Description

minimum

(Optional) Configures the delay period after an interface becomes available.

reload

(Optional) Configures the delay period after the device reloads.

seconds

Delay period in seconds. The range is from 0 to 3600.

Command Default

None

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Examples

This example shows how to specify the delay period for the initialization of FHRP clients:


Device(config-if)# fhrp delay minimum 90

fhrp version vrrp v3

To enable Virtual Router Redundancy Protocol version 3 (VRRPv3) and Virtual Router Redundancy Service (VRRS) configuration on a device, use the fhrp version vrrp v3 command in global configuration mode. To disable the ability to configure VRRPv3 and VRRS on a device, use the no form of this command.

fhrp version vrrp v3

no fhrp version vrrp v3

Syntax Description

This command has no keywords or arguments.

Command Default

VRRPv3 and VRRS configuration on a device is not enabled.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

When VRRPv3 is in use, VRRP version 2 (VRRPv2) is unavailable.

Examples

In the following example, a tracking process is configured to track the state of an IPv6 object using a VRRPv3 group. VRRP on GigabitEthernet interface 0/0/0 then registers with the tracking process to be informed of any changes to the IPv6 object on the VRRPv3 group. If the IPv6 object state on serial interface VRRPv3 goes down, then the priority of the VRRP group is reduced by 20:


Device(config)# fhrp version vrrp v3
Device(config)# interface GigabitEthernet 0/0/0
Device(config-if)# vrrp 1 address-family ipv6
Device(config-if-vrrp)# track 1 decrement 20

ip address dhcp

To acquire an IP address on an interface from the DHCP, use the ip address dhcp command in interface configuration mode. To remove any address that was acquired, use the no form of this command.

ip address dhcp [client-id interface-type number] [hostname hostname]

no ip address dhcp [client-id interface-type number] [hostname hostname]

Syntax Description

client-id

(Optional) Specifies the client identifier. By default, the client identifier is an ASCII value. The client-id interface-type number option sets the client identifier to the hexadecimal MAC address of the named interface.

interface-type

(Optional) Interface type. For more information, use the question mark (?) online help function.

number

(Optional) Interface or subinterface number. For more information about the numbering syntax for your networking device, use the question mark (?) online help function.

hostname

(Optional) Specifies the hostname.

hostname

(Optional) Name of the host to be placed in the DHCP option 12 field. This name need not be the same as the hostname entered in global configuration mode.

Command Default

The hostname is the globally configured hostname of the device. The client identifier is an ASCII value.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

The ip address dhcp command allows any interface to dynamically learn its IP address by using the DHCP protocol. It is especially useful on Ethernet interfaces that dynamically connect to an Internet service provider (ISP). Once assigned a dynamic address, the interface can be used with the Port Address Translation (PAT) of Cisco IOS Network Address Translation (NAT) to provide Internet access to a privately addressed network attached to the device.

The ip address dhcp command also works with ATM point-to-point interfaces and will accept any encapsulation type. However, for ATM multipoint interfaces you must specify Inverse ARP via the protocol ip inarp interface configuration command and use only the aa15snap encapsulation type.

Some ISPs require that the DHCPDISCOVER message have a specific hostname and client identifier that is the MAC address of the interface. The most typical usage of the ip address dhcp client-id interface-type number hostname hostname command is when interface-type is the Ethernet interface where the command is configured and interface-type number is the hostname provided by the ISP.

A client identifier (DHCP option 61) can be a hexadecimal or an ASCII value. By default, the client identifier is an ASCII value. The client-id interface-type number option overrides the default and forces the use of the hexadecimal MAC address of the named interface.

If a Cisco device is configured to obtain its IP address from a DHCP server, it sends a DHCPDISCOVER message to provide information about itself to the DHCP server on the network.

If you use the ip address dhcp command with or without any of the optional keywords, the DHCP option 12 field (hostname option) is included in the DISCOVER message. By default, the hostname specified in option 12 will be the globally configured hostname of the device. However, you can use the ip address dhcp hostname hostname command to place a different name in the DHCP option 12 field than the globally configured hostname of the device.

The no ip address dhcp command removes any IP address that was acquired, thus sending a DHCPRELEASE message.

You might need to experiment with different configurations to determine the one required by your DHCP server. The table below shows the possible configuration methods and the information placed in the DISCOVER message for each method.

Table 1. Configuration Method and Resulting Contents of the DISCOVER Message

Configuration Method

Contents of DISCOVER Messages

ip address dhcp

The DISCOVER message contains “cisco- mac-address -Eth1” in the client ID field. The mac-address is the MAC address of the Ethernet 1 interface and contains the default hostname of the device in the option 12 field.

ip address dhcp hostname hostname

The DISCOVER message contains “cisco- mac-address -Eth1” in the client ID field. The mac-address is the MAC address of the Ethernet 1 interface, and contains hostname in the option 12 field.

ip address dhcp client-id ethernet 1

The DISCOVER message contains the MAC address of the Ethernet 1 interface in the client ID field and contains the default hostname of the device in the option 12 field.

ip address dhcp client-id ethernet 1 hostname hostname

The DISCOVER message contains the MAC address of the Ethernet 1 interface in the client ID field and contains hostname in the option 12 field.

Examples

In the examples that follow, the command ip address dhcp is entered for Ethernet interface 1. The DISCOVER message sent by a device configured as shown in the following example would contain “cisco- mac-address -Eth1” in the client-ID field, and the value abc in the option 12 field.


hostname abc
!
interface GigabitEthernet 1/0/1
 ip address dhcp

The DISCOVER message sent by a device configured as shown in the following example would contain “cisco- mac-address -Eth1” in the client-ID field, and the value def in the option 12 field.


hostname abc
!
interface GigabitEthernet 1/0/1
 ip address dhcp hostname def

The DISCOVER message sent by a device configured as shown in the following example would contain the MAC address of Ethernet interface 1 in the client-id field, and the value abc in the option 12 field.


hostname abc
!
interface Ethernet 1
 ip address dhcp client-id GigabitEthernet 1/0/1

The DISCOVER message sent by a device configured as shown in the following example would contain the MAC address of Ethernet interface 1 in the client-id field, and the value def in the option 12 field.


hostname abc
!
interface Ethernet 1
 ip address dhcp client-id GigabitEthernet 1/0/1 hostname def

ip address pool (DHCP)

To enable the IP address of an interface to be automatically configured when a Dynamic Host Configuration Protocol (DHCP) pool is populated with a subnet from IP Control Protocol (IPCP) negotiation, use the ip address pool command in interface configuration mode. To disable autoconfiguring of the IP address of the interface, use the no form of this command.

ip address pool name

no ip address pool

Syntax Description

name

Name of the DHCP pool. The IP address of the interface will be automatically configured from the DHCP pool specified in name .

Command Default

IP address pooling is disabled.

Command Modes

Interface configuration

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

Use this command to automatically configure the IP address of a LAN interface when there are DHCP clients on the attached LAN that should be serviced by the DHCP pool on the device. The DHCP pool obtains its subnet dynamically through IPCP subnet negotiation.

Examples

The following example specifies that the IP address of GigabitEthernet interface 1/0/1 will be automatically configured from the address pool named abc:


ip dhcp pool abc
  import all
  origin ipcp
!
interface GigabitEthernet 1/0/1
  ip address pool abc

ip address

To set a primary or secondary IP address for an interface, use the ip address command in interface configuration mode. To remove an IP address or disable IP processing, use the no form of this command.

ip address ip-address mask [secondary [vrf vrf-name]]

no ip address ip-address mask [secondary [vrf vrf-name]]

Syntax Description

ip-address

IP address.

mask

Mask for the associated IP subnet.

secondary

(Optional) Specifies that the configured address is a secondary IP address. If this keyword is omitted, the configured address is the primary IP address.

Note

 

If the secondary address is used for a VRF table configuration with the vrf keyword, the vrf keyword must be specified also.

vrf

(Optional) Name of the VRF table. The vrf-name argument specifies the VRF name of the ingress interface.

Command Default

No IP address is defined for the interface.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

An interface can have one primary IP address and multiple secondary IP addresses. Packets generated by the Cisco IOS software always use the primary IP address. Therefore, all devices and access servers on a segment should share the same primary network number.

Hosts can determine subnet masks using the Internet Control Message Protocol (ICMP) mask request message. Devices respond to this request with an ICMP mask reply message.

You can disable IP processing on a particular interface by removing its IP address with the no ip address command. If the software detects another host using one of its IP addresses, it will print an error message on the console.

The optional secondary keyword allows you to specify an unlimited number of secondary addresses. Secondary addresses are treated like primary addresses, except the system never generates datagrams other than routing updates with secondary source addresses. IP broadcasts and Address Resolution Protocol (ARP) requests are handled properly, as are interface routes in the IP routing table.

Secondary IP addresses can be used in a variety of situations. The following are the most common applications:

  • There may not be enough host addresses for a particular network segment. For example, your subnetting allows up to 254 hosts per logical subnet, but on one physical subnet you need 300 host addresses. Using secondary IP addresses on the devices or access servers allows you to have two logical subnets using one physical subnet.

  • Many older networks were built using Level 2 bridges. The judicious use of secondary addresses can aid in the transition to a subnetted, device-based network. Devices on an older, bridged segment can be easily made aware that many subnets are on that segment.

  • Two subnets of a single network might otherwise be separated by another network. This situation is not permitted when subnets are in use. In these instances, the first network is extended , or layered on top of the second network using secondary addresses.


Note


  • If any device on a network segment uses a secondary address, all other devices on that same segment must also use a secondary address from the same network or subnet. Inconsistent use of secondary addresses on a network segment can very quickly cause routing loops.

  • When you are routing using the Open Shortest Path First (OSPF) algorithm, ensure that all secondary addresses of an interface fall into the same OSPF area as the primary addresses.

  • If you configure a secondary IP address, you must disable sending ICMP redirect messages by entering the no ip redirects command, to avoid high CPU utilization.


Examples

In the following example, 192.108.1.27 is the primary address and 192.31.7.17 is the secondary address for GigabitEthernet interface 1/0/1:

Device> enable
Device# configure terminal
Device(config)# interface GigabitEthernet 1/0/1
Device(config-if)# ip address 192.108.1.27 255.255.255.0
Device(config-if)# ip address 192.31.7.17 255.255.255.0 secondary

ip domain lookup

To enable IP Domain Name System (DNS)-based hostname-to-address translation, use the ip domain lookup command in global configuration mode. To disable DNS-based hostname-to-address translation, use the no form of this command.

ip domain lookup [ nsap | recursive | source-interface interface-type-number | vrf vrf-name { source-interface interface-type-number } ]

Syntax Description

nsap

Optional) Enables IP DNS queries for Connectionless Network Service (CLNS) and Network Service Access Point (NSAP) addresses.

recursive

(Optional) Enables IP DNS recursive lookup.

source-interface interface-type-number

(Optional) Specifies the source interface for the DNS resolver. Enter an interface type and number.

vrf vrf-name

(Optional) Defines a Virtual Routing and Forwarding (VRF) table. For vrf-name , enter a name for the VRF table.

Command Default

IP DNS-based hostname-to-address translation is enabled.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Cisco IOS XE Dublin 17.12.1

An issue relating to the configuration of the ip domain lookup source-interface interface-type-number command on Layer 3 physical interfaces was resolved.

Starting from this release, even if configured on a Layer 3 physical interface, the command is retained across reloads and in case the port mode is changed.

Usage Guidelines

If this command is enabled on a device and you execute the show tcp brief command, the output may be displayed very slowly.

When both IP and ISO CLNS are enabled on a device, the ip domain lookup nsap command allows you to discover a CLNS address without having to specify a full CLNS address, given a hostname.

This command is useful for the ping (ISO CLNS) command, and for CLNS Telnet connections.

If you configure the ip domain lookup source-interface interface-type-number command on a Layer 3 physical interface, note the following: If the port mode is changed or in case of a device reload, the command is automatically removed from running configuration (Refer to the output of the show running-configuration privileged EXEC command when this happens). Removal of the command causes DNS queries that use the specified source interface, to be dropped. The only available workaround is to reconfigure the command. Starting with Cisco IOS XE Dublin 17.12.1, this issue is resolved.

Examples

The following example shows how to configure IP DNS-based hostname-to-address translation:

Device> enable
Device# configure terminal
Device(config)# ip domain lookup
Device(config)# end
The following example shows how to configure a source interface for the DNS domain lookup.

Device# configure terminal
Device(config)# ip domain lookup source-interface gigabitethernet1/0/2
Device(config)# end
 

ip nat translation max-entries

To configure a limit on dynamically created NAT entries, use the ip nat translation max-entries command in global configuration mode. To remove the specified limit, use the no form of this command.

ip nat translation max-entries { all-host | all-vrf | host ip address | list { list-name | list-number } | vrf name } max-entries
no ip nat translation max-entries { all-host | all-vrf | host ip address | list { list-name | list-number } | vrf name } max-entries

Syntax Description

all-host

(Optional) Subjects each host to the specified NAT limit.

all-vrf

(Optional) Subjects each VPN routing and forwarding (VRF) instance to the specific NAT limit.

host ip-address

(Optional) Specifies an IP address subject to the NAT limit.

list list-name

(Optional) Specifies an access control list (ACL) subject to the NAT limit.

list list-number

(Optional) Specifies an access control list (ACL) subject to the NAT limit. The range is from 1 to 99.

vrf name

(Optional) Specifies a virtual routing and forwarding instance (VRF) subject to the NAT limit.

max-entries

Specifies the maximum number of allowed NAT entries. The range is from 1 to 2147483647.

Command Default

There is no configured limit on the number of translations.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Fuji 16.8.1

This command was introduced.

Usage Guidelines

You can set NAT rate limit to constrain the dynamic entries created by a specific host, group of hosts via an ACL, per vrf or globally in which case the given limit would apply to all entries regardless of the source.

When using the no form of the ip nat translation max-entries command, you must specify the type of NAT rate limit that you want to remove and its value. The show ip nat statistics command can be used to display various limit related statistics.

Examples

The following example shows how to limit the maximum number of allowed NAT entries to 300:

Device(config)# ip nat translation max-entries 300

ip unnumbered

To enable IP processing on an interface without assigning an explicit IP address to the interface, use the ip unnumbered command in interface configuration mode or subinterface configuration mode. To disable the IP processing on the interface, use the no form of this command.

ip unnumbered type number [ poll ] [ point-to-point ]

no ip unnumbered [ type number ]

Syntax Description

type

Type of interface. For more information, use the question mark (? ) online help function.

number

Interface or subinterface number. For more information about the numbering syntax for your networking device, use the question mark (? ) online help function.

poll

(Optional) Enables IP connected host polling.

point-to-point

(Optional) Enables point to point connection.

Command Default

Unnumbered interfaces are not supported.

Command Modes

Interface configuration (config-if)

Subinterface configuration (config-subif)

Command History

Release

Modification

Cisco IOS XE Fuji 16.8.1a

This command was introduced.

Usage Guidelines

When an unnumbered interface generates a packet (for example, for a routing update), it uses the address of the specified interface as the source address of the IP packet. It also uses the address of the specified interface in determining which routing processes are sending updates over the unnumbered interface.

The following restrictions are applicable for this command:

  • Serial interfaces using High-Level Data Link Control (HDLC), PPP, Link Access Procedure Balanced (LAPB), Frame Relay encapsulations, and Serial Line Internet Protocol (SLIP), and tunnel interfaces can be unnumbered.

  • You cannot use the ping EXEC command to determine whether the interface is up because the interface has no address. Simple Network Management Protocol (SNMP) can be used to remotely monitor interface status.

  • It is not possible to netboot a Cisco IOS image over a serial interface that is assigned an IP address with the ip unnumbered command.

  • You cannot support IP security options on an unnumbered interface.

The interface that you specify using the type and number arguments must be enabled (listed as “up” in the show interfaces command display).

If you are configuring Intermediate System-to-Intermediate System (IS-IS) across a serial line, you must configure the serial interfaces as unnumbered. This configuration allows you to comply with RFC 1195, which states that IP addresses are not required on each interface.


Note


Using an unnumbered serial line between different major networks (or majornets) requires special care. If at each end of the link there are different majornets assigned to the interfaces that you specified as unnumbered, any routing protocol that is running across the serial line must not advertise subnet information.


Examples

The following example shows how to assign the address of Ethernet 0 to the first serial interface:

Device(config)# interface ethernet 0
Device(config-if)# ip address 10.108.6.6 255.255.255.0
!
Device(config-if)# interface serial 0
Device(config-if)# ip unnumbered ethernet 0

The following example shows how to configure Ethernet VLAN subinterface 3/0.2 as an IP unnumbered subinterface:

Device(config)# interface ethernet 3/0.2
Device(config-subif)# encapsulation dot1q 200
Device(config-subif)# ip unnumbered ethernet 3/1

The following example shows how to configure Fast Ethernet subinterfaces in the range from 5/1.1 to 5/1.4 as IP unnumbered subinterfaces:

Device(config)# interface range fastethernet5/1.1 - fastethernet5/1.4
Device(config-if-range)# ip unnumbered ethernet 3/1

The following example shows how to enable polling on a Gigabit Ethernet interface:

Device(config)# interface loopback0
Device(config-if)# ip address 10.108.6.6 255.255.255.0
!
Device(config-if)# ip unnumbered gigabitethernet 3/1
Device(config-if)# ip unnumbered loopback0 poll

ip wccp

To enable support of the specified Web Cache Communication Protocol (WCCP) service for participation in a service group, use the ip wccp command in global configuration mode. To disable the service group, use the no form of this command.

ip wccp [ vrf vrf-name ] { web-cache | service-number } [ service-list service-access-list ] [ mode { open | closed } ] [ group-address multicast-address ] [ redirect-list access-list ] [ group-list access-list ] [ password [ 0 | 7 ] password ]

no ip wccp [ vrf vrf-name ] { web-cache | service-number } [ service-list service-access-list ] [ mode { open | closed } ] [ group-address multicast-address ] [ redirect-list access-list ] [ group-list access-list ] [ password [ 0 | 7 ] password ]

Syntax Description

vrf vrf-name

(Optional) Specifies a virtual routing and forwarding instance (VRF) to associate with a service group.

web-cache

Specifies the web-cache service (WCCP Version 1 and Version 2).

Note

 

Web-cache counts as one of the services. The maximum number of services, including those assigned with the service-number argument, is 256.

service-number

Dynamic service identifier, which means the service definition is dictated by the cache. The dynamic service number can be from 0 to 254. The maximum number of services is 256, which includes the web-cache service specified with the web-cache keyword.

Note

 

If Cisco cache engines are used in the cache cluster, the reverse proxy service is indicated by a value of 99.

service-list service-access-list

(Optional) Identifies a named extended IP access list that defines the packets that will match the service.

mode open

(Optional) Identifies the service as open. This is the default service mode.

mode closed

(Optional) Identifies the service as closed.

group-address multicast-address

(Optional) Specifies the multicast IP address that communicates with the WCCP service group. The multicast address is used by the device to determine which web cache should receive redirected messages.

redirect-list access-list

(Optional) Specifies the access list that controls traffic redirected to this service group. The access-list argument should consist of a string of no more than 64 characters (name or number) in length that specifies the access list.

group-list access-list

(Optional) Specifies the access list that determines which web caches are allowed to participate in the service group. The access-list argument specifies either the number or the name of a standard or extended access list.

password [0 | 7] password

(Optional) Specifies the message digest algorithm 5 (MD5) authentication for messages received from the service group. Messages that are not accepted by the authentication are discarded. The encryption type can be 0 or 7, with 0 specifying not yet encrypted and 7 for proprietary. The password argument can be up to eight characters in length.

Command Default

WCCP services are not enabled on the device.

Command Modes

Global configuration (config)

Command History

Release

Modification

This command was introduced.

Cisco IOS XE Bengaluru 17.6.1

The vrf keyword and vrf-name argument pair were added.

Usage Guidelines

WCCP transparent caching bypasses Network Address Translation (NAT) when Cisco Express Forwarding switching is enabled. To work around this situation, configure WCCP transparent caching in the outgoing direction, enable Cisco Express Forwarding switching on the content engine interface, and specify the ip wccp web-cache redirect out command. Configure WCCP in the incoming direction on the inside interface by specifying the ip wccp redirect exclude in command on the device interface facing the cache. This configuration prevents the redirection of any packets arriving on that interface.

You can also include a redirect list when configuring a service group. The specified redirect list will deny packets with a NAT (source) IP address and prevent redirection.

This command instructs a device to enable or disable support for the specified service number or the web-cache service name. A service number can be from 0 to 254. Once the service number or name is enabled, the device can participate in the establishment of a service group.


Note


All WCCP parameters must be included in a single IP WCCP command. For example: ip wccp 61 redirect-list 10 password password.


The vrf vrf-name keyword and argument pair is optional. It allows you to specify a VRF to associate with a service group. You can then specify a web-cache service name or service number.

The same service (web-cache or service number) can be configured in different VRF tables. Each service will operate independently.

When the no ip wccp command is entered, the device terminates participation in the service group, deallocates space if none of the interfaces still has the service configured, and terminates the WCCP task if no other services are configured.

The keywords following the web-cache keyword and the service-number argument are optional and may be specified in any order, but only may be specified once. The following sections outline the specific usage of each of the optional forms of this command.

ip wccp [vrf vrf-name] {web-cache | service-number} group-address multicast-address

A WCCP group address can be configured to set up a multicast address that cooperating devices and web caches can use to exchange WCCP protocol messages. If such an address is used, IP multicast routing must be enabled so that the messages that use the configured group (multicast) addresses are received correctly.

This option instructs the device to use the specified multicast IP address to coalesce the "I See You" responses for the "Here I Am" messages that it has received on this group address. The response is also sent to the group address. The default is for no group address to be configured, in which case all "Here I Am" messages are responded to with a unicast reply.

ip wccp [vrf vrf-name] {web-cache | service-number} redirect-list access-list

This option instructs the device to use an access list to control the traffic that is redirected to the web caches of the service group specified by the service name given. The access-list argument specifies either the number or the name of a standard or extended access list. The access list itself specifies which traffic is permitted to be redirected. The default is for no redirect list to be configured (all traffic is redirected).

WCCP requires that the following protocol and ports not be filtered by any access lists:

  • UDP (protocol type 17) port 2048. This port is used for control signaling. Blocking this type of traffic prevents WCCP from establishing a connection between the device and web caches.

  • Generic routing encapsulation (GRE) (protocol type 47 encapsulated frames). Blocking this type of traffic prevents the web caches from ever seeing the packets that are intercepted.

ip wccp [vrf vrf-name] {web-cache | service-number} group-list access-list

This option instructs the device to use an access list to control the web caches that are allowed to participate in the specified service group. The access-list argument specifies either the number of a standard or extended access list or the name of any type of named access list. The access list itself specifies which web caches are permitted to participate in the service group. The default is for no group list to be configured, in which case all web caches may participate in the service group.


Note


The ip wccp {web-cache | service-number} group-list command syntax resembles the ip wccp {web-cache | service-number} group-listen command, but these are entirely different commands. The ip wccp group-listen command is an interface configuration command used to configure an interface to listen for multicast notifications from a cache cluster.


ip wccp [vrf vrf-name] web-cache | service-number} password password

This option instructs the device to use MD5 authentication on the messages received from the service group specified by the service name given. Use this form of the command to set the password on the device. You must also configure the same password separately on each web cache. The password can be up to a maximum of eight characters in length. Messages that do not authenticate when authentication is enabled on the device are discarded. The default is for no authentication password to be configured and for authentication to be disabled.

ip wccp service-number service-list service-access-list mode closed

In applications where the interception and redirection of WCCP packets to external intermediate devices for the purpose of applying feature processing are not available within Cisco IOS software, packets for the application must be blocked when the intermediary device is not available. This blocking is called a closed service. By default, WCCP operates as an open service, wherein communication between clients and servers proceeds normally in the absence of an intermediary device. The service-list keyword can be used only for closed mode services. When a WCCP service is configured as closed, WCCP discards packets that do not have a client application registered to receive the traffic. Use the service-list keyword and service-access-list argument to register an application protocol type or port number.

When the definition of a service in a service list conflicts with the definition received via the WCCP protocol, a warning message similar to the following is displayed:


Sep 28 14:06:35.923: %WCCP-5-SERVICEMISMATCH: Service 90 mismatched on WCCP client 10.1.1.13

When there is service list definitions conflict, the configured definition takes precedence over the external definition received via WCCP protocol messages.

Examples

The following example shows how to configure a device to run WCCP reverse-proxy service, using the multicast address of 239.0.0.0:


Device> enable
Device# configure terminal
Device(config)# ip multicast-routing
Device(config)# ip wccp 99 group-address 239.0.0.0
Device(config)# interface ethernet 0
Device(config-if)# ip wccp 99 group-listen

The following example shows how to configure a device to redirect web-related packets without a destination of 10.168.196.51 to the web cache:


Device> enable
Device# configure terminal
Device(config)# access-list 100 deny ip any host 10.168.196.51
Device(config)# access-list 100 permit ip any any
Device(config)# ip wccp web-cache redirect-list 100
Device(config)# interface ethernet 0
Device(config-if)# ip wccp web-cache redirect out

The following example shows how to configure an access list to prevent traffic from network 10.0.0.0 leaving Fast Ethernet interface 0/0. Because the outbound access control list (ACL) check is enabled, WCCP does not redirect that traffic. WCCP checks packets against the ACL before they are redirected.


Device> enable
Device# configure terminal
Device(config)# ip wccp web-cache
Device(config)# ip wccp check acl outbound
Device(config)# interface fastethernet0/0
Device(config-if)# ip access-group 10 out
Device(config-if)# ip wccp web-cache redirect out
Device(config-if)# access-list 10 deny 10.0.0.0 0.255.255.255
Device(config-if)# access-list 10 permit any

If the outbound ACL check is disabled, HTTP packets from network 10.0.0.0 would be redirected to a cache, and users with that network address could retrieve web pages when the network administrator wanted to prevent this from happening.

The following example shows how to configure a closed WCCP service:


Device> enable
Device# configure terminal
Device(config)# ip wccp 99 service-list access1 mode closed

Note


  • If multiple parameters are required, all parameters under ip wccp [vrf vrf-name] web-cache | service-number} must be configured as a single command.

  • If the command is reissued with different parameters, the existing parameter will be removed and the new parameter will be configured.


The following example shows how to configure multiple parameters as a single command:


Device> enable
Device# configure terminal
Device(config)# ip wccp 61 group-address 10.0.0.1 password 0 password mode closed redirect-list 121

ipv6 access-list

To define an IPv6 access list and to place the device in IPv6 access list configuration mode, use the ipv6 access-list command in global configuration mode. To remove the access list, use the no form of this command.

ipv6 access-list access-list-name

no ipv6 access-list access-list-name

Syntax Description

access-list-name

Name of the IPv6 access list. Names cannot contain a space or quotation mark, or begin with a numeric.

Command Default

No IPv6 access list is defined.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

The ipv6 access-list command is similar to the ip access-list command, except that it is IPv6-specific.

The standard IPv6 ACL functionality supports --in addition to traffic filtering based on source and destination addresses--filtering of traffic based on IPv6 option headers and optional, upper-layer protocol type information for finer granularity of control (functionality similar to extended ACLs in IPv4). IPv6 ACLs are defined by using the ipv6 access-list command in global configuration mode and their permit and deny conditions are set by using the deny and permit commands in IPv6 access list configuration mode. Configuring the ipv6 access-list command places the device in IPv6 access list configuration mode--the device prompt changes to Device(config-ipv6-acl)#. From IPv6 access list configuration mode, permit and deny conditions can be set for the defined IPv6 ACL.


Note


IPv6 ACLs are defined by a unique name (IPv6 does not support numbered ACLs). An IPv4 ACL and an IPv6 ACL cannot share the same name.


For backward compatibility, the ipv6 access-list command with the deny and permit keywords in global configuration mode is still supported; however, an IPv6 ACL defined with deny and permit conditions in global configuration mode is translated to IPv6 access list configuration mode.

Refer to the deny (IPv6) and permit (IPv6) commands for more information on filtering IPv6 traffic based on IPv6 option headers and optional, upper-layer protocol type information. See the "Examples" section for an example of a translated IPv6 ACL configuration.


Note


Every IPv6 ACL has implicit permit icmp any any nd-na , permit icmp any any nd-ns , and deny ipv6 any any statements as its last match conditions. (The former two match conditions allow for ICMPv6 neighbor discovery.) An IPv6 ACL must contain at least one entry for the implicit deny ipv6 any any statement to take effect. The IPv6 neighbor discovery process makes use of the IPv6 network layer service; therefore, by default, IPv6 ACLs implicitly allow IPv6 neighbor discovery packets to be sent and received on an interface. In IPv4, the Address Resolution Protocol (ARP), which is equivalent to the IPv6 neighbor discovery process, makes use of a separate data link layer protocol; therefore, by default, IPv4 ACLs implicitly allow ARP packets to be sent and received on an interface.



Note


IPv6 prefix lists, not access lists, should be used for filtering routing protocol prefixes.


Use the ipv6 traffic-filter interface configuration command with the access-list-name argument to apply an IPv6 ACL to an IPv6 interface. Use the ipv6 access-class line configuration command with the access-list-name argument to apply an IPv6 ACL to incoming and outgoing IPv6 virtual terminal connections to and from the device.


Note


An IPv6 ACL applied to an interface with the ipv6 traffic-filter command filters traffic that is forwarded, not originated, by the device.



Note


When using this command to modify an ACL that is already associated with a bootstrap router (BSR) candidate rendezvous point (RP) (see the ipv6 pim bsr candidate rp command) or a static RP (see the ipv6 pim rp-address command), any added address ranges that overlap the PIM SSM group address range (FF3x::/96) are ignored. A warning message is generated and the overlapping address ranges are added to the ACL, but they have no effect on the operation of the configured BSR candidate RP or static RP commands.


Duplicate remark statements can no longer be configured from the IPv6 access control list. Because each remark statement is a separate entity, each one is required to be unique.

Examples

The following example is from a device running Cisco IOS Release 12.0(23)S or later releases. The example configures the IPv6 ACL list named list1 and places the device in IPv6 access list configuration mode.


Device(config)# ipv6 access-list list1
Device(config-ipv6-acl)#

The following example is from a device running Cisco IOS Release 12.2(2)T or later releases, 12.0(21)ST, or 12.0(22)S. The example configures the IPv6 ACL named list2 and applies the ACL to outbound traffic on Ethernet interface 0. Specifically, the first ACL entry keeps all packets from the network FEC0:0:0:2::/64 (packets that have the site-local prefix FEC0:0:0:2 as the first 64 bits of their source IPv6 address) from exiting out of Ethernet interface 0. The second entry in the ACL permits all other traffic to exit out of Ethernet interface 0. The second entry is necessary because an implicit deny all condition is at the end of each IPv6 ACL.


Device(config)# ipv6 access-list list2 deny FEC0:0:0:2::/64 any
Device(config)# ipv6 access-list list2 permit any any
Device(config)# interface ethernet 0
Device(config-if)# ipv6 traffic-filter list2 out

If the same configuration was entered on a device running Cisco IOS Release 12.0(23)S or later releases, the configuration would be translated into IPv6 access list configuration mode as follows:


ipv6 access-list list2 
  deny FEC0:0:0:2::/64 any
  permit ipv6 any any
interface ethernet 0
 ipv6 traffic-filter list2 out

Note


IPv6 is automatically configured as the protocol type in permit any any and deny any any statements that are translated from global configuration mode to IPv6 access list configuration mode.



Note


IPv6 ACLs defined on a device running Cisco IOS Release 12.2(2)T or later releases, 12.0(21)ST, or 12.0(22)S that rely on the implicit deny condition or specify a deny any any statement to filter traffic should contain permit statements for link-local and multicast addresses to avoid the filtering of protocol packets (for example, packets associated with the neighbor discovery protocol). Additionally, IPv6 ACLs that use deny statements to filter traffic should use a permit any any statement as the last statement in the list.



Note


An IPv6 device will not forward to another network an IPv6 packet that has a link-local address as either its source or destination address (and the source interface for the packet is different from the destination interface for the packet).


ipv6 address-validate

To enable IPv6 address validation, use the ipv6 address-validate in global configuration mode. To disable IPv6 address validation, use the no form of this command.

ipv6 address- validate

no ipv6 address- validate

Command Default

This command is enabled by default.

Command Modes

Global configuration (config)

Command History

Release Modification
Cisco IOS XE Gibraltar 16.11.1

This command was introduced.

Usage Guidelines

The ipv6 address-validate command is used to validate whether the interface identifiers in an assigned IPv6 address are a part of the reserved IPv6 interface identifiers range, as specified in RFC5453. If the interface identifiers of the assigned IPv6 address are a part of the reserved range, a new IPv6 address is assigned.

Only auto-configured addresses or addresses configured by DHCPv6 are validated.


Note


The no ipv6-address validate command disables the IPv6 address validation and allows assigning of IPv6 addresses with interface identifiers that are a part of the reserved IPv6 interface identifiers range. We do not recommend the use of this command.

You must enter a minimum of eight characters of the ipv6-address validate command if you’re using CLI help (?) for completing the syntax of this command. If you enter less than eight characters the command will conflict with the no ipv6 address command in interface configuration mode.


Examples

The following example shows how to re-enable IPv6 address validation if it is disabled using the no ipv6-address validate command:

Device> enable
Device# configure terminal
Device(config)# ipv6 address-validate

ipv6 cef

To enable Cisco Express Forwarding for IPv6, use the ipv6 cef command in global configuration mode. To disable Cisco Express Forwarding for IPv6, use the no form of this command.

ipv6 cef

no ipv6 cef

Syntax Description

This command has no arguments or keywords.

Command Default

Cisco Express Forwarding for IPv6 is disabled by default.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

The ipv6 cef command is similar to the ip cef command, except that it is IPv6-specific.

The ipv6 cef command is not available on the Cisco 12000 series Internet routers because this distributed platform operates only in distributed Cisco Express Forwarding for IPv6 mode.


Note


The ipv6 cef command is not supported in interface configuration mode.



Note


Some distributed architecture platforms support both Cisco Express Forwarding for IPv6 and distributed Cisco Express Forwarding for IPv6. When Cisco Express Forwarding for IPv6 is configured on distributed platforms, Cisco Express Forwarding switching is performed by the Route Processor (RP).



Note


You must enable Cisco Express Forwarding for IPv4 by using the ip cef global configuration command before enabling Cisco Express Forwarding for IPv6 by using the ipv6 cef global configuration command.


Cisco Express Forwarding for IPv6 is advanced Layer 3 IP switching technology that functions the same and offer the same benefits as Cisco Express Forwarding for IPv4. Cisco Express Forwarding for IPv6 optimizes network performance and scalability for networks with dynamic, topologically dispersed traffic patterns, such as those associated with web-based applications and interactive sessions.

Examples

The following example enables standard Cisco Express Forwarding for IPv4 operation and then standard Cisco Express Forwarding for IPv6 operation globally on the .


(config)# ip cef
(config)# ipv6 cef

ipv6 cef accounting

To enable Cisco Express Forwarding for IPv6 and distributed Cisco Express Forwarding for IPv6 network accounting, use the ipv6 cef accounting command in global configuration mode or interface configuration mode. To disable Cisco Express Forwarding for IPv6 network accounting, use the no form of this command.

ipv6 cef accounting accounting-types

no ipv6 cef accounting accounting-types

Specific Cisco Express Forwarding Accounting Information Through Interface Configuration Mode

ipv6 cef accounting non-recursive {external | internal}

no ipv6 cef accounting non-recursive {external | internal}

Syntax Description

accounting-types

The accounting-types argument must be replaced with at least one of the following keywords. Optionally, you can follow this keyword by any or all of the other keywords, but you can use each keyword only once.

  • load-balance-hash --Enables load balancing hash bucket counters.

  • non-recursive --Enables accounting through nonrecursive prefixes.

  • per-prefix --Enables express forwarding of the collection of the number of packets and bytes to a destination (or prefix).

  • prefix-length --Enables accounting through prefix length.

non-recursive

Enables accounting through nonrecursive prefixes.

This keyword is optional when used in global configuration mode after another keyword is entered. See the accounting-types argument.

external

Counts input traffic in the nonrecursive external bin.

internal

Counts input traffic in the nonrecursive internal bin.

Command Default

Cisco Express Forwarding for IPv6 network accounting is disabled by default.

Command Modes

Global configuration (config)

Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

The ipv6 cef accounting command is similar to the ip cef accounting command, except that it is IPv6-specific.

Configuring Cisco Express Forwarding for IPv6 network accounting enables you to collect statistics on Cisco Express Forwarding for IPv6 traffic patterns in your network.

When you enable network accounting for Cisco Express Forwarding for IPv6 by using the ipv6 cef accounting command in global configuration mode, accounting information is collected at the Route Processor (RP) when Cisco Express Forwarding for IPv6 mode is enabled and at the line cards when distributed Cisco Express Forwarding for IPv6 mode is enabled. You can then display the collected accounting information using the show ipv6 cef EXEC command.

For prefixes with directly connected next hops, the non-recursive keyword enables express forwarding of the collection of packets and bytes through a prefix. This keyword is optional when this command is used in global configuration mode after you enter another keyword on the ipv6 cef accounting command.

This command in interface configuration mode must be used in conjunction with the global configuration command. The interface configuration command allows a user to specify two different bins (internal or external) for the accumulation of statistics. The internal bin is used by default. The statistics are displayed through the show ipv6 cef detail command.

Per-destination load balancing uses a series of 16 hash buckets into which the set of available paths are distributed. A hash function operating on certain properties of the packet is applied to select a bucket that contains a path to use. The source and destination IP addresses are the properties used to select the bucket for per-destination load balancing. Use the load-balance-hash keyword with the ipv6 cef accounting command to enable per-hash-bucket counters. Enter the show ipv6 cef prefix internal command to display the per-hash-bucket counters.

Examples

The following example enables the collection of Cisco Express Forwarding for IPv6 accounting information for prefixes with directly connected next hops:

(config)# ipv6 cef accounting non-recursive

ipv6 cef distributed

To enable distributed Cisco Express Forwarding for IPv6, use the ipv6 cef distributed command in global configuration mode. To disable Cisco Express Forwarding for IPv6, use the no form of this command.

ipv6 cef distributed

no ipv6 cef distributed

Syntax Description

This command has no arguments or keywords.

Command Default

Distributed Cisco Express Forwarding for IPv6 is disabled by default.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

The ipv6 cef distributed command is similar to the ip cef distributed command, except that it is IPv6-specific.

Enabling distributed Cisco Express Forwarding for IPv6 globally on the router by using the ipv6 cef distributed in global configuration mode distributes the Cisco Express Forwarding processing of IPv6 packets from the Route Processor (RP) to the line cards of distributed architecture platforms.


Note


To forward distributed Cisco Express Forwarding for IPv6 traffic on the router, configure the forwarding of IPv6 unicast datagrams globally on your router by using the ipv6 unicast-routing global configuration command, and configure an IPv6 address and IPv6 processing on an interface by using the ipv6 address interface configuration command.



Note


You must enable distributed Cisco Express Forwarding for IPv4 by using the ip cef distributed global configuration command before enabling distributed Cisco Express Forwarding for IPv6 by using the ipv6 cef distributed global configuration command.


Cisco Express Forwarding is advanced Layer 3 IP switching technology. Cisco Express Forwarding optimizes network performance and scalability for networks with dynamic, topologically dispersed traffic patterns, such as those associated with web-based applications and interactive sessions.

Examples

The following example enables distributed Cisco Express Forwarding for IPv6 operation:


(config)# ipv6 cef distributed

ipv6 cef load-sharing algorithm

To select a Cisco Express Forwarding load-balancing algorithm for IPv6, use the ipv6 cef load-sharing algorithm command in global configuration mode. To return to the default universal load-balancing algorithm, use the no form of this command.

ipv6 cef load-sharing algorithm {original | universal [id] }

no ipv6 cef load-sharing algorithm

Syntax Description

original

Sets the load-balancing algorithm to the original algorithm based on a source and destination hash.

universal

Sets the load-balancing algorithm to the universal algorithm that uses a source and destination and an ID hash.

id

(Optional) Fixed identifier in hexadecimal format.

Command Default

The universal load-balancing algorithm is selected by default. If you do not configure the fixed identifier for a load-balancing algorithm, the device automatically generates a unique ID.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

The ipv6 cef load-sharing algorithm command is similar to the ip cef load-sharing algorithm command, except that it is IPv6-specific.

When the Cisco Express Forwarding for IPv6 load-balancing algorithm is set to universal mode, each device on the network can make a different load-sharing decision for each source-destination address pair.

Examples

The following example shows how to enable the Cisco Express Forwarding original load-balancing algorithm for IPv6:

Device> enable
Device# configure terminal
Device(config)# ipv6 cef load-sharing algorithm original

ipv6 cef optimize neighbor resolution

To configure address resolution optimization from Cisco Express Forwarding for IPv6 for directly connected neighbors, use the ipv6 cef optimize neighbor resolution command in global configuration mode. To disable address resolution optimization from Cisco Express Forwarding for IPv6 for directly connected neighbors, use the no form of this command.

ipv6 cef optimize neighbor resolution

no ipv6 cef optimize neighbor resolution

Syntax Description

This command has no arguments or keywords.

Command Default

If this command is not configured, Cisco Express Forwarding for IPv6 does not optimize the address resolution of directly connected neighbors.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

The ipv6 cef optimize neighbor resolution command is very similar to the ip cef optimize neighbor resolution command, except that it is IPv6-specific.

Use this command to trigger Layer 2 address resolution of neighbors directly from Cisco Express Forwarding for IPv6.

Examples

The following example shows how to optimize address resolution from Cisco Express Forwarding for IPv6 for directly connected neighbors:


(config)# ipv6 cef optimize neighbor resolution
 

ipv6 destination-guard policy

To define a destination guard policy, use the ipv6 destination-guard policy command in global configuration mode. To remove the destination guard policy, use the no form of this command.

ipv6 destination-guard policy [policy-name]

no ipv6 destination-guard policy [policy-name]

Syntax Description

policy-name

(Optional) Name of the destination guard policy.

Command Default

No destination guard policy is defined.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

This command enters destination-guard configuration mode. The destination guard policies can be used to filter IPv6 traffic based on the destination address to block data traffic from an unknown source.

Examples

The following example shows how to define the name of a destination guard policy:


(config)#ipv6 destination-guard policy policy1
      

ipv6 dhcp-relay bulk-lease

To configure bulk lease query parameters, use the ipv6 dhcp-relay bulk-lease command in global configuration mode. To remove the bulk-lease query configuration, use the no form of this command.

ipv6 dhcp-relay bulk-lease {data-timeout seconds | retry number} [disable]

no ipv6 dhcp-relay bulk-lease [disable]

Syntax Description

data-timeout

(Optional) Bulk lease query data transfer timeout.

seconds

(Optional) The range is from 60 seconds to 600 seconds. The default is 300 seconds.

retry

(Optional) Sets the bulk lease query retries.

number

(Optional) The range is from 0 to 5. The default is 5.

disable

(Optional) Disables the DHCPv6 bulk lease query feature.

Command Default

Bulk lease query is enabled automatically when the DHCP for IPv6 (DHCPv6) relay agent feature is enabled.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

Use the ipv6 dhcp-relay bulk-lease command in global configuration mode to configure bulk lease query parameters, such as data transfer timeout and bulk-lease TCP connection retries.

The DHCPv6 bulk lease query feature is enabled automatically when the DHCPv6 relay agent is enabled. The DHCPv6 bulk lease query feature itself cannot be enabled using this command. To disable this feature, use the ipv6 dhcp-relay bulk-lease command with the disable keyword.

Examples

The following example shows how to set the bulk lease query data transfer timeout to 60 seconds:


(config)# ipv6 dhcp-relay bulk-lease data-timeout 60

ipv6 dhcp-relay option vpn

To enable the DHCP for IPv6 relay VRF-aware feature, use the ipv6 dhcp-relay option vpn command in global configuration mode. To disable the feature, use the no form of this command.

ipv6 dhcp-relay option vpn

no ipv6 dhcp-relay option vpn

Syntax Description

This command has no arguments or keywords.

Command Default

The DHCP for IPv6 relay VRF-aware feature is not enabled on the device.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

The ipv6 dhcp-relay option vpn command allows the DHCPv6 relay VRF-aware feature to be enabled globally on the device. If the ipv6 dhcp relay option vpn command is enabled on a specified interface, it overrides the global ipv6 dhcp-relay option vpn command.

Examples

The following example enables the DHCPv6 relay VRF-aware feature globally on the device:

(config)# ipv6 dhcp-relay option vpn

ipv6 dhcp-relay source-interface

To configure an interface to use as the source when relaying messages, use the ipv6 dhcp-relay source-interface command in global configuration mode. To remove the interface from use as the source, use the no form of this command.

ipv6 dhcp-relay source-interface interface-type interface-number

no ipv6 dhcp-relay source-interface interface-type interface-number

Syntax Description

interface-type interface-number

(Optional) Interface type and number that specifies output interface for a destination. If this argument is configured, client messages are forwarded to the destination address through the link to which the output interface is connected.

Command Default

The address of the server-facing interface is used as the IPv6 relay source.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

If the configured interface is shut down, or if all of its IPv6 addresses are removed, the relay will revert to its standard behavior.

The interface configuration (using the ipv6 dhcp relay source-interface command in interface configuration mode) takes precedence over the global configuration if both have been configured.

Examples

The following example configures the Loopback 0 interface to be used as the relay source:

(config)# ipv6 dhcp-relay source-interface loopback 0

ipv6 dhcp binding track ppp

To configure Dynamic Host Configuration Protocol (DHCP) for IPv6 to release any bindings associated with a PPP connection when that connection closes, use the ipv6 dhcp binding track ppp command in global configuration mode. To return to the default behavior, use the no form of this command.

ipv6 dhcp binding track ppp

no ipv6 dhcp binding track ppp

Syntax Description

This command has no arguments or keywords.

Command Default

When a PPP connection closes, the DHCP bindings associated with that connection are not released.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

The ipv6 dhcp binding track ppp command configures DHCP for IPv6 to automatically release any bindings associated with a PPP connection when that connection is closed. The bindings are released automatically to accommodate subsequent new registrations by providing sufficient resource.


Note


In IPv6 broadband deployment using DHCPv6, you must enable release of prefix bindings associated with a PPP virtual interface using this command. This ensures that DHCPv6 bindings are tracked together with PPP sessions, and in the event of DHCP REBIND failure, the client initiates DHCPv6 negotiation again.


A binding table entry on the DHCP for IPv6 server is automatically:

  • Created whenever a prefix is delegated to a client from the configuration pool.

  • Updated when the client renews, rebinds, or confirms the prefix delegation.

  • Deleted when the client releases all the prefixes in the binding voluntarily, all prefixes’ valid lifetimes have expired, or an administrator clears the binding.

Examples

The following example shows how to release the prefix bindings associated with the PPP:


(config)# ipv6 dhcp binding track ppp

ipv6 dhcp database

To configure a Dynamic Host Configuration Protocol (DHCP) for IPv6 binding database agent, use the ipv6 dhcp database command in global configuration mode. To delete the database agent, use the no form of this command.

ipv6 dhcp database agent [ write-delay seconds ] abort [ timeout seconds ]

no ipv6 dhcp database agent

Syntax Description

agent

A flash, local bootflash, compact flash, NVRAM, FTP, TFTP, or Remote Copy Protocol (RCP) uniform resource locator.

write-delay seconds

(Optional) How often (in seconds) DHCP for IPv6 sends database updates. The default is 300 seconds. The minimum write delay is 60 seconds.

timeout seconds

(Optional) How long, in seconds, the router waits for a database transfer.

Command Default

Write-delay default is 300 seconds. Timeout default is 300 seconds.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

The ipv6 dhcp database command specifies DHCP for IPv6 binding database agent parameters. The user may configure multiple database agents.

A binding table entry is automatically created whenever a prefix is delegated to a client from the configuration pool, updated when the client renews, rebinds, or confirms the prefix delegation, and deleted when the client releases all the prefixes in the binding voluntarily, all prefixes’ valid lifetimes have expired, or administrators enable the clear ipv6 dhcp binding command. These bindings are maintained in RAM and can be saved to permanent storage using the agent argument so that the information about configuration such as prefixes assigned to clients is not lost after a system reload or power down. The bindings are stored as text records for easy maintenance.

Each permanent storage to which the binding database is saved is called the database agent. A database agent can be a remote host such as an FTP server or a local file system such as NVRAM.

The write-delay keyword specifies how often, in seconds, that DHCP sends database updates. By default, DHCP for IPv6 server waits 300 seconds before sending any database changes.

The timeout keyword specifies how long, in seconds, the router waits for a database transfer. Infinity is defined as 0 seconds, and transfers that exceed the timeout period are canceled. By default, the DHCP for IPv6 server waits 300 seconds before canceling a database transfer. When the system is going to reload, there is no transfer timeout so that the binding table can be stored completely.

Examples

The following example specifies DHCP for IPv6 binding database agent parameters and stores binding entries in TFTP:


(config)# ipv6 dhcp database tftp://10.0.0.1/dhcp-binding

The following example specifies DHCP for IPv6 binding database agent parameters and stores binding entries in bootflash:

(config)# ipv6 dhcp database bootflash

ipv6 dhcp iana-route-add

To add routes for individually assigned IPv6 addresses on a relay or server, use the ipv6 dhcp iana-route-add command in global configuration mode. To disable route addition for individually assigned IPv6 addresses on a relay or server, use the no form of the command.

ipv6 dhcp iana-route-add

no ipv6 dhcp iana-route-add

Syntax Description

This command has no arguments or keywords.

Command Default

Route addition for individually assigned IPv6 addresses on a relay or server is disabled by default.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

The ipv6 dhcp iana-route-add command is disabled by default and has to be enabled if route addition is required. Route addition for Internet Assigned Numbers Authority (IANA) is possible if the client is connected to the relay or server through unnumbered interfaces, and if route addition is enabled with the help of this command.

Examples

The following example shows how to enable route addition for individually assigned IPv6 addresses:


Device(config)# ipv6 dhcp iana-route-add

ipv6 dhcp iapd-route-add

To enable route addition by Dynamic Host Configuration Protocol for IPv6 (DHCPv6) relay and server for the delegated prefix, use the ipv6 dhcp iapd-route-add command in global configuration mode. To disable route addition, use the no form of the command.

ipv6 dhcp iapd-route-add

no ipv6 dhcp iapd-route-add

Syntax Description

This command has no arguments or keywords.

Command Default

DHCPv6 relay and DHCPv6 server add routes for delegated prefixes by default.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

The DHCPv6 relay and the DHCPv6 server add routes for delegated prefixes by default. The presence of this command on a device does not mean that routes will be added on that device. When you configure the command, routes for delegated prefixes will only be added on the first Layer 3 relay and server.

Examples

The following example shows how to enable the DHCPv6 relay and server to add routes for a delegated prefix:


Device(config)# ipv6 dhcp iapd-route-add

ipv6 dhcp-ldra

To enable Lightweight DHCPv6 Relay Agent (LDRA) functionality on an access node, use the ipv6 dhcp-ldra command in global configuration mode. To disable the LDRA functionality, use the no form of this command.

ipv6 dhcp-ldra {enable | disable}

no ipv6 dhcp-ldra {enable | disable}

Syntax Description

enable

Enables LDRA functionality on an access node.

disable

Disables LDRA functionality on an access node.

Command Default

By default, LDRA functionality is not enabled on an access node.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

You must configure the LDRA functionality globally using the ipv6 dhcp-ldra command before configuring it on a VLAN or an access node (such as a Digital Subscriber Link Access Multiplexer [DSLAM] or an Ethernet switch) interface.

Examples

The following example shows how to enable the LDRA functionality:


(config)# ipv6 dhcp-ldra enable
(config)# exit

Note


In the above example, Device denotes an access node.

ipv6 dhcp ping packets

To specify the number of packets a Dynamic Host Configuration Protocol for IPv6 (DHCPv6) server sends to a pool address as part of a ping operation, use the ipv6 dhcp ping packets command in global configuration mode. To prevent the server from pinging pool addresses, use the no form of this command.

ipv6 dhcp ping packets number

ipv6 dhcp ping packets

Syntax Description

number

The number of ping packets sent before the address is assigned to a requesting client. The valid range is from 0 to 10.

Command Default

No ping packets are sent before the address is assigned to a requesting client.

Command Modes

Global configuration (#)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

The DHCPv6 server pings a pool address before assigning the address to a requesting client. If the ping is unanswered, the server assumes, with a high probability, that the address is not in use and assigns the address to the requesting client.

Setting the number argument to 0 turns off the DHCPv6 server ping operation

Examples

The following example specifies four ping attempts by the DHCPv6 server before further ping attempts stop:


(config)# ipv6 dhcp ping packets 4

ipv6 dhcp pool

To configure a Dynamic Host Configuration Protocol (DHCP) for IPv6 server configuration information pool and enter DHCP for IPv6 pool configuration mode, use the ipv6 dhcp pool command in global configuration mode. To delete a DHCP for IPv6 pool, use the no form of this command.

ipv6 dhcp pool poolname

no ipv6 dhcp pool poolname

Syntax Description

poolname

User-defined name for the local prefix pool. The pool name can be a symbolic string (such as "Engineering") or an integer (such as 0).

Command Default

DHCP for IPv6 pools are not configured.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

Use the ipv6 dhcp pool command to create a DHCP for IPv6 server configuration information pool. When the ipv6 dhcp pool command is enabled, the configuration mode changes to DHCP for IPv6 pool configuration mode. In this mode, the administrator can configure pool parameters, such as prefixes to be delegated and Domain Name System (DNS) servers, using the following commands:

  • address prefix IPv6-prefix [lifetime {valid-lifetime preferred-lifetime | infinite }] sets an address prefix for address assignment. This address must be in hexadecimal, using 16-bit values between colons.

  • link-address IPv6-prefix sets a link-address IPv6 prefix. When an address on the incoming interface or a link-address in the packet matches the specified IPv6-prefix, the server uses the configuration information pool. This address must be in hexadecimal, using 16-bit values between colons.

  • vendor-specific vendor-id enables DHCPv6 vendor-specific configuration mode. Specify a vendor identification number. This number is the vendor IANA Private Enterprise Number. The range is 1 to 4294967295. The following configuration command is available:
    • suboption number sets vendor-specific suboption number. The range is 1 to 65535. You can enter an IPv6 address, ASCII text, or a hex string as defined by the suboption parameters.

Note


The hex value used under the suboption keyword allows users to enter only hex digits (0-f). Entering an invalid hex value does not delete the previous configuration.


Once the DHCP for IPv6 configuration information pool has been created, use the ipv6 dhcp server command to associate the pool with a server on an interface. If you do not configure an information pool, you need to use the ipv6 dhcp server interface configuration command to enable the DHCPv6 server function on an interface.

When you associate a DHCPv6 pool with an interface, only that pool services requests on the associated interface. The pool also services other interfaces. If you do not associate a DHCPv6 pool with an interface, it can service requests on any interface.

Not using any IPv6 address prefix means that the pool returns only configured options.

The link-address command allows matching a link-address without necessarily allocating an address. You can match the pool from multiple relays by using multiple link-address configuration commands inside a pool.

Since a longest match is performed on either the address pool information or the link information, you can configure one pool to allocate addresses and another pool on a subprefix that returns only configured options.

Examples

The following example specifies a DHCP for IPv6 configuration information pool named cisco1 and places the router in DHCP for IPv6 pool configuration mode:


(config)# ipv6 dhcp pool cisco1
(config-dhcpv6)#

The following example shows how to configure an IPv6 address prefix for the IPv6 configuration pool cisco1:

(config-dhcpv6)# address prefix 2001:1000::0/64
(config-dhcpv6)# end

The following example shows how to configure a pool named engineering with three link-address prefixes and an IPv6 address prefix:


# configure terminal
(config)# ipv6 dhcp pool engineering
(config-dhcpv6)# link-address 2001:1001::0/64(config-dhcpv6)# link-address 2001:1002::0/64(config-dhcpv6)# link-address 2001:2000::0/48(config-dhcpv6)# address prefix 2001:1003::0/64
(config-dhcpv6)# end

The following example shows how to configure a pool named 350 with vendor-specific options:


# configure terminal
(config)# ipv6 dhcp pool 350
(config-dhcpv6)# vendor-specific 9
(config-dhcpv6-vs)# suboption 1 address 1000:235D::1(config-dhcpv6-vs)# suboption 2 ascii "IP-Phone"
(config-dhcpv6-vs)# end

ipv6 dhcp server vrf enable

To enable the DHCP for IPv6 server VRF-aware feature, use the ipv6 dhcp server vrf enable command in global configuration mode. To disable the feature, use the no form of this command.

ipv6 dhcp server vrf enable

no ipv6 dhcp server vrf enable

Syntax Description

This command has no arguments or keywords.

Command Default

The DHCPv6 server VRF-aware feature is not enabled.

Command Modes


Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

The ipv6 dhcp server option vpn command allows the DHCPv6 server VRF-aware feature to be enabled globally on a device.

Examples

The following example enables the DHCPv6 server VRF-aware feature globally on a device:

(config)# ipv6 dhcp server option vpn

ipv6 flow monitor

This command activates a previously created flow monitor by assigning it to the interface to analyze incoming or outgoing traffic.

To activate a previously created flow monitor, use the ipv6 flow monitor command. To de-activate a flow monitor, use the no form of the command.

ipv6 flow monitor ipv6-monitor-name [sampler ipv6-sampler-name] {input | output}

no ipv6 flow monitor ipv6-monitor-name [sampler ipv6-sampler-name] {input | output}

Syntax Description

ipv6-monitor-name

Activates a previously created flow monitor by assigning it to the interface to analyze incoming or outgoing traffic.

sampler ipv6-sampler-name

Applies the flow monitor sampler.

input

Applies the flow monitor on input traffic.

output

Applies the flow monitor on output traffic.

Command Default

IPv6 flow monitor is not activated until it is assigned to an interface.

Command Modes

Interface configuration (config-if)

Command History

Release Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

You cannot attach a NetFlow monitor to a port channel interface. If both service module interfaces are part of an EtherChannel, you should attach the monitor to both physical interfaces.

Examples

This example shows how to apply a flow monitor to an interface:

(config)# interface gigabitethernet 1/1/2
(config-if)# ip flow monitor FLOW-MONITOR-1 input
(config-if)# ip flow monitor FLOW-MONITOR-2 output
(config-if)# end                                                 
                                                   

ipv6 general-prefix

To define an IPv6 general prefix, use the ipv6 general-prefix command in global configuration mode. To remove the IPv6 general prefix, use the no form of this command.

ipv6 general-prefix prefix-name {ipv6-prefix/prefix-length | 6to4 interface-type interface-number | 6rd interface-type interface-number}

no ipv6 general-prefix prefix-name

Syntax Description

prefix-name

The name assigned to the prefix.

ipv6-prefix

The IPv6 network assigned to the general prefix.

This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16-bit values between colons.

When defining a general prefix manually, specify both the ipv6-prefix and / prefix-length arguments.

/ prefix-length

The length of the IPv6 prefix. A decimal value that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address). A slash mark must precede the decimal value.

When defining a general prefix manually, specify both the ipv6-prefix and / prefix-length arguments.

6to4

Allows configuration of a general prefix based on an interface used for 6to4 tunneling.

When defining a general prefix based on a 6to4 interface, specify the 6to4 keyword and the interface-type interface-number argument.

interface-type interface-number

Interface type and number. For more information, use the question mark (? ) online help function.

When defining a general prefix based on a 6to4 interface, specify the 6to4 keyword and the interface-type interface-number argument.

6rd

Allows configuration of a general prefix computed from an interface used for IPv6 rapid deployment (6RD) tunneling.

Command Default

No general prefix is defined.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

Use the ipv6 general-prefix command to define an IPv6 general prefix.

A general prefix holds a short prefix, based on which a number of longer, more specific, prefixes can be defined. When the general prefix is changed, all of the more specific prefixes based on it will change, too. This function greatly simplifies network renumbering and allows for automated prefix definition.

More specific prefixes, based on a general prefix, can be used when configuring IPv6 on an interface.

When defining a general prefix based on an interface used for 6to4 tunneling, the general prefix will be of the form 2002:a.b.c.d::/48, where "a.b.c.d" is the IPv4 address of the interface referenced.

Examples

The following example manually defines an IPv6 general prefix named my-prefix:


(config)# ipv6 general-prefix my-prefix 2001:DB8:2222::/48

The following example defines an IPv6 general prefix named my-prefix based on a 6to4 interface:


(config)# ipv6 general-prefix my-prefix 6to4 ethernet0

ipv6 local policy route-map

To enable local policy-based routing (PBR) for IPv6 packets, use the ipv6 local policy route-map command in global configuration mode. To disable local policy-based routing for IPv6 packets, use the no form of this command.

ipv6 local policy route-map route-map-name

no ipv6 local policy route-map route-map-name

Syntax Description

route-map-name

Name of the route map to be used for local IPv6 PBR. The name must match a route-map-name value specified by the route-map command.

Command Default

IPv6 packets are not policy routed.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

Packets originating from a router are not normally policy routed. However, you can use the ipv6 local policy route-map command to policy route such packets. You might enable local PBR if you want packets originated at the router to take a route other than the obvious shortest path.

The ipv6 local policy route-map command identifies a route map to be used for local PBR. The route-map commands each have a list of match and set commands associated with them. The match commands specify the match criteria, which are the conditions under which packets should be policy routed. The set commands specify set actions, which are particular policy routing actions to be performed if the criteria enforced by the match commands are met. The no ipv6 local policy route-map command deletes the reference to the route map and disables local policy routing.

Examples

In the following example, packets with a destination IPv6 address matching that allowed by access list pbr-src-90 are sent to the router at IPv6 address 2001:DB8::1:


ipv6 access-list src-90
 permit ipv6 host 2001::90 2001:1000::/64
route-map pbr-src-90 permit 10
 match ipv6 address src-90
 set ipv6 next-hop 2001:DB8::1
ipv6 local policy route-map pbr-src-90

ipv6 local pool

To configure a local IPv6 prefix pool, use the ipv6 local pool configuration command with the prefix pool name. To disband the pool, use the no form of this command.

ipv6 local pool poolname prefix/prefix-length assigned-length [shared] [cache-size size]

no ipv6 local pool poolname

Syntax Description

poolname

User-defined name for the local prefix pool.

prefix

IPv6 prefix assigned to the pool.

This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16-bit values between colons.

/ prefix-length

The length of the IPv6 prefix assigned to the pool. A decimal value that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address).

assigned-length

Length of prefix, in bits, assigned to the user from the pool. The value of the assigned-length argument cannot be less than the value of the / prefix-length argument.

shared

(Optional) Indicates that the pool is a shared pool.

cache-size size

(Optional) Specifies the size of the cache.

Command Default

No pool is configured.

Command Modes

Global configuration (global)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

All pool names must be unique.

IPv6 prefix pools have a function similar to IPv4 address pools. Contrary to IPv4, a block of addresses (an address prefix) are assigned and not single addresses.

Prefix pools are not allowed to overlap.

Once a pool is configured, it cannot be changed. To change the configuration, the pool must be removed and recreated. All prefixes already allocated will also be freed.

Examples

This example shows the creation of an IPv6 prefix pool:


(config)# ipv6 local pool pool1 2001:0DB8::/29 64
(config)# end
# show ipv6 local pool
Pool Prefix Free In use 
pool1  2001:0DB8::/29  65516  20 

ipv6 mld snooping (global)

To enable Multicast Listener Discovery version 2 (MLDv2) protocol snooping globally, use the ipv6 mld snooping command in global configuration mode. To disable the MLDv2 snooping globally, use the no form of this command.

ipv6 mld snooping

no ipv6 mld snooping

Syntax Description

This command has no arguments or keywords.

Command Default

This command is enabled.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced on the Supervisor Engine 720.

Usage Guidelines

MLDv2 snooping is supported on the Supervisor Engine 720 with all versions of the Policy Feature Card 3 (PFC3).

To use MLDv2 snooping, configure a Layer 3 interface in the subnet for IPv6 multicast routing or enable the MLDv2 snooping querier in the subnet.

Examples

This example shows how to enable MLDv2 snooping globally:


(config)# ipv6 mld snooping 

ipv6 mld snooping

To enable Multicast Listener Discovery version 2 (MLDv2) protocol snooping characteristics, use the ipv6 mld snooping command in global configuration mode. To disable the MLDv2 snooping characteristics, use the no form of this command.

ipv6 mld snooping { last-listener-query-count count | last-listener-query-interval interval | listener-message-suppression | robustness-variable value | tcn { query solicit | flood query count count } }

no ipv6 mld snooping { last-listener-query-count | last-listener-query-interval | listener-message-suppression | robustness-variable | tcn { query solicit | flood query count } }

Syntax Description

last-listener-query-count count

Sets the number of MASQs that the switch sends before aging out an MLD client.

The range is 1 to 7; the default is 2.

last-listener-query-interval interval

Sets the maximum response time that the switch waits after sending out a MASQ before deleting a port from the multicast group.

The range is 100 to 32,768 thousands of a second. The default is 1000 (1 second).

listener-message-suppression

Disables MLD message suppression.

robustness-variable value

Sets the number of queries that are sent before switch will deletes a listener (port) that does not respond to a general query.

The range is 1 to 3. The default is 2.

tcn query solicit

Enables topology change notification (TCN) solicitation, which means that VLANs flood all IPv6 multicast traffic for the configured number of queries before sending multicast data to only those ports requesting to receive it. The default is for TCN to be disabled.

tcn flood query count count

When TCN is enabled, specifies the number of TCN queries to be sent.

The range is from 1 to 10. The default is 2.

Command Modes

Global configuration

Command History

Release Modification
Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

You can configure MLD snooping characteristics at any time, but you must globally enable MLD snooping by using the ipv6 mld snooping global configuration command for the configuration to take effect.

Configuring the ipv6 mld snooping last-listener-query-count command allows queries to be sent 1 second apart.

MLD snooping listener message suppression is enabled by default. When it is enabled, the switch forwards only one MLD report per multicast router query. When message suppression is disabled, multiple MLD reports could be forwarded to the multicast routers.

Examples

The following example shows how to set the MLD snooping global robustness variable to 3:

Device> enable
Device# configure terminal
Device(config)# ipv6 mld snooping robustness-variable 3 
Device(config)# end

The following example shows how to set the MLD snooping last-listener query interval (maximum response time) to 2000 (2 seconds):

Device> enable
Device# configure terminal
Device(config)# ipv6 mld snooping last-listener-query-interval 2000
Device(config)# end

ipv6 mld snooping vlan

To enable MLDv2 protocol snooping characteristics on a VLAN, use the ipv6 mld snooping vlan command in global configuration mode. To disable the MLDv2 characteristics globally, use the no form of this command.

ipv6 mld snooping vlan vlan_id { immediate-leave | last-listener-query-count count | last-listener-query-interval interval | mrouter interface interface_id | robustness-variable value | static ipv6_multicast_address interface interface_id }

no ipv6 mld snooping vlan vlan_id { immediate-leave | last-listener-query-count count | last-listener-query-interval interval | mrouter interface interface_id | robustness-variable value | static ipv6_multicast_address interface interface_id }

Syntax Description

vlan vlan_id

Enables MLD snooping on the VLAN. The VLAN ID range is 1 to 1001 and 1006 to 4094.

immediate-leave

Enables MLD immediate leave on the VLAN interface.

last-listener-query-count count

Sets the number of MASQs that the switch sends before aging out an MLD client.

The range is 1 to 7; the default is 2.

last-listener-query-interval interval

Sets the maximum response time that the switch waits after sending out a MASQ before deleting a port from the multicast group.

The range is 100 to 32,768 thousands of a second. The default is 1000 (1 second).

mrouterinterface interface_id

Specifies the multicast router VLAN ID, and specify the interface to the multicast router.

The interface can be a physical interface or a port channel. The port-channel range is 1 to 48.

robustness-variable value

Sets the robustness variable on a VLAN basis, which determines the number of general queries that MLD snooping sends before aging out a multicast address when there is no MLD report response. The range is 1 to 3. The default is 0.

static ipv6_multicast_address interface interface_id

Sets a multicast group with a Layer 2 port as a member of a multicast group

  • ipv6_multicast_address is the 128-bit group IPv6 address. The address must be in the form specified in RFC 2373.

  • interface_id is the member port. It can be a physical interface or a port channel (1 to 48).

Command Modes

Global configuration

Command History

Release Modification
Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

By default, IPv6 MLD snooping is globally disabled on the switch and enabled on all VLANs. When MLD snooping is globally disabled, it is also disabled on all VLANs. When you globally enable MLD snooping, the VLAN configuration overrides the global configuration. That is, MLD snooping is enabled only on VLAN interfaces in the default state (enabled).

You can enable and disable MLD snooping on a per-VLAN basis or for a range of VLANs, but if you globally disable MLD snooping, it is disabled in all VLANs. If global snooping is enabled, you can enable or disable VLAN snooping.

If the value in the ipv6 mld snooping vlan vlan_id robustness-variable value is set to 0, then the global robustness variable value is used.

Examples

The following example shows how to statically configure an IPv6 multicast group:

Device> enable
Device# configure terminal
Device(config)# ipv6 mld snooping vlan 2 static 3333.0000.1111 interface gigabitethernet1/0/1
Device(config)# end

The following example shows how to add a multicast router port to VLAN 200:

Device> enable
Device# configure terminal
Device(config)# ipv6 mld snooping vlan 200 mrouter interface gigabitethernet 1/0/2
Device(config)# end

The following example shows how to enable MLD Immediate Leave on VLAN 130:

Device> enable
Device# configure terminal
Device(config)# ipv6 mld snooping vlan 130 immediate-leave
Device(config)# end

The following example shows how to set the MLD snooping last-listener query count for a VLAN to 3:

Device> enable
Device# configure terminal
Device(config)# ipv6 mld snooping vlan 200 last-listener-query-count 3
Device(config)# end

ipv6 mld ssm-map enable

To enable the Source Specific Multicast (SSM) mapping feature for groups in the configured SSM range, use the ipv6 mld ssm-map enable command in global configuration mode. To disable this feature, use the no form of this command.

ipv6 mld [vrf vrf-name] ssm-map enable

no ipv6 mld [vrf vrf-name] ssm-map enable

Syntax Description

vrf vrf-name

(Optional) Specifies a virtual routing and forwarding (VRF) configuration.

Command Default

The SSM mapping feature is not enabled.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

The ipv6 mld ssm-map enable command enables the SSM mapping feature for groups in the configured SSM range. When the ipv6 mld ssm-map enable command is used, SSM mapping defaults to use the Domain Name System (DNS).

SSM mapping is applied only to received Multicast Listener Discovery (MLD) version 1 or MLD version 2 membership reports.

Examples

The following example shows how to enable the SSM mapping feature:

(config)# ipv6 mld ssm-map enable

ipv6 mld state-limit

To limit the number of Multicast Listener Discovery (MLD) states globally, use the ipv6 mld state-limit command in global configuration mode. To disable a configured MLD state limit, use the no form of this command.

ipv6 mld [vrf vrf-name] state-limit number

no ipv6 mld [vrf vrf-name] state-limit number

Syntax Description

vrf vrf-name

(Optional) Specifies a virtual routing and forwarding (VRF) configuration.

number

Maximum number of MLD states allowed on a router. The valid range is from 1 to 64000.

Command Default

No default number of MLD limits is configured. You must configure the number of maximum MLD states allowed globally on a router when you configure this command.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

Use the ipv6 mld state-limit command to configure a limit on the number of MLD states resulting from MLD membership reports on a global basis. Membership reports sent after the configured limits have been exceeded are not entered in the MLD cache and traffic for the excess membership reports is not forwarded.

Use the ipv6 mld limit command in interface configuration mode to configure the per-interface MLD state limit.

Per-interface and per-system limits operate independently of each other and can enforce different configured limits. A membership state will be ignored if it exceeds either the per-interface limit or global limit.

Examples

The following example shows how to limit the number of MLD states on a router to 300:


(config)# ipv6 mld state-limit 300

ipv6 multicast-routing

To enable multicast routing using Protocol Independent Multicast (PIM) and Multicast Listener Discovery (MLD) on all IPv6-enabled interfaces of the router and to enable multicast forwarding, use the ipv6 multicast-routing command in global configuration mode. To stop multicast routing and forwarding, use the no form of this command.

ipv6 multicast-routing [vrf vrf-name]

no ipv6 multicast-routing

Syntax Description

vrf vrf-name

(Optional) Specifies a virtual routing and forwarding (VRF) configuration.

Command Default

Multicast routing is not enabled.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Fuji 16.9.2

This command was introduced.

Usage Guidelines

Use the ipv6 multicast-routing command to enable multicast forwarding. This command also enables Protocol Independent Multicast (PIM) and Multicast Listener Discovery (MLD) on all IPv6-enabled interfaces of the router being configured.

You can configure individual interfaces before you enable multicast so that you can then explicitly disable PIM and MLD protocol processing on those interfaces, as needed. Use the no ipv6 pim or the no ipv6 mld router command to disable IPv6 PIM or MLD router-side processing, respectively.

Examples

The following example enables multicast routing and turns on PIM and MLD on all interfaces:


(config)# ipv6 multicast-routing

ipv6 multicast group-range

To disable multicast protocol actions and traffic forwarding for unauthorized groups or channels on all the interfaces in a router, use the ipv6 multicast group-range command in global configuration mode. To return to the command’s default settings, use the no form of this command.

ipv6 multicast [vrf vrf-name] group-range [access-list-name]

no ipv6 multicast [vrf vrf-name] group-range [access-list-name]

Syntax Description