Table Of Contents
Cisco IOS XR Command Mode Descriptions
Address Family Configuration Mode AF or AFI
Address Family Group Configuration Mode
Administration Configuration Mode
Automatic Protection Switching Group Configuration Mode
ATM Layer 2 Transport Interface Configuration Mode
ATM Layer 2 Transport PVC Configuration Mode
ATM Layer 2 Transport PVP Configuration Mode
ATM Vc-class Configuration Mode
ATM VP-tunnel Configuration Mode
BFD Interface Configuration Mode
Border Gateway Protocol Confederation Peers Configuration Mode
Control Plane Configuration Mode
Distributed Route Processor Pairing Mode
Dense Wave Division Multiplexing Controller Mode
E1 Channel Group Configuration Mode
Explicit Path Configuration Mode
Flow Exporter Map Configuration Mode
Flow Exporter Map Version Configuration Mode
Flow Monitor Map Configuration Mode
Frame Relay PVC Configuration Mode
Global Address Family Configuration Mode
Global Parameter Configuration Mode
Global Virtual Private Network Routing and Forwarding Address and Family Configuration Mode
Global VPN Routing and Forwarding Configuration Mode
Hot Standby Router Protocol Interface Configuration Mode
Interface Address Family Configuration Mode
Interface Configuration Mode (Protocol Areas)
Interface Internet Group Management Protocol Configuration Mode
Interface Management Configuration Mode
Interface Protocol Independent Management Configuration Mode
Interface Preconfiguration Mode
Interface Routing Information Protocol Configuration Mode
Interface Session Border Controller Configuration Mode
Interface Tunnel Configuration Mode
IP Service Level Agreement Internet Control Message Protocol Echo Configuration Mode
IP SLA ICMP Path-Echo Configuration Mode
IP SLA ICMP Path-Jitter Configuration Mode
IP SLA LSP Monitor Configuration Mode
IP SLA MPLS Discovery VPN Configuration Mode
IP SLA Operation Configuration Mode
IP SLA Operation History Configuration Mode
IP SLA Operation Statistics Configuration Mode
IP SLA Reaction Condition Configuration Mode
IP SLA Reaction Configuration Mode
IP SLA Responder Configuration Mode
IP SLA Schedule Configuration Mode
IP SLA UDP Echo Configuration Mode
IP SLA UDP Jitter Configuration Mode
IPv4 Access List Configuration Mode
IPv4 Prefix List Configuration Mode
IPv4 Virtual Routing and Forwarding Address Family Command Mode
IPv6 Access List Configuration Mode
IPv6 Prefix List Configuration Mode
Internet Security Association and Key Management Protocol Group Configuration Mode
ISAKMP Browser Proxy Configuration Mode
ISAKMP Group Configuration Mode
ISAKMP Peer Configuration Mode
ISAKMP Policy Configuration Mode
ISAKMP Profile Configuration Mode
ISAKMP Profile Match Configuration
Layer 2 Layer 2 VPN Configuration Mode
Layer 2 Transport Configuration Mode
Layer 2 Tunnel Protocol Class Configuration Mode
Line (Template) Configuration Mode
Link Management Protocol Datalink Adjacency Configuration Mode
LMP Neighbor Configuration Mode
Management Plane Protection Inband Interface Configuration Mode
Management Plane Protection Configuration Mode
Multiprotocol Label Switching Label Distribution Protocol Configuration Mode
MPLS LDP Interface Configuration Mode
MPLS LDP Label Accept Configuration Mode
MPLS LDP Label Advertise Configuration Mode
MPLS LDP Label Configuration Mode
MPLS LDP Log Configuration Mode
MPLS Operations Administration Maintenance Configuration Mode
MPLS Optical User Network Interface Configuration Mode
MPLS O-UNI Interface Configuration Mode
MPLS Traffic Engineering Configuration Mode
MPLS TE Interface Configuration Mode
Multi-Area Interface Configuration Mode
Multicast Routing Configuration Mode
Neighbor Address Family Configuration Mode
Neighbor Group Address Family Configuration Mode
Neighbor Group Configuration Mode
Network Time Protocol Configuration Mode
NTP Interface Configuration Mode
O-UNI LMP Datalink Adjacency Configuration Mode
O-UNI LMP Neighbor Adjacency Configuration Mode
O-UNI LMP Neighbor Configuration Mode
Policy Map Class Configuration Mode
Packet-over-SONET Interface Configuration Mode
Public Key Chain Configuration Mode
Quality of Service FAX Configuration Mode
Remote Authentication Dial-in User Service Server Group Configuration Mode
Route Distinguisher Configuration Mode
Route-policy Configuration Mode
Router HSRP Configuration Mode
Router IGMP Configuration Mode
Router Multicast Listener Discovery Configuration Mode
Router Multicast Source Discovery Protocol Configuration Mode
Router Virtual Router Redundancy Configuration Mode
Resource Reservation Protocol Configuration Mode
RSVP Authentication Configuration Mode
RSVP Interface Configuration Mode
RSVP Neighbor Authentication Configuration Mode
RSVP Neighbor Configuration Mode
SBC Data Border Element Configuration Mode
SBC DBE Media Address Configuration Mode
SBC Virtual DBE Configuration Mode
SBC Virtual DBE H248 Configuration Mode
SBC Signaling Border Element Configuration Mode
SBC SBE Routing Policy Configuration Mode
SBC RADIUS Account Configuration Mode
SBC H.323 Adjacency Configuration Mode
SBC Session Initiation Protocol Adjacency Configuration Mode
SBC Call Admission Control Policy Configuration Mode
SBC CAC Table Configuration Mode
SBC CAC Table Entry Configuration Mode
SBC Local Billing Configuration Mode
SBC Media Gateway Configuration Mode
SBC Remote Billing Configuration Mode
SBC RADIUS Accounting Server Configuration Mode
SBC RADIUS Authentication Configuration Mode
SBC RADIUS Authentication Server Configuration Mode
SBC Routing Policy Number Analysis Configuration Mode
SBC Routing Policy Number Analysis Entry Configuration Mode
SBC Routing Policy Routing Table Configuration Mode
SBC Routing Policy Routing Table Entry Configuration Mode
Secure Domain Router Configuration Mode
Server-group Configuration Mode
Server-group Private Configuration Mode
Session Group Configuration Mode
Synchronous Optical Network /Synchronous Digital Hierarchy Configuration Mode
SONET/SDH Path Configuration Mode
Subinterface Configuration Mode
Synchronous Transport Signal Path Configuration Mode
T1 Channel Group Configuration Mode
Terminal Access Controller Access-Control System + Server Group Configuration Mode
Tunnel Template Configuration Mode
Virtual-link Configuration Mode
VRF Neighbor Configuration Mode
VRF Address Family Configuration Mode
VPNv4 Address Family Configuration Mode
VPNv4 Neighbor Address Family Configuration Mode
VPNv6 Address Family Configuration Mode
VPNv6 Neighbor Address Family Configuration Mode
VRRP Interface Configuration Mode
WAN Physical Controller Configuration Mode
Cisco IOS XR Command Mode Descriptions
This chapter describes the command and configuration modes used in the Cisco IOS XR command line interface (CLI). The availability of configuration modes depends on the software packages that are installed on your system and on the router platform you are using. For more information about a particular configuration mode, refer to the command reference or configuration guide that is related to the mode described in this module.
This module describes the command modes in the following sections:
Base Command Modes
Base command modes are used for navigating the CLI and performing basic router startup, configuration, and monitoring tasks.
EXEC Mode
Prompt: (router)
The default command mode for the CLI is EXEC mode. In general, the EXEC commands let you connect to remote devices, change terminal settings on a temporary basis, perform basic tests, and list system information. Most CLI commands in EXEC mode do not change system operation. The most common EXEC commands are show commands (used to display router configuration or operational data) and clear commands (used to clear or reset system counters).
ROM Monitor Mode
Prompt: rommon Bn>
If your router or access server does not find a valid system image to load, the user interface enters read-only memory (ROM) monitor mode. ROM monitor (ROMMON) mode can also be accessed by interrupting the boot sequence during startup. From ROM monitor mode, you can boot the device or perform diagnostic tests.
To enter ROM monitor mode, use the Break (Ctrl-C) during the first 60 seconds of startup. The router prompt consists of an angle bracket by itself or "rommon" followed by the letter B a number, and an angle bracket: > or rommon B1>. The number after the B increments upon each user-entry.
Setup Mode
Setup mode is not actually a command mode. Setup mode is an interactive facility that lets you perform first-time configuration and other basic configurations on all routers. The facility prompts you to enter basic information needed to start a router functioning. Setup mode uses the system configuration dialog, which guides you through the configuration process. It prompts you first for global parameters and then for interface parameters. The values shown in brackets next to each prompt are the default values.
To enter setup mode after the router has been configured for the first time, use the setup command in admin EXEC mode. The router prompt for setup mode is indicated by a configuration question, followed by the default answer in brackets and a colon (:), as shown in the following example:
Continue with configuration dialog? [yes]:Enter host name [Router]:User Configuration Modes
The remaining sections of this module describe each mode you can access during regular operation.
Address Family Configuration Mode AF or AFI
Prompts:
•
For BGP: (config-bgp-af)
•
•
•
•
Enter one of the address family configuration modes from router configuration mode. Address family configuration mode is available for the BGP, OSPFv3, EIGRP, RIB and IS-IS protocols. This mode is the highest-level address family configuration mode. This mode is also called global address family configuration mode.
For BGP only, address family configuration is available in four modes. In addition to this section, see also Address Family Group Configuration Mode, Neighbor Address Family Configuration Mode, or Neighbor Group Address Family Configuration Mode.
For example, first enter BGP router configuration mode, then address family configuration mode:
RP/0/RP0/CPU0:router(config)# router bgp 1RP/0/RP0/CPU0:router(config-bgp)# address-family ipv6 unicastRP/0/RP0/CPU0:router(config-bgp-af)#For example, enter IS-IS router configuration mode, and then enter router address family configuration mode for IS-IS for address family IPv4 unicast:
RP/0/RP0/CPU0:router(config)# router isis ispRP/0/RP0/CPU0:router(config-isis)# address-family ipv4 unicastRP/0/RP0/CPU0:router(config-isis-af)#Address Family Group Configuration Mode
Prompt: (config-bgp-afgrp)
Enter address family configuration mode from router configuration mode for BGP. In this group configuration mode, you can configure characteristics of an address family group that a neighbor uses. Furthermore, neighbors inherit the configuration parameters of the entire address family group.
For example, create an address family group with the name newgroup1 and an address family of IPv4 unicast. The CLI subsequently enters address family configuration mode. In address family group mode, you configure the next-hop-self feature, so that all neighbors that use address family newgroup1 inherit the next-hop-self configuration:
RP/0/RP0/CPU0:router(config)# router bgp 100RP/0/RP0/CPU0:router(config-bgp)# af-group newgroup1 address-family ipv4 unicastRP/0/RP0/CPU0:router(config-bgp-afgrp)# next-hop-selfAdministration Configuration Mode
Prompt: (admin-config)
Enter administration configuration (admin config) mode from administration EXEC mode. The primary application of administration configuration mode is to let you:
•
•
For SDRs, this mode is used primarily to display system-wide parameters, configure the administration plane over the control Ethernet, and configure SDRs on a multishelf a system. These operations are available at the root level.
For example, first enter the administration EXEC mode, and then use the configure command to enter administration configuration mode:
RP/0/RP0/CPU0:router# adminRP/0/RP0/CPU0:router(admin)# configureRP/0/RP0/CPU0:router(admin-config)#Administration EXEC Mode
Prompt: (admin)
Enter administration executive (admin EXEC) mode from EXEC mode. The admin EXEC mode applies primarily to secure domain routers (SDRs). When SDRs have been configured, the EXEC mode provides visibility into only one SDR, so you must enter administration EXEC mode to see all system parameters. To display system-wide parameters, configure the administration plane over the control Ethernet, and configure SDRs on multishelf systems, use administration EXEC mode and administration configuration mode.
For example, to enter the admin EXEC mode:
RP/0/RP0/CPU0:router# adminRP/0/RP0/CPU0:router(admin)#Automatic Protection Switching Group Configuration Mode
Prompt: (config-aps)
Enter automatic protection switching (APS) group configuration mode by using the aps group command in global configuration mode. The SONET/SDH APS feature offers recovery from fiber (external) or equipment (interface and internal) failures at the SONET/SDH line layer. The aps group command either creates a new group or identifies an existing group. The group numbers have a range of 1 to 255. APS requires the creation of an APS group for each protection port and its corresponding working port.
For example, use the authenticate command in APS group configuration mode to specify abctown as the authentication string for APS group 1:
RP/0/RP0/CPU0:router(config)# aps group 1RP/0/RP0/CPU0:router(config-aps)# authenticate abctownFor example, configure SONET port 0/2/0/2 to be a local protection channel in APS group 1:
RP/0/RP0/CPU0:router(config)# aps group 1RP/0/RP0/CPU0:router(config-aps)# channel 0 local SONET 0/2/0/2
For example, configure the remote channel with IP address 192.168.1.1 to be the working channel for APS group 1:
RP/0/RP0/CPU0:router(config)# aps group 1RP/0/RP0/CPU0:router(config-aps)# channel 1 remote 192.168.1.1Area Configuration Mode
Prompt: (config-ospf-ar)
Enter area configuration mode from router configuration mode. The pertinent router modes for area configuration apply to OSPF and OSPFv3. Commands that run in area configuration mode (such as the interface and authentication commands), are automatically bound to that area.
For example, after you enter router configuration mode for OSPF, create area 0. The CLI enters area configuration mode where, in this example, you specify Packet-over-SONET/SDH (POS) interface 0/2/0/0. By definition of an area, interface 0/2/0/0 is bound to area 0:
RP/0/RP0/CPU0:router(config)# router ospf 1RP/0/RP0/CPU0:router(config-router)# area 0RP/0/RP0/CPU0:router(config-ospf-ar)# interface POS 0/2/0/0ATM Layer 2 Transport Interface Configuration Mode
Prompt: (config-if-l2)
Enter Layer 2 transport configuration mode by using the l2transport command in interface configuration mode and then configure Layer 2 transport parameters for a particular interface.
For example, enable Layer 2 transport port mode and enter Layer 2 transport configuration mode on ATM interface 0/2/0/0:
RP/0/RP0/CPU0:router# configureRP/0/RP0/CPU0:router(config)# interface ATM 0/2/0/0RP/0/RP0/CPU0:router(config-if)# l2transportRP/0/RP0/CPU0:router(config-if-l2)#ATM Layer 2 Transport PVC Configuration Mode
Prompt: (config-atm-l2transport-pvc)
Enter Layer 2 ATM virtual circuit configuration mode by using the pvc command in interface configuration mode or subinterface configuration mode, and then configure parameters for a particular ATM permanent virtual circuit (PVC).
For example, create an ATM PVC on an ATM layer 2 subinterface and enter ATM layer 2 transport PVC configuration mode:
RP/0/RP0/CPU0:router# configureRP/0/RP0/CPU0:router(config-if)# interface atm 0/2/0/0.1 l2transportRP/0/RP0/CPU0:router(config-subif)# pvc 20/200RP/0/RP0/CPU0:router(config-atm-l2transport-pvc)#ATM Layer 2 Transport PVP Configuration Mode
Prompt: (config-atm-l2transport-pvp)
Enter ATM layer 2 transport PVP configuration mode by using the pvp command in subinterface configuration mode and then configure parameters for a particular permanent virtual path (PVP).
For example, Create an ATM PVP on an ATM subinterface, and enter ATM layer 2 transport PVP configuration mode:
RP/0/RP0/CPU0:router# configureRP/0/RP0/CPU0:router(config-if)# interface atm 0/2/0/0.1 l2transportRP/0/RP0/CPU0:router(config-subif)# pvp 20RP/0/RP0/CPU0:router(config-atm-l2transport-pvp)#ATM PVC Configuration Mode
Prompt: (config-atm-vc)
Enter point-to-point ATM virtual circuit configuration mode by using the pvc command in interface configuration mode or subinterface configuration mode, and then configure parameters for a particular ATM permanent virtual circuit (PVC).
For example, create a point-to-point ATM PVC with ILMI encapsulation on an ATM main interface, and enter ATM virtual circuit configuration mode:
RP/0/RP0/CPU0:router# configureRP/0/RP0/CPU0:router(config)# interface atm 0/6/0/1RP/0/RP0/CPU0:router(config-if)# pvc 5/100 ilmiRP/0/RP0/CPU0:router(config-atm-vc)#ATM Vc-class Configuration Mode
Prompt: (config-vc-class-atm)
Enter vc-class configuration mode by using the vc-class atm command in global configuration mode and then configure parameters for a particular vc-class.
For example, create a vc-class called "class1," and enter vc-class configuration mode for that class:
RP/0/RP0/CPU0:router (config)# vc-class atm class1RP/0/RP0/CPU0:router(config-vc-class-atm)#ATM VP-tunnel Configuration Mode
Prompt: (config-atm-vp-tunnel)
Enter ATM vp-tunnel configuration mode using the vp-tunnel command in interface configuration mode and then configure parameters for a particular virtual path (VP) tunnel.
For example, configure a vp-tunnel on an interface and enter ATM vp-tunnel configuration mode:
RP/0/RP0/CPU0:router(config-if)# vp-tunnel 10RP/0/RP0/CPU0:router(config-atm-vp-tunnel)#BFD Configuration Mode
Prompt: (config-bfd)
Enter Bidirectional Forwarding Detection (BFD) configuration mode using the bfd command in global configuration mode and then configure BFD parameters.
For example, to enter BFD configuration mode:
RP/0/RP0/CPU0:router # configureRP/0/RP0/CPU0:router(config)# bfdRP/0/RP0/CPU0:router(config-bfd)#BFD Interface Configuration Mode
Prompt: (config-bfd-if)
Enter Bidirectional Forwarding Detection (BFD) interface configuration mode using the interface command in BFD configuration mode and then configure parameters for a particular interface.
For example, enter BFD interface configuration for POS interface 0/1/0/0:
RP/0/RP0/CPU0:router # configureRP/0/RP0/CPU0:router(config)# bfdRP/0/RP0/CPU0:router(config-bfd)# interface pos 0/1/0/0RP/0/RP0/CPU0:router(config-bfd-if)#Border Gateway Protocol Confederation Peers Configuration Mode
Prompt: (config-bgp-confed-peers)
Enter Border Gateway Protocol (BGP) confederation peer configuration mode by using the bgp confederation peers command in BGP router configuration mode. In this mode, you can specify multiple autonomous systems (one autonomous-system-number) on each command line.
For example, configure multiple autonomous systems in BGP confederation peer configuration mode:
RP/0/RP0/CPU0:router(config)# router bgp 1095RP/0/RP0/CPU0:router(config-bgp)# bgp confederation peers RP/0/RP0/CPU0:router(config-bgp-confed-peers)# 1096 RP/0/RP0/CPU0:router(config-bgp-confed-peers)# 1097 RP/0/RP0/CPU0:router(config-bgp-confed-peers)# 1098Class Map Configuration Mode
Prompt: (config-cmap)
Enter class map configuration mode from global configuration mode by using the class-map command. Use the class-map command to create a new class map or identify an existing map. The CLI then goes into class map configuration mode so you can create the quality-of-service (QoS)-related configuration of the class map.
For example, create a class map with the name "class1":
RP/0/RP0/CPU0:router(config)# class-map class1RP/0/RP0/CPU0:router(config-cmap)#Control Plane Configuration Mode
Prompt: (config-ctrl)
Enter Control Plane Configuration Mode by using the control-plane command in global configuration mode.
For example, enter control plane mode:
RP/0/RP0/CPU0:router(config)# control-planeRP/0/RP0/CPU0:router(config-ctrl)#Crypto IPSec Transport
Prompt: (config-transport)
Enter IP Security (IPSec) transport configuration mode by using the crypto ipsec transport command in global configuration mode. IPSec protects the Upper Layer Protocol (ULP) header and the payload. IPSec transport mode supports end-to-end security (in which security endpoints match the host endpoints). All transport mode IPSec traffic must be configured in crypto ipsec transport mode.
For example, enter IPSec transport configuration mode, and then configure a crypto profile:
RP/0/RP0/CPU0:router(config)# crypto ipsec transportRP/0/RP0/CPU0:router(config-transport)# profile pn1Distributed Route Processor Pairing Mode
Prompt: (admin-config-pairing:drp_name)
Enter pairing configuration mode for distributed route processors (DRPs) by using the pairing command in administrative configuration mode. After you name a new or existing DRP pair, the CLI enters DRP pairing configuration mode. The prompt for this mode contains the name of the DRP pair.
For example, create a DRP pair, and assign two DRP nodes to the pair name:
RP/0/RP0/CPU0:router# adminRP/0/RP0/CPU0:router(admin)# configRP/0/RP0/CPU0:router(admin-config)# pairing drp1RP/0/RP0/CPU0:router(admin-config-pairing:drp1)# location 0/3/* 0/4/*Dense Wave Division Multiplexing Controller Mode
Prompt: (config-dwdm)
Enter controller mode for dense wave division multiplexing (DWDM) by using the controller dwdm command in global configuration mode and then configure parameters for a particular DWDM instance.
For example, enter the controller mode for DWDM on interface 0/6/0/0:
RP/0/RP0/CPU0:router(config)# controller dwdm 0/6/0/0RP/0/RP0/CPU0:router(config-dwdm)#E1 Channel Group Configuration Mode
Prompt: (config-e1-channel_group)
Enter DS0 channel group configuration mode for an E1 controller using the channel-group command in E1 configuration mode.
For example, enter channel group configuration mode for channel group number 5 on E1 interface 0/6/2/0/3:
RP/0/RP0/CPU0:router(config)# controller e1 0/6/2/0/3RP/0/RP0/CPU0:router(config-t1e1)# channel-group 5RP/0/RP0/CPU0:router(config-e1-channel_group)#E1 Configuration Mode
Prompt: (config-t1e1)
Enter E1 configuration mode using the controller e1 command in global configuration mode and then configure parameters for a particular E1 instance.
For example, enter E1 configuration mode for E1 interface 0/6/2/0/3:
RP/0/RP0/CPU0:router(config)# controller e1 0/6/2/0/3RP/0/RP0/CPU0:router(config-t1e1)#E3 Configuration Mode
Prompt: (config-e3)
Enter E3 configuration mode using the controller e3 command in global configuration mode and then configure parameters for a particular E3 instance.
For example, enter E3 configuration mode for E3 interface 0/6/2/0:
RP/0/RP0/CPU0:router(config)# controller e3 0/6/2/0RP/0/RP0/CPU0:router(config-e3)#Explicit Path Configuration Mode
Prompt: (config-expl-path)
Enter explicit path configuration mode from global configuration mode by using the explicit-path command. This mode applies to the Multiprotocol Label Switching (MPLS) traffic engineering (TE) feature. After the CLI enters explicit path Multiprotocol configuration mode, use the disable, exclude-address, next-address, or show explicit-paths command to modify or display the IP explicit path that you identified to the explicit-path command.
For example, exclude IP addresses 192.168.3.2 and 192.168.4.2 from IP explicit path 200:
RP/0/RP0/CPU0:router(config)# explicit-path identifier 200RP/0/RP0/CPU0:router(config-expl-path)# exclude-address 192.168.3.2RP/0/RP0/CPU0:router(config-expl-path)# exclude-address 192.168.4.2For example, remove IP address 192.168.3.2 from the excluded addresses for path 200:
RP/0/RP0/CPU0:router(config)# explicit-path identifier 200RP/0/RP0/CPU0:router(config-expl-path)# no index 1For example, disable explicit path 200:
RP/0/RP0/CPU0:router(config)# explicit-path identifier 200RP/0/RP0/CPU0:router(config-expl-path)# disableFirewall Configuration Mode
Prompt: (config-firewall)
Enter the configuration mode for configuring a virtual firewall by using the firewall command in global configuration mode.
For example, in global configuration mode, enter firewall mode for the instance named "fw1":
RP/0/RP0/CPU0:router# configureRP/0/RP0/CPU0:router(config)# firewall fw1RP/0/RP0/CPU0:router(config-firewall)#Flow Exporter Map Configuration Mode
Prompt: (config-fem)
Enter flow exporter map configuration mode using the flow exporter-map command in global configuration mode and then configure parameters for a particular flow exporter map.
For example, create a flow exporter map called "map1," and then enter the flow exporter map configuration submode for that map:
RP/0/RP0/CPU0:router# configureRP/0/RP0/CPU0:router(config)# flow exporter-map map1RP/0/RP0/CPU0:router(config-fem)#Flow Exporter Map Version Configuration Mode
Prompt: (config-fem-ver)
Enter the flow exporter map version configuration submode using the version v9 command in flow exporter map configuration mode and then configure export version parameters for a particular flow exporter map.
For example, enter flow exporter map version configuration submode for a flow exporter called "map1":
RP/0/RP0/CPU0:router# configureRP/0/RP0/CPU0:router(config)# flow exporter-map map1RP/0/RP0/CPU0:router(config-fem)# version v9RP/0/RP0/CPU0:router(config-fem-ver)#Flow Monitor Map Configuration Mode
Prompt: (config-fmm)
Enter flow monitor map configuration submode using the flow monitor-map command in global configuration mode and then configure parameters for a particular monitor map.
For example, enter flow monitor map configuration mode for a monitor map called "map1":
RP/0/RP0/CPU0:router # configureRP/0/RP0/CPU0router(config)# flow monitor-map map1RP/0/RP0/CPU0router(config-fmm)#Frame Relay PVC Configuration Mode
Prompt: (config-fr-vc)
Enter Frame Relay PVC configuration mode and associate a data-link connection identifier (DLCI) number to a permanent virtual circuit (PVC) using the pvc command in subinterface configuration mode.
For example, create a PVC with DLCI 16 and enter configuration mode for PVC DLCI 16:
RP/0/RP0/CPU0:router(config)# interface pos 0/4/0/0.1RP/0/RP0/CPU0:router(config-subif)# pvc 16RP/0/RP0/CPU0:router(config-fr-vc)#Global Address Family Configuration Mode
Prompts: See Address Family Configuration Mode AF or AFI.
Enter global address family configuration mode from the router configuration mode for a particular protocol: BGP, IS-IS, OSPF, OSPFv3, EIGRP, or RIB.
Global Configuration Mode
Prompt: (config)
Enter global configuration mode from executive (EXEC) mode by using the configure command. Global configuration commands generally apply to the whole system rather than just one protocol or interface. You can enter all other configuration submodes listed in this section from global configuration mode.
RP/0/RP0/CPU0:router# configureRP/0/RP0/CPU0:router(config)#Global Parameter Configuration Mode
Prompt: (config-rpl-gl)
Enter global parameter configuration mode by using the policy-global command in global configuration mode. In global parameter configuration mode, you can create or modify a global policy by entering successive commands and then terminating the configuration by entering the end-global command.
For example, to configure global parameters:
RP/0/RP0/CPU0:router(config)# policy-globalRP/0/RP0/CPU0:router(config-rp-gl)# glbpathtype ebgpRP/0/RP0/CPU0:router(config-rp-gl)# glbtag 100RP/0/RP0/CPU0:router(config-rp-gl)# end-globalGlobal Virtual Private Network Routing and Forwarding Address and Family Configuration Mode
Prompt: (config-vrf-af)
Enter global Virtual Private Network (VPN) routing and forwarding (VRF) address and family configuration submode by using the address family command VRF configuration mode.
For example, enter VRF mode for IPv4 unicast:
RP/0/RP0/CPU0:router(config)# vrf vrfARP/0/RP0/CPU0:router(config-vrf)# address-family ipv4 unicastRP/0/RP0/CPU0:router(config-vrf-af)#Global VPN Routing and Forwarding Configuration Mode
Prompt: (config-vrf)
Enter VPN routing and forwarding (VRF) configuration mode by using the vrf command in the global configuration mode.
For example, in global configuration mode, enter VRF mode for the instance named "new1":
RP/0/RP0/CPU0:router(config)# vrf new1RP/0/RP0/CPU0:router(config-vrf)#Hot Standby Router Protocol Interface Configuration Mode
Prompt: (config-hsrp-if)
Enter interface configuration mode for Hot Standby Router Protocol (HSRP) by using an interface command in router HSRP configuration mode. In this mode, you can configure details of the HSRP for a specific interface.
For example, configure "company1" as the authentication string required to allow interoperation of hot standby routers in group 1 on the Ten Gigabit Ethernet interface 0/2/0/1:
RP/0/RP0/CPU0:router(config)# router hsrpRP/0/RP0/CPU0:router(config-hsrp)# interface TenGigE 0/2/0/1RP/0/RP0/CPU0:router(config-hsrp-if)# hsrp 1 authentication company1Interface Address Family Configuration Mode
Prompt: (config-isis-if-af)
Enter interface address family configuration mode from interface mode (for IS-IS) by using the address-family command. In interface address family configuration mode, only the metric command is supported. This command lets you assign a specific default cost to a link for routing decisions.
For example, enter router configuration mode for IS-IS, and then specify the Packet-over-SONET (POS/SDH) interface 0/1/0/1. In interface mode, use the address-family command to enter interface IPv4 unicast address family configuration mode. Configure the interface for a default link-state metric cost of 15:
RP/0/RP0/CPU0:router(config)# router isis ispRP/0/RP0/CPU0:router(config-isis)# interface POS0/1/0/1RP/0/RP0/CPU0:router(config-isis-if)# address-family ipv4 unicastRP/0/RP0/CPU0:router(config-isis-if-af)# metric 15Interface Configuration Mode
Prompts:
•
•
Enter interface configuration mode from global configuration mode. At this level and other interface submodes, a wide variety of capabilities are supported, and these capabilities depend on the installed software packages. This document describes the interface modes for specific functional areas.
For this example, the highest level interface configuration mode for Packet-over-SONET/SDH (POS) is entered for the interface identified by 0/2/0/4.
RP/0/RP0/CPU0:router(config)# interface POS 0/2/0/4RP/0/RP0/CPU0:router(config-if)#For example, enter IS-IS router configuration mode and then interface configuration mode for IS-IS. Specify an IS-IS network entity title (NET) of 49.0000.0000.0001.00, then begin configuration of an IPv6 unicast address family:
RP/0/RP0/CPU0:router(config)# router isis ispRP/0/RP0/CPU0:router(config-isis)# net 49.0000.0000.0001.00RP/0/RP0/CPU0:router(config-isis)# interface POS0/3/0/0RP/0/RP0/CPU0:router(config-isis-if)# address-family ipv6 unicastInterface Configuration Mode (Protocol Areas)
Prompts:
•
•
Enter area interface configuration mode from area configuration mode for OSPF, OSPFv3, or EIGRP. The commands in this mode apply to an interface within the area you specify at the area configuration prompt. Routing configurations, such as cost per link for the interface or the number of seconds from one hello packet transmission to the next hello transmission, can be specified for an interface.
For the first example, enter router configuration mode for OSPFv3, and specify area 0. Select interface 0/1/0/1, and assign a cost of 65 for routing decisions.
RP/0/RP0/CPU0:router(config)# router ospfv3 201RP/0/RP0/CPU0:router(config-router)# area 0RP/0/RP0/CPU0:router(config-ospf-ar)# interface POS 0/1/0/1RP/0/RP0/CPU0:router(config-ospf-ar-if)# cost 65For the second example, the protocol is an EIGRP instance numbered 1, and the router ID is 10.1.1.1. For POS interface 0/1/0/0, specify a hello interval of 10 seconds.
RP/0/RP0/CPU0:router(config)# router eigrp 1RP/0/RP0/CPU0:router(config-eigrp)# address-family ipv4RP/0/RP0/CPU0:router(config-eigrp)# router-id 10.1.1.1RP/0/RP0/CPU0:router(config-eigrp-af)# interface POS 0/1/0/0RP/0/RP0/CPU0:router(config-eigrp-af-if)# hello-interval 10Interface Internet Group Management Protocol Configuration Mode
Prompt: (config-igmp-if)
Enter interface configuration mode for Internet Group Management Protocol (IGMP) from router IGMP configuration mode by using interface.
For example, enter router configuration mode for IGMP, then enable explicit tracking for POS/SDH interface 0/1/0/0:
RP/0/RP0/CPU0:router(config)# router igmpRP/0/RP0/CPU0:router(config-igmp)# interface pos 0/1/0/1RP/0/RP0/CPU0:router(config-igmp-if)# explicit-tracking enable 1Interface Management Configuration Mode
Prompt: (config-if)
Enter management configuration mode be using the interface MgmtEth command in global configuration mode.
For example, enter Ethernet management configuration mode for the instance 0/RP0/CPU0/0. For this interface, configure an IPv4 address of 192.168.100.3/24:
RP/0/RP0/CPU0:router(config)# interface MgmtEth 0/RP0/CPU0/0RP/0/RP0/CPU0:router(config-if)# ipv4 address 192.168.100.3/24Interface Multicasting Mode
Prompt: (config-mcast-ipv4-if)
Enter multicasting configuration mode for an interface using the interface command or other applicable command in multicast router configuration mode.
For example, enable multicast routing on all interfaces, and then disable the feature on Packet-over-SONET/SDH (POS) interface 0/1/0/0:
RP/0/RP0/CPU0:router# multicast-routingRP/0/RP0/CPU0:router(config-mcast-ipv4)# interface all enableRP/0/RP0/CPU0:router(config-mcast-ipv4)# interface pos 0/1/0/0RP/0/RP0/CPU0:router(config-mcast-ipv4-if)# disableInterface Protocol Independent Management Configuration Mode
Prompt: (config-pim-ipv4-if)
Enter the interface submode for Protocol Independent Management (PIM) by using the interface command in PIM configuration mode.
For example, configure the router to specify a designated router (DR) priority of 4 for Packet-over-SONET/SDH (POS) interface 0/1/0/0:
RP/0/RP0/CPU0:router(config)# router pimRP/0/RP0/CPU0:router(config-pim-ipv4)# dr-priority 2RP/0/RP0/CPU0:router(config-pim-ipv4)# interface pos 0/1/0/0RP/0/RP0/CPU0:router(config-pim-ipv4-if)# dr-priority 4Interface Preconfiguration Mode
Prompt: (config-if-pre)
Enter the mode for preconfiguring a Packet-over-SONET/SDH interface from template configuration mode.
For example, first create a template named "pre-pos." This action places the CLI in template configuration mode. Use the interface preconfigure command with POS interface 0/1/0/0 to enter interface preconfiguration mode. For this interface, set the primary IPv4 address to be 10.3.32.154 255.0.0.0. To exit interface preconfiguration mode, use the end-template command:
RP/0/RP0/CPU0:router(config)# template pre-posRP/0/RP0/CPU0:router(config-tpl)# interface preconfigure pos0/1/0/0RP/0/RP0/CPU0:router(config-if-pre)# ipv4 address 10.3.32.154 255.0.0.0RP/0/RP0/CPU0:router(config-if-pre)# end-templateInterface Routing Information Protocol Configuration Mode
Prompt: (config-rip-if)
Enter interface configuration mode for Routing Information Protocol (RIP) with the interface command in global configuration mode.
For example, send RIP v2 output messages on the POS interface 1/0/0/0:
RP/0/RP0/CPU0:router(config)# router ripRP/0/RP0/CPU0:router(config-rip)# interface POS 1/0/0/0RP/0/RP0/CPU0:router(config-rip-if)# broadcast-for-v2Interface Session Border Controller Configuration Mode
Prompt: (config-if-sbc)
Enter the interface configuration mode for a session border controller (SBC) by using the interface sbc command in global configuration mode. If the specified interface does not exist, this command creates it.
For example, create an interface named "sbcControlIf":
RP/0/RP0/CPU0:router(config)# interface sbc sbcControlIfRP/0/RP0/CPU0:router (config-if-sbc)#Interface Tunnel Configuration Mode
Prompt: (config-if)
Enter interface configuration mode for tunnels from global configuration mode. Use the tunnel-ipsec command for this purpose. After the CLI enters interface configuration mode, the applicable commands for tunnels let you configure a source, destination, and profile. To specify the source address for a tunnel interface, use the tunnel source command in interface configuration mode. Use the tunnel source command to configure the source address or interface type and the instance for an IP Security tunnel. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.
For example, configure the tunnel source to be 172.19.72.92:
RP/0/RP0/CPU0:router(config)# interface tunnel-ipsec0RP/0/RP0/CPU0:router(config-if)# tunnel source 172.19.72.92RP/0/RP0/CPU0:router(config-if)# tunnel destination 172.19.72.120RP/0/RP0/CPU0:router(config-if)# profile pn1IP Service Level Agreement Internet Control Message Protocol Echo Configuration Mode
Prompt: (config-ipsla-icmp-echo)
Enter the IP Service Level Agreement (SLA) Internet Control Message Protocol (ICMP) echo configuration mode for an IP SLA by using the type icmp echo command in IP SLA operation configuration mode.
For example, for IP SLA operation 1, enter ICMP echo configuration mode:
RP/0/RP0/CPU0:router# configureRP/0/RP0/CPU0:router(config)# ipsla operation 1RP/0/RP0/CPU0:router(config-ipsla-op)# type icmp echoRP/0/RP0/CPU0:router(config-ipsla-icmp-echo)#IP SLA ICMP Path-Echo Configuration Mode
Prompt: (config-ipsla-icmp-path-echo)
Enter the mode for configuring (ICMP) path echo for IP service level agreement (IP SLA) Internet control messaging protocol (ICMP) by using the type icmp path-echo command in IP SLA operation configuration mode.
For example, specify the path for measuring the ICMP echo response time to be 20.25.22.1:
RP/0/RP0/CPU0:router(config)# ipsla operation 1RP/0/RP0/CPU0:router(config-ipsla-op)# type icmp path-echoRP/0/RP0/CPU0:router(config-ipsla-icmp-path-echo)# lsr-path 20.25.22.1IP SLA ICMP Path-Jitter Configuration Mode
Prompt: (config-ipsla-icmp-path-jitter)
Enter the mode for configuring the path jitter for IP service level agreement (IP SLA) Internet control messaging protocol (ICMP) by using the type udp jitter command in IP SLA operation configuration mode. You can also specify the address of a target device;
For example, use the type udp jitter command for IP SLA operation 1 to enter ICMP path jitter configuration mode, then use the frequency command to configure a probe period of 60 seconds:
RP/0/RP0/CPU0:router# configureRP/0/RP0/CPU0:router(config)# ipsla operation 1RP/0/RP0/CPU0:router(config-ipsla-op)# type udp jitterRP/0/RP0/CPU0:router(config-ipsla-udp-jitter)# frequency 60IP SLA LSP Monitor Configuration Mode
Prompt:(config-ipsla-mplslm)
Enter IP SLA MPLS LSP monitor configuration submode, from which all other IP SLA MPLS LSP submodes can be accessed, by using the ipsla global configuration command followed by the mpls lsp-monitor command:
For example, enter mpls lsp-monitor mode:
RP/0/RP0/CPU0:router# configureRP/0/RP0/CPU0:router(config)# ipslaRP/0/RP0/CPU0:router(config-ipsla)# mpls lsp-monitorRP/0/RP0/CPU0:router(config-ipsla-mplslm)#IP SLA MPLS Discovery VPN Configuration Mode
Prompt:(config-ipsla-mpls-discovery-vpn)
Enter IP SLA MPLS discovery VPN configuration submode, by using the mpls discovery vpn command in IP SLA configuration mode:
For example, enter mpls-discovery-vpn mode:
RP/0/RP0/CPU0:router# configureRP/0/RP0/CPU0:router(config)# ipslaRP/0/RP0/CPU0:router(config-ipsla)# mpls discovery vpnRP/0/RP0/CPU0:P1_CRS(config-ipsla-mpls-discovery-vpn)#IP SLA Operation Configuration Mode
Prompt: (config-ipsla-op)
Enter the IP service level agreements (SLAs) configuration mode by entering the ipsla operation command in global configuration mode. This command lets you configure numerous elements of an IP SLA. See the IP Service Level Agreement Commands on Cisco IOS XR Software module for details on the ipsla operation command.
For example, enter IP SLA operation configuration mode for the operation numbered:
RP/0/RP0/CPU0:router(config)# ipsla operation 1RP/0/RP0/CPU0:router(config-ipsla-op)# type udp echoIP SLA Operation History Configuration Mode
Prompt: (config-ipsla-op-hist)
Enter the history configuration mode for IP SLA operation by using the history command in UDP echo configuration mode. In this mode, you can configure various history-related values by using the lives, filter, buckets, or samples command.
For example, enter history configuration mode for operation 1, and then use the samples command to specify that the history table hold 30 hops for operation 1:
RP/0/RP0/CPU0:router(config)# ipsla operation 1RP/0/RP0/CPU0:router(config-ipsla-op)# type udp echoRP/0/RP0/CPU0:router(config-ipsla-udp-echo)# historyRP/0/RP0/CPU0:router(config-ipsla-op-hist)# samples 30For example, enter history configuration mode for operation 1, and then use the buckets command to specify 30 history buckets for the duration of operation 1:
RP/0/RP0/CPU0:router(config)# ipsla operation 1RP/0/RP0/CPU0:router(config-ipsla-op)# type udp echoRP/0/RP0/CPU0:router(config-ipsla-udp-echo)# historyRP/0/RP0/CPU0:router(config-ipsla-op-hist)# buckets 30IP SLA Operation Statistics Configuration Mode
Prompt: (config-ipsla-op-stats)
Enter the mode for configuring IP SLA operation statistics by using the statistics command in IP SLA UDP jitter mode or IP SLA UDP path echo mode.
For example, for the IP SLA operation numbered 1, enter the statistics command in ICMP path-echo mode and then configure a maximum of 20 hops in an hour:
RP/0/RP0/CPU0:router(config)# ipsla operation 1RP/0/RP0/CPU0:router(config-ipsla-op)# type icmp path-echoRP/0/RP0/CPU0:router(config-ipsla-icmp-path-echo)# statistics hourlyRP/0/RP0/CPU0:router(config-ipsla-op-stats)# maximum hops 20For example, for the IP SLA operation numbered 1, enter the statistics command in UDP jitter mode and then configure 10 buckets for per hour:
RP/0/RP0/CPU0:router(config)# ipsla operation 1RP/0/RP0/CPU0:router(config-ipsla-op)# type udp jitterRP/0/RP0/CPU0:router(config-ipsla-udp-jitter)# statistics hourlyRP/0/RP0/CPU0:router(config-ipsla-op-stats)# buckets 10IP SLA Reaction Condition Configuration Mode
Prompt: (config-ipsla-react-cond)
Enter the mode for configuring the condition of an IP SLA reaction by using the react command and one or more keywords in IP SLA reaction mode. For a description of these react keywords, see the IP Service Level Agreement Commands on Cisco IOS XR Software module in Cisco IOS XR System Management Command Reference.
The react command specifies the event that is to be monitored. In reaction condition mode, you can use the action command to specify a trigger or that the event is to be logged.
For example, enter reaction configuration mode for the IP SLA operation numbered 432. Specify that the reaction will be for connection loss, and then specify that the action is to log the event:
RP/0/RP0/CPU0:router(config)# ipsla reaction operation 432RP/0/RP0/CPU0:router(config-ipsla-react)# react connection-lossRP/0/RP0/CPU0:router(config-ipsla-react-cond)# action loggingIP SLA Reaction Configuration Mode
Prompt: (config-ipsla-react)
Enter IP SLA reaction configuration mode by using the ipsla reaction operation command in global configuration mode. In this mode, you can configure reactions for a variety of IP SPA events.
For example, enable action logging using the ipsla reaction operation command and the react connection-loss command:
RP/0/RP0/CPU0:router(config)# ipsla reaction operation 432RP/0/RP0/CPU0:router(config-ipsla-react)# react connection-lossRP/0/RP0/CPU0:router(config-ipsla-react-cond)# action loggingIP SLA Responder Configuration Mode
Prompt: (config-ipsla-resp)
Enter IP SLA responder configuration mode by using the ipsla responder command in global configuration mode.
For example, enable the IP SLA responder for UDP echo or jitter operation by using the ipsla responder command, and then use the type udp ipv4 address command to configure a permanent port of 10001 for IP address 12.25.26.10:
RP/0/RP0/CPU0:router(config)# ipsla responderRP/0/RP0/CPU0:router(config-ipsla-resp)# type udp ipv4 address 12.25.26.10 port 10001IP SLA Schedule Configuration Mode
Prompt: (config-ipsla-sched)
Enter the scheduling configuration mode for an IP service level agreements (SLA) by entering the ipsla schedule operation command in global configuration mode.
For example, schedule SLA operation number 1 to be recurring:
RP/0/RP0/CPU0:router(config)# ipsla schedule operation 1RP/0/RP0/CPU0:router(config-ipsla-sched)# recurringIP SLA UDP Echo Configuration Mode
Prompt: (config-ipsla-udp-echo)
Enter the UDP echo configuration mode for IP SLA by using the type udp echo command in IP SLA operation mode. In UDP echo configuration mode, a substantial number of IP SLA UDP echo values can be configured. To see all applicable commands, refer to the IP SLA command module in the Cisco IOS XR System Management Configuration Guide.
For example, enter UDP echo configuration:
RP/0/RP0/CPU0:router(config)# ipsla operation 1RP/0/RP0/CPU0:router(config-ipsla-op)# type udp echoRP/0/RP0/CPU0:router(config-ipsla-udp-echo)# historyRP/0/RP0/CPU0:router(config-ipsla-op-hist)# buckets 30For example, enter UDP echo configuration mode for the IP SLA operation numbered 1, and then enter UDP echo mode by using the type udp echo command. In this mode, use the datasize request command to set the protocol datasize in the payload of an operations request packet 512 bytes:
RP/0/RP0/CPU0:router# configureRP/0/RP0/CPU0:router(config)# ipsla operation 1RP/0/RP0/CPU0:router(config-ipsla-op)# type udp echoRP/0/RP0/CPU0:router(config-ipsla-udp-echo)# datasize request 512IP SLA UDP Jitter Configuration Mode
Prompt: (config-ipsla-udp-jitter)
Enter the mode for configuring jitter-related values for IP SLA UDP by using the type udp jitter command in IP SLA operation mode.
For example, use the type udp jitter command to enter UDP jitter configuration mode, and then use the packet interval command to specify that 30 milliseconds pass between transmission of packets:
RP/0/RP0/CPU0:router(config)# ipsla operation 1RP/0/RP0/CPU0:router(config-ipsla-op)# type udp jitterRP/0/RP0/CPU0:router(config-ipsla-udp-jitter)# packet interval 30For example, use the type udp jitter command to enter IP SLA UDP jitter configuration mode for IP SLA operation 1, and then use the control disable command to disable control packets:
RP/0/RP0/CPU0:router(config)#ipsla operation 1RP/0/RP0/CPU0:router(config-ipsla-op)# type udp jitterRP/0/RP0/CPU0:router(config-ipsla-udp-jitter)# control disableFor example, use the type udp jitter command to enter IP SLA UDP jitter configuration mode for IP SLA operation 1, and then use the frequency command to specify a probe period of 60 seconds:
RP/0/RP0/CPU0:router(config)# ipsla operation 1RP/0/RP0/CPU0:router(config-ipsla-op)# type udp jitterRP/0/RP0/CPU0:router(config-ipsla-udp-jitter)# frequency 60IPv4 Access List Configuration Mode
Prompt: (config-ipv4-acl)
Enter IPv4 access list configuration mode from global configuration mode. In global configuration mode, you can create or modify an access list by specifying the name of the list as an argument to the ipv4 access-list command. The CLI automatically enters IPv4 access list configuration mode.
For example, specify a deny condition for an access list named "Internetfilter":
RP/0/RP0/CPU0:router(config)# ipv4 access-list InternetfilterRP/0/RP0/CPU0:router(config-ipv4-acl)# 10 deny 192.168.34.0 0.0.0.255RP/0/RP0/CPU0:router(config-ipv4-acl)# 20 deny 172.16.0.0 0.0.255.255RP/0/RP0/CPU0:router(config-ipv4-acl)# 25 deny tcp host 172.16.0.0 eq bgp host 192.168.202.203 range 1300 1400RP/0/RP0/CPU0:router(config-ipv4-acl)# permit 10.0.0.0 0.255.255.255IPv4 Prefix List Configuration Mode
Prompt: (config-ipv4-pfx)
Enter IPv4 prefix list configuration mode by using the ipv4 prefix-list command in global configuration mode.
For example, configure a list named "list1" to accept a mask length of up to 24 bits in routes with the prefix 172.20.10.171/16:
RP/0/RP0/CPU0:router(config)# ipv4 prefix-list list1RP/0/RP0/CPU0:router(config-ipv4-pfx)# permit 172.20.10.171/16 le 24IPv4 Virtual Routing and Forwarding Address Family Command Mode
Prompts:
•
•
Enter the command mode for an IPv4 VPN routing and forwarding (VRF) address family by using the vrf command in router configuration mode for the applicable routing protocol. This mode also supports configuration of static routes.
For example, after entering VRF configuration mode from router BGP configuration mode, specify IPv4 unicast configuration mode:
RP/0/RP0/CPU0:router(config-bgp)# vrf new1RP/0/RP0/CPU0:router(config-bgp-vrf)# address-family ipv4 unicastRP/0/RP0/CPU0:router(config-bgp-vrf-af)#For example, enter static router configuration mode and then specify a VRF named "new1":
RP/0/RP0/CPU0:router(config)# router staticRP/0/RP0/CPU0:router(config-static)# vrf new1RP/0/RP0/CPU0:router(config-static-vrf)# address-family ipv4 unicastRP/0/RP0/CPU0:router(config-static-vrf-afi)#IPv6 Access List Configuration Mode
Prompt: (config-ipv6-acl)
Enter IPv6 access list configuration mode from global configuration mode. In global configuration mode, you can create or modify an access list by specifying the name of the list as an argument to the ipv6 access-list command. The CLI automatically enters IPv6 access list configuration mode.
For example, create an IPv6 access list named "Internetfilter":
RP/0/RP0/CPU0:router(config)# ipv6 access-list InternetfilterRP/0/RP0/CPU0:router(config-ipv6-acl)#IPv6 Prefix List Configuration Mode
Prompt: (config-ipv6-pfx)
Enter IPv6 prefix list configuration mode by using the ipv6 prefix-list command in global configuration mode.
For example, use the deny command for a list named "preflist1" to prevent OSPFv3 from installing routes that have 2001:e624 as the first 32 bits of the address:
RP/0/RP0/CPU0:router(config)# ipv6 prefix-list preflist1RP/0/RP0/CPU0:router(config-ipv6-pfx)# deny 2001:e624::/32 le 128For example, permit mask lengths of 8-24 bits in all of the address space:
RP/0/RP0/CPU0:router(config)# ipv6 prefix-list preflist1 RP/0/RP0/CPU0:router(config-ipv6_pfx)# permit 2000:1::1/64 ge 8 le 24Internet Security Association and Key Management Protocol Group Configuration Mode
Prompt: (isakmp-group)
Enter the mode for configuring Internet Security Association and Key Management Protocol (ISAKMP) by using the crypto isakmp client configuration group command in global configuration mode. ISAKMP, Oakley, and Skeme are security protocols implemented by Internet Key Exchange (IKE).
IKE is a key management protocol standard that works with the IP Security (IPSec) standard. IPSec provides robust authentication and encryption of IP packets. IKE is a hybrid protocol that implements the Oakley key exchange and the Skeme key exchange inside the ISAKMP framework.
For example, configure split tunneling by using the acl command to specify which groups of access control lists (ACLs) represent the protected subnets for split tunneling. (Split tunneling is the ability to have a secure tunnel to the central site and simultaneously have clear text tunnels to the Internet.) In this case, split tunneling is applied to the group named "cisco." Subsequently, all traffic sourced at the client and destined to the subnet 192.168.1.0 goes by way of the VPN tunnel:
RP/0/RP0/CPU0:router(config)# crypto isakmp client configuration group ciscoRP/0/RP0/CPU0:router(isakmp-group)# key ciscoRP/0/RP0/CPU0:router(isakmp-group)# acl group1RP/0/RP0/CPU0:router(config)# ipv4 access-list group1 permit ip 192.168.1.0 0.0.0.255 anyISAKMP Browser Proxy Configuration Mode
Prompt: (config-crypto-isakmp-browser-proxy)
Enter ISAKMP browser proxy configuration mode by using the crypto isakmp client configuration browser-proxy command.
For example, specify browser-proxy parameter settings for a browser proxy named "bproxy":
RP/0/RP0/CPU0:router(config)# crypto isakmp client configuration browser-proxy bproxyRP/0/RP0/CPU0:router(config-crypto-isakmp-browser-proxy)# proxy auto-detectISAKMP Group Configuration Mode
Prompt: (config-group)
Enter ISAKMP group configuration mode by using the crypto isakmp client configuration group command.
For example, include the configuration of a local group profile with the group name "marketing":
RP/0/RP0/CPU0:router(config)# crypto isakmp client configuration group marketingRP/0/RP0/CPU0:router(config-group)#ISAKMP Peer Configuration Mode
Prompt (config-isakmp-peer)
Enter ISAKMP peer configuration mode by using the crypto isakmp peer command.
For example, specify that the peer address is 40.40.40.2 and named "siteA":
RP/0/RP0/CPU0:router# configureRP/0/RP0/CPU0:router(config)# crypto isakmp peer address 40.40.40.2RP/0/RP0/CPU0:router(config-isakmp-peer)# description siteAISAKMP Policy Configuration Mode
Prompt: (config-isakmp)
Enter ISAKMP policy configuration mode by using the crypto isakmp policy command in global configuration mode. In policy configuration mode, the available commands let you define a policy for Internet Key Exchange (IKE).
For example, create and configure policy number 15 with the characteristics shown:
RP/0/RP0/CPU0:router(config)# crypto isakmp policy 15RP/0/RP0/CPU0:router(config-isakmp)# hash md5RP/0/RP0/CPU0:router(config-isakmp)# authentication rsa-sigRP/0/RP0/CPU0:router(config-isakmp)# group 2RP/0/RP0/CPU0:router(config-isakmp)# lifetime 5000RP/0/RP0/CPU0:router(config-isakmp)# description this is a sample IKE policyRP/0/RP0/CPU0:router(config-isakmp)# exitISAKMP Profile Configuration Mode
Prompt: (config-isa-prof)
Enter ISAKMP profile configuration mode by using the crypto isakmp profile command.
For example, define an ISAKMP profile and match the peer identities:
RP/0/RP0/CPU0:router(config)# crypto isakmp profile vpnprofileRP/0/RP0/CPU0:router(config-isa-prof)# match identity group vpngroupISAKMP Profile Match Configuration
Prompt: (config-isa-prof-match)
Enter ISAKMP profile match configuration mode by using the match-identity command.
For example, configure the group with the name "vpngroup":
RP/0/RP0/CPU0:router(config)# crypto isakmp profile vpnprofileRP/0/RP0/CPU0:router(config-isa-prof)# match identity group vpngroupRP/0/RP0/CPU0:router(config-isa-prof-match)#Key Chain Mode
Prompt: (config-client-keys)
Enter key chain mode by entering the key chain command in global configuration mode. In the prompt for this mode, the client is a protocol (such as IS-IS) or other type of client that uses a key.
For example, enter key chain mode for a client named "isis-keys":
RP/0/RP0/CPU0:router(config)# key chain isis-keysRP/0/RP0/CPU0:router(config-isis-keys)#Keychain-Key Mode