Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 5.2.x First Published: 2014-07-01 Last Modified: 2014-10-01 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-32734-01 THESPECIFICATIONSANDINFORMATIONREGARDINGTHEPRODUCTSINTHISMANUALARESUBJECTTOCHANGEWITHOUTNOTICE.ALLSTATEMENTS, INFORMATION,ANDRECOMMENDATIONSINTHISMANUALAREBELIEVEDTOBEACCURATEBUTAREPRESENTEDWITHOUTWARRANTYOFANYKIND, EXPRESSORIMPLIED.USERSMUSTTAKEFULLRESPONSIBILITYFORTHEIRAPPLICATIONOFANYPRODUCTS. THESOFTWARELICENSEANDLIMITEDWARRANTYFORTHEACCOMPANYINGPRODUCTARESETFORTHINTHEINFORMATIONPACKETTHATSHIPPEDWITH THEPRODUCTANDAREINCORPORATEDHEREINBYTHISREFERENCE.IFYOUAREUNABLETOLOCATETHESOFTWARELICENSEORLIMITEDWARRANTY, CONTACTYOURCISCOREPRESENTATIVEFORACOPY. TheCiscoimplementationofTCPheadercompressionisanadaptationofaprogramdevelopedbytheUniversityofCalifornia,Berkeley(UCB)aspartofUCB'spublicdomainversion oftheUNIXoperatingsystem.Allrightsreserved.Copyright©1981,RegentsoftheUniversityofCalifornia. NOTWITHSTANDINGANYOTHERWARRANTYHEREIN,ALLDOCUMENTFILESANDSOFTWAREOFTHESESUPPLIERSAREPROVIDED“ASIS"WITHALLFAULTS. CISCOANDTHEABOVE-NAMEDSUPPLIERSDISCLAIMALLWARRANTIES,EXPRESSEDORIMPLIED,INCLUDING,WITHOUTLIMITATION,THOSEOF MERCHANTABILITY,FITNESSFORAPARTICULARPURPOSEANDNONINFRINGEMENTORARISINGFROMACOURSEOFDEALING,USAGE,ORTRADEPRACTICE. INNOEVENTSHALLCISCOORITSSUPPLIERSBELIABLEFORANYINDIRECT,SPECIAL,CONSEQUENTIAL,ORINCIDENTALDAMAGES,INCLUDING,WITHOUT LIMITATION,LOSTPROFITSORLOSSORDAMAGETODATAARISINGOUTOFTHEUSEORINABILITYTOUSETHISMANUAL,EVENIFCISCOORITSSUPPLIERS HAVEBEENADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGES. AnyInternetProtocol(IP)addressesandphonenumbersusedinthisdocumentarenotintendedtobeactualaddressesandphonenumbers.Anyexamples,commanddisplayoutput,network topologydiagrams,andotherfiguresincludedinthedocumentareshownforillustrativepurposesonly.AnyuseofactualIPaddressesorphonenumbersinillustrativecontentisunintentional andcoincidental. CiscoandtheCiscologoaretrademarksorregisteredtrademarksofCiscoand/oritsaffiliatesintheU.S.andothercountries.ToviewalistofCiscotrademarks,gotothisURL:http:// www.cisco.com/go/trademarks.Third-partytrademarksmentionedarethepropertyoftheirrespectiveowners.Theuseofthewordpartnerdoesnotimplyapartnership relationshipbetweenCiscoandanyothercompany.(1110R) ©2014CiscoSystems,Inc.Allrightsreserved. CONTENTS Preface Preface xvii ChangestoThisDocument xvii ObtainingDocumentationandSubmittingaServiceRequest xvii CHAPTER 1 NewandChangedFeatureInformationinCiscoIOSXRRelease5.2.x 1 NewandChangedIPAddressesandServicesFeatures 1 CHAPTER 2 ImplementingAccessListsandPrefixLists 5 PrerequisitesforImplementingAccessListsandPrefixLists 6 RestrictionsforImplementingAccessListsandPrefixLists 6 RestrictionsforImplementingACL-BasedForwarding 7 HardwareLimitations 8 InformationAboutImplementingAccessListsandPrefixLists 8 AccessListsandPrefixListsFeatureHighlights 8 PurposeofIPAccessLists 8 HowanIPAccessListWorks 9 IPAccessListProcessandRules 9 HelpfulHintsforCreatingIPAccessLists 10 SourceandDestinationAddresses 10 WildcardMaskandImplicitWildcardMask 10 TransportLayerInformation 11 IPAccessListEntrySequenceNumbering 11 SequenceNumberingBehavior 11 IPAccessListLoggingMessages 11 ExtendedAccessListswithFragmentControl 12 PolicyRouting 14 CommentsAboutEntriesinAccessLists 14 Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 5.2.x OL-32734-01 iii Contents AccessControlListCounters 14 BGPFilteringUsingPrefixLists 15 HowtheSystemFiltersTrafficbyPrefixList 15 InformationAboutImplementingACL-basedForwarding 16 ACL-basedForwardingOverview 16 ABF-OT 16 IPv6ACLBasedForwardingObjectTracking 16 IPSLAsupportforObjecttracking 16 ACLCountersUsingSNMP 17 HowtoImplementAccessListsandPrefixLists 17 ConfiguringExtendedAccessLists 17 ApplyingAccessLists 20 ControllingAccesstoanInterface 20 ControllingAccesstoaLine 21 ConfiguringPrefixLists 22 ConfiguringStandardAccessLists 24 CopyingAccessLists 26 SequencingAccess-ListEntriesandRevisingtheAccessList 27 CopyingPrefixLists 29 SequencingPrefixListEntriesandRevisingthePrefixList 30 HowtoImplementACL-basedForwarding 31 ConfiguringACL-basedForwardingwithSecurityACL 31 ImplementingIPSLA-OT 33 Enablingtrackmode 33 Configuringtracktype 34 Configuringtrackingtype(lineprotocol) 34 Configuringtracktype(list) 35 Configuringtrackingtype(route) 35 Configuringtrackingtype(rtr) 36 ConfiguringPureACL-BasedForwardingforIPv6ACL 37 ACL-Chaining 38 ACL-ChainingOverview 38 RestrictionsforCommonACL 39 ConfiguringanInterfacetoacceptCommonACL 39 ACLScaleEnhancements 40 Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 5.2.x iv OL-32734-01 Contents ACLScaleEnhancements:BackwardCompatibility 40 ConfiguringaNetworkObject-Group 41 ConfiguringaPortObject-Group 42 ConfiguringACLwithObject-Groups 43 AtomicACLUpdatesByUsingtheDisableOption 45 ModifyingACLswhenAtomicACLUpdatesareDisabled 46 ConfiguringACLCountersforSNMPQuery 48 ConfigurationExamplesforImplementingAccessListsandPrefixLists 49 ResequencingEntriesinanAccessList:Example 49 AddingEntrieswithSequenceNumbers:Example 50 AddingEntriesWithoutSequenceNumbers:Example 50 AtomicACLUpdatesByUsingtheDisableOption 51 ModifyingACLswhenAtomicACLUpdatesareDisabled 51 IPv6ACLinClassMap 53 ConfiguringIPv6ACLQoS-AnExample 54 IPv4/IPv6ACLoverBVIinterface 56 ConfiguringIPv4ACLoverBVIinterface-AnExample 57 ConfiguringABFv4/v6overIRB/BVIinterface 57 ConfiguringABFv4overIRB/BVIinterface:Example 60 ConfiguringABFv6overIRB/BVIinterface:Example 60 ConfiguringanInterfacetoacceptCommonACL-Examples 61 ConfiguringACLCountersforSNMPQuery:Example 62 AdditionalReferences 63 CHAPTER 3 ImplementingARP 65 PrerequisitesforConfiguringARP 65 RestrictionsforConfiguringARP 66 InformationAboutConfiguringARP 66 IPAddressingOverview 66 AddressResolutiononaSingleLAN 67 AddressResolutionWhenInterconnectedbyaRouter 67 ARPandProxyARP 67 ARPCacheEntries 68 DirectAttachedGatewayRedundancy 68 AdditionalGuidelines 69 Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 5.2.x OL-32734-01 v Contents HowtoConfigureARP 69 DefiningaStaticARPCacheEntry 69 EnablingProxyARP 70 EnablingLocalProxyARP 71 ConfiguringDAGR 72 ConfiguringARPpurge-delay 74 ConfiguringARPtimeout 75 ConfigureLearningofLocalARPEntries 76 ConfigurationExamplesforARPConfigurationonCiscoIOSXRSoftware 77 CreatingaStaticARPCacheEntry:Example 77 EnablingProxyARP:Example 78 78 EnablingDAGRandConfiguringaDAGRGroup:Example 78 DisplayingtheOperationalStateofDAGRGroups:Example 78 AdditionalReferences 78 CHAPTER 4 ImplementingCiscoExpressForwarding 81 PrerequisitesforImplementingCiscoExpressForwarding 81 InformationAboutImplementingCiscoExpressForwardingSoftware 82 KeyFeaturesSupportedintheCiscoExpressForwardingImplementation 82 BenefitsofCEF 82 CEFComponents 83 BorderGatewayProtocolPolicyAccounting 83 ReversePathForwarding(StrictandLoose) 84 Per-FlowLoadBalancing 85 BGPAttributesDownload 86 HowtoImplementCEF 86 VerifyingCEF 86 ConfiguringBGPPolicyAccounting 87 VerifyingBGPPolicyAccounting 92 ConfiguringaRoutePurgeDelay 94 ConfiguringUnicastRPFChecking 94 ConfiguringModularServicesCard-to-RouteProcessorManagementEthernetInterface Switching 95 ConfiguringPer-FlowLoadBalancing 96 Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 5.2.x vi OL-32734-01 Contents Configuring3-TupleHashAlgorithm 96 ConfiguringBGPAttributesDownload 97 ConfiguringBGPAttributesDownload 97 IPv6RoutingoverIPv4MPLSTETunnels 98 RestrictionsforImplementingIPv6routingoverIPv4MPLSTEtunnels 98 ConfiguringtunnelasIPV6Forwarding-Adjacency 98 ConfiguringtunnelasIPV6interface 99 ConfigurationExamplesforImplementingCEFonRoutersSoftware 99 ConfiguringBGPPolicyAccounting:Example 100 VerifyingBGPPolicyStatistics:Example 103 ConfiguringUnicastRPFChecking:Example 114 ConfiguringtheSwitchingofModularServicesCardtoManagementEthernetInterfaceson theRouteProcessor:Example 114 ConfiguringPer-FlowLoadBalancing:Example 114 ConfiguringBGPAttributesDownload:Example 115 AdditionalReferences 115 CHAPTER 5 ImplementingtheDynamicHostConfigurationProtocol 117 PrerequisitesforConfiguringDHCPRelayAgent 118 InformationAboutDHCPRelayAgent 118 LimitationsforDHCPv6RelayFeature 119 SecureARP 119 HowtoConfigureandEnableDHCPRelayAgent 119 ConfiguringandEnablingtheDHCPRelayAgent 120 ConfiguringaDHCPRelayProfile 120 ConfiguringDHCPv6RelayProfile 121 EnablingDHCPRelayAgentonanInterface 122 EnablingDHCPv6RelayAgentonanInterface 123 DisablingDHCPRelayonanInterface 124 EnablingDHCPRelayonaVRF 125 ConfiguringtheRelayAgentInformationFeature 126 ConfiguringRelayAgentGiaddrPolicy 128 ConfiguringaDHCPProxyProfile 129 ConfiguringDHCPv6RelayBindingDatabaseWritetoSystemPersistentMemory 130 DHCPv4Server 131 Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 5.2.x OL-32734-01 vii Contents ConfiguringDHCPv4ServerProfile 132 ConfiguringMultipleClasseswithaPool 135 ConfiguringaserverprofileDAPSwithclassmatchoption 137 ConfiguringServerProfilewithoutdapspoolmatchoption 140 ConfiguringanaddresspoolforeachISPonDAPS 142 DHCPv4Client 144 EnablingDHCPClientonanInterface 144 DHCPv6RelayAgentNotificationforPrefixDelegation 145 ConfiguringDHCPv6StatefulRelayAgentforPrefixDelegation 146 EnablingSecureARP 147 ConfigurationExamplesfortheDHCPRelayAgent 148 DHCPRelayProfile:Example 148 DHCPRelayonanInterface:Example 149 DHCPRelayonaVRF:Example 149 RelayAgentInformationOptionSupport:Example 149 RelayAgentGiaddrPolicy:Example 149 ImplementingDHCPSnooping 149 PrerequisitesforConfiguringDHCPSnooping 149 InformationaboutDHCPSnooping 150 TrustedandUntrustedPorts 150 DHCPSnoopinginaBridgeDomain 151 AssigningProfilestoaBridgeDomain 151 RelayInformationOptions 151 HowtoConfigureDHCPSnooping 151 EnablingDHCPSnoopinginaBridgeDomain 151 DisablingDHCPSnoopingonaSpecificBridgePort 154 UsingtheRelayInformationOption 156 ConfigurationExamplesforDHCPSnooping 157 AssigningaDHCPProfiletoaBridgeDomain:Example 158 DisablingDHCPSnoopingonaSpecificBridgePort:Example 158 ConfiguringaDHCPProfileforTrustedBridgePorts:Example 158 ConfiguringanUntrustedProfileonaBridgeDomain:Example 158 ConfiguringaTrustedBridgePort:Example 158 DHCPv6ProxyBindingTableReloadPersistency 159 ConfiguringDHCPv6ProxyBindingDatabaseWritetoSystemPersistentMemory 159 Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 5.2.x viii OL-32734-01 Contents AdditionalReferences 160 CHAPTER 6 ImplementingHostServicesandApplications 163 PrerequisitesforImplementingHostServicesandApplications 163 InformationAboutImplementingHostServicesandApplications 164 NetworkConnectivityTools 164 Ping 164 Traceroute 164 DomainServices 165 TFTPServer 165 FileTransferServices 165 RCP 166 FTP 166 TFTP 166 SCP 166 Ciscoinetd 167 Telnet 167 HowtoImplementHostServicesandApplications 167 CheckingNetworkConnectivity 167 CheckingNetworkConnectivityforMultipleDestinations 167 CheckingPacketRoutes 168 ConfiguringDomainServices 169 ConfiguringaRouterasaTFTPServer 170 ConfiguringaRoutertoUsercpConnections 171 ConfiguringaRoutertoUseFTPConnections 173 ConfiguringaRoutertoUseTFTPConnections 175 ConfiguringTelnetServices 176 TransferringFilesUsingSCP 176 Configuringsyslogsource-interface 177 IPv6SupportforIPSLAICMPEchoOperation 178 ConfiguringanIPSLAICMPechooperation 178 ConfigurationExamplesforImplementingHostServicesandApplications 179 CheckingNetworkConnectivity:Example 180 ConfiguringDomainServices:Example 181 ConfiguringaRoutertoUsercp,FTP,orTFTPConnections:Example 181 Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 5.2.x OL-32734-01 ix Contents AdditionalReferences 182 CHAPTER 7 ImplementingHSRP 185 PrerequisitesforImplementingHSRP 186 RestrictionsforImplementingHSRP 186 InformationAboutImplementingHSRP 186 HSRPOverview 186 HSRPGroups 187 HSRPandARP 190 Preemption 190 ICMPRedirectMessages 190 HowtoImplementHSRP 190 EnablingHSRP 190 EnablingHSRPforIPv6 192 ConfiguringHSRPGroupAttributes 193 ConfiguringtheHSRPActivationDelay 197 EnablingHSRPSupportforICMPRedirectMessages 199 MultipleGroupOptimization(MGO)forHSRP 200 CustomizingHSRP 200 ConfiguringaPrimaryVirtualIPv4Address 203 ConfiguringaSecondaryVirtualIPv4Address 204 Configuringaslavefollow 205 ConfiguringaslaveprimaryvirtualIPv4address 207 ConfiguringaSecondaryVirtualIPv4addressfortheSlaveGroup 208 Configuringaslavevirtualmacaddress 209 ConfiguringanHSRPSessionName 210 BFDforHSRP 211 AdvantagesofBFD 212 BFDProcess 212 ConfiguringBFD 212 EnablingBFD 212 ModifyingBFDtimers(minimuminterval) 213 ModifyingBFDtimers(multiplier) 214 EnhancedObjectTrackingforHSRPandIPStatic 215 ConfiguringobjecttrackingforHSRP 216 Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 5.2.x x OL-32734-01
Description: