IP Addressing Commands

The Internet Protocol (IP) is a packet-based protocol used to exchange data over computer networks. IP
handles addressing, fragmentation, reassembly, and protocol demultiplexing. It is the foundation on
which all other Internet protocols, collectively referred to as the Internet Protocol suite, are built. IP is
a network-layer protocol that contains addressing information and some control information that allows
data packets to be routed.
The Transmission Control Protocol (TCP) is built upon the IP layer. TCP is a connection-oriented
protocol that specifies the format of data and acknowledgments used in the transfer of data. TCP also
specifies the procedures that the computers use to ensure that the data arrives correctly. TCP allows
multiple applications on a system to communicate concurrently because it handles all demultiplexing of
the incoming traffic among the application programs.
Use the commands in this chapter to configure and monitor the addressing of IP networks. For IP
addressing configuration information and examples, refer to the “Configuring IP Addressing” chapter of
the Cisco IOS IP Configuration Guide.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-1
 IP Addressing Commands
arp (global)

arp (global)
To add a permanent entry in the Address Resolution Protocol (ARP) cache, use the arp global
configuration command. To remove an entry from the ARP cache, use the no form of this command.

arp ip-address hardware-address type [alias]

no arp ip-address hardware-address type [alias]

Syntax Description ip-address IP address in four-part dotted decimal format corresponding to the
local data-link address.
hardware-address Local data-link address (a 48-bit address).
type Encapsulation description. For Ethernet interfaces, this is typically
the arpa keyword. For FDDI and Token Ring interfaces, this is
always the snap keyword.
alias (Optional) Indicates that the Cisco IOS software should respond to
ARP requests as if it were the owner of the specified address.

Defaults No entries are permanently installed in the ARP cache.

Command Modes Global configuration

Command History Release Modification

10.0 This command was introduced.

Usage Guidelines The Cisco IOS software uses ARP cache entries to translate 32-bit IP addresses into 48-bit hardware
addresses.
Because most hosts support dynamic resolution, you generally need not specify static ARP cache entries.
To remove all nonstatic entries from the ARP cache, use the clear arp-cache privileged EXEC
command.

Examples The following is an example of a static ARP entry for a typical Ethernet host:
arp 192.31.7.19 0800.0900.1834 arpa

Related Commands Command Description

clear arp-cache Deletes all dynamic entries from the ARP cache.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-2
 IP Addressing Commands
arp (interface)

arp (interface)
To control the interface-specific handling of IP address resolution into 48-bit Ethernet, FDDI, Frame
Relay, and Token Ring hardware addresses, use the arp interface configuration command. To disable an
encapsulation type, use the no form of this command.

arp {arpa | frame-relay | probe | snap}

no arp {arpa | frame-relay | probe | snap}

Syntax Description arpa Standard Ethernet-style Address Resolution Protocol (ARP)

(RFC 826).
frame-relay Enables ARP over a Frame Relay encapsulated interface.
probe HP Probe protocol for IEEE-802.3 networks.
snap ARP packets conforming to RFC 1042.

Defaults Standard Ethernet-style ARP

Command Modes Interface configuration

Command History Release Modification

10.0 This command was introduced.

Usage Guidelines Unlike most commands that have multiple arguments, the arp command has arguments that are not
mutually exclusive. Each command enables or disables a specific type of ARP. For example, if you enter
the arp arpa command followed by the arp probe command, the Cisco IOS software would send three
packets (two for probe and one for arpa) each time it needed to discover a MAC address.
The arp probe command allows the software to use the Probe protocol (in addition to ARP) whenever
it attempts to resolve an IEEE-802.3 or Ethernet local data-link address. The subset of Probe that
performs address resolution is called Virtual Address Request and Reply. Using Probe, the Cisco IOS
software can communicate transparently with Hewlett Packard IEEE-802.3 hosts that use this type of
data encapsulation.

Note Cisco support for HP Probe proxy support changed as of Release 8.3(2) and subsequent software
releases. The no arp probe command is now the default. All interfaces that will use Probe must now
be explicitly configured for the arp probe command.

Given a network protocol address (IP address), the arp frame-relay command determines the
corresponding hardware address, which would be a data-link connection identifier (DLCI) for Frame
Relay.
The show interfaces EXEC command displays the type of ARP being used on a particular interface. To
remove all nonstatic entries from the ARP cache, use the clear arp-cache privileged EXEC command.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-3
 IP Addressing Commands
arp (interface)

Examples The following example enables probe services:

interface ethernet 0
arp probe

Related Commands Command Description

clear arp-cache Deletes all dynamic entries from the ARP cache.
show interfaces Displays statistics for all interfaces configured on the router or access server.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-4
 IP Addressing Commands
arp timeout

arp timeout
To configure how long an entry remains in the Address Resolution Protocol (ARP) cache, use the arp
timeout interface configuration command. To restore the default value, use the no form of this
command.

arp timeout seconds

no arp timeout seconds

Syntax Description seconds Time (in seconds) that an entry remains in the ARP cache. A value of zero
means that entries are never cleared from the cache.

Defaults 14400 seconds (4 hours)

Command Modes Interface configuration

Command History Release Modification

10.0 This command was introduced.

Usage Guidelines This command is ignored when issued on interfaces that do not use ARP. The show interfaces EXEC
command displays the ARP timeout value. The value follows the “Entry Timeout:” heading, as seen in
the following example from the show interfaces command:
ARP type: ARPA, PROBE, Entry Timeout: 14400 sec

Examples The following example sets the ARP timeout to 12000 seconds to allow entries to time out more quickly
than the default:
interface ethernet 0
arp timeout 12000

Related Commands Command Description

show interfaces Displays statistics for all interfaces configured on the router or access server.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-5
 IP Addressing Commands
clear arp-cache

clear arp-cache
To delete all dynamic entries from the Address Resolution Protocol ARP cache, to clear the
fast-switching cache, and to clear the IP route cache, use the clear arp-cache EXEC command.

clear arp-cache

Syntax Description This command has no arguments or keywords.

Command Modes EXEC

Command History Release Modification

10.0 This command was introduced.

Examples The following example removes all dynamic entries from the ARP cache and clears the fast-switching
cache:
clear arp-cache

Related Commands Command Description

arp (global) Adds a permanent entry in the ARP cache.
arp (interface) Controls the interface-specific handling of IP address resolution into 48-bit
Ethernet, FDDI, and Token Ring hardware addresses.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-6
 IP Addressing Commands
clear host

clear host
To delete entries from the host name-to-address cache, use the clear host EXEC command.

clear host {name | *}

Syntax Description name Particular host entry to remove.

* Removes all entries.

Command Modes EXEC

Command History Release Modification

10.0 This command was introduced.

Usage Guidelines The host name entries will not be removed from NVRAM, but will be cleared in running memory.

Examples The following example clears all entries from the host name-to-address cache:
clear host *

Related Commands Command Description

ip host Defines a static host name-to-address mapping in the host cache.
show hosts Displays the default domain name, the style of name lookup service, a list of
name server hosts, and the cached list of host names and addresses.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-7
 IP Addressing Commands
clear ip nat translation

clear ip nat translation

To clear dynamic Network Address Translation (NAT) translations from the translation table, use the
clear ip nat translation EXEC command.

clear ip nat translation {* | [forced] | [inside global-ip local-ip] [outside local-ip global-ip]}

clear ip nat translation protocol inside global-ip global-port local-ip local-port [outside
local-ip global-ip]

Syntax Description * Clears all dynamic translations.

forced (Optional) Clears all dynamic translations and processes that are causing the
router to hang.
inside (Optional) Clears the inside translations containing the specified global-ip and
local-ip addresses.
global-ip (Optional) When used without the arguments protocol, global-port, and
local-port arguments, clears a simple translation that also contains the specified
local-ip address. When used with the protocol, global-port, and local-port
arguments, clears an extended translation.
local-ip (Optional) Clears an entry that contains this local IP address and the specified
global-ip address.
outside (Optional) Clears the outside translations containing the specified global-ip and
local-ip addresses.
protocol Clears an entry that contains this protocol and the specified global-ip address,
local-ip address, global-port value, and local-port value.
global-port Clears an entry that contains this global-port value and the specified protocol
value, global-ip address, local-ip address, and local-port value.
local-port Clears an entry that contains this local-port value and the specified protocol
value, global-ip address, local-ip address, and global-port value.

Command Modes EXEC

Command History Release Modification

11.2 This command was introduced.

Usage Guidelines Use this command to clear entries from the translation table before they time out.

Examples The following example shows the NAT entries before and after the User Datagram Protocol (UDP) entry
is cleared:
Router# show ip nat translation

Pro Inside global Inside local Outside local Outside global

udp 171.69.233.209:1220 192.168.1.95:1220 171.69.2.132:53 171.69.2.132:53

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-8
 IP Addressing Commands
clear ip nat translation

tcp 171.69.233.209:11012 192.168.1.89:11012 171.69.1.220:23 171.69.1.220:23

tcp 171.69.233.209:1067 192.168.1.95:1067 171.69.1.161:23 171.69.1.161:23

Router# clear ip nat translation udp inside 171.69.233.209 1220 192.168.1.95 1220
171.69.2.132 53 171.69.2.132 53

Router# show ip nat translation

Pro Inside global Inside local Outside local Outside global

tcp 171.69.233.209:11012 192.168.1.89:11012 171.69.1.220:23 171.69.1.220:23
tcp 171.69.233.209:1067 192.168.1.95:1067 171.69.1.161:23 171.69.1.161:23

Related Commands Command Description

ip nat Designates that traffic originating from or destined for the interface is
subject to NAT.
ip nat inside destination Enables NAT of the inside destination address.
ip nat inside source Enables NAT of the inside source address.
ip nat outside source Enables NAT of the outside source address.
ip nat pool Defines a pool of IP addresses for NAT.
ip nat service Changes the amount of time after which NAT translations time out.
show ip nat statistics Displays NAT statistics.
show ip nat translations Displays active NAT translations.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-9
 IP Addressing Commands
clear ip nhrp

clear ip nhrp
To clear all dynamic entries from the Next Hop Resolution Protocol (NHRP) cache, use the
clear ip nhrp EXEC command.

clear ip nhrp

Syntax Description This command has no arguments or keywords.

Command Modes EXEC

Command History Release Modification

11.0 This command was introduced.

Usage Guidelines This command does not clear any static (configured) IP-to-nonbroadcast multiaccess (NBMA) address
mappings from the NHRP cache.

Examples The following example clears all dynamic entries from the NHRP cache for the interface:
clear ip nhrp

Related Commands Command Description

show ip nhrp Displays the NHRP cache.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-10
 IP Addressing Commands
clear ip route

clear ip route
To delete routes from the IP routing table, use the clear ip route EXEC command.

clear ip route {network [mask] | *}

Syntax Description network Network or subnet address to remove.

mask (Optional) Subnet address to remove.
* Removes all routing table entries.

Defaults All entries are removed.

Command Modes EXEC

Command History Release Modification

10.0 This command was introduced.

Examples The following example removes a route to network 132.5.0.0 from the IP routing table:
clear ip route 132.5.0.0

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-11
 IP Addressing Commands
ip address

ip address
To set a primary or secondary IP address for an interface, use the ip address interface configuration
command. To remove an IP address or disable IP processing, use the no form of this command.

ip address ip-address mask [secondary]

no ip address ip-address mask [secondary]

Syntax Description ip-address IP address.

mask Mask for the associated IP subnet.
secondary (Optional) Specifies that the configured address is a secondary IP address. If this
keyword is omitted, the configured address is the primary IP address.

Defaults No IP address is defined for the interface.

Command Modes Interface configuration

Command History Release Modification

10.0 This command was introduced.

Usage Guidelines An interface can have one primary IP address and multiple secondary IP addresses. Packets generated
by the Cisco IOS software always use the primary IP address. Therefore, all routers and access servers
on a segment should share the same primary network number.
Hosts can determine subnet masks using the Internet Control Message Protocol (ICMP) mask request
message. Routers respond to this request with an ICMP mask reply message.
You can disable IP processing on a particular interface by removing its IP address with the no ip address
command. If the software detects another host using one of its IP addresses, it will print an error message
on the console.
The optional secondary keyword allows you to specify an unlimited number of secondary addresses.
Secondary addresses are treated like primary addresses, except the system never generates datagrams
other than routing updates with secondary source addresses. IP broadcasts and Address Resolution
Protocol (ARP) requests are handled properly, as are interface routes in the IP routing table.
Secondary IP addresses can be used in a variety of situations. The following are the most common
applications:
• There may not be enough host addresses for a particular network segment. For example, your
subnetting allows up to 254 hosts per logical subnet, but on one physical subnet you need 300 host
addresses. Using secondary IP addresses on the routers or access servers allows you to have two
logical subnets using one physical subnet.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-12
 IP Addressing Commands
ip address

• Many older networks were built using Level 2 bridges. The judicious use of secondary addresses can
aid in the transition to a subnetted, router-based network. Routers on an older, bridged segment can
be easily made aware that many subnets are on that segment.
• Two subnets of a single network might otherwise be separated by another network. This situation is
not permitted when subnets are in use. In these instances, the first network is extended, or layered
on top of the second network using secondary addresses.

Note If any router on a network segment uses a secondary address, all other devices on that same segment
must also use a secondary address from the same network or subnet. Inconsistent use of secondary
addresses on a network segment can very quickly cause routing loops.

Note When you are routing using the Open Shortest Path First (OSPF) algorithm, ensure that all secondary
addresses of an interface fall into the same OSPF area as the primary addresses.

To transparently bridge IP on an interface, you must perform the following two tasks:
• Disable IP routing (specify the no ip routing command).
• Add the interface to a bridge group, see the bridge-group command.
To concurrently route and transparently bridge IP on an interface, see the bridge crb command.

Examples In the following example, 131.108.1.27 is the primary address and 192.31.7.17 and 192.31.8.17 are
secondary addresses for Ethernet interface 0:
interface ethernet 0
ip address 131.108.1.27 255.255.255.0
ip address 192.31.7.17 255.255.255.0 secondary
ip address 192.31.8.17 255.255.255.0 secondary

Related Commands Command Description

bridge crb Enables the Cisco IOS software to both route and bridge a given protocol on
separate interfaces within a single router.
bridge-group Assigns each network interface to a bridge group.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-13
 IP Addressing Commands
ip broadcast-address

ip broadcast-address
To define a broadcast address for an interface, use the ip broadcast-address interface configuration
command. To restore the default IP broadcast address, use the no form of this command.

ip broadcast-address [ip-address]

no ip broadcast-address [ip-address]

Syntax Description ip-address (Optional) IP broadcast address for a network.

Defaults Default address: 255.255.255.255 (all ones)

Command Modes Interface configuration

Command History Release Modification

10.0 This command was introduced.

Examples The following example specifies an IP broadcast address of 0.0.0.0:

ip broadcast-address 0.0.0.0

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-14
 IP Addressing Commands
ip cef traffic-statistics

ip cef traffic-statistics
To change the time interval that controls when Next Hop Resolution Protocol (NHRP) will set up or tear
down a switched virtual circuit (SVC), use the ip cef traffic-statistics global configuration command.
To restore the default values, use the no form of this command.

ip cef traffic-statistics [load-interval seconds] [update-rate seconds]

no ip cef traffic-statistics

Syntax Description load-interval seconds (Optional) Length of time (in 30-second increments) during which the
average trigger-threshold and teardown-threshold intervals are calculated
before an SVC setup or teardown action is taken. (These thresholds are
configured in the ip nhrp trigger-svc command.) The load-interval
range is from 30 seconds to 300 seconds, in 30-second increments. The
default value is 30 seconds.
update-rate seconds (Optional) Frequency that the port adapter sends the accounting statistics
to the Route Processor (RP). When using NHRP in distributed CEF
switching mode, this value must be set to 5 seconds. The default value is
10 seconds.

Defaults load-interval: 30 seconds

update-rate: 10 seconds

Command Modes Global configuration

Command History Release Modification

12.0 This command was introduced.

Usage Guidelines The thresholds in the ip nhrp trigger-svc command are measured during a sampling interval of 30
seconds, by default. To change that interval, use the load-interval seconds option of the
ip cef traffic-statistics command.
When NHRP is configured on a CEF switching node with a Versatile Interface Processor (VIP2) adapter,
you must make sure the update-rate keyword is set to 5 seconds.
Other Cisco IOS features could also use the ip cef traffic-statistics command; this NHRP feature relies
on it.

Examples In the following example, the triggering and teardown thresholds are calculated based on an average over
120 seconds:
ip cef traffic-statistics load-interval 120

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-15
 IP Addressing Commands
ip cef traffic-statistics

Related Commands Command Description

ip nhrp trigger-svc Configures when NHRP will set up and tear down an SVC based on
aggregate traffic rates.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-16
 IP Addressing Commands
ip classless

ip classless
At times the router might receive packets destined for a subnet of a network that has no network default
route. To have the Cisco IOS software forward such packets to the best supernet route possible, use the
ip classless global configuration command. To disable this feature, use the no form of this command.

ip classless

no ip classless

Syntax Description This command has no arguments or keywords.

Defaults Enabled

Command Modes Global configuration

Command History Release Modification

10.0 This command was introduced.
11.3 The default behavior changed from disabled to enabled.

Usage Guidelines This command allows the software to forward packets that are destined for unrecognized subnets of
directly connected networks. The packets are forwarded to the best supernet route.
When this feature is disabled, the Cisco IOS software discards the packets when a router receives packets
for a subnet that numerically falls within its subnetwork addressing scheme, no such subnet number is
in the routing table and there is no network default route.

Note If the supernet, or default route, is learned via IS-IS or OSPF, the no ip classless configuration
command is ignored.

Examples The following example prevents the software from forwarding packets destined for an unrecognized
subnet to the best supernet possible:
no ip classless

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-17
 IP Addressing Commands
ip default-gateway

ip default-gateway
To define a default gateway (router) when IP routing is disabled, use the ip default-gateway global
configuration command. To disable this function, use the no form of this command.

ip default-gateway ip-address

no ip default-gateway ip-address

Syntax Description ip-address IP address of the router.

Defaults Disabled

Command Modes Global configuration

Command History Release Modification

10.0 This command was introduced.

Usage Guidelines The Cisco IOS software sends any packets that need the assistance of a gateway to the address you
specify. If another gateway has a better route to the requested host, the default gateway sends an Internet
Control Message Protocol (ICMP) redirect message back. The ICMP redirect message indicates which
local router the Cisco IOS software should use.

Examples The following example defines the router on IP address 192.31.7.18 as the default router:
ip default-gateway 192.31.7.18

Related Commands Command Description

ip redirects Enables the sending of ICMP redirect messages if the Cisco IOS software is
forced to resend a packet through the same interface on which it was
received.
show ip redirects Displays the address of a default gateway (router) and the address of hosts
for which an ICMP redirect message has been received.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-18
 IP Addressing Commands
ip directed-broadcast

ip directed-broadcast
To enable the translation of a directed broadcast to physical broadcasts, use the ip directed-broadcast
interface configuration command. To disable this function, use the no form of this command.

ip directed-broadcast [access-list-number] | [extended access-list-number]

no ip directed-broadcast [access-list-number] | [extended access-list-number]

Syntax Description access-list-number (Optional) Standard access list number in the range from 1 to 199. If
specified, a broadcast must pass the access list to be forwarded.
extended access-list-number (Optional) Extended access list number in the range from 1300 to
2699.

Defaults Disabled; all IP directed broadcasts are dropped.

Command Modes Interface configuration

Command History Release Modification

10.0 This command was introduced.
12.0 The default behavior changed to directed broadcasts being dropped.

Usage Guidelines An IP directed broadcast is an IP packet whose destination address is a valid broadcast address for some
IP subnet, but which originates from a node that is not itself part of that destination subnet.
A router that is not directly connected to its destination subnet forwards an IP directed broadcast in the
same way it would forward unicast IP packets destined to a host on that subnet. When a directed
broadcast packet reaches a router that is directly connected to its destination subnet, that packet is
“exploded” as a broadcast on the destination subnet. The destination address in the IP header of the
packet is rewritten to the configured IP broadcast address for the subnet, and the packet is sent as a
link-layer broadcast.
The ip directed-broadcast interface command controls the explosion of directed broadcasts when they
reach their target subnets. The command affects only the final transmission of the directed broadcast on
its ultimate destination subnet. It does not affect the transit unicast routing of IP directed broadcasts.
If directed broadcast is enabled for an interface, incoming IP packets whose addresses identify them as
directed broadcasts intended for the subnet to which that interface is attached will be exploded as
broadcasts on that subnet. If an access list has been configured with the ip directed-broadcast
command, only directed broadcasts that are permitted by the access list in question will be forwarded;
all other directed broadcasts destined for the interface subnet will be dropped.
If the no ip directed-broadcast command has been configured for an interface, directed broadcasts
destined for the subnet to which that interface is attached will be dropped, rather than being broadcast.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-19
 IP Addressing Commands
ip directed-broadcast

Note Because directed broadcasts, and particularly Internet Control Message Protocol (ICMP)
directed broadcasts, have been abused by malicious persons, we recommend that
security-conscious users disable the ip directed-broadcast command on any intereface
where directed broadcasts are not needed and that they use access lists to limit the number
of exploded packets.

Examples The following example enables forwarding of IP directed broadcasts on Ethernet interface 0:
interface ethernet 0
ip directed-broadcast

Related Commands Command Description

ip forward-protocol Specifies which protocols and ports the router forwards when forwarding
broadcast packets.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-20
 IP Addressing Commands
ip dns primary

ip dns primary
To configure the router as authoritative for a zone, use the ip dns primary command in global
configuration mode. To configure the router nonauthoritative for a zone, use the no form of this
command.

ip dns primary domain-name soa primary-server-name mailbox-name [refresh-interval

[retry-interval [expire-ttl [minimum-ttl]]]]

no ip dns primary domain-name

Syntax Description domain-name DNS domain name.

soa Start of authority record parameters.
primary-server-name Authoritative name server.
mailbox-name DNS mailbox of responsible person.
refresh-interval (Optional) Refresh time in seconds. This time interval that must elapse
between each poll of the primary by the secondary name server. The range is
from 0 to 4294967295. The default is 21600 (6 hours).
retry-interval (Optional) Refresh retry time in seconds. This time interval must elapse
between successive connection attempts by the secondary to reach the
primary name server in case the first attempt failed. The range is from 0 to
4294967295. The default is 900 (15 minutes).
expire-ttl (Optional) Authority expire time in seconds. The secondary expires its data
if it cannot reach the primary name server within this time interval. The
range is from 0 to 4294967295. The default is 7776000 (90 days).
minimum-ttl (Optional) Minimum Time to Live (TTL) in seconds for zone information.
Other servers should cache data from the name server for this length of time.
The range is from 0 to 4294967295. The default is 86400 (1 day).

Command Default No authority record parameters are configured for the DNS name server, and so queries to the DNS
server for locally defined hosts will not receive authoritative responses from this server.

Command Modes Global configuration

Command History Release Modification

12.2 This command was introduced.

Usage Guidelines Use this command to configure the router as an authoritative name server for the host table, or zone file,
of a DNS domain. The primary name server name and a DNS mailbox name are required authority record
parameters. Optionally, you can override the default values for the polling refresh interval, the refresh
retry interval, the authority expire time, and the minimum TTL for zone information.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-21
 IP Addressing Commands
ip dns primary

To display the authoritative name server configuration for the router, use the show ip dns primary
command.

Examples The following example command configures the router as the primary DNS server authoritative for the
example1.com domain, or zone:
Router(config)# ip dns primary example1.com soa ns1.example1.com mb1.example1.com 10800
900 5184000 172800

In the above example, the DNS domain name of the router is ns1.example1.com, and the administrative
contact for this zone is mb1@example1.com, the refresh time is 3 hours, the refresh retry time is
15 minutes, the authority expire time is 60 days, and the minimum TTL is 2 days.

Related Commands Command Description

ip dns server Enables the DNS server on a router.
ip host Defines static hostname-to-address mappings in the DNS hostname cache
for a DNS view.
ip name-server Specifies the address of one or more name servers to use for name and
address resolution.
show ip dns primary Displays the authoritative name server configuration for the router.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-22
 IP Addressing Commands
ip domain list

ip domain list
To define a list of default domain names to complete unqualified host names, use the ip domain list
command in global configuration mode. To delete a name from a list, use the no form of this command.

ip domain list name

no ip domain list name

Syntax Description name Domain name. Do not include the initial period that separates an
unqualified name from the domain name.

Defaults No domain names are defined.

Command Modes Global configuration

Command History Release Modification

10.0 This command was introduced.
12.2 The syntax of the command changed from ip domain-list to ip domain list.

Usage Guidelines If there is no domain list, the domain name that you specified with the ip domain name global
configuration command is used. If there is a domain list, the default domain name is not used. The ip
domain list command is similar to the ip domain name command, except that with the ip domain list
command you can define a list of domains, each to be tried in turn.
The Cisco IOS software will still accept the previous version of the command ip domain-list.

Examples The following example adds several domain names to a list:

ip domain list company.com
ip domain list school.edu

The following example adds a name to and then deletes a name from the list:
ip domain list school.edu
no ip domain list school.edu

Related Commands Command Description

ip domain name Defines a default domain name to complete unqualified host names (names
without a dotted-decimal domain name).

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-23
 IP Addressing Commands
ip domain lookup

ip domain lookup
To enable the IP Domain Naming System (DNS)-based host name-to-address translation, use the
ip domain lookup command in global configuration mode. To disable the DNS, use the no form of this
command.

ip domain lookup

no ip domain lookup

Syntax Description This command has no arguments or keywords.

Defaults Enabled

Command Modes Global configuration

Command History Release Modification

10.0 This command was introduced.
12.2 The syntax of the command changed from ip domain-lookup to
ip domain lookup.

Usage Guidelines The Cisco IOS software will still accept the previous version of the command ip domain-lookup.

Examples The following example enables the IP DNS-based host name-to-address translation:
ip domain lookup

Related Commands Command Description

ip domain name Defines a default domain name to complete unqualified host names (names
without a dotted decimal domain name).
ip name-server Specifies the address of one or more name servers to use for name and
address resolution.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-24
 IP Addressing Commands
ip domain name

ip domain name
To define a default domain name that the Cisco IOS software uses to complete unqualified host names
(names without a dotted-decimal domain name), use the ip domain-name command in global
configuration mode. To disable use of the Domain Name System (DNS), use the no form of this
command.

ip domain name name

no ip domain name name

Syntax Description name Default domain name used to complete unqualified host names. Do
not include the initial period that separates an unqualified name from
the domain name.

Defaults Enabled

Command Modes Global configuration

Command History Release Modification

10.0 This command was introduced.
12.2 The syntax of the command changed from ip domain-name to
ip domain name.

Usage Guidelines Any IP host name that does not contain a domain name (that is, any name without a dot) will have the
dot and cisco.com appended to it before being added to the host table.
The Cisco IOS software will still accept the previous version of the command ip domain-name.

Examples The following example defines cisco.com as the default domain name:
ip domain name cisco.com

Related Commands Command Description

ip domain list Defines a list of default domain names to complete unqualified host names.
ip domain lookup Enables the IP DNS-based host name-to-address translation.
ip name-server Specifies the address of one or more name servers to use for name and
address resolution.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-25
 IP Addressing Commands
ip domain round-robin

ip domain round-robin
To enable round-robin functionality on DNS servers, use the ip domain round-robin command in global
configuration mode. To disable round-robin functionality, use the no form of the command.

ip domain round-robin

no ip domain round-robin

Syntax Description This command has no arguments or keywords.

Defaults Round robin is not enabled.

Command Modes Global configuration

Command History Release Modification

12.1(3)T This command was introduced.

Usage Guidelines In a multiple server configuration without the DNS round-robin functionality, the first host server/IP
address is used for the whole time to live (TTL) of the cache, and uses the second and third only in the
event of host failure. This behavior presents a problem when a high volume of users all arrive at the first
host during the TTL time. The network access server (NAS) then sends out a DNS query; the DNS
servers reply with a list of the configured IP addresses to the NAS. The NAS then caches these IP
addresses for a given time (for example, five minutes). All users that dial in during the five minute TTL
time will land on one host, the first IP address in the list.
In a multiple server configuration with the DNS round-robin functionality, the DNS server returns the IP
address of all hosts to rotate between the cache of host names. During the TTL of the cache, users are
distributed among the hosts. This functionality distributes calls across the configured hosts and reduces
the amount of DNS queries.

Examples The following example allows a Telnet to www.company.com to connect to each of the three IP addresses
specified in the following order: the first time the Telnet command is given, it would connect to 10.0.0.1;
the second time the command is given, it would connect to 10.1.0.1; and the third time the command is
given, it would connect to 10.2.0.1. In each case, the other two addresses would also be tried if the first
one failed; this is the normal operation of the Telnet command.
Router(config)# ip host www.company.com 10.0.0.1 10.1.0.1 10.2.0.1
Router(config)# ip domain round-robin

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-26
 IP Addressing Commands
ip forward-protocol

ip forward-protocol
To specify which protocols and ports the router forwards when forwarding broadcast packets, use the ip
forward-protocol command in global configuration mode. To remove a protocol or port, use the no form
of this command.

ip forward-protocol {udp [port] | nd | sdns}

no ip forward-protocol {udp [port | nd | sdns}

Syntax Description udp Forwards User Datagram Protocol (UDP) packets. See the “Usage Guidelines”
section for a list of port numbers forwarded by default.
port (Optional) Destination port that controls which UDP services are forwarded.
nd Forwards Network Disk (ND) packets. This protocol is used by older diskless Sun
workstations.
sdns Secure Data Network Service.

Defaults Enabled

Command Modes Global configuration

Command History Release Modification

10.0 This command was introduced.

Usage Guidelines Enabling a helper address or UDP flooding on an interface causes the Cisco IOS software to forward
particular broadcast packets. You can use the ip forward-protocol command to specify exactly which
types of broadcast packets you would like to have forwarded. A number of commonly forwarded
applications are enabled by default. Enabling forwarding for some ports [for example, Routing
Information Protocol (RIP)] may be hazardous to your network.
If you use the ip forward-protocol command, specifying only UDP without the port enables forwarding
and flooding on the default ports.
One common application that requires helper addresses is Dynamic Host Configuration Protocol
(DHCP). DHCP is defined in RFC 1531. DHCP protocol information is carried inside of BOOTP
packets. To enable BOOTP broadcast forwarding for a set of clients, configure a helper address on the
router interface closest to the client. The helper address should specify the address of the DHCP server.
If you have multiple servers, you can configure one helper address for each server. Because BOOTP
packets are forwarded by default, DHCP information can now be forwarded by the software. The DHCP
server now receives broadcasts from the DHCP clients.
If an IP helper address is defined, UDP forwarding is enabled on default ports. If UDP flooding is
configured, UDP flooding is enabled on the default ports.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-27
 IP Addressing Commands
ip forward-protocol

If a helper address is specified and UDP forwarding is enabled, broadcast packets destined to the
following port numbers are forwarded by default:
• Trivial File Transfer Protocol (TFTP) (port 69)
• Domain Naming System (port 53)
• Time service (port 37)
• NetBIOS Name Server (port 137)
• NetBIOS Datagram Server (port 138)
• Boot Protocol (BOOTP) client and server packets (ports 67 and 68)
• TACACS service (port 49)
• IEN-116 Name Service (port 42)

Note If UDP port 68 is used as the destination port number, it is not forwarded by default.

Examples The following example defines a helper address and uses the ip forward-protocol command. Using the
udp keyword without specifying any port numbers will allow forwarding of UDP packets on the default
ports.
ip forward-protocol udp
interface ethernet 1
ip helper-address 10.24.42.2

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-28
 IP Addressing Commands
ip forward-protocol spanning-tree

ip forward-protocol spanning-tree
To permit IP broadcasts to be flooded throughout the internetwork in a controlled fashion, use the
ip forward-protocol spanning-tree global configuration command. To disable the flooding of IP
broadcasts, use the no form of this command.

ip forward-protocol spanning-tree [any-local-broadcast]

no ip forward-protocol spanning-tree [any-local-broadcast]

Syntax Description any-local-broadcast (Optional) Accept any local broadcast when flooding.

Defaults Disabled

Command Modes Global configuration

Command History Release Modification

10.0 This command was introduced.

Usage Guidelines A packet must meet the following criteria to be considered for flooding:
• The MAC address of the received frame must be all-ones broadcast address (ffff.ffff.ffff).
• The IP destination address must be one of the following: all-ones broadcast (255.255.255.255),
subnet broadcast for the receiving interface; major-net broadcast for the receiving interface if the no
ip classless command is also configured; or any local IP broadcast address if the ip
forward-protocol spanning-tree any-local-broadcast command is configured.
• The IP time-to-live (TTL) value must be at least 2.
• The IP protocol must be UDP (17).
• The UDP destination port must be for TFTP, Domain Name System (DNS), Time, NetBIOS, ND, or
BOOTP packet, or a UDP port specified by the ip forward-protocol udp global configuration
command.
A flooded UDP datagram is given the destination address specified by the ip broadcast-address
interface configuration command on the output interface. The destination address can be set to any
desired address. Thus, the destination address may change as the datagram propagates through the
network. The source address is never changed. The TTL value is decremented.
After a decision has been made to send the datagram out on an interface (and the destination address
possibly changed), the datagram is handed to the normal IP output routines and is therefore subject to
access lists, if they are present on the output interface.
The ip forward-protocol spanning-tree command uses the database created by the bridging
Spanning-Tree Protocol. Therefore, the transparent bridging option must be in the routing software, and
bridging must be configured on each interface that is to participate in the flooding in order to support
this capability.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-29
 IP Addressing Commands
ip forward-protocol spanning-tree

If an interface does not have bridging configured, it still will be able to receive broadcasts, but it will
never forward broadcasts received on that interface. Also, it will never use that interface to send
broadcasts received on a different interface.
If no actual bridging is desired, you can configure a type-code bridging filter that will deny all packet
types from being bridged. Refer to the “Configuring Transparent Bridging” chapter in the Cisco IOS
Bridging and IBM Networking Configuration Guide for more information about using access lists to
filter bridged traffic. The spanning-tree database is still available to the IP forwarding code to use for the
flooding.
The spanning-tree-based flooding mechanism forwards packets whose contents are all ones
(255.255.255.255), all zeros (0.0.0.0), and, if subnetting is enabled, all networks (131.108.255.255 as an
example in the network number 131.108.0.0). This mechanism also forward packets whose contents are
the zeros version of the all-networks broadcast when subnetting is enabled (for example, 131.108.0.0).
This command is an extension of the ip helper-address interface configuration command, in that the
same packets that may be subject to the helper address and forwarded to a single network can now be
flooded. Only one copy of the packet will be put on each network segment. In some cases, where DHCP
broadcasts are being forwarded to spanning-tree enabled interfaces, a duplicate copy of the packet will
be put on a network segment. See the ip directed-broadcast global configuration command for
information on how to ensure that duplicate packets are not copied onto a network segment.

Examples The following example permits IP broadcasts to be flooded through the internetwork in a controlled
fashion:
ip forward-protocol spanning-tree

Related Commands Command Description

ip broadcast-address Defines a broadcast address for an interface.
ip directed-broadcast Sets the gateway address (giaddr) field in the DHCP packet
before forwarding to spanning-tree interfaces
ip forward-protocol Specifies which protocols and ports the router forwards when
forwarding broadcast packets.
ip forward-protocol turbo-flood Speeds up flooding of UDP datagrams using the spanning-tree
algorithm.
ip helper-address Forwards UDP broadcasts, including BOOTP, received on an
interface.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-30
 IP Addressing Commands
ip forward-protocol turbo-flood

ip forward-protocol turbo-flood
To speed up flooding of User Datagram Protocol (UDP) datagrams using the spanning-tree algorithm,
use the ip forward-protocol turbo-flood global configuration command. To disable this feature, use the
no form of this command.

ip forward-protocol turbo-flood

no ip forward-protocol turbo-flood

Syntax Description This command has no arguments or keywords.

Defaults Disabled

Command Modes Global configuration

Command History Release Modification

10.0 This command was introduced.

Usage Guidelines Used in conjunction with the ip forward-protocol spanning-tree global configuration command, this
feature is supported over Advanced Research Projects Agency (ARPA)-encapsulated Ethernets, FDDI,
and High-Level Data Link Control (HDLC) encapsulated serials, but is not supported on Token Rings.
As long as the Token Rings and the non-HDLC serials are not part of the bridge group being used for
UDP flooding, turbo flooding will behave normally.

Examples The following is an example of a two-port router using this command:

ip forward-protocol turbo-flood
ip forward-protocol spanning-tree
!
interface ethernet 0
ip address 128.9.1.1
bridge-group 1
!
interface ethernet 1
ip address 128.9.1.2
bridge-group 1
!
bridge 1 protocol dec

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-31
 IP Addressing Commands
ip forward-protocol turbo-flood

Related Commands Command Description

ip forward-protocol Specifies which protocols and ports the router forwards when
forwarding broadcast packets.
ip forward-protocol spanning-tree Permits IP broadcasts to be flooded throughout the
internetwork in a controlled fashion.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-32
 IP Addressing Commands
ip helper-address

ip helper-address
To have the Cisco IOS software forward User Datagram Protocol (UDP) broadcasts, including BOOTP,
received on an interface, use the ip helper-address interface configuration command. To disable the
forwarding of broadcast packets to specific addresses, use the no form of this command.

ip helper-address address

no ip helper-address address

Syntax Description address Destination broadcast or host address to be used when forwarding
UDP broadcasts. There can be more than one helper address per
interface.

Defaults Disabled

Command Modes Interface configuration

Command History Release Modification

10.0 This command was introduced.

Usage Guidelines Combined with the ip forward-protocol global configuration command, the ip helper-address
command allows you to control which broadcast packets and which protocols are forwarded.
One common application that requires helper addresses is Dynamic Host Configuration Protocol
(DHCP), which is defined in RFC 1531. DHCP protocol information is carried inside of BOOTP packets.
To enable BOOTP broadcast forwarding for a set of clients, configure a helper address on the router
interface closest to the client. The helper address should specify the address of the DHCP server. If you
have multiple servers, you can configure one helper address for each server. Because BOOTP packets
are forwarded by default, DHCP information can now be forwarded by the router. The DHCP server now
receives broadcasts from the DHCP clients.
All of the following conditions must be met in order for a UDP or IP packet to be helpered by the ip
helper-address command:
• The MAC address of the received frame must be all-ones broadcast address (ffff.ffff.ffff).
• The IP destination address must be one of the following: all-ones broadcast (255.255.255.255),
subnet broadcast for the receiving interface; or major-net broadcast for the receiving interface if the
no ip classless command is also configured.
• The IP time-to-live (TTL) value must be at least 2.
• The IP protocol must be UDP (17).
• The UDP destination port must be for TFTP, Domain Name System (DNS), Time, NetBIOS, ND,
BOOTP or DHCP packet, or a UDP port specified by the ip forward-protocol udp global
configuration command.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-33
 IP Addressing Commands
ip helper-address

Note The ip helper-address command does not work on an X.25 interfaceon a destination router because
the router cannot determine if the packet was intended as a physical broadcast.

Examples The following example defines an address that acts as a helper address:
interface ethernet 1
ip helper-address 121.24.43.2

Related Commands Command Description

ip forward-protocol Specifies which protocols and ports the router forwards when forwarding
broadcast packets.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-34
 IP Addressing Commands
ip helper-address

Related Commands Command Description

ip forward-protocol Specifies which protocols and ports the router forwards when forwarding
broadcast packets.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-35
 IP Addressing Commands
ip host

ip host
To define a static host name-to-address mapping in the host cache, use the ip host command in global
configuration mode. To remove the host name-to-address mapping, use the no form of this command.

ip host name [tcp-port-number] {address1 [address2...address8] | [mx preference

mx-server-hostname | srv priority weight port target]}

no ip host name [tcp-port-number] {address1 [address2...address8] | [mx preference

mx-server-hostname | srv priority weight port target]}

Syntax Description name Name of the host. The first character can be either a letter or a number. If
you use a number, the types of operations you can perform are limited.
tcp-port-number (Optional) TCP port number to connect to when using the defined host
name in conjunction with an EXEC connect or Telnet command. The
default is Telnet (port 23).
address1 Associated IP host address.
address2...address8 (Optional) Additional associated IP addresses. You can bind up to eight
addresses to a host name.
mx preference Mail Exchange (MX) resource record settings for the host:
mx-server-hostname
• preference—The order in which mailers select MX records when
they attempt mail delivery to the host. The lower this value, the
higher the host is in priority. Range is from 0 to 65535.
• mx-server-hostname—The DNS name of the SMTP server where the
mail for a domain name should be delivered.
An MX record specifies how you want e-mail to be accepted for the
domain specified in the hostname argument.
You can have several MX records for a single domain name, and they can
be ranked in order of preference.
srv priority weight port Server (SRV) resource record settings for the host:
target
• priority—The priority to give the record among the owner SRV
records. Range is from 0 to 65535.
• weight—The load to give the record at the same priority level. Range
is from 0 to 65535.
• port—The port on which to run the service. Range is from 0 to
65535.
• target—Domain name of host running on the specified port.
The use of SRV records enables administrators to use several servers for
a single domain, to move services from host to host with little difficulty,
and to designate some hosts as primary servers for a service and others as
backups. Clients ask for a specific service or protocol for a specific
domain and receive the names of any available servers.

Defaults Disabled

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-36
 IP Addressing Commands
ip host

Command Modes Global configuration

Command History Release Modification

10.0 This command was introduced.
12.0(3)T The mx keyword and the preference and mx-server-hostname arguments
were added.
12.0(7)T The srv keyword and the priority, weight, port, and target arguments
were added.

Usage Guidelines The first character of the hostname can be either a letter or a number. If you use a number, the types of
operations you can perform (such as ping) are limited.
If the hostname cache does not exist yet, it is automatically created.
To specify where the mail for the host is to be sent, use the mx keyword and the preference and
mx-server-hostname arguments.
To specify a host that offers a service in the domain, use thhe srv keyword and the priority, weight, port,
and target arguments.

Examples The following example defines two static mappings:

ip host croff 192.31.7.18
ip host bisso-gw 10.2.0.2 192.31.7.33

Related Commands Command Description

clear host Removes static hostname-to-address mappings from the hostname cache for
the specified DNS view or all DNS views.
show hosts Displays the default domain name, the style of name lookup service, a list of
name server hosts, and the cached list of hostnames and addresses specific
to a particular DNS view or for all configured DNS views.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-37
 IP Addressing Commands
ip hp-host

ip hp-host
To enter into the host table the host name of a Hewlett-Packard (HP) host to be used for HP Probe Proxy
service, use the ip hp-host global configuration command. To remove a host name, use the no form of
this command.

ip hp-host host-name ip-address

no ip hp-host host-name ip-address

Syntax Description host-name Name of the host.

ip-address IP address of the host.

Defaults No host names are defined.

Command Modes Global configuration

Command History Release Modification

10.0 This command was introduced.

Usage Guidelines To use the HP Probe Proxy service, you must first enter the host name of the HP host into the host table
using this command.

Examples The following example specifies the name and address of an HP host, and then enables HP Probe Proxy:
ip hp-host BCWjo 131.108.1.27
interface ethernet 0
ip probe proxy

Related Commands Command Description

ip probe proxy Enables the HP Probe Proxy support, which allows the Cisco IOS software
to respond to HP Probe Proxy name requests.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-38
 IP Addressing Commands
ip irdp

ip irdp
To enable ICMP Router Discovery Protocol (IRDP) processing on an interface, use the ip irdp interface
configuration command. To disable IRDP routing, use the no form of this command.

ip irdp [multicast | holdtime seconds | maxadvertinterval seconds | minadvertinterval seconds |

preference number | address address [number]]

no ip irdp

Syntax Description multicast (Optional) Use the multicast address (224.0.0.1) instead of IP
broadcasts.
holdtime seconds (Optional) Length of time in seconds that advertisements are held
valid. Default is three times the maxadvertinterval value. Must be
greater than maxadvertinterval and cannot be greater than 9000
seconds.
maxadvertinterval seconds (Optional) Maximum interval in seconds between advertisements.
The range is from 1 to 1800. A value of 0 means only advertise when
solicited. The default is 600 seconds.
minadvertinterval seconds (Optional) Minimum interval in seconds between advertisements.
The range is from 1 to 1800. The default is 450 seconds.
preference number (Optional) Preference value. The allowed range is –231 to 231. The
default is 0. A higher value increases the preference level of the
router. You can modify a particular router so that it will be the
preferred router to which other routers will home.
address address [number] (Optional) IP address (address) to proxy advertise, and optionally, its
preference value (number).

Defaults Disabled
When enabled, IRDP uses these defaults:
• Broadcast IRDP advertisements
• Maximum interval between advertisements: 600 seconds
• Minimum interval between advertisements: 450 seconds
• Preference: 0

Command Modes Interface configuration

Command History Release Modification

10.0 This command was introduced.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-39
 IP Addressing Commands
ip irdp

Usage Guidelines If you change the maxadvertinterval value, the other two values also change, so it is important to
change the maxadvertinterval value before changing either the holdtime or minadvertinterval values.
The ip irdp multicast command allows for compatibility with Sun Microsystems Solaris, which requires
IRDP packets to be sent out as multicasts. Many implementations cannot receive these multicasts; ensure
end-host ability before using this command.

Examples The following example sets the various IRDP processes:

! enable irdp on interface Ethernet 0
interface ethernet 0
ip irdp
! send IRDP advertisements to the multicast address
ip irdp multicast
! increase router preference from 100 to 50
ip irdp preference 50
! set maximum time between advertisements to 400 secs
ip irdp maxadvertinterval 400
! set minimum time between advertisements to 100 secs
ip irdp minadvertinterval 100
! advertisements are good for 6000 seconds
ip irdp holdtime 6000
! proxy-advertise 131.108.14.5 with default router preference
ip irdp address 131.108.14.5
! proxy-advertise 131.108.14.6 with preference of 50
ip irdp address 131.108.14.6 50

Related Commands Command Description

The following is Displays IRDP values.
sample output from
the show ip interface
brief command:

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-40
 IP Addressing Commands
ip mobile arp

ip mobile arp
To enable local-area mobility, use the ip mobile arp interface configuration command. To disable
local-area mobility, use the no form of this command.

ip mobile arp [timers keepalive hold-time] [access-group access-list-number | name]

no ip mobile arp [timers keepalive hold-time] [access-group access-list-number | name]

Syntax Description timers (Optional) Indicates that you are setting local-area mobility timers.
keepalive (Optional) Frequency, in minutes, at which the Cisco IOS software sends
unicast Address Resolution Protocol (ARP) messages to a relocated host to
verify that the host is present and has not moved. The default keepalive time
is 5 minutes (300 seconds).
hold-time (Optional) Hold time, in minutes. This is the length of time the software
considers that a relocated host is present without receiving some type of
ARP broadcast or unicast from the host. Normally, the hold time should be
at least three times greater than the keepalive time. The default hold time is
15 minutes (900 seconds).
access-group (Optional) Indicates that you are applying an access list. This access list
applies only to local-area mobility.
access-list-number (Optional) Number of a standard IP access list. It is a decimal number from
1 to 99. Only hosts with addresses permitted by this access list are accepted
for local-area mobility.
name (Optional) Name of an IP access list. The name cannot contain a space or
quotation mark, and must begin with an alphabetic character to avoid
ambiguity with numbered access lists.

Defaults Local-area mobility is disabled.

If you enable local-area mobility:
keepalive: 5 minutes (300 seconds)
hold-time: 15 minutes (900 seconds)

Command Modes Interface configuration

Command History Release Modification

11.0 This command was introduced.

Usage Guidelines Local-area mobility is supported on Ethernet, Token Ring, and FDDI interfaces only.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-41
 IP Addressing Commands
ip mobile arp

To create larger mobility areas, you must first redistribute the mobile routes into your Interior Gateway
Protocol (IGP). The IGP must support host routes. You can use Enhanced IGRP, Open Shortest Path First
(OSPF), or Intermediate System-to-Intermediate System (IS-IS); you can also use Routing Information
Protocol (RIP), but RIP is not recommended. The mobile area must consist of a contiguous set of
subnets.
Using an access list to control the list of possible mobile nodes is strongly encouraged. Without an access
list, misconfigured hosts can be taken for mobile nodes and disrupt normal operations.

Examples The following example configures local-area mobility on Ethernet interface 0:

access-list 10 permit 198.92.37.114
interface ethernet 0
ip mobile arp access-group 10

Related Commands Command Description

access-list (IP standard) Defines a standard IP access list.
default-metric (BGP) Sets default metric values for the BGP, OSPF, and RIP routing protocols.
default-metric (OSPF) Sets default metric values for OSPF.
default-metric (RIP) Sets default metric values for RIP.
network (BGP) Specifies the list of networks for the BGP routing process.
network (IGRP) Specifies a list of networks for the IGRP or Enhanced IGRP routing
process.
network (RIP) Specifies a list of networks for the RIP routing process.
redistribute (IP) Redistributes routes from one routing domain into another routing
domain.
router eigrp Configures the IP Enhanced IGRP routing process.
router isis Enables the IS-IS routing protocol and specifies an IS-IS process for IP.
router ospf Configures an OSPF routing process.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-42
 IP Addressing Commands
ip name-server

ip name-server
To specify the address of one or more name servers to use for name and address resolution, use the ip
name-server global configuration command. To remove the addresses specified, use the no form of this
command.

ip name-server server-address1 [server-address2...server-address6]

no ip name-server server-address1 [server-address2...server-address6]

Syntax Description server-address1 IP addresses of name server.

server-address2...server-address6 (Optional) IP addresses of additional name servers (a maximum
of six name servers).

Defaults No name server addresses are specified.

Command Modes Global configuration

Command History Release Modification

10.0 This command was introduced.

Examples The following example specifies hosts 172.16.1.111 and 172.16.1.2 as the secondary server:
ip name-server 172.16.1.111 172.16.1.2

This command will be reflected in the configuration file as follows:

ip name-server 172.16.1.111
ip name-server 172.16.1.2

Related Commands Command Description

ip domain lookup Enables the IP DNS-based host name-to-address translation.
ip domain name Defines a default domain name to complete unqualified host names (names
without a dotted decimal domain name).

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-43
 IP Addressing Commands
ip nat

ip nat
To designate that traffic originating from or destined for the interface is subject to Network Address
Translation (NAT), use the ip nat interface configuration command. To prevent the interface from being
able to translate, use the no form of this command.

ip nat {inside | outside} | log {translations syslog}

no ip nat {inside | outside} | log {translations syslog}

Syntax Description inside Indicates that the interface is connected to the inside network (the network
subject to NAT translation).
outside Indicates that the interface is connected to the outside network.
log Enables NAT logging.
translations Enables NAT logging translations.
syslog Enables syslog for NAT logging translations.

Defaults Traffic leaving or arriving at this interface is not subject to NAT.

Command Modes Interface configuration

Command History Release Modification

11.2 This command was introduced.

Usage Guidelines Only packets moving between inside and outside interfaces can be translated. You must specify at least
one inside interface and outside interface for each border router where you intend to use NAT.
NAT translations logging can be enabled or disabled with the ip nat log translations syslog command.

Examples The following example translates between inside hosts addressed from either the 192.168.1.0 or
192.168.2.0 network to the globally unique 171.69.233.208/28 network:
ip nat pool net-208 171.69.233.208 171.69.233.223 prefix-length 28
ip nat inside source list 1 pool net-208
!
interface ethernet 0
ip address 171.69.232.182 255.255.255.240
ip nat outside
!
interface ethernet 1
ip address 192.168.1.94 255.255.255.0
ip nat inside
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-44
 IP Addressing Commands
ip nat

Related Commands Command Description

clear ip nat translation Clears dynamic NAT translations from the translation table.
ip nat inside destination Enables NAT of the inside destination address.
ip nat inside source Enables NAT of the inside source address.
ip nat outside source Enables NAT of the outside source address.
ip nat pool Defines a pool of IP addresses for NAT.
ip nat service Enables a port other than the default port.
show ip nat statistics Displays NAT statistics.
show ip nat translations Displays active NAT translations.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-45
 IP Addressing Commands
ip nat inside destination

ip nat inside destination

To enable Network Address Translation (NAT) of the inside destination address, use the ip nat inside
destination global configuration command. To remove the dynamic association to a pool, use the no
form of this command.

ip nat inside destination list {access-list-number | name} pool name

no ip nat inside destination list {access-list-number | name}

Syntax Description list access-list-number Standard IP access list number. Packets with destination addresses that
pass the access list are translated using global addresses from the named
pool.
list name Name of a standard IP access list. Packets with destination addresses that
pass the access list are translated using global addresses from the named
pool.
pool name Name of the pool from which global IP addresses are allocated during
dynamic translation.

Defaults No inside destination addresses are translated.

Command Modes Global configuration

Command History Release Modification

11.2 This command was introduced.

Usage Guidelines This command has two forms: dynamic and static address translation. The form with an access list
establishes dynamic translation. Packets from addresses that match the standard access list are translated
using global addresses allocated from the pool named with the ip nat pool command.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-46
 IP Addressing Commands
ip nat inside destination

Examples The following example translates between inside hosts addressed to either the 192.168.1.0 or
192.168.2.0 network to the globally unique 171.69.233.208/28 network:
ip nat pool net-208 171.69.233.208 171.69.233.223 prefix-length 28
ip nat inside destination list 1 pool net-208
!
interface ethernet 0
ip address 171.69.232.182 255.255.255.240
ip nat outside
!
interface ethernet 1
ip address 192.168.1.94 255.255.255.0
ip nat inside
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255

Related Commands Command Description

clear ip nat translation Clears dynamic NAT translations from the translation table.
ip nat Designates that traffic originating from or destined for the interface is
subject to NAT.
ip nat inside source Enables NAT of the inside source address.
ip nat outside source Enables NAT of the outside source address.
ip nat pool Defines a pool of IP addresses for NAT.
ip nat service Enables a port other than the default port.
show ip nat statistics Displays NAT statistics.
show ip nat translations Displays active NAT translations.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-47
 IP Addressing Commands
ip nat inside source

ip nat inside source

To enable Network Address Translation (NAT) of the inside source address, use the ip nat inside source
global configuration command. To remove the static translation or remove the dynamic association to a
pool, use the no form of this command.

ip nat inside source {list {access-list-number | access-list-name} | route-map name} {interface

type number | pool pool-name} [overload]

no ip nat inside source {list {access-list-number | access-list-name} | route-map name}

{interface type number | pool pool-name} [overload]

Static NAT

ip nat inside source {static {local-ip global-ip} [extendable] [no-alias]

no ip nat inside source {static {local-ip global-ip} [extendable] [no-alias]

Port Static NAT

ip nat inside source {static {tcp | udp local-ip local-port global-ip global-port} [extendable]
[no-alias]

no ip nat inside source {static {tcp | udp local-ip local-port global-ip global-port} [extendable]
[no-alias]

Network Static NAT

ip nat inside source {static {network local-network global-network mask} [extendable]

[no-alias]

no ip nat inside source {static {network local-network global-network mask} [extendable]

[no-alias]

Syntax Description list access-list-number Standard IP access list number. Packets with source addresses that pass
the access list are dynamically translated using global addresses from the
named pool.
list name Name of a standard IP access list. Packets with source addresses that pass
the access list are dynamically translated using global addresses from the
named pool.
pool name Name of the pool from which global IP addresses are allocated
dynamically.
overload (Optional) Enables the router to use one global address for many local
addresses. When overloading is configured, the TCP or UDP port number
of each inside host distinguishes between the multiple conversations
using the same local IP address.
static local-ip Sets up a single static translation. This argument establishes the local IP
address assigned to a host on the inside network. The address could be
randomly chosen, allocated from RFC 1918, or obsolete.
local-port Sets the local TCP/UDP port in a range from 1-65535.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-48
 IP Addressing Commands
ip nat inside source

static global-ip Sets up a single static translation. This argument establishes the globally
unique IP address of an inside host as it appears to the outside world.
global-port Sets the global TCP?UDP port in a range from 1-65535.
extendable (Optional) Extends the translation.
no-alias (Optional) Prohibits an alias from being created for the global address.
tcp Establishes the Transmission Control Protocol.
udp Establishes the User Datagram Protocol.
network local-network Specifies the local subnet translation.
global-network Specifies the global subnet translation.
mask Establishes the IP Network mask the subnet translations.

Defaults No NAT translation of inside source addresses occurs.

Command Modes Global configuration

Command History Release Modification

11.2 This command was introduced.

Usage Guidelines This command has two forms: dynamic and static address translation. The form with an access list
establishes dynamic translation. Packets from addresses that match the standard access list are translated
using global addresses allocated from the pool named with the ip nat pool command.
Packets that enter the router through the inside interface and packets sourced from the router are checked
against the access list for possible NAT candidates. The access list is used to specify which traffic is to
be translated.
Alternatively, the syntax form with the keyword static establishes a single static translation.

Examples The following example translates between inside hosts addressed from either the 192.168.1.0 or
192.168.2.0 network to the globally unique 171.69.233.208/28 network:
ip nat pool net-208 171.69.233.208 171.69.233.223 prefix-length 28
ip nat inside source list 1 pool net-208
!
interface ethernet 0
ip address 171.69.232.182 255.255.255.240
ip nat outside
!
interface ethernet 1
ip address 192.168.1.94 255.255.255.0
ip nat inside
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-49
 IP Addressing Commands
ip nat inside source

Related Commands Command Description

clear ip nat translation Clears dynamic NAT translations from the translation table.
ip nat Designates that traffic originating from or destined for the interface is
subject to NAT.
ip nat inside source Enables NAT of the inside source address.
ip nat outside source Enables NAT of the outside source address.
ip nat pool Defines a pool of IP addresses for NAT.
ip nat service Enables a port other than the default port.
show ip nat statistics Displays NAT statistics.
show ip nat translations Displays active NAT translations.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-50
 IP Addressing Commands
ip nat outside source

ip nat outside source

To enable Network Address Translation (NAT) of the outside source address, use the ip nat outside
source global configuration command. To remove the static entry or the dynamic association, use the no
form of this command.

ip nat outside source {list {access-list-number | access-list-name} | route-map name} pool

pool-name [add-route]

no ip nat outside source {list {access-list-number | access-list-name} | route-map name} pool

pool-name [add-route]

Static NAT

ip nat outside source static {global-ip local-ip}[add-route] [extendable] [no-alias]

no ip nat outside source static {global-ip local-ip} add-route] [extendable] [no-alias]

Port Static NAT

ip nat outside source {static {tcp | udp global-ip global-port local-ip local-port} [add-route]
[extendable] [no-alias]

no ip nat outside source {static {tcp | udp global-ip global-port local-ip local-port} [add-route]
[extendable] [no-alias]

Networkt Static NAT

ip nat outside source {static network global-network local-network mask} [add-route]

[extendable] [no-alias]

no ip nat outside source {static network global-network local-network mask} [add-route]

[extendable] [no-alias]

Syntax Description list access-list-number Standard IP access list number. Packets with source addresses that pass
the access list are translated using global addresses from the named pool.
list name Name of a standard IP access list. Packets with source addresses that pass
the access list are translated using global addresses from the named pool.
pool name Name of the pool from which global IP addresses are allocated.
add-route (Optional) Adds a static route for the outside local address.
static global-ip Sets up a single static translation. This argument establishes the globally
unique IP address assigned to a host on the outside network by its owner.
It was allocated from globally routable network space.
global-port Sets the global TCP/UDP port in a range from 1-65535.
static local-ip Sets up a single static translation. This argument establishes the local IP
address of an outside host as it appears to the inside world. The address
was allocated from address space routable on the inside (RFC 1918,
Address Allocation for Private Internets).
local-port Sets the local TCP/UDP orto in a range from 1-65535.
extendable (Optional) Extends the translation.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-51
 IP Addressing Commands
ip nat outside source

no-alias (Optional) Prohibits an alias from being created for the local address.
tcp Establishes the Transmission Control Protocol.
udp Establishes the User Datagram Protocol.
network global-network Specifies the global subnet translation.
local-network Specifies the local subnet translation.
mask Establishes the IP network mask for the subnet translations.

Defaults No translation of source addresses coming from the outside to the inside network occurs.

Command Modes Global configuration

Command History Release Modification

11.2 This command was introduced.

Usage Guidelines You might have IP addresses that are not legal, officially assigned IP addresses. Perhaps you chose IP
addresses that officially belong to another network. The case of an address used illegally and legally is
called overlapping. You can use NAT to translate inside addresses that overlap with outside addresses.
Use this feature if your IP addresses in the stub network happen to be legitimate IP addresses belonging
to another network, and you need to communicate with those hosts or routers.
This command has two forms: dynamic and static address translation. The form with an access list
establishes dynamic translation. Packets from addresses that match the standard access list are translated
using global addresses allocated from the pool named with the ip nat pool command.
Alternatively, the syntax form with the static keyword establishes a single static translation.

Examples The following example translates between inside hosts addressed from the 9.114.11.0 network to the
globally unique 171.69.233.208/28 network. Further packets from outside hosts addressed from the
9.114.11.0 network (the true 9.114.11.0 network) are translated to appear to be from the 10.0.1.0/24
network.
ip nat pool net-208 171.69.233.208 171.69.233.223 prefix-length 28
ip nat pool net-10 10.0.1.0 10.0.1.255 prefix-length 24
ip nat inside source list 1 pool net-208
ip nat outside source list 1 pool net-10
!
interface ethernet 0
ip address 171.69.232.182 255.255.255.240
ip nat outside
!
interface ethernet 1
ip address 9.114.11.39 255.255.255.0
ip nat inside
!
access-list 1 permit 9.114.11.0 0.0.0.255

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-52
 IP Addressing Commands
ip nat outside source

Related Commands Command Description

clear ip nat translation Clears dynamic NAT translations from the translation table.
ip nat Designates that traffic originating from or destined for the interface is
subject to NAT.
ip nat inside destination Enables NAT of the inside destination address.
ip nat inside source Enables NAT of the inside source address.
ip nat pool Defines a pool of IP addresses for NAT.
ip nat service Enables a port other than the default port.
show ip nat statistics Displays NAT statistics.
show ip nat translations Displays active NAT translations.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-53
 IP Addressing Commands
ip nat pool

ip nat pool
To define a pool of IP addresses for Network Address Translation (NAT), use the ip nat pool global
configuration command. To remove one or more addresses from the pool, use the no form of this
command.

ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}[type rotary]

no ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length} [type rotary]

Syntax Description name Name of the pool.

start-ip Starting IP address that defines the range of addresses in the address pool.
end-ip Ending IP address that defines the range of addresses in the address pool.
netmask netmask Network mask that indicates which address bits belong to the network and
subnetwork fields and which bits belong to the host field. Specify the netmask
of the network to which the pool addresses belong.
prefix-length Number that indicates how many bits of the netmask are ones (how many bits of
prefix-length the address indicate network). Specify the netmask of the network to which the
pool addresses belong.
type rotary (Optional) Indicates that the range of address in the address pool identify real,
inside hosts among which TCP load distribution will occur.

Defaults No pool of addresses is defined.

Command Modes Global configuration

Command History Release Modification

11.2 This command was introduced.

Usage Guidelines This command defines a pool of addresses using start address, end address, and either netmask or prefix
length. The pool could define either an inside global pool, an outside local pool, or a rotary pool.

Examples The following example translates between inside hosts addressed from either the 192.168.1.0 or
192.168.2.0 network to the globally unique 171.69.233.208/28 network:
ip nat pool net-208 171.69.233.208 171.69.233.223 prefix-length 28
ip nat inside source list 1 pool net-208
!
interface ethernet 0
ip address 171.69.232.182 255.255.255.240
ip nat outside
!
interface ethernet 1
ip address 192.168.1.94 255.255.255.0

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-54
 IP Addressing Commands
ip nat pool

ip nat inside
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255

Related Commands Command Description

clear ip nat translation Clears dynamic NAT translations from the translation table.
ip nat Designates that traffic originating from or destined for the interface is
subject to NAT.
ip nat inside destination Enables NAT of the inside destination address.
ip nat inside source Enables NAT of the inside source address.
ip nat outside source Enables NAT of the outside source address.
ip nat service Enables a port other than the default port.
show ip nat statistics Displays NAT statistics.
show ip nat translations Displays active NAT translations.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-55
 IP Addressing Commands
ip nat service

ip nat service
To specify a port other than the default port, use the ip nat service command in global configuration
mode. To disable the port, use the no form of this command.

ip nat service {H225 | list {access-list-number | access-list-name} ftp tcp port port-number |
skinny tcp port port-number}

no ip nat service {H225 | list {access-list-number | access-list-name} ftp tcp port port-number |
skinny tcp port port-number}

Syntax Description H225 H323-H225 protocol.

list access-list-number Standard access list number in the range from 1 to 199.
access-list-name Name of a standard IP access list.
ftp FTP protocol.
tcp TCP protocol.
port port-number Port other than the default port in the range from 1 to 65533.
skinny Skinny protocol.

Defaults Disabled

Command Modes Global configuration

Command History Release Modification

11.3 This command was introduced.
12.1(5)T The skinny keyword was added.

Usage Guidelines A host with an FTP server using a port other than the default port can have an FTP client using the default
FTP control port. When a port other than the default port is configured for an FTP server, Network
Address Translation (NAT) prevents FTP control sessions that are using port 21 for that particular server.
If an FTP server uses the default port and a port other than the default port, both ports need to be
configured using the ip nat service command.
NAT listens on the default port of the Cisco CallManager to translate the skinny messages. If the
CallManager uses a port other than the default port, that port needs to be configured using the ip nat
service command.
Use the no ip nat service H225 command to disable support of H.225 packets by NAT.

Examples The following example configures the nonstandard port 2021:

ip nat service list 10 ftp tcp port 2021
access-list 10 permit 10.1.1.1

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-56
 IP Addressing Commands
ip nat service

The following example configures the standard FTP port 21 and the nonstandard port 2021:
ip nat service list 10 ftp tcp port 21
ip nat service list 10 ftp tcp port 2021
access-list 10 permit 10.1.1.1

The following example configures the 20002 port of the CallManager:

ip nat service skinny tcp port 20002

Related Commands Command Description

clear ip nat translation Clears dynamic NAT translations from the translation table.
ip nat Designates that traffic originating from or destined for the interface is
subject to NAT.
ip nat inside destination Enables NAT of the inside destination address.
ip nat inside source Enables NAT of the inside source address.
ip nat outside source Enables NAT of the outside source address.
show ip nat statistics Displays NAT statistics.
show ip nat translations Displays active NAT translations.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-57
 IP Addressing Commands
ip nat translation

ip nat translation
To change the amount of time after which Network Address Translation (NAT) translations time out, use
the ip nat translation global configuration command. To disable the timeout, use the no form of this
command.

ip nat translation [max-entries number] {timeout | udp-timeout | dns-timeout | tcp-timeout |

finrst-timeout | icmp-timeout | pptp-timeout | syn-timeout | port-timeout} seconds | never

no ip nat translation [max-entries number] {timeout | udp-timeout | dns-timeout | tcp-timeout

| finrst-timeout | icmp-timeout | pptp-timeout | syn-timeout | port-timeout}

Syntax Description max-entries number (Optional) Specifies the maximum number (1-2147483647) of NAT
entries. Default is unlimited.
timeout Specifies that the timeout value applies to dynamic translations except for
overload translations. Default is 86400 seconds (24 hours).
udp-timeout Specifies that the timeout value applies to the User Datagram Protocol
(UDP) port. Default is 300 seconds (5 minutes).
dns-timeout Specifies that the timeout value applies to connections to the Domain
Naming System (DNS). Default is 60 seconds.
tcp-timeout Specifies that the timeout value applies to the TCP port. Default is
86400 seconds (24 hours).
finrst-timeout Specifies that the timeout value applies to Finish and Reset TCP packets,
which terminate a connection. Default is 60 seconds.
icmp-timeout Specifies the timeout value for Internet Control Message Protocol (ICMP)
flows. Default is 60 seconds.
pptp-timeout Specifies the timeout value for NAT Point-to-Point Tunneling Protocol
(PPTP) flows. Default is 86400 seconds (24 hours).
syn-timeout Specifies the timeout value for TCP flows immediately after a
synchronous transmission (SYN) message. The default is 60 seconds.
port-timeout Specifies that the timeout value applies to the TCP/UDP port.
seconds Number of seconds after which the specified port translation times out.
The default is 0.
never Specifies no port translation time out.

Defaults timeout: 86400 seconds (24 hours)

udp-timeout: 300 seconds (5 minutes)
dns-timeout: 60 seconds (1 minute)
tcp-timeout: 86400 seconds (24 hours)
finrst-timeout: 60 seconds (1 minute)
icmp-timeout: 60 seconds (1 minute)
pptp-timeout: 86400 seconds (24 hours)

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-58
 IP Addressing Commands
ip nat translation

syn-timeout: 60 seconds (1 minute)

port-timeout: 0 (never)

Command Modes Global configuration

Command History Release Modification

11.2 This command was introduced.

Usage Guidelines When port translation is configured, there is finer control over translation entry timeouts because each
entry contains more context about the traffic that is using it. Non-DNS UDP translations time out after
5 minutes, while DNS times out in 1 minute. TCP translations timeout in 24 hours, unless an RST or FIN
is seen on the stream, in which case they will time out in 1 minute.

Examples The following example causes UDP port translation entries to time out after 10 minutes:
ip nat translation udp-timeout 600

Related Commands Command Description

clear ip nat translation Clears dynamic NAT translations from the translation table.
ip nat Designates that traffic originating from or destined for the interface
is subject to NAT.
ip nat inside destination Enables NAT of the inside destination address.
ip nat inside source Enables NAT of the inside source address.
ip nat outside source Enables NAT of the outside source address.
ip nat pool Defines a pool of IP addresses for NAT.
show ip nat statistics Displays NAT statistics.
show ip nat translations Displays active NAT translations.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-59
 IP Addressing Commands
ip netmask-format

ip netmask-format
To specify the format in which netmasks are displayed in show command output, use the
ip netmask-format line configuration command. To restore the default display format, use the no form
of this command.

ip netmask-format {bit-count | decimal | hexadecimal}

no ip netmask-format {bit-count | decimal | hexadecimal}

Syntax Description bit-count Addresses are followed by a slash and the total number of bits in the netmask.
For example, 131.108.11.0/24 indicates that the netmask is 24 bits.
decimal Network masks are displayed in dotted-decimal notation (for example,
255.255.255.0).
hexadecimal Network masks are displayed in hexadecimal format, as indicated by the
leading 0X (for example, 0XFFFFFF00).

Defaults Netmasks are displayed in dotted-decimal format.

Command Modes Line configuration

Command History Release Modification

10.3 This command was introduced.

Usage Guidelines IP uses a 32-bit mask that indicates which address bits belong to the network and subnetwork fields, and
which bits belong to the host field. This is called a netmask. By default, show commands display an IP
address and then its netmask in dotted decimal notation. For example, a subnet would be displayed as
131.108.11.0 255.255.255.0.
However, you can specify that the display of the network mask appear in hexadecimal format or bit count
format instead. The hexadecimal format is commonly used on UNIX systems. The previous example
would be displayed as 131.108.11.0 0XFFFFFF00.
The bitcount format for displaying network masks is to append a slash (/) and the total number of bits in
the netmask to the address itself. The previous example would be displayed as 131.108.11.0/24.

Examples The following example configures network masks for the specified line to be displayed in bitcount
notation in the output of show commands:
line vty 0 4
ip netmask-format bitcount

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-60
 IP Addressing Commands
ip nhrp authentication

ip nhrp authentication
To configure the authentication string for an interface using the Next Hop Resolution Protocol (NHRP),
use the ip nhrp authentication interface configuration command. To remove the authentication string,
use the no form of this command.

ip nhrp authentication string

no ip nhrp authentication [string]

Syntax Description string Authentication string configured for the source and destination
stations that controls whether NHRP stations allow
intercommunication. The string can be up to eight characters long.

Defaults No authentication string is configured; the Cisco IOS software adds no authentication option to NHRP
packets it generates.

Command Modes Interface configuration

Command History Release Modification

10.3 This command was introduced.

Usage Guidelines All routers configured with NHRP within one logical NBMA network must share the same
authentication string.

Examples In the following example, the authentication string named specialxx must be configured in all devices
using NHRP on the interface before NHRP communication occurs:
ip nhrp authentication specialxx

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-61
 IP Addressing Commands
ip nhrp holdtime

ip nhrp holdtime
To change the number of seconds that Next Hop Resolution Protocol (NHRP) nonbroadcast multiaccess
(NBMA) addresses are advertised as valid in authoritative NHRP responses, use the ip nhrp holdtime
interface configuration command. To restore the default value, use the no form of this command.

ip nhrp holdtime seconds

no ip nhrp holdtime [seconds]

Syntax Description seconds Time in seconds that NBMA addresses are advertised as valid in
positive authoritative NHRP responses.

Defaults 7200 seconds (2 hours)

Command Modes Interface configuration

Command History Release Modification

10.3 This command was introduced.

Usage Guidelines The ip nhrp holdtime command affects authoritative responses only. The advertised holding time is the
length of time the Cisco IOS software tells other routers to keep information that it is providing in
authoritative NHRP responses. The cached IP-to-NBMA address mapping entries are discarded after the
holding time expires.
The NHRP cache can contain static and dynamic entries. The static entries never expire. Dynamic entries
expire regardless of whether they are authoritative or nonauthoritative.

Examples In the following example, NHRP NBMA addresses are advertised as valid in positive authoritative
NHRP responses for 1 hour:
ip nhrp holdtime 3600

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-62
 IP Addressing Commands
ip nhrp interest

ip nhrp interest
To control which IP packets can trigger sending a Next Hop Resolution Protocol (NHRP) request packet,
use the ip nhrp interest interface configuration command. To restore the default value, use the no form
of this command.

ip nhrp interest access-list-number

no ip nhrp interest [access-list-number]

Syntax Description access-list-number Standard or extended IP access list number in the range from
1 to 199.

Defaults All non-NHRP packets can trigger NHRP requests.

Command Modes Interface configuration

Command History Release Modification

10.3 This command was introduced.

Usage Guidelines Use this command with the access-list command to control which IP packets trigger NHRP requests.
The ip nhrp interest command controls which packets cause NHRP address resolution to take place; the
ip nhrp use command controls how readily the system attempts such address resolution.

Examples In the following example, any TCP traffic can cause NHRP requests to be sent, but no other IP packets
will cause NHRP requests:
ip nhrp interest 101
access-list 101 permit tcp any any

Related Commands Command Description

access-list (IP Defines an extended IP access list.
extended)
access-list (IP Defines a standard IP access list.
standard)
ip nhrp use Configures the software so that NHRP is deferred until the system has
attempted to send data traffic to a particular destination multiple times.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-63
 IP Addressing Commands
ip nhrp map

ip nhrp map
To statically configure the IP-to-NonBroadcast MutiAccess (NBMA) address mapping of IP destinations
connected to an MBMA network, use the ip nhrp map interface configuration command. To remove the
static entry from Next Hop Resolution Protocol (NHRP) cache, use the no form of this command.

ip nhrp map ip-address nbma-address

no ip nhrp map ip-address nbma-address

Syntax Description ip-address IP address of the destinations reachable through the NBMA network.
This address is mapped to the NBMA address.
nbma-address NBMA address that is directly reachable through the NBMA
network. The address format varies depending on the medium you are
using. For example, ATM has a Network Service Access Point
(NSAP) address, Ethernet has a MAC address, and Switched
Multimegabit Data Service (SMDS) has an E.164 address. This
address is mapped to the IP address.

Defaults No static IP-to-NBMA cache entries exist.

Command Modes Interface configuration

Command History Release Modification

10.3 This command was introduced.

Usage Guidelines You will probably need to configure at least one static mapping in order to reach the Next Hop Server.
Repeat this command to statically configure multiple IP-to-NBMA address mappings.

Examples In the following example, this station in a multipoint tunnel network is statically configured to be served
by two Next Hop Servers 100.0.0.1 and 100.0.1.3. The NBMA address for 100.0.0.1 is statically
configured to be 11.0.0.1 and the NBMA address for 100.0.1.3 is 12.2.7.8.
interface tunnel 0
ip nhrp nhs 100.0.0.1
ip nhrp nhs 100.0.1.3
ip nhrp map 100.0.0.1 11.0.0.1
ip nhrp map 100.0.1.3 12.2.7.8

Related Commands Command Description

clear ip nhrp Clears all dynamic entries from the NHRP cache.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-64
 IP Addressing Commands
ip nhrp map multicast

ip nhrp map multicast

To configure NonBroadcast MultiAccess (NBMA) addresses used as destinations for broadcast or
multicast packets to be sent over a tunnel network, use the ip nhrp map multicast interface
configuration command. To remove the destinations, use the no form of this command.

ip nhrp map multicast nbma-address

no ip nhrp map multicast nbma-address

Syntax Description nbma-address NBMA address that is directly reachable through the NBMA
network. The address format varies depending on the medium you are
using.

Defaults No NBMA addresses are configured as destinations for broadcast or multicast packets.

Command Modes Interface configuration

Command History Release Modification

10.3 This command was introduced.

Usage Guidelines This command applies only to tunnel interfaces.

The command is useful for supporting broadcasts over a tunnel network when the underlying network
does not support IP multicast. If the underlying network does support IP multicast, you should use the
tunnel destination command to configure a multicast destination for transmission of tunnel broadcasts
or multicasts.
When multiple NBMA addresses are configured, the system replicates the broadcast packet for each
address.

Examples In the following example, if a packet is sent to 10.255.255.255, it is replicated to destinations 11.0.0.1
and 11.0.0.2. Addresses 11.0.0.1 and 11.0.0.2 are the IP addresses of two other routers that are part of
the tunnel network, but those addresses are their addresses in the underlying network, not the tunnel
network. They would have tunnel addresses that are in network 10.0.0.0.
interface tunnel 0
ip address 10.0.0.3 255.0.0.0
ip nhrp map multicast 11.0.0.1
ip nhrp map multicast 11.0.0.2

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-65
 IP Addressing Commands
ip nhrp max-send

ip nhrp max-send
To change the maximum frequency at which Next Hop Resolution Protocol (NHRP) packets can be sent,
use the ip nhrp max-send interface configuration command. To restore this frequency to the default
value, use the no form of this command.

ip nhrp max-send pkt-count every interval

no ip nhrp max-send

Syntax Description pkt-count Number of packets that can be sent in the range from 1 to 65535. Default is
5 packets.
every interval Time (in seconds) in the range from 10 to 65535. Default is 10 seconds.

Defaults pkt-count: 5 packets

interval: 10 seconds

Command Modes Interface configuration

Command History Release Modification

11.1 This command was introduced.

Usage Guidelines The software maintains a per-interface quota of NHRP packets that can be sent. NHRP traffic, whether
locally generated or forwarded, cannot be sent at a rate that exceeds this quota. The quota is replenished
at the rate specified by the interval value.

Examples In the following example, only one NHRP packet can be sent from serial interface 0 each minute:
interface serial 0
ip nhrp max-send 1 every 60

Related Commands Command Description

ip nhrp interest Controls which IP packets can trigger sending an NHRP request.
ip nhrp use Configures the software so that NHRP is deferred until the system has
attempted to send data traffic to a particular destination multiple times.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-66
 IP Addressing Commands
ip nhrp network-id

ip nhrp network-id
To enable the Next Hop Resolution Protocol (NHRP) on an interface, use the ip nhrp network-id
interface configuration command. To disable NHRP on the interface, use the no form of this command.

ip nhrp network-id number

no ip nhrp network-id [number]

Syntax Description number Globally unique, 32-bit network identifier from a nonbroadcast
multiaccess (NBMA) network. The range is from 1 to 4294967295.

Defaults NHRP is disabled on the interface.

Command Modes Interface configuration

Command History Release Modification

10.3 This command was introduced.

Usage Guidelines In general, all NHRP stations within one logical NBMA network must be configured with the same
network identifier.

Examples The following example enables NHRP on the interface:

ip nhrp network-id 1

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-67
 IP Addressing Commands
ip nhrp nhs

ip nhrp nhs
To specify the address of one or more Next Hop Resolution Protocol (NHRP) servers, use the ip nhrp
nhs interface configuration command. To remove the address, use the no form of this command.

ip nhrp nhs nhs-address [net-address [netmask]]

no ip nhrp nhs nhs-address [net-address [netmask]]

Syntax Description nhs-address Address of the Next Hop Server being specified.
net-address (Optional) IP address of a network served by the Next Hop Server.
netmask (Optional) IP network mask to be associated with the net IP address. The
net IP address is logically ANDed with the mask.

Defaults No Next Hop Servers are explicitly configured, so normal network layer routing decisions are used to
forward NHRP traffic.

Command Modes Interface configuration

Command History Release Modification

10.3 This command was introduced.

Usage Guidelines Use this command to specify the address of a Next Hop Server and the networks it serves. Normally,
NHRP consults the network layer forwarding table to determine how to forward NHRP packets. When
Next Hop Servers are configured, these next hop addresses override the forwarding path that would
otherwise be used for NHRP traffic.
For any Next Hop Server that is configured, you can specify multiple networks that it serves by repeating
this command with the same nhs-address argument, but with different net-address IP network addresses.

Examples In the following example, the Next Hop Server with address 131.108.10.11 serves IP network 10.0.0.0.
The mask is 255.0.0.0.
ip nhrp nhs 131.108.10.11 10.0.0.0 255.0.0.0

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-68
 IP Addressing Commands
ip nhrp record

ip nhrp record
To reenable the use of forward record and reverse record options in Next Hop Resolution Protocol
(NHRP) request and reply packets, use the ip nhrp record interface configuration command. To
suppress the use of such options, use the no form of this command.

ip nhrp record

no ip nhrp record

Syntax Description This command has no arguments or keywords.

Defaults Forward record and reverse record options are used in NHRP request and reply packets.

Command Modes Interface configuration

Command History Release Modification

10.3 This command was introduced.

Usage Guidelines Forward record and reverse record options provide loop detection and are enabled by default. Using the
no form of this command disables this method of loop detection. For another method of loop detection,
see the ip nhrp responder command.

Examples The following example suppresses forward record and reverse record options:
no ip nhrp record

Related Commands Command Description

ip nhrp responder Designates the primary IP address of which interface the Next Hop Server
will use in NHRP reply packets when the NHRP requester uses the
Responder Address option.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-69
 IP Addressing Commands
ip nhrp responder

ip nhrp responder
To designate the primary IP address the Next Hop Server that an interface will use in Next Hop
Resolution Protocol (NHRP) reply packets when the NHRP requestor uses the Responder Address
option, use the ip nhrp responder interface configuration command. To remove the designation, use the
no form of this command.

ip nhrp responder type number

no ip nhrp responder [type] [number]

Syntax Description type Interface type whose primary IP address is used when a Next Hop Server
complies with a Responder Address option (for example, serial or tunnel).
number Interface number whose primary IP address is used when a Next Hop Server
complies with a Responder Address option.

Defaults The Next Hop Server uses the IP address of the interface where the NHRP request was received.

Command Modes Interface configuration

Command History Release Modification

10.3 This command was introduced.

Usage Guidelines If an NHRP requestor wants to know which Next Hop Server generates an NHRP reply packet, it can
request that information through the Responder Address option. The Next Hop Server that generates the
NHRP reply packet then complies by inserting its own IP address in the Responder Address option of
the NHRP reply. The Next Hop Server uses the primary IP address of the specified interface.
If an NHRP reply packet being forwarded by a Next Hop Server contains the IP address of that Next Hop
Server, the Next Hop Server generates an Error Indication of type “NHRP Loop Detected” and discards
the reply packet.

Examples In the following example, any NHRP requests for the Responder Address will cause this router acting as
a Next Hop Server to supply the primary IP address of serial interface 0 in the NHRP reply packet:
ip nhrp responder serial 0

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-70
 IP Addressing Commands
ip nhrp server-only

ip nhrp server-only
To configure the interface to operate in Next Hop Resolution Protocol (NHRP) server-only mode, use
the ip nhrp server-only interface configuration command. To disable this feature, use the no form of
this command.

ip nhrp server-only [non-caching]

no ip nhrp server-only

Syntax Description non-caching (Optional) The router will not cache NHRP information received on this
interface.

Defaults Disabled

Command Modes Interface configuration

Command History Release Modification

11.2 This command was introduced.
12.0 The non-caching keyword was added.

Usage Guidelines When the interface is operating in NHRP server-only mode, the interface does not originate NHRP
requests or set up an NHRP shortcut Switched Virtual Circuit (SVC).

Examples The following example configures the interface to operate in server-only mode:
ip nhrp server-only

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-71
 IP Addressing Commands
ip nhrp trigger-svc

ip nhrp trigger-svc
To configure when the Next Hop Resolution Protocol (NHRP) will set up and tear down a switched
virtual circuit (SVC) based on aggregate traffic rates, use the ip nhrp trigger-svc interface configuration
command. To restore the default thresholds, use the no form of this command.

ip nhrp trigger-svc trigger-threshold teardown-threshold

no ip nhrp trigger-svc

Syntax Description trigger-threshold Average traffic rate calculated during the load interval, at or above which NHRP
will set up an SVC for a destination. The default value is 1 kbps.
teardown-threshold Average traffic rate calculated during the load interval, at or below which NHRP
will tear down the SVC to the destination. The default value is 0 kbps.

Defaults trigger-threshold: 1 kbps

teardown-threshold: 0 kbps

Command Modes Interface configuration

Command History Release Modification

12.0 This command was introduced.

Usage Guidelines The two thresholds are measured during a sampling interval of 30 seconds, by default. To change that
interval, use the load-interval seconds argument of the ip cef traffic-statistics command.

Examples In the following example, the triggering and teardown thresholds are set to 100 kbps and 5 kbps,
respectively:
ip nhrp trigger-svc 100 5

Related Commands Command Description

ip cef Enables CEF on the route processor card.
ip cef accounting Enables network accounting of CEF information.
ip cef traffic-statistics Changes the time interval that controls when NHRP will set up or tear down
an SVC.
ip nhrp interest Controls which IP packets can trigger sending an NHRP request.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-72
 IP Addressing Commands
ip nhrp use

ip nhrp use
To configure the software so that Next Hop Resolution Protocol (NHRP) is deferred until the system has
attempted to send data traffic to a particular destination multiple times, use the ip nhrp use interface
configuration command. To restore the default value, use the no form of this command.

ip nhrp use usage-count

no ip nhrp use usage-count

Syntax Description usage-count Packet count in the range from 1 to 65535. Default is 1.

Defaults usage-count: 1. The first time a data packet is sent to a destination for which the system determines
NHRP can be used, an NHRP request is sent.

Command Modes Interface configuration

Command History Release Modification

11.1 This command was introduced.

Usage Guidelines When the software attempts to send a data packet to a destination for which it has determined that NHRP
address resolution can be used, an NHRP request for that destination is normally sent immediately.
Configuring the usage-count argument causes the system to wait until that many data packets have been
sent to a particular destination before it attempts NHRP. The usage-count argument for a particular
destination is measured over 1-minute intervals (the NHRP cache expiration interval).
The usage count applies per destination. So if the usage-count argument is configured to be 3, and four
data packets are sent toward 10.0.0.1 and one packet toward 10.0.0.2, then an NHRP request is generated
for 10.0.0.1 only.
If the system continues to need to forward data packets to a particular destination, but no NHRP response
has been received, retransmission of NHRP requests is performed. This retransmission occurs only if
data traffic continues to be sent to a destination.
The ip nhrp interest command controls which packets cause NHRP address resolution to take place; the
ip nhrp use command controls how readily the system attempts such address resolution.

Examples In the following example, if in the first minute five packets are sent to the first destination and five
packets are sent to a second destination, then a single NHRP request is generated for the second
destination.
If in the second minute the same traffic is generated and no NHRP responses have been received, then
the system resends its request for the second destination.
ip nhrp use 5

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-73
 IP Addressing Commands
ip nhrp use

Related Commands Command Description

ip nhrp interest Controls which IP packets can trigger sending an NHRP request.
ip nhrp max-send Changes the maximum frequency at which NHRP packets can be sent.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-74
 IP Addressing Commands
ip probe proxy

ip probe proxy
To enable the HP Probe Proxy support, which allows the Cisco IOS software to respond to HP Probe
Proxy name requests, use the ip probe proxy interface configuration command. To disable HP Probe
Proxy, use the no form of this command.

ip probe proxy

no ip probe proxy

Syntax Description This command has no arguments or keywords.

Defaults Disabled

Command Modes Interface configuration

Command History Release Modification

10.0 This command was introduced.

Usage Guidelines HP Probe Proxy Name requests are typically used at sites that have Hewlett-Packard (HP) equipment
and are already using HP Probe.
To use the HP Probe Proxy service, you must first enter the host name of the HP host into the host table
using the ip hp-host global configuration command.

Examples The following example specifies an HP host name and address, and then enables Probe Proxy:
ip hp-host BCWjo 131.108.1.27
interface ethernet 0
ip probe proxy

Related Commands Command Description

ip hp-host Enters into the host table the host name of an HP host to be used for HP Probe
Proxy service.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-75
 IP Addressing Commands
ip proxy-arp

ip proxy-arp
To enable proxy Address Resolution Protocol (ARP) on an interface, use the ip proxy-arp interface
configuration command. To disable proxy ARP on the interface, use the no form of this command.

ip proxy-arp

no ip proxy-arp

Syntax Description This command has no arguments or keywords.

Defaults Enabled

Command Modes Interface configuration

Command History Release Modification

10.0 This command was introduced.

Examples The following example enables proxy ARP on Ethernet interface 0:

interface ethernet 0
ip proxy-arp

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-76
 IP Addressing Commands
ip routing

ip routing
To enable IP routing, use the ip routing global configuration command. To disable IP routing, use the
no form of this command.

ip routing

no ip routing

Syntax Description This command has no arguments or keywords.

Defaults Enabled

Command Modes Global configuration

Command History Release Modification

10.0 This command was introduced.

Usage Guidelines To bridge IP, the no ip routing command must be configured to disable IP routing. However, you need
not specify no ip routing in conjunction with concurrent routing and bridging to bridge IP.
The ip routing command is disabled on the Cisco VG200 voice over IP gateway.

Examples The following example enables IP routing:

ip routing

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-77
 IP Addressing Commands
ip subnet-zero

ip subnet-zero
To enable the use of subnet 0 for interface addresses and routing updates, use the ip subnet-zero global
configuration command. To restore the default, use the no form of this command.

ip subnet-zero

no ip subnet-zero

Syntax Description This command has no arguments or keywords.

Defaults Enabled

Command Modes Global configuration

Command History Release Modification

10.0 This command was introduced.

Usage Guidelines The ip subnet-zero command provides the ability to configure and route to subnet 0 subnets.
Subnetting with a subnet address of 0 is discouraged because of the confusion inherent in having a
network and a subnet with indistinguishable addresses.

Examples The following example enables subnet zero:

ip subnet-zero

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-78
 IP Addressing Commands
ip unnumbered

ip unnumbered
To enable IP processing on a serial interface without assigning an explicit IP address to the interface, use
the ip unnumbered interface configuration command. To disable the IP processing on the interface, use
the no form of this command.

ip unnumbered type number

no ip unnumbered type number

Syntax Description type number Type and number of another interface on which the router has an
assigned IP address. It cannot be another unnumbered interface.

Defaults Disabled

Command Modes Interface configuration

Command History Release Modification

10.0 This command was introduced.

Usage Guidelines Whenever the unnumbered interface generates a packet (for example, for a routing update), it uses the
address of the specified interface as the source address of the IP packet. It also uses the address of the
specified interface in determining which routing processes are sending updates over the unnumbered
interface. Restrictions include the following:
• Serial interfaces using High Level Data Link Control (HDLC), PPP, Link Access Procedure,
Balanced (LAPB), Frame Relay encapsulations, and Serial Line Internet Protocol (SLIP) and tunnel
interfaces can be unnumbered. It is not possible to use this interface configuration command with
X.25 or Switched Multimegabit Data Service (SMDS) interfaces.
• You cannot use the ping EXEC command to determine whether the interface is up, because the
interface has no address. Simple Network Management Protocol (SNMP) can be used to remotely
monitor interface status.
• You cannot netboot a runnable image over an unnumbered serial interface.
• You cannot support IP security options on an unnumbered interface.
The interface you specify by the type and number arguments must be enabled (listed as “up” in the show
interfaces command display).
If you are configuring Intermediate System-to-Intermediate System (IS-IS) across a serial line, you
should configure the serial interfaces as unnumbered, which allows you to conform with RFC 1195,
which states that IP addresses are not required on each interface.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-79
 IP Addressing Commands
ip unnumbered

Note Using an unnumbered serial line between different major networks (or majornets) requires special
care. If at each end of the link there are different majornets assigned to the interfaces you specified
as unnumbered, then any routing protocol running across the serial line must not advertise subnet
information.

Examples In the following example, the first serial interface is given the address of Ethernet 0:
interface ethernet 0
ip address 131.108.6.6 255.255.255.0
!
interface serial 0
ip unnumbered ethernet 0

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-80
 IP Addressing Commands
no ip gratuitous-arps

no ip gratuitous-arps
To disable the transmission of gratuitous Address Resolution Protocol (ARP) messages for an address
in a local pool, use the no ip gratuitous-arps command in global configuration mode.

no ip gratuitous-arps

Syntax Description This command has no keywords or arguments.

Defaults Disabled

Command Modes Global configuration

Command History Release Modification

11.3 This command was introduced.

Usage Guidelines A Cisco router will send out a gratuitous ARP message when a client connects and negotiates an address
over a PPP connection. This transmission occurs even when the client receives the address from a local
address pool.

Examples The following example disables gratuitous arp messages from being sent:
no ip gratuitous-arps

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-81
 IP Addressing Commands
show arp

show arp
To display the entries in the Address Resolution Protocol (ARP) table, use the show arp privileged
EXEC command.

show arp

Syntax Description This command has no arguments or keywords.

Command Modes Privileged EXEC

Command History Release Modification

10.0 This command was introduced.

Examples The following is sample output from the show arp command:
Router# show arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 131.108.42.112 120 0000.a710.4baf ARPA Ethernet3

AppleTalk 4028.5 29 0000.0c01.0e56 SNAP Ethernet2
Internet 131.108.42.114 105 0000.a710.859b ARPA Ethernet3
AppleTalk 4028.9 - 0000.0c02.a03c SNAP Ethernet2
Internet 131.108.42.121 42 0000.a710.68cd ARPA Ethernet3
Internet 131.108.36.9 - 0000.3080.6fd4 SNAP TokenRing0
AppleTalk 4036.9 - 0000.3080.6fd4 SNAP TokenRing0
Internet 131.108.33.9 - 0000.0c01.7bbd SNAP Fddi0

Table 3 describes the significant fields shown in the display.

Table 3 show arp Field Descriptions

Field Description
Protocol Protocol for network address in the Address field.
Address The network address that corresponds to the Hardware Address.
Age (min) Age in munutes of the cache entryh. A hyphen (-) means the address is local.
Hardware Addr LAN hardware address of a MAC address that corresponds to the network
address.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-82
IP Addressing Commands
show arp

Table 3 show arp Field Descriptions (continued)

Field Description
Type Indicates the encapsulation type the Cisco IOS software is using for the network
address in this entry. Possible values include:
• ARPA
• SNAP
• ETLK (EtherTalk)
• SMDS
Interface Indicates the interface associated with this network address.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-83
 IP Addressing Commands
show hosts

show hosts
To display the default domain name, the style of name lookup service, a list of name server hosts, and
the cached list of host names and addresses, use the show hosts EXEC command.

show hosts

Syntax Description This command has no arguments or keywords.

Command Modes EXEC

Command History Release Modification

10.0 This command was introduced.

Examples The following is sample output from the show hosts command:
Router# show hosts

Default domain is CISCO.COM

Name/address lookup uses domain service
Name servers are 255.255.255.255
Host Flag Age Type Address(es)
SLAG.CISCO.COM (temp, OK) 1 IP 131.108.4.10
CHAR.CISCO.COM (temp, OK) 8 IP 192.31.7.50
CHAOS.CISCO.COM (temp, OK) 8 IP 131.108.1.115
DIRT.CISCO.COM (temp, EX) 8 IP 131.108.1.111
DUSTBIN.CISCO.COM (temp, EX) 0 IP 131.108.1.27
DREGS.CISCO.COM (temp, EX) 24 IP 131.108.1.30

Table 4 describes the significant fields shown in the display.

Table 4 show hosts Field Descriptions

Field Description
Flag A temporary entry is entered by a name server; the Cisco IOS software removes the
entry after 72 hours of inactivity.
A permanent entry is entered by a configuration command and is not timed out.
Entries marked OK are believed to be valid. Entries marked?? are considered suspect
and subject to revalidation. Entries marked EX are expired.
Age Indicates the number of hours since the software last referred to the cache entry.
Type Identifies the type of address, for example, IP, Connectionless Network Service
(CLNS), or X.121. If you have used the ip hp-host global configuration command,
the show hosts command will display these host names as type HP-IP.
Address(es) Displays the address of the host. One host may have up to eight addresses.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-84
 IP Addressing Commands
show hosts

Related Commands Command Description

clear host Deletes entries from the host name-to-address cache.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-85
 IP Addressing Commands
show ip aliases

show ip aliases
To display the IP addresses mapped to TCP ports (aliases) and Serial Line Internet Protocol (SLIP)
addresses, which are treated similarly to aliases, use the show ip aliases EXEC command.

show ip aliases

Syntax Description This command has no arguments or keywords.

Command Modes EXEC

Command History Release Modification

10.0 This command was introduced.

Usage Guidelines To distinguish a SLIP address from a normal alias address, the command output uses the form SLIP
TTY1 for the “port” number, where 1 is the auxiliary port.

Examples The following is sample output from the show ip aliases command:
Router# show ip aliases

IP Address Port
131.108.29.245 SLIP TTY1

The display lists the IP address and corresponding port number.

Related Commands Command Description

show line Displays the parameters of a terminal line.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-86
 IP Addressing Commands
show ip arp

show ip arp
To display the Address Resolution Protocol (ARP) cache, where Serial Line Internet Protocol (SLIP)
addresses appear as permanent ARP table entries, use the show ip arp EXEC command.

show ip arp [ip-address] [host-name] [mac-address] [interface type number]

Syntax Description ip-address (Optional) ARP entries matching this IP address are displayed.
host-name (Optional) Host name.
mac-address (Optional) 48-bit MAC address.
interface type number (Optional) ARP entries learned via this interface type and number are
displayed.

Command Modes EXEC

Command History Release Modification

9.0 This command was introduced.

Usage Guidelines ARP establishes correspondences between network addresses (an IP address, for example) and LAN
hardware addresses (Ethernet addresses). A record of each correspondence is kept in a cache for a
predetermined amount of time and then discarded.

Examples The following is sample output from the show ip arp command:
Router# show ip arp

Protocol AddressAge(min) Hardware Addr Type Interface

Internet 171.69.233.2290000.0c59.f892 ARPA Ethernet0/0
Internet 171.69.233.2180000.0c07.ac00 ARPA Ethernet0/0
Internet 171.69.233.19-0000.0c63.1300 ARPA Ethernet0/0
Internet 171.69.233.3090000.0c36.6965 ARPA Ethernet0/0
Internet 172.19.168.11-0000.0c63.1300 ARPA Ethernet0/0
Internet 172.19.168.25490000.0c36.6965 ARPA Ethernet0/0

Table 5 describes the significant fields shown in the display.

Table 5 show ip arp Field Descriptions

Field Description
Protocol Protocol for network address in the Address field.
Address The network address that corresponds to the Hardware Address.
Age (min) Age in minutes of the cache entry. A hyphen (-) means the address is local.
Hardware LAN hardware address of a MAC address that corresponds to the network address.
Addr

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-87
 IP Addressing Commands
show ip arp

Table 5 show ip arp Field Descriptions (continued)

Field Description
Type Indicates the encapsulation type the Cisco IOS software is using the network address in
this entry. Possible value include:
• ARPA
• SNAP
• SAP
Interface Indicates the interface associated with this network address.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-88
 IP Addressing Commands
show ip interface

show ip interface
To display the usability status of interfaces configured for IP, use the show ip interface EXEC command.

show ip interface [type number] [brief]

Syntax Description type (Optional) Interface type.

number (Optional) Interface number.
brief (Optional) Displays a summary of the usability status information for
each interface.

Command Modes EXEC

Command History Release Modification

10.0 This command was introduced.
12.0(3)T This command was expanded to include the status of ip wccp redirect out
and ip wccp redirect exclude add in commands.

Usage Guidelines The Cisco IOS software automatically enters a directly connected route in the routing table if the
interface is usable. A usable interface is one through which the software can send and receive packets.
If the software determines that an interface is not usable, it removes the directly connected routing entry
from the routing table. Removing the entry allows the software to use dynamic routing protocols to
determine backup routes to the network, if any.
If the interface can provide two-way communication, the line protocol is marked “up.” If the interface
hardware is usable, the interface is marked “up.”
If you specify an optional interface type, you will see only information on that specific interface.
If you specify no optional arguments, you will see information on all the interfaces.
When an asynchronous interface is encapsulated with PPP or Serial Line Internet Protocol (SLIP), IP
fast switching is enabled. A show ip interface command on an asynchronous interface encapsulated
with PPP or SLIP displays a message indicating that IP fast switching is enabled.

Examples The following is sample output from the show ip interface command:
Router# show ip interface

Ethernet0 is up, line protocol is up

Internet address is 192.195.78.24, subnet mask is 255.255.255.240
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Secondary address 131.192.115.2, subnet mask 255.255.255.0
Directed broadcast forwarding is enabled
Multicast groups joined: 224.0.0.1 224.0.0.2

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-89
 IP Addressing Commands
show ip interface

Outgoing access list is not set

Inbound access list is not set
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP SSE switching is disabled
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
Probe proxy name replies are disabled
WCCP Redirect outbound is enabled
WCCP Redirect exclude is disabled

Table 6 describes the significant fields shown in the display.

Table 6 show ip interface Field Descriptions

Field Description
Ethernet0 is up If the interface hardware is usable, the interface is marked “up.”
For an interface to be usable, both the interface hardware and line
protocol must be up.
line protocol is up If the interface can provide two-way communication, the line
protocol is marked “up.” For an interface to be usable, both the
interface hardware and line protocol must be up.
Internet address and subnet mask IP Internet address and subnet mask of the interface.
Broadcast address Displays the broadcast address.
Address determined by... Indicates how the IP address of the interface was determined.
MTU Displays the MTU value set on the interface.
Helper address Displays a helper address, if one has been set.
Secondary address Displays a secondary address, if one has been set.
Directed broadcast forwarding Indicates whether directed broadcast forwarding is enabled.
Multicast groups joined Indicates the multicast groups this interface is a member of.
Outgoing access list Indicates whether the interface has an outgoing access list set.
Inbound access list Indicates whether the interface has an incoming access list set.
Proxy ARP Indicates whether Proxy Address Resolution Protocol (ARP) is
enabled for the interface.
Security level Specifies the IP Security Option (IPSO) security level set for this
interface.
Split horizon Indicates that split horizon is enabled.
ICMP redirects Specifies whether redirect messages will be sent on this interface.
ICMP unreachables Specifies whether unreachable messages will be sent on this
interface.
ICMP mask replies Specifies whether mask replies will be sent on this interface.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-90
IP Addressing Commands
show ip interface

Table 6 show ip interface Field Descriptions (continued)

Field Description
IP fast switching Specifies whether fast switching has been enabled for this
interface. It is generally enabled on serial interfaces, such as this
one.
IP SSE switching Specifies whether IP silicon switching engine (SSE) is enabled.
Router Discovery Specifies whether the discovery process has been enabled for this
interface. It is generally disabled on serial interfaces.
IP output packet accounting Specifies whether IP accounting is enabled for this interface and
what the threshold (maximum number of entries) is.
TCP/IP header compression Indicates whether compression is enabled or disabled.
Probe proxy name Indicates whether HP Probe proxy name replies are generated.
WCCP Redirect outbound is Indicates the status of whether packets received on an interface are
enabled redirected to a cache engine. Displays “enabled” or “disabled.”
WCCP Redirect exclude is Indicates the status of whether packets targeted for an interface
disabled will be excluded from being redirected to a cache engine. Displays
“enabled” or “disabled.”

The following is sample output from the show ip interface brief command:
Router# show ip interface brief

Interface IP-Address OK? Method Status Protocol

Ethernet0 151.108.0.5 YES NVRAM up up
Ethernet1 unassigned YES unset administratively down down
Loopback0 152.108.20.5 YES NVRAM up up
Serial0 162.108.10.5 YES NVRAM up up
Serial1 162.108.4.5 YES NVRAM up up
Serial2 152.108.10.5 YES manual up up
Serial3 unassigned YES unset administratively down down

The method field has the following possible values:

• RARP or SLARP—Reverse Address Resolution Protocol (RARP) or SLARP request
• BOOTP—Bootstrap protocol
• TFTP—Configuration file obtained from Trivial File Transfer Protocol (TFTP) server
• manual—Manually changed by CLI command
• NVRAM—Configuration file in nonvolatile RAM (NVRAM)
• IPCP—ip address negotiated command
• DHCP—ip address dhcp command
• unassigned—No IP address
• unset—Unset
• other—Unknown

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-91
 IP Addressing Commands
show ip irdp

show ip irdp
To display ICMP Router Discovery Protocol (HRDP) values, use the show ip irdp EXEC command.

show ip irdp

Syntax Description This command has no arguments or keywords.

Command Modes EXEC

Command History Release Modification

10.0 This command was introduced.

Examples The following is sample output from the show ip irdp command:
Router# show ip irdp

Ethernet 0 has router discovery enabled

Advertisements will occur between every 450 and 600 seconds.

Advertisements are valid for 1800 seconds.
Default preference will be 100.
--More--
Serial 0 has router discovery disabled
--More--
Ethernet 1 has router discovery disabled

As the display shows, show ip irdp output indicates whether router discovery has been configured for
each router interface, and it lists the values of router discovery configurables for those interfaces on
which router discovery has been enabled. Explanations for the less obvious lines of output in the display
are as follows:
Advertisements will occur between every 450 and 600 seconds.

This indicates the configured minimum and maximum advertising interval for the interface.
Advertisements are valid for 1800 seconds.

This indicates the configured holdtime values for the interface.

Default preference will be 100.

This indicates the configured (or in this case default) preference value for the interface.

Related Commands Command Description

ip irdp Enables IRDP processing on an interface.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-92
 IP Addressing Commands
show ip masks

show ip masks
To display the masks used for network addresses and the number of subnets using each mask, use the
show ip masks EXEC command.

show ip masks address

Syntax Description address Network address for which a mask is required.

Command Modes EXEC

Command History Release Modification

10.0 This command was introduced.

Usage Guidelines The show ip masks command is useful for debugging when a variable-length subnet mask (VLSM) is
used. It shows the number of masks associated with the network and the number of routes for each mask.

Examples The following is sample output from the show ip masks command:
Router# show ip masks 131.108.0.0

Mask Reference count

255.255.255.255 2
255.255.255.0 3
255.255.0.0 1

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-93
 IP Addressing Commands
show ip nat statistics

show ip nat statistics

To display Network Address Translation (NAT) statistics, use the show ip nat statistics EXEC
command.

show ip nat statistics

Syntax Description This command has no arguments or keywords.

Command Modes EXEC

Command History Release Modification

11.2 This command was introduced.

Examples The following is sample output from the show ip nat statistics command:
Router# show ip nat statistics

Total translations: 2 (0 static, 2 dynamic; 0 extended)

Outside interfaces: Serial0
Inside interfaces: Ethernet1
Hits: 135 Misses: 5
Expired translations: 2
Dynamic mappings:
-- Inside Source
access-list 1 pool net-208 refcount 2
pool net-208: netmask 255.255.255.240
start 171.69.233.208 end 171.69.233.221
type generic, total addresses 14, allocated 2 (14%), misses 0

Table 7 describes the significant fields shown in the display.

Table 7 show ip nat statistics Field Descriptions

Field Description
Total translations Number of translations active in the system. This number is
incremented each time a translation is created and is decremented
each time a translation is cleared or times out.
Outside interfaces List of interfaces marked as outside with the ip nat outside
command.
Inside interfaces List of interfaces marked as inside with the ip nat inside command.
Hits Number of times the software does a translations table lookup and
finds an entry.
Misses Number of times the software does a translations table lookup, fails
to find an entry, and must try to create one.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-94
 IP Addressing Commands
show ip nat statistics

Table 7 show ip nat statistics Field Descriptions (continued)

Field Description
Expired translations Cumulative count of translations that have expired since the router
was booted.
Dynamic mappings Indicates that the information that follows is about dynamic
mappings.
Inside Source The information that follows is about an inside source translation.
access-list Access list number being used for the translation.
pool Name of the pool (in this case, net-208).
refcount Number of translations using this pool.
netmask IP network mask being used in the pool.
start Starting IP address in the pool range.
end Ending IP address in the pool range.
type Type of pool. Possible types are generic or rotary.
total addresses Number of addresses in the pool available for translation.
allocated Number of addresses being used.
misses Number of failed allocations from the pool.

Related Commands Command Description

clear ip nat translation Clears dynamic NAT translations from the translation table.
ip nat Designates that traffic originating from or destined for the interface
is subject to NAT.
ip nat inside destination Enables NAT of the inside destination address.
ip nat inside source Enables NAT of the inside source address.
ip nat outside source Enables NAT of the outside source address.
ip nat pool Defines a pool of IP addresses for NAT.
ip nat service Changes the amount of time after which NAT translations time out.
show ip nat translations Displays active NAT translations.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-95
 IP Addressing Commands
show ip nat translations

show ip nat translations

To display active Network Address Translation (NAT) translations, use the show ip nat translations
EXEC command.

show ip nat translations [verbose]

Syntax Description verbose (Optional) Displays additional information for each translation table entry,
including how long ago the entry was created and used.

Command Modes EXEC

Command History Release Modification

11.2 This command was introduced.

Examples The following is sample output from the show ip nat translations command. Without overloading, two
inside hosts are exchanging packets with some number of outside hosts.
Router# show ip nat translations

Pro Inside global Inside local Outside local Outside global

--- 171.69.233.209 192.168.1.95 --- ---
--- 171.69.233.210 192.168.1.89 --- --

With overloading, a translation for a Domain Name Server (DNS) transaction is still active, and
translations for two Telnet sessions (from two different hosts) are also active. Note that two different
inside hosts appear on the outside with a single IP address.
Router# show ip nat translations

Pro Inside global Inside local Outside local Outside global

udp 171.69.233.209:1220 192.168.1.95:1220 171.69.2.132:53 171.69.2.132:53
tcp 171.69.233.209:11012 192.168.1.89:11012 171.69.1.220:23 171.69.1.220:23
tcp 171.69.233.209:1067 192.168.1.95:1067 171.69.1.161:23 171.69.1.161:23

The following is sample output that includes the verbose keyword:

Router# show ip nat translations verbose

Pro Inside global Inside local Outside local Outside global

udp 171.69.233.209:1220 192.168.1.95:1220 171.69.2.132:53 171.69.2.132:53
create 00:00:02, use 00:00:00, flags: extended
tcp 171.69.233.209:11012 192.168.1.89:11012 171.69.1.220:23 171.69.1.220:23
create 00:01:13, use 00:00:50, flags: extended
tcp 171.69.233.209:1067 192.168.1.95:1067 171.69.1.161:23 171.69.1.161:23
create 00:00:02, use 00:00:00, flags: extended

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-96
 IP Addressing Commands
show ip nat translations

Table 8 describes the significant fields shown in the display.

Table 8 show ip nat translations Field Descriptions

Field Description
Pro Protocol of the port identifying the address.
Inside global The legitimate IP address that represents one or more inside local IP
addresses to the outside world.
Inside local The IP address assigned to a host on the inside network; probably not
a legitimate address assigned by the NIC or service provider.
Outside local IP address of an outside host as it appears to the inside network;
probably not a legitimate address assigned by the NIC or service
provider.
Outside global The IP address assigned to a host on the outside network by its owner.
create How long ago the entry was created (in hours:minutes:seconds).
use How long ago the entry was last used (in hours:minutes:seconds).
flags Indication of the type of translation. Possible flags are:
• extended—Extended translation
• static—Static translation
• destination—Rotary translation
• outside—Outside translation
• timing out—Translation will no longer be used, due to a TCP
finish (FIN) or reset (RST) flag.

Related Commands Command Description

clear ip nat translation Clears dynamic NAT translations from the translation table.
ip nat Designates that traffic originating from or destined for the interface is
subject to NAT.
ip nat inside destination Enables NAT of the inside destination address.
ip nat inside source Enables NAT of the inside source address.
ip nat outside source Enables NAT of the outside source address.
ip nat pool Defines a pool of IP addresses for NAT.
ip nat service Changes the amount of time after which NAT translations time out.
show ip nat statistics Displays NAT statistics.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-97
 IP Addressing Commands
show ip nhrp

show ip nhrp
To display Next Hop Resolution Protocol (NHRP) mapping information, use the show ip nhrp command
in user EXEC or privileged EXEC mode.

show ip nhrp [dynamic | incomplete | static] [address | interface] [brief | detail] [purge]

Syntax Description dynamic (Optional) Displays dynamic (learned) IP-to-nonbroadcast multiaccess address
(NBMA) mapping entries. Dynamic NHRP mapping entries are obtained from
NHRP resolution/registration exchanges. See Table 1 for types, number ranges,
and descriptions.
incomplete (Optional) Displays information about NHRP mapping entries for which the
IP-to-NBMA is not resolved. See Table 1 for types, number ranges, and
descriptions.
static (Optional) Displays static IP-to-NBMA address mapping entries. Static NHRP
mapping entries are configured using the ip nhrp map command. See Table 1
for types, number ranges, and descriptions.
address (Optional) Displays NHRP mapping entries for specified protocol addresses.
interface (Optional) Displays NHRP mapping entries for the specified interface. See
Table 1 for types, number ranges, and descriptions.
brief (Optional) Displays a short output of the NHRP mapping.
detail (Optional) Displays detailed information about NHRP mapping.
purge (Optional) Displays NHRP purge information.

Command Modes User EXEC

Privileged EXEC

Command History Release Modification

10.3 This command was introduced.

Usage Guidelines Table 1 lists the valid types, number ranges, and descriptions for the optional interface argument.

Note The valid types can vary according to the platform and interfaces on the platform.

Table 9 Valid Types, Number Ranges, and Interface Description

Valid Types Number Ranges Interface Descriptions

async 1 Async
atm 0 to 6 ATM
bvi 1 to 255 Bridge-Group Virtual
Interface

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-98
 IP Addressing Commands
show ip nhrp

Table 9 Valid Types, Number Ranges, and Interface Description (continued)

Valid Types Number Ranges Interface Descriptions

cdma-ix 1 CDMA Ix
ctunnel 0 to 2147483647 C-Tunnel
dialer 0 to 20049 Dialer
ethernet 0 to 4294967295 Ethernet
fastethernet 0 to 6 FastEthernet IEEE 802.3
lex 0 to 2147483647 Lex
loopback 0 to 2147483647 Loopback
mfr 0 to 2147483647 Multilink Frame Relay bundle
multilink 0 to 2147483647 Multilink-group
null 0 Null
port-channel 1 to 64 Port channel
tunnel 0 to 2147483647 Tunnel
vif 1 PGM multicast host
virtual-ppp 0 to 2147483647 Virtual PPP
virtual-template 1 to 1000 Virtual template
virtual-tokenring 0 to 2147483647 Virtual Token Ring
xtagatm 0 to 2147483647 Extended tag ATM

Examples The following is sample output from the show ip nhrp detail command:
Router# show ip nhrp detail

10.1.1.1/8 via 10.2.1.1, Tunnel1 created 00:46:29, never expire

Type: static, Flags: used
NBMA address: 10.12.1.1
10.1.1.2/8 via 10.2.1.2, Tunnel1 created 00:00:12, expire 01:59:47
Type: dynamic, Flags: authoritative unique nat registered used
NBMA address: 10.12.1.2
10.1.1.4, Tunnel1 created 00:00:07, expire 00:02:57
Type: incomplete, Flags: negative
Cache hits: 4

Table 10 describes the significant fields shown in the displays.

Table 10 show ip nhrp Field Descriptions

Field Description
10.1.1.1/8 Target network.
via 10.2.1.1 Next Hop to reach the target network.
Tunnel1 Interface through which the target network is reached.
created 00:00:12 Length of time since the entry was created
(hours:minutes:seconds).

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-99
 IP Addressing Commands
show ip nhrp

Table 10 show ip nhrp Field Descriptions (continued)

Field Description
expire 01:59:47 Time remaining until the entry expires
(hours:minutes:seconds).
never expire Indicates that static entries never expire.
Type • dynamic—NHRP mapping is obtained dynamically. The
mapping entry is created using information from the NHRP
resolution and registrations.
• static—NHRP mapping is configured statically. Entries
configured by the ip nhrp map command are marked
static.
• incomplete—The NBMA address is not known for the
target network.
NBMA address Nonbroadcast multiaccess address of the next hop. The address
format is appropriate for the type of network being used: ATM,
Ethernet, Switched Multimegabit Data Service (SMDS), or
multipoint tunnel.
Flags • authoritative—Indicates that the NHRP information was
obtained from the Next Hop Server or router that maintains
the NBMA-to-IP address mapping for a particular
destination.
• implicit—Indicates that the local node learned about the
NHRP mapping entries through the source NHRP mapping
information from an NHRP resolution request or reply.
• local—Indicates NHRP mapping entries that are for
networks local to this router (that is, serviced by this
router). These flag entries are created when this router
answers an NHRP resolution request that has this
information and is used to store the tunnel IP address of all
the other NHRP nodes to which it has sent this information.
If for some reason this router loses access to this local
network (that is, it can no longer service this network), it
sends an NHRP purge message to all remote NHRP nodes
that are listed in the “local” entry (in show ip nhrp detail
command output) to tell the remote nodes to clear this
information from their NHRP mapping tables. This local
mapping entry times out of the local NHRP mapping
database at the same time that this information (from the
NHRP resolution reply) would time out of the NHRP
mapping database on the remote NHRP nodes.
• nat—Indicates that the remote node (NHS client) supports the
new NHRP NAT extension for dynamic spoke-spoke tunnels
to/from spokes behind a NAT router. This marking does not
indicate that the spoke (NHS client) is behind a NAT router.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-100
 IP Addressing Commands
show ip nhrp

Table 10 show ip nhrp Field Descriptions (continued)

Field Description
Flags (continued) • negative—For negative caching, indicates that the
requested NBMA mapping could not be obtained.
• (no socket)—Indicates that the NHRP mapping entries will
not trigger IPsec to set up encryption because data traffic
does not need to use this tunnel. Later, if data traffic needs
to use this tunnel, the flag will change from a “(no socket)”
to a “(socket)” entry and IPsec will be triggered to set up
the encryption for this tunnel. Local and implicit NHRP
mapping entries are always initially marked as “(no
socket).”
• registered—Indicates that the mapping entry was created in
response to an NHRP registration request. Although
registered mapping entries are dynamic entries, they may
not be refreshed through the “used” mechanism. Instead,
these entries are refreshed by another NHRP registration
request with the same Tunnel IP to NBMA IP address
mapping. The Next Hop Client (NHC) regularly sends NHRP
registration requests to keep these mappings from expiring.
• router—Indicates that NHRP mapping entries for a remote
router (that is accessing a network or host behind the
remote router) are marked with the router flag.
• unique—Indicates that an NHRP mapping entry cannot be
overwritten by a mapping entry that has the same IP
address and a different NBMA address. This prohibition is
necessary because the spoke’soutside IP (NBMA) address
may change at any time. If the unique flag is set, the spoke has
to wait for the mapping entry on the hub to time out before it
can register its new (NBMA) mapping. The NHRP
registration request packet has the unique flag set by default.
• used—Indicates that the mapping entry is being used. The
mapping database is checked every 60 seconds. If the used
flag is set and more than 120 seconds remain until expire time,
the used flag is cleared. If fewer than 120 seconds are left, this
mapping entry is refreshed by the transmission of another
NHRP resolution request.

Related Commands Command Description

ip nhrp map Statically configures the IP-to-NBMA address mapping of IP destinations
connected to an NBMA network.
show ip nhrp multicast Displays NHRP multicast mapping information.
show ip nhrp nhs Displays NHRP Next Hop Server information.
show ip nhrp summary Displays NHRP mapping summary information.
show ip nhrp traffic Displays NHRP traffic statistics.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-101
 IP Addressing Commands
show ip nhrp nhs

show ip nhrp nhs

To display Next Hop Resolution Protocol (NHRP) next hop server (NHS) information, use the show ip
nhrp nhs command in user EXEC or privileged EXEC mode.

show ip nhrp nhs [interface] [detail]

Syntax Description interface (Optional) Displays NHS information currently configured on the interface. See
Table 9 for types, number ranges, and descriptions.
detail (Optional) Displays detailed NHS information.

Command Modes User EXEC

Privileged EXEC

Command History Release Modification

10.3 This command was introduced.

Usage Guidelines Table 11 lists the valid types, number ranges, and descriptions for the optional interface argument.

Note The valid types can vary according to the platform and interfaces on the platform.

Table 11 Valid Types, Number Ranges, and Interface Descriptions

Valid Types Number Ranges Interface Descriptions

async 1 Async
atm 0 to 6 ATM
bvi 1 to 255 Bridge-Group Virtual
Interface
cdma-ix 1 CDMA Ix
ctunnel 0 to 2147483647 C-Tunnel
dialer 0 to 20049 Dialer
ethernet 0 to 4294967295 Ethernet
fastethernet 0 to 6 FastEthernet IEEE 802.3
lex 0 to 2147483647 Lex
loopback 0 to 2147483647 Loopback
mfr 0 to 2147483647 Multilink Frame Relay bundle
multilink 0 to 2147483647 Multilink-group
null 0 Null

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-102
 IP Addressing Commands
show ip nhrp nhs

Table 11 Valid Types, Number Ranges, and Interface Descriptions (continued)

Valid Types Number Ranges Interface Descriptions

port-channel 1 to 64 Port channel
tunnel 0 to 2147483647 Tunnel
vif 1 PGM multicast host
virtual-ppp 0 to 2147483647 Virtual PPP
virtual-template 1 to 1000 Virtual template
virtual-tokenring 0 to 2147483647 Virtual Token Ring
xtagatm 0 to 2147483647 Extended tag ATM

Examples The following is sample output from the show ip nhrp nhs detail command:
Router# show ip nhrp nhs detail

Legend:
E=Expecting replies
R=Responding

Tunnel1:
5.1.1.1 E req-sent 128 req-failed 1 repl-recv 0

Pending Registration Requests:

Registration Request: Reqid 1, Ret 64 NHS 5.1.1.1

Table 12 describes the significant field shown in the display.

Table 12 show ip nhrp nhs Field Descriptions

Field Description
Tunnel1 Interface through which the target network is reached.

Related Commands Command Description

ip nhrp map Statically configures the IP-to-NBMA address mapping of IP destinations
connected to an NBMA network.
show ip nhrp Displays NHRP mapping information.
show ip nhrp summary Displays NHRP mapping summary information.
show ip nhrp traffic Displays NHRP traffic statistics.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-103
 IP Addressing Commands
show ip nhrp traffic

show ip nhrp traffic

To display Next Hop Resolution Protocol (NHRP) traffic statistics, use the show ip nhrp traffic EXEC
command.

show ip nhrp traffic

Syntax Description This command has no arguments or keywords.

Command Modes EXEC

Command History Release Modification

10.3 This command was introduced.

Examples The following is sample output from the show ip nhrp traffic command:
Router# show ip nhrp traffic

Tunnel0
request packets sent: 2
request packets received: 4
reply packets sent: 4
reply packets received: 2
register packets sent: 0
register packets received: 0
error packets sent: 0
error packets received: 0

Table 13 describes the significant fields shown in the display.

Table 13 show ip nhrp traffic Field Descriptions

Field Description
Tunnel 0 Interface type and number.
request packets sent Number of NHRP request packets originated from this
station.
request packets received Number of NHRP request packets received by this station.
reply packets sent Number of NHRP reply packets originated from this station.
reply packets received Number of NHRP reply packets received by this station.
register packets sent Number of NHRP register packets originated from this
station. Currently, our routers and access servers do not send
register packets, so this value is 0.
register packets received Number of NHRP register packets received by this station.
Currently, our routers or access servers do not send register
packets, so this value is 0.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-104
IP Addressing Commands
show ip nhrp traffic

Table 13 show ip nhrp traffic Field Descriptions (continued)

Field Description
error packets sent Number of NHRP error packets originated by this station.
error packets received Number of NHRP error packets received by this station.

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-105
 IP Addressing Commands
term ip netmask-format

term ip netmask-format
To specify the format in which netmasks are displayed in show command output, use the
term ip netmask-format EXEC command. To restore the default display format, use the no form of this
command.

term ip netmask-format {bitcount | decimal | hexadecimal}

no term ip netmask-format [bitcount | decimal | hexadecimal]

Syntax Description bitcount Number of bits in the netmask.

decimal Netmask dotted decimal notation.
hexadecimal Netmask hexadecimal format.

Defaults Netmasks are displayed in dotted decimal format.

Command Modes EXEC

Command History Release Modification

10.3 This command was introduced.

Usage Guidelines IP uses a 32-bit mask that indicates which address bits belong to the network and subnetwork fields, and
which bits belong to the host field. This range of IP addresses is called a netmask. By default, show
commands display an IP address and then its netmask in dotted decimal notation. For example, a subnet
would be displayed as 131.108.11.55 255.255.255.0.
However, you can specify that the display of the network mask appear in hexadecimal format or bit count
format instead. The hexadecimal format is commonly used on UNIX systems. The previous example
would be displayed as 131.108.11.55 0XFFFFFF00.
The bitcount format for displaying network masks is to append a slash (/) and the total number of bits in
the netmask to the address itself. The previous example would be displayed as 131.108.11.55/24.

Examples The following example specifies that network masks for the session be displayed in bitcount notation in
the output of show commands:
term ip netmask-format bitcount

Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services

IP1R-106