Chapter 5. Interface Commands
Interface configuration is one of the most fundamental aspects of getting a router online. There are many kinds of interfaces, corresponding to different physical media and lower-level protocols; some of the interface types are listed in Table 5-1. For the most part, each media type has its own configuration commands, although a few commands are common to all interfaces. The interface is where much of IP configuration takes place: it's where you set addresses and netmasks and specify how the interface interacts with the routing protocol you have chosen.Table 5-1. Interface types
Type / Descriptionasync / Async lines are for modem dial-in and dial-out connections. The AUX port is an async line. Terminal servers have numerous async lines for modem connections.
atm / ATM (Asynchronous Transfer Mode) interfaces are used for connections to an ATM switch. This includes DSL connections.
serial / Serial ports are often connected to CSU/DSUs for point-to-point leased lines (56k, T1, etc.).
ethernet / Ethernet ports supporting 10 megabits/second.
fastethernet / Ethernet ports supporting 10 and 100 megabits/second.
bri / BRI (Basic Rate Interface) for ISDN (2B + D service).
tokenring / Token ring network interfaces.
fddi / Fiber Distributed Data Interconnect.
hub / A hub that is built into the router and treated as an interface.
hssi / High-Speed Serial Interface. Supports speeds up to 52 Mbps.
loopback / A virtual interface on the router.
null / Bit bucket interface. Anything sent to this interface is discarded. Used for simple route filtering.
pos / Packet over Sonet interfaces.
vlan / Virtual LAN interfaces.
5.1. Naming and Numbering Interfaces
Interfaces are configured by the interfacecommand, followed by an interface name, followed by a port number. The space between the interface name and the port number is optional. For example:
interface serial 0 Serial port 0
interface serial 1 Serial port 1
interface ethernet 0 Ethernet port 0
interface ethernet 1 Ethernet port 1
On high-end routers, the interface cards are in slots; each slot has a series of ports. To specify these interfaces, use the slot/port naming scheme. For example, the Ethernet interface on port 5 of the card in slot 4 would be called:
interface ethernet 4/5
The interface command is followed by other commands that perform the actual configuration. If you're entering commands at the console, the interface command changes the prompt to Router(config-if)#.
VIP2 (Versatile Interface Processor) cards have two Ethernet ports per card. To accommodate these cards, use the syntax card/slot/port to specify a particular Ethernet interface. For example, Fast Ethernet card 2 on slot 1 on port 0 would be called:
interface fastethernet 2/1/0
5.2. Basic Interface Configuration Commands
The following basic commands apply to just about any type of interface.
5.2.1. shutdown
The shutdowncommand disables an interface. The interface does not transmit packets after it has been shut down; all routing protocols are informed that the interface is unavailable.
interface serial0
shutdown
Use the no shutdown command to restart an interface that has been shut down:
Router#config terminal
Router(config)#interface serial 0
Router(config-if)#no shutdown
There can be side effects to an interface shutdown. The nature of these side effects depends on the interface type. Table 5-2 shows some of the possible side effects.
Table 5-2. Possible side effects of an interface shutdown
Interface / Side effect of a shutdownEthernet / Drops link-status indicator to the remote hub or switch
Serial / Drops DTR signal
FDDI / Activates optical bypass switch
Token ring / Removes interface from the token ring
The shutdown command can also be applied to a subinterface. In this case, it stops protocol processing on that subinterface without affecting the other subinterfaces or dropping the entire interface.
5.2.2. Interface Descriptions
An interface's description shows up in the router's configuration and in the output from the showinterfaces command. This description is for informational purposes only; it helps you remember the configuration of the interface. For example:
interface serial0
description T1 Connection to Baltimore (Good place to document the circuit id!)
Use the no form of this command to remove the description:
no description
5.2.3. Setting the IP Address and Subnet Mask
Setting the IP address on an interface is fairly simple: use the ipaddress command, followed by the address and the subnet mask. For example:
interface ethernet0
ip address 10.10.1.65 255.255.255.224
This command sets the interface IP address to 10.10.1.65 and the subnet mask to 255.255.255.224.
5.2.3.1 Secondary IP address(es)
The secondarykeyword allows an interface to have more than one IP address. You can have as many secondary addresses as you like, but keep in mind that each will take processing power and will have an effect on the router. If you are using more than one secondary address, chances are you are doing something wrong with your network configuration.
For example, suppose we had an Ethernet segment with a 255.255.255.224 subnet, which allows 30 hosts per subnet, as in Figure 5-1 (before). Everything is working fine. Then one day your boss comes in and tells you to add 30 more hosts on the segment. The bad news is that there are no more Ethernet ports on your router and you need to add the new machine's addresses today.
Figure 5-1. Using a secondary IP address
After a few minutes of panic, you weigh your options. One is to resubnet the network. You would then need to change the subnet masks on every machine, which is time-consuming. Even if you are using DHCP, a massive network reorganization is bound to be time-consuming and disruptive for your users.
The second, easier option is to add another subnet to the Ethernet segment by using the secondary command. In the old configuration, the original subnet was 10.10.1.64 with 30 hosts. In the new configuration, we add a second subnet, 10.10.1.96, to the segment:
interface ethernet0
ip address 10.10.1.65 255.255.255.224
ip address 10.10.1.97 255.255.255.224 secondary
Initially, the interface was assigned the address 10.10.1.65; we could assign .66 through .94 to hosts on the segment (.95 is reserved for broadcasts). After adding the .96 subnet, we can assign addresses 10.10.1.98 through 10.10.1.126 as well; .97 is assigned to the ethernet0 interface as its secondary address. We can go a step further and add yet another subnet, 10.10.1.128, by assigning 10.10.1.129 as an additional secondary address. This gives us a total of three subnets. We can add as many secondary addresses as we want.
interface ethernet 0
ip address 10.10.1.65 255.255.255.224
ip address 10.10.1.97 255.255.255.224 secondary
ip address 10.10.1.129 255.255.255.224 secondary
Some pitfalls with secondary addresses are:
- Secondary IP addresses are not supported by OSPF.
- Routing updates are not sent out to secondary subnets due to split horizon. For a definition of split horizon and how it relates to routing, see Chapter 8. However, split horizon can be disabled.
- Too many secondary IP addresses often means you are doing something wrong with your network design.
- Host broadcasts may or may not be heard by hosts on the other subnets, depending on the broadcast address used by the host and the hosts' implementations.
5.2.4. Other Common Interface Commands
You will encounter the following commands frequently as you work with interfaces on Cisco routers:
bandwidth
The bandwidthcommand does not have anything to do with configuring the speed of an interface. Rather, it defines the interface speed for calculating routing metrics and other purposes. You would use this command to tell the router the interface's actual speed if for some reason the default bandwidth was not correct (for example, for a fractional T1 line, the router will use the speed of a full T1 as the default bandwidth), or to "lie" about an interface's bandwidth to influence route metric calculations and steer traffic in a particular direction. Obviously, giving the router incorrect information about an interface's bandwidth is an iffy proposition, but there are times when that's the easiest way to achieve the result you want.
ipdirected-broadcasts
A directed broadcast is a broadcast that is sent to a specific network or set of networks. They are frequently used in denial-of-service attacks, in which someone outside your network tries to overwhelm it with illegitimate traffic. To reduce your vulnerability to such attacks, Cisco routers drop directed broadcasts by default. To enable forwarding of directed broadcasts, use the ipdirected-broadcasts command.
ipproxy-arp
Enabling proxy ARP on an interface allows the router to respond to ARP requests for hosts that it knows about, but that aren't directly reachable by the host making the ARP request. If the router receives an ARP request for a host and the router has a route to that host, the router sends an ARP response with its own data link address to the requestor. The requesting host then sends packets to the router, who in turn forwards them on to the correct destination host.
For example, a host connected via a PPP dial-up link won't be visible to hosts connected to the router via an Ethernet. If a host on an Ethernet sends an ARP request for a host connected via PPP, the router will respond to the ARP request on behalf of the PPP host, listing its own Ethernet address as the destination. The router then takes responsibility for forwarding the packets to the PPP host.
ipsource-route
Source routing allows packets to include their own routing information in their headers. This feature is often abused. Source routing is enabled by default but is frequently disabled using the command no ip source-route.
ipunreachables
This command enables the generation of ICMP protocol unreachable messages (the default). These messages are generated when the router receives a nonbroadcast message for a protocol it doesn't recognize. This command is usually used in its negative form (noipunreachables) and is often used on the null interface.
Now let's look at some of the specific interface types you're likely to encounter.
5.3. The Loopback Interface
The loopback interface is a virtual interface that is always up and available after it has been configured. Note that the loopback interface is not tied to the address 127.0.0.1. It's an interface like any other, and can be assigned its own address. A loopback interface is often used as a termination address for some routing protocols, because it never goes down.
Another common use of a loopback address is to identify a router. For example, say you want to find out whether a particular router is up. You know that the router has an ethernet0 interface with an IP address of 10.10.1.1. You ping 10.10.1.1 and don't get a response. Does this mean your router is down? It's possible that the router is up and that the ping reached the router on another interface, but you didn't receive a response because ethernet0 is down. To find out unambiguously whether the router is alive, you have to ping another interface. But that interface might be down, causing the same scenario to occur. To avoid this problem, you can configure the router's loopback interface with a unique address. Then, when you want to telnet or ping your router, use the loopback interface's IP address. This method ensures that you will get a response no matter how your packets reach the router.
Here's how to assign an IP address to a loopback interface:
interface loopback 0
ip address 10.10.1.2 255.255.255.255
Other ways to use the loopback interface include:
- Using the unnumberedcommand on serial links mixed with the loopback interface to eliminate wasted IP addresses on serial links.
- Various routing protocols, such as OSPF and BGP, make use of a router ID, which should be the address of a link that is always up. The loopback interface is great for this purpose. (OSPF and BGP are discussed in Chapter 9 and Chapter 10, respectively.)
- Use the address of a loopback interface as the IP address for all management software. The management software will test whether the router is alive by pinging the loopback interface's IP address.
5.5. Ethernet and Fast Ethernet Interfaces
Give an Ethernet or Fast Ethernet interface an IP address, and it's ready to go. It's a good idea to give the interface a description, but that's not required. Also, as with all interfaces, don't forget the noshutdown command. For Fast Ethernet interfaces, you can also specify the interface speed and whether it's operating at full or half duplex:interface Ethernet0
description Internal Office Network
ip address 10.10.1.1 255.255.255.248
no shutdown
interface FastEthernet1
description Fast Network for fileservers
ip address 10.10.1.17 255.255.255.248
! Set the speed to 100 (which is the default)
speed 100
! Set the duplex to full
duplex full
no shutdown
5.5.1. Ethernet Encapsulation
By default, an Ethernet uses ARPA encapsulation (standard Ethernet Version 2.0). However, you can specify another encapsulation type using the encapsulation command. For example:interface ethernet 0
encapsulation arpa
ip address 10.10.1.10 255.255.255.248
The possible encapsulation types are shown in Table 5-3.
Table 5-3. Ethernet encapsulation types
Keyword / Encapsulation typearpa / Standard Ethernet Version 2.0
isol / IEEE 802.3 Encapsulation
snap / IEEE 803.3 Encapsulation per RFC 1042
All the devices connected to an Ethernet must share the same encapsulation type; if they do not, they will not be able to communicate. If you're not sure of the encapsulation type, you're probably using ARPA.
5.10. Interface show Commands
The router keeps track of lots of information about its interfaces: the number of packets sent, the number of errors, addresses, etc. You can get most of this information by using one of the show commands.5.10.1. Clearing the show Command Counters
Much of the information the router tracks is numeric: for example, running counts of the number of packets that went out the interface and related items. These counters aren't particularly meaningful unless you know when the counter started counting. To clear the counters that are displayed in the showinterface commands, use the clear counters command. This command does not clear the values that are retrieved from SNMP commands, but only the values reported by the show commands discussed in this section. Here are some typical clearcounters commands:Router#clear counters ethernet0
Router#clear counters serial0
Router#clear counters
The first two commands clear the counters for a specific interface; the last command clears the counters for all the interfaces.
/ All counters are unsigned long integers, which means they can go up to about 4 billion before they roll over to 0 (2^32 - 1).
5.10.2. Listing All Interfaces
If you don't know what physical interfaces are available on your router, use the show version command. You'll find a list of interfaces at the end of its output. Here's what happens on a Cisco 2524:Router>show version
...
cisco 2524 (68030) processor (revision J) with 6144K/2048K bytes of memory.
Processor board ID 08291960, with hardware revision 00000000
Bridging software.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
1 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
FT1 CSU/DSU for Serial Interface 0
No module installed for Serial Interface 1
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read ONLY)
This router has one Ethernet port, two serial ports, and one built-in CSU/DSU installed on serial interface 0.
5.10.3. Using the show interface Commands
The showinterface command displays protocol-specific statistics for the interface. All interfaces report both generic information and media-specific information. For example, here's what you get if you ask for information about an Ethernet segment:Router>show interface ethernet0
Ethernet0 is up, line protocol is up
Hardware is Lance, address is 0010.7b39.e28e (bia 0010.7b39.e28e)
Description: Office Ethernet segment
Internet address is 10.10.1.1/29
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 2000 bits/sec, 3 packets/sec
5 minute output rate 17000 bits/sec, 3 packets/sec
11938498 packets input, 4102863937 bytes, 0 no buffer
Received 60515 broadcasts, 0 runts, 0 giants, 0 throttles
8 input errors, 0 CRC, 0 frame, 0 overrun, 8 ignored, 0 abort
0 input packets with dribble condition detected
12556989 packets output, 1981671402 bytes, 0 underruns
0 output errors, 11702 collisions, 1 interface resets
0 babbles, 0 late collision, 20150 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Table 5-5 shows how to interpret this information.
Table 5-5. Information from a show interface command
Field / MeaningUp/down / Whether the interface is up and configured. If the interface is administratively down, the shutdown command has been applied to this interface. If the interface is down, it is not receiving any signal from the attached network cable.
Line protocol / Whether the encapsulation protocol is up or down for this interface. If your interface is up but the line protocol is down, check the encapsulation or see if the line has been unplugged.
Hardware / The type of interface (serial, Ethernet, etc.).
Internet address / The IP address and subnet mask for this interface.
MTU / The Maximum Transmission Unit for this interface (the maximum frame/packet size).
BW / The bit rate in kbps (default is 1544 for serial, 10000 for Ethernet). This value is actually the setting from the interface's bandwidth command, which is used in route metric calculations but has no other impact on the router. In particular, this value has nothing to do with the actual speed at which data is transferred.
DLY / The expected delay for a packet traversing this interface. Like the bandwidth, this parameter is used only for IGRP/EIGRP route metric calculations. Its value can be set with the delay interface command.
Rely / The reliability of this link, as a number between 1 and 255. The value 255/255 indicates that the link is 100% reliable.