|
|
This chapter lists and describes the commands that can be configured in the Cisco DistributedDirector. Summary information for Cisco IOS commands mentioned in appendixes of this guide is provided at the end of this chapter.
Table 10-1 contains a summary of commands and record formats for the Director system.
| Command or Record | Description |
|---|---|
| Configuring the DRP Server Agent | |
| ip drp server | Turn on the DRP agent. The no form of this command turns off the DRP agent. |
| ip drp access-group access-list-number | Enable an access list for DRP. The no form of this command disables the access list. |
| ip drp authentication key-chain key-chain-name | Enable the DRP authentication key chain. The no form of this command disables the key chain. |
| show ip drp | Show configuration information. |
| Configuring the Director (DNS caching name server mode) | |
| ip name-server DNS-server-IP-address | Specify the private DNS server that the Director should send requests to. The no form of this command stops the Director from sending requests to this DNS server. |
| ip director default-weights {[drp-int n] [drp-ext n] [drp-ser n] [random n] [admin n]} | Configure default weight metrics. The no form of this command removes default weight information for one or more metrics. |
| ip director server {hostname | host-ip-address} preference [cost] | Specify a simple preference of one server over another (called the administrative metric). Zero for cost means the host will never be selected, so you can use the command to take a host out-of-service. The no form of this command cancels any server preference. |
| ip director ttl seconds | Specify a time-to-live (TTL) value, in seconds, to be placed on all A DNS resource record replies that are sorted by the Director. The default is 0. The TTL tells clients how long to keep this information before requesting from the Director again. |
| ip director cache | Enable the Director cache (the default). The no form of this command disables the cache. The Director caches the servers it has sorted so it can respond to queries faster. |
| ip drp access-group access-list-number | Enable an access list for DRP. The no form of this command disables an access list |
| ip director access-list access-list-number [permit | deny] expression | Define an access list which specifies the host names that the Director should sort. The no form of this command removes the definition of that access list. |
| ip director access-group access-list-number | Tell the Director to use the specified access list. The no form of this command tells the Director to not use the access list. |
| ip drp authentication key-chain key-chain-name | Enable the DRP authentication key chain. The no form of this command disables the key chain. |
| Configuring the Director (HTTP session redirector mode) | |
| ip director ip-address Director-virtual-IP-address | Specify an IP address that the Director will receive HTTP requests on. The no form of this command cancels the reception of HTTP requests on this IP address. |
| ip name-server DNS-server-IP-address | Specify the DNS server that the Director should send requests to. The no form of this command tells the Director to not send requests to this DNS server. |
| ip director default-weights {[drp-int n] [drp-ext n] [drp-ser n] [random n] [admin n]} | Configure default weight metrics. |
| ip director server {hostname | host-ip-address} drp-association [name | ip-address] | Used to associate a distributed server with its DRP server agent. If you intend to configure any DRP metrics, you must associate each distributed server with its DRP server agent. |
| ip director server {hostname | host-ip-address} preference [cost] | Specify a simple preference of one server over another (called the administrative metric). Zero for cost means the host will never be selected, so you can use the command to take a host out-of-service. The no form of this command cancels any server preference. |
| ip director ttl seconds | Specify a time-to-live (TTL) value, in seconds, to be placed on all A DNS resource record replies that are sorted by the Director. The default is zero. The TTL tells clients how long to keep this information before requesting it from the Director again. |
| ip director cache | Enable the Director cache (the default). The no form of this command disables the cache. The Director caches the servers it has sorted so it can respond to queries faster. |
| ip director cache-time [seconds] | The length of time the Director will retain request and response information to DNS queries. The no form of this command returns this time to the default value, 60 seconds. |
| ip drp access-group access-list-number | Enable an access list for DRP. The no form of this command disables an access list. |
| ip director access-list access-list-number [permit | deny] expression | Define an access list which specifies the host names that the Director should sort. The no form of this command removes the definition of that access-list. |
| ip director access-group access-list-number | Tell the Director to use the specified access list. The no form of this command tells the Director to not use the access list. |
| ip drp authentication key-chain key-chain-name | Enable the DRP authentication key chain. The no form of this command disables the key chain. |
| Configuring the Primary DNS Server (ciscoDD TXT records) | |
DNS-name in txt "ciscoDD: drp-assoc distr-server-addr DRP-agent-addr [port mins]"
| Add a textual information resource record for every distributed server to associate it with its DRP server agent. This information is used for DRP internal and external metrics, and the optional information for server connection tests (a port number for making connections and interval in minutes for checking). |
DNS-name in txt "ciscoDD: server distr-server-IP-addr port-number minutes"
| Specify information for server connection tests. |
DNS-name in txt "ciscoDD: weights {[drp-int n] [drp-ext n] [drp-ser n] [random n] [admin n]}"
| Specify host-specific weights. |
DNS-name in txt "ciscoDD: priority {[drp-int n] [drp-ext n] [drp-ser n] [random n] [admin n]}"
| Specify priority. |
| Showing Information about the Director | |
| show ip drp | Show DRP status. |
| show ip director | Show Director status. |
| show ip director access-list [number] | Show Director access lists. |
| show ip director cache | Show Director cache information. |
| show ip director default-weights | Show Director default weights. |
| show ip director hosts [host] | Show Director host(s) information |
| show ip director servers [name | ip-address] | Show Director server information. |
| Taking a Host Out-of-Service | |
| ip director server {hostname | host-ip-address} preference [cost] | Zero for cost means the host will never be selected, so you can use the command to take a host out-of-service. The no form of this command cancels any host preference. |
| Clearing Director Information | |
| clear ip drp | Clear DRP counters. |
| clear ip director cache | Clear Director cache entries. |
| clear ip director counters | Clear Director counters. |
| clear ip director servers [name | ip-address] | Clear Director server connection information. |
| Debugging | |
| debug ip drp | Show debugging information for the DRP protocol. |
| debug ip director | Show debugging information for the Director. |
| debug ip director parse | Show debugging information for Director parsing of TXT information. |
| debug ip director queries | Show debugging information for DRP queries the Director sends out. |
| debug ip director sort | Show debugging information for Director IP address sorting. |
To define a standard IP access list, use the standard version of the access-list global configuration command. To remove a standard access lists, use the no form of this command.
access-list access-list-number {deny | permit} source [source-wildcard]| access-list-number | Number of an access list. This is a decimal number from 1 through 99. |
| deny | Denies access if the conditions are matched. |
| permit | Permits access if the conditions are matched. |
| source | Number of the network or host from which the packet is being sent. There are two alternative ways to specify the source:
|
|
source-wildcard | (Optional) Wildcard bits to be applied to the source. There are two alternative ways to specify the source wildcard:
|
The access list defaults to an implicit deny statement for everything. The access list is always terminated by an implicit deny statement for everything.
Global configuration
Plan your access conditions carefully and be aware of the implicit deny statement at the end of the access list.
You can use access lists to control the transmission of packets on an interface, control virtual terminal line access, and restrict the contents of routing updates.
Use the show access-lists EXEC command to display the contents of all access lists.
Use the show ip access-list EXEC command to display the contents of one access list.
The following example of a standard access list allows access for only those hosts on the three specified networks. The wildcard bits apply to the host portions of the network addresses. Any host with a source address that does not match the access list statements will be rejected.
access-list 1 permit 192.5.34.0 0.0.0.255 access-list 1 permit 128.88.0.0 0.0.255.255 access-list 1 permit 36.0.0.0 0.255.255.255 ! (Note: all other access implicitly denied)
To specify a large number of individual addresses more easily, you can omit the wildcard if it is all zeros. Thus, the following two configuration commands are identical in effect:
access-list 2 permit 36.48.0.3 access-list 2 permit 36.48.0.3 0.0.0.0
A dagger (+) indicates that the command is documented in the Cisco IOS command reference publications.
access-class+
access-list (extended)+
distribute-list in +
distribute-list out +
ip access-group+
priority-list +
queue-list +
show access-lists+
show ip access-list+
To clear the Director cache, use the clear ip director cache EXEC command:
clear ip director cacheThis command has no keywords or arguments.
EXEC
This command first appeared in Cisco IOS Release 11.1 IA.
Use this command to clear the Director cache, which contains information about previous sorting decisions. You can use this command when you want to force the Director to redefine the sorting decision for a client.
Following is an example of this command:
DD#clear ip director cache
clear ip director counters
clear ip director servers
clear ip drp
show ip director cache
To clear Director counters, use the clear ip director counters EXEC command:
clear ip director countersThis command has no keywords or arguments.
EXEC
This command first appeared in Cisco IOS Release 11.1 IA.
Use this command to reset all statistics information related to the Director.
Following is an example of this command:
DD#clear ip director counters
clear ip director cache
clear ip director servers
clear ip drp
show ip director
To clear Director server connection information, use the clear ip director servers EXEC command:
clear ip director servers [name | ip-address]| name | (Optional) Sever name. |
| ip-address | (Optional) Server IP address. |
EXEC
This command first appeared in Cisco IOS Release 11.1 IA.
This command clears the server hit counts, last hit times, server status information (whether the server is available or not), and server drp-ser metric. If no server name or IP address is specified, information for all servers is cleared.
Following is an example of this command:
DD#clear ip director servers
clear ip director cache
clear ip director counters
clear ip drp
show ip director server
To clear DRP counters, use the clear ip drp EXEC command:
clear ip drpThis command has no keywords or arguments.
EXEC
This command first appeared in Cisco IOS Release 11.1 IA.
This command clears the DRP counters for number of requests received, number of successful replies sent, and number of failures.
Following is an example of this command:
DD#clear ip drp
clear ip director cache
clear ip director counters
clear ip director servers
show ip drp
To show debugging information for the Director, use the debug ip director EXEC command:
[no] debug ip directorThis command first appeared in Cisco IOS Release 11.1 IA.
The following sample shows the output for one DRP server. The output fields are repeated for additional DRP servers.
DD#debug ip directorDIRECTOR: interesting query for "www.hacks.org"DIRECTOR: default random weight is 0DIRECTOR: default DRP route lookup external to AS weight is 0DIRECTOR: default administrative preference weight is 0DIRECTOR: default DRP route lookup internal to AS weight is 0DIRECTOR: default DRP distance to associated server weight is 0DIRECTOR_DRP: querying drp-s distance router 172.19.169.13 and server 172.19.169.99DIRECTOR_DRP: New DRP req. struct for router 172.19.169.13, max queries=10DIRECTOR_DRP: appended client 172.19.169.99 query for 172.19.169.13, total is now 1DIRECTOR: 172.19.169.99 querying administrative preferenceDIRECTOR: 172.19.169.99 querying DRP route lookup internal to ASDIRECTOR_DRP: appended client 172.19.169.15 query for 172.19.169.13, total is now 2DIRECTOR: 172.19.169.99 querying DRP distance to associated serverDIRECTOR_DRP: 2 requests sent to 172.19.169.13DIRECTOR_DRP: reply from agent 172.19.169.13DIRECTOR_DRP: reply for client 172.19.169.99 from agent 172.19.169.13 Gathering distance DRP (172.19.169.13) <-> Server (172.19.169.99)DIRECTOR_DRP: saving metric info (i=0, e=0) for server index# 0 server 172.19.169.99, rank 0, priority 101random incomplete: 0DRP route lookup external to AS complete: 0administrative preference complete: 0DRP route lookup internal to AS complete: 0DRP distance to associated server complete: 18465DIRECTOR: 172.19.169.15 request complete (best=0, outstanding=0)
Table 10-2 describes the fields shown in the display.
| Field | Description |
|---|---|
| interesting query for | The host name contained in the incoming DNS request. |
| default random weight is | The default weight setting for the random metric. |
| default DRP route lookup external to AS weight is | The default weight setting for the external (drp-ext) metric. |
| default administrative preference weight is | The default weight setting for the administrative (admin) metric. |
| default DRP route lookup internal to AS weight is | The default weight setting for the internal (drp-int) metric. |
| default DRP distance to associated server weight is | The default weights configured for the DPR server agent |
| querying drp-s distance router ... and server ... | The Director is preparing to send a query for server distance. |
| New DRP req. struct for router ..., max queries= | Putting the query into the queue for the associated router. |
| appended client ... query for ..., total is now | Adding DRP reuest to the Director's outgoing queue. |
| ... querying DRP distance to associated server | Director sending query to the DRP server agent for its associated server (drp-ser) metric. |
| ... requests sent to ... | Number of requests sent to the DRP server agent. |
| reply from agent ... | Reply received from DRP server agent. |
| reply for client ... from agent ... Gathering distance DRP (...) <-> Server (...) | Parsing DRP packet, for the number of replies. Collecting metric for the distance from the DRP server agent to its associated server. |
| saving metric info...for server index...server..., rank..., priority... | Saving metrics to the Director's cache, for the specified server. The Director assigns an index value for each server, used to identify the "best" server, later in the display. |
| random incomplete | Random metrics is configured or not. Incomplete indicates that the random metric is not configured. |
| DRP route lookup external to AS complete | External DRP metric configured, but not used in drp-ser query. It is always 0. |
| administrative preference complete | Admin metric is configured or not. Complete indicates that the admin metric is configured. |
| DRP route lookup internal to AS complete | Internal metric value for DRP server agent to the configured server (IGP). |
| DRP distance to associated server complete | This is the raw IGP metric. |
| ... request complete (best=..., outstanding=...) | After all weights and priorities are applied, the smallest value equals the best server. The number that follows "best=" is the Director's index number for that server. |
debug ip drp
debug ip director parse
debug ip director queries
debug ip director sort
To show debugging information for Director parsing of TXT information, use the debug ip director parse EXEC command:
[no] debug ip director parseThis command first appeared in Cisco IOS Release 11.1 IA.
The following sample shows the output:
DD#debug ip director parseDIRECTOR: parsing ciscoDD: priority DIRECTOR: weight/priority for random = 1 DIRECTOR: parsing ciscoDD: weight DIRECTOR: weight/priority for DRP route lookup internal to AS = 1 DIRECTOR: weight/priority for DRP route lookup external to AS = 80 DIRECTOR: parsing ciscoDD: server DIRECTOR: service for 171.69.113.50 on port 80, check interval 5
Table 10-3 describes the fields shown in the display.
| Field | Description |
|---|---|
| parsing ciscoDD: | The TXT record that is being parsed. |
| weight/priority for | The metric and the value to which its weight or priority is being set. |
| service for | A "server" record was parsed. The values for IP address, port, and connection-interval are shown. |
debug ip drp
debug ip director
debug ip director queries
debug ip director sort
To show debugging information for DRP queries that the Director sends out, use the debug ip director queries EXEC command:
[no] debug ip director queriesThis command first appeared in Cisco IOS Release 11.1 IA.
The following sample shows the output for one DRP server. The output fields are repeated for additional DRP servers.
DD#debug ip director queriesDIRECTOR_DRP: querying drp-s distance router 172.19.169.13 and server 172.19.169.99 DIRECTOR_DRP: New DRP req. struct for router 172.19.169.13, max queries=10 DIRECTOR_DRP: appended client 172.19.169.99 query for 172.19.169.13, total is now 1 DIRECTOR: 172.19.169.99 querying administrative preference DIRECTOR: 172.19.169.99 querying DRP route lookup internal to AS DIRECTOR_DRP: appended client 172.19.169.15 query for 172.19.169.13, total is now 2 DIRECTOR: 172.19.169.99 querying DRP distance to associated server DIRECTOR_DRP: 2 requests sent to 172.19.169.13 DIRECTOR_DRP: reply from agent 172.19.169.13 DIRECTOR_DRP: reply for client 172.19.169.99 from agent 172.19.169.13 Gathering distance DRP (172.19.169.13) <-> Server (172.19.169.99) DIRECTOR_DRP: reply for client 172.19.169.15 from agent 172.19.169.13DIRECTOR_DRP: saving metric info (i=0, e=0) for server index# 0 server 172.19.169.99, rank 0, priority 101random incomplete: 0DRP route lookup external to AS complete: 0administrative preference complete: 0DRP route lookup internal to AS complete: 0DRP distance to associated server complete: 18465DIRECTOR: 172.19.169.15 request complete (best=0, outstanding=0)
Table 10-4 describes the fields shown in the display.
| Field | Description |
|---|---|
| querying drp-s distance router ... and server ... | The Director is preparing to send a query for server distance. |
| New DRP req. struct for router ..., max queries= | Putting the query into the queue for the associated router. |
| appended client ... query for ..., total is now... | Adding DRP reuest to the Director's outgoing queue. |
| appended client ... query for ..., total is now... | Director sending query to the DRP server for its associated server (drp-ser) metric. |
| ... requests sent to ... | Number of requests sent to the DRP server. |
| reply from agent ... | Reply received from DRP server. |
| reply for client ... from agent ... Gathering distance DRP (...) <-> Server (...) | Parsing DRP packet, for the number of replies. Collecting metric for the distance from the DRP server agent to its associated server. |
| saving metric info...for server index...server..., rank..., priority... | Saving metrics to the Director's cache, for the specified server. The Director assigns an index value for each server, used to identify the "best" server, later in the display. |
| random incomplete | Random metrics is configured or not. Incomplete indicates that the random metric is not configured. |
| DRP route lookup external to AS complete | External DRP metric configured, but not used in drp-ser query. It is always 0. |
| administrative preference complete | Admin metric is configured or not. Complete indicates that the admin metric is configured. |
| DRP route lookup internal to AS complete | Internal metric value for DRP server agent to the configured server (IGP). |
| DRP distance to associated server complete | This is the raw IGP metric. |
| ... request complete (best=..., outstanding=...) | After all weights and priorities are applied, the smallest value equals the best server. The number that follows "best=" is the Director's index number for that server. |
debug ip drp
debug ip director
debug ip director parse
debug ip director sort
To show debugging information for Director IP address sorting, use the debug ip director sort EXEC command:
[no] debug ip director sortThis command first appeared in Cisco IOS Release 11.1 IA.
The following sample shows the output:
DD#debug ip director sortserver 172.19.169.99, rank 0, priority 101 random incomplete: 0 DRP route lookup external to AS complete: 0 administrative preference complete: 0 DRP route lookup internal to AS complete: 0 DRP distance to associated server complete: 18465 DIRECTOR: 172.19.169.15 request complete (best=0, outstanding=0)
Table 10-5 describes the fields shown in the display.
| Field | Description |
|---|---|
| server ..., rank ..., priority... | Server IP address. The Director assigns an index value for each server, used to identify the "best" server, later in the display. Priority 101 indicates that no priorities have been specified. |
| random incomplete | Random metrics is configured or not. Incomplete indicates that the random metric is not configured. |
| DRP route lookup external to AS complete | External DRP metric configured, but not used in drp-ser query. It is always 0. |
| administrative preference complete | Admin metric is configured or not. Complete indicates that the admin metric is configured. |
| DRP route lookup internal to AS complete | Internal metric value for DRP server agent to the configured server (IGP). |
| DRP distance to associated server complete | This is the raw IGP metric. |
| ... request complete (best=0, outstanding=0) | After all weights and priorities are applied, the smallest value equals the best server. The number that follows "best=" is the Director's index number for that server. |
debug ip drp
debug ip director
debug ip director parse
debug ip director queries
Use the debug ip drp EXEC command to display Director Response Protocol (DRP) information. The no form of this command disables debugging output.
[no] debug ip drpThis command first appeared in Cisco IOS Release 11.1 IA.
The debug ip drp command is used to debug the director response agent used by the Cisco DistributedDirector product. The Director can be used to dynamically respond to Domain Name System (DNS) queries with the IP address of the "best" host based on various criteria.
This command can be used on the Director and on the router configured to be a DRP server agent.
The following sample shows the output from a Director.
DD#debug ip drpDIRECTOR: DRP: received v1 packet from 171.69.232.8, via Ethernet0 DIRECTOR: DRP: RTQUERY for 171.69.58.94 returned internal=0,external=0
Table 10-6 describes the fields shown in the display.
| Field | Description |
|---|---|
| received v1 packet | Version 1 packet, server that sent it, and interface on which the packet was received. |
| internal | If nonzero, the metric for the internal distance of the route that the Director uses to send packets in the direction of the client. The internal distance is the distance within the Director's autonomous system. |
| external | If nonzero, the metric for the Border Gateway Protocol (BGP) or external distance used to send packets to the client. The external distance is the distance outside the Director's autonomous system. |
debug ip director
debug ip director parse
debug ip director queries
debug ip director sort
To enter privileged EXEC mode, use the enable EXEC command.
enable [level]| level | (Optional) Privileged level on which to log in. |
EXEC
Because many of the privileged commands set operating parameters, privileged access should be password-protected to prevent unauthorized use. If the system administrator has set a password with the enable password global configuration command, you are prompted to enter it before being allowed access to privileged EXEC mode. The password is case sensitive.
If an enable password has not been set, enable mode only can be accessed from the router console. If a level is not specified, it defaults to the privileged EXEC mode, which is level 15.
In the following example, the user enters the enable command and is prompted to enter a password. The password is not displayed on the screen. After the user enters the correct password, the system enters privileged command mode as indicated by the pound sign (#).
Router> enable
Password:
Router#
A dagger (+) indicates that the command is documented in the Cisco IOS command reference publications.
disable+
enable password+
Use the enable secret global configuration command to specify an additional layer of security over the enable password command. Use the no form of the command to turn off the enable secret function.
enable secret [level level] {password | encryption-type encrypted-password}| level level | (Optional) Level for which the password applies. You can specify up to 16 privilege levels, using numbers 0 through 15. Level 1 is normal EXEC-mode user privileges. If this argument is not specified, the privilege level defaults to 15 (traditional enable privileges). The same holds true for the no form of the command. |
| password | Password as users will type it when entering enable mode. This password should be different from the password created with the enable password command. If service password-encryption is set, the encrypted form of the password you create here is displayed when a show startup-config command is entered. |
| encryption-type | (Optional) Cisco-proprietary algorithm used to encrypt the password. Current the only encryption type available for this command is 5. If you specify encryption-type, the next argument you supply must be an encrypted password (a password encrypted by a Cisco router). |
| encrypted-password | An encrypted password you enter, copied from another router configuration. |
No password is defined. The default is 15.
Global configuration
You will not ordinarily enter an encryption type. Typically you enter an encryption type only if you paste back into this command an encrypted password that you copied from a router configuration file.
 | Caution If you specify encryption-type and then enter a clear-text password, you will not be able to re-enter enable mode. You cannot recover a lost password that has been encrypted by any method. |
The enable secret command is used in conjunction with the enable password command to provide an additional layer of security over the enable password. This scheme provides better security by storing the enable secret using a non-reversible cryptographic function.
This added layer of security is useful in environments where the password crosses the network or is stored on a TFTP server.
If you use the same password for enable password and enable secret, you receive an error message warning that this practice is not recommended but the password will be accepted. By using the same password, however, you undermine the additional security the enable secret command provides.
The following example specifies the enable secret password of gobbledegook:
enable secret gobbledegook
After specifying an enable secret password, users must enter this password to gain access. Any passwords set through enable password will no longer work.
Password: gobbledegook
In the following example the encrypted password $1$FaD0$Xyti5Rkls3LoyxzS8t98j2, which has been copied from a router configuration file, is enabled for privilege level 2 using encryption type 5:
enable password level 2 5 $1$FaD0$Xyti5Rkls3LoyxzS8t98j2
A dagger (+) indicates that the command is documented in the Cisco IOS command reference publications.
enable
enable password+
To configure an interface type and enter interface configuration mode, use the interface global configuration command.
interface type number| type | Type of interface to be configured. See Table 10-7. |
| number | Port, connector, or interface card number. On a Cisco DistributedDirector 4700-M, specifies the NIM or NPM number. The numbers are assigned at the factory at the time of installation or when added to a system, and can be displayed with the show interfaces command. |
None
Global configuration
There is no correlation between the number of the physical serial interface and the number of the logical LAN Extender interface. These interfaces can have the same or different numbers.
| Keyword | Interface Type |
|---|---|
| ethernet | Ethernet IEEE 802.3 interface. |
| fddi | Fiber Distributed Data Interface (FDDI). |
| null | Null interface. |
| tokenring | Token Ring interface. |
In the following example, Ethernet interface 0 is configured with ARPA encapsulation:
interface ethernet 0
A dagger (+) indicates that the command is documented in the Cisco IOS command reference publications.
controller+
show interfaces+
To select a particular Fast Ethernet interface for configuration, use the interface fastethernet global configuration command.
interface fastethernet number (Cisco DistributedDirector 4700-M)None
Global configuration
This command first appeared in Cisco IOS Release 11.2.
The following example configures Fast Ethernet interface 0 for standard Advanced Research Projects Agency (ARPA) encapsulation (the default setting) on a Cisco DistributedDirector 4700-M:
interface fastethernet 0
A dagger (+) indicates that the command is documented in the Cisco IOS command reference publications.
show interfaces fastethernet+
To tell the Director to use a specified Director access list in order to select which host names will receive Director sorting, use this ip director access-group global configuration command. The no form of this command tells the Director not to use the access list.
ip director access-group access-list-number| access-list-number | Number of a standard IP access list in the range 1 to 199. |
No access list is specified.
Global configuration
This command first appeared in Cisco IOS Release 11.1 IA.
The ip director access-group command can only take as an argument the number of an access list which was defined using the ip director access-list command.
This command does not take any regular access lists as an argument.
Before using this command, you must define the access list using the ip director access-list command.
This command tells the Director to use access list 1:
DD(config)#ip director access-group 1
ip director access-list
ip drp access-group
show ip director access-list
To define an access list for the Director that specifies which subdomain names and host names should be sorted, use the ip director access-list global configuration command. The no form of this command removes the definition of the list.
ip director access-list access-list-number [permit | deny] expression| access-list-number | Number of a standard IP access list in the range 1 to 199. |
| permit | Permit requests specified by the expression. |
| deny | Deny requests specified by the expression. |
| expression | Expression to be used as a sorting criterion. |
No access list is defined.
Global configuration
This command first appeared in Cisco IOS Release 11.1 IA.
Use this command to define an access list that you can use to restrict the names sorted by the Director. If you do not use an access list, all subdomain name and host name address queries are sorted.
This example permits the sorting of names that start with "www." and denies all other DRP requests:
DD(config)#ip director access-list 1 permit ^www.*DD(config)#ip director access-list 1 deny
ip director access-group
ip drp access-group
show ip director access-list
To enable the sorting cache on the Director, use the ip director cache global configuration command. Use the no form of this command to disable the sorting cache.
ip director cacheThis command has no arguments or keywords.
Enabled
Global configuration
This command first appeared in Cisco IOS Release 11.1 IA.
The Director caches information used in sorting decisions for each client.
Using the caching mechanism increases performance by reducing the amount of DRP querying to DRP server agents when answering client requests. With the caching functionality, the Director can answer a request from its own local memory instead of asking the DRP server agents for this information.
Following is an example of this command:
DD(config)#ip director cache
ip director access-list
ip director default-weights
ip director server preference
show ip director
show ip director cache
To set the amount of time a Director sort cache entry remains in the cache, use the ip director cache-time global configuration command. The no form of this command sets the cache time to the default value.
ip director cache-time [seconds]| seconds | (Optional) The length of time the Director will retain request and response information to DNS queries. |
seconds=60, which means that the default is one minute.
Global configuration
This command first appeared in Cisco IOS Release 11.1 IA.
The cache time is the length of time the Director will retain request and response information to DNS queries. This command is ignored if no ip director cache is configured.
Following is an example of this command:
DD(config)#ip director cache-time
ip director cache
To configure default weight metrics for the Director, use the ip director default-weights global configuration command.
ip director default-weights {[drp-int n] [drp-ext n] [drp-ser n] [random n]Not all of the following metrics need to be configured, However, at least one metric must be configured when this command is used.
| drp-int n | DRP internal metric. Range is 1 to 100.
Sends a DRP request to all DRP server agents, asking them for the distance from themselves to the edge of their BGP autonomous system in the direction of the client originating the DNS query. This distance can be used along with the DRP-external metric to help determine the distance between the router and the client originating the DNS query. If the client and the DRP server agent are in the same autonomous system, this metric returns the IGP cost metric between the client and the DRP server agent. |
| drp-ext n | DRP external metric. Range is 1 to 100.
Sends a DRP request to all DRP server agents, asking them for the BGP distance between them and the client originating the DNS query. This distance represents the number of BGP hops between the autonomous system of the DRP server agent and the autonomous system of the client originating the DNS query. Because this is BGP information, the DRP server agents need to have access to full Internet BGP information for this to be useful. |
| drp-ser n | DRP to server metric. Range is 1 to 100.
Sends a DRP request to all DRP server agents, asking them for the IGP route metric between them and the distributed server(s) that they support. This distance can be used with the DRP-internal metric (drp-int) in order to get a finer distance calculation between the distributed servers and edge of the BGP autonomous system in the direction of the client originating the DistributedDirector query. If a true BGP border router is used as a DRP server agent, the DRP-server metric will return the IGP route metric between the distributed server and the BGP border router (autonomous system edge). Because DRP-server metrics should not change frequently, DistributedDirector issues DRP-server queries (and caches the results) every 10 minutes. |
| random n | Random metric. Range is 1 to 100.
Selects a random number for each distributed server and defines the "best" server as the one with the smallest random number assignment. Using this metric alone results in random redirection of clients to the distributed servers. Because this metric requires no routing table information, it does not trigger DRP requests to the DRP server agents. |
| admin n | Administrative metric. Range is 1 to 100.
Specifies a simple preference of one server over another. If the administrative metric has been explicitly set to zero, the Director will not consider the server, so the server is taken out-of-service. |
No default weight are specified.
Global configuration
This command first appeared in Cisco IOS Release 11.1 IA.
Default weights are used for all host names sorted by the Director. To override default weights for a certain host, you would specify host-specific weights in the private DNS server configuration.
When the associated metric is referenced in the sorting decision, it will always be multiplied by the appropriate metric weight. In this way, you can specify that some metrics should be weighted more than others. You may determine the weights you want to use through experimentation. The weights given do not need to add up to 100.
The following command configures default weight metrics:
DD(config)#ip director default-weights drp-int 10 drp-ext 90
debug ip director parse
debug ip director sort
ip director access-list
ip director cache
ip director server preference
show ip director default-weights
show ip director server
To define the virtual host name to be used for the distributed servers, use the ip director host global configuration command. Use the no form of this command to remove the virtual host name.
ip director host name| name | The name of the virtual host. Do not use an IP address. |
No virtual host name is defined.
Global configuration
This command first appeared in Cisco IOS Release 11.1 IA.
Following is an example of this command:
DD(config)#ip director host www.sleet.com
ip host
To enable the Director to verify that a server is available, use the ip director host connect global configuration command. The Director redirects clients only to servers that respond. Use the no form of this command to turn off connection parameters.
ip director host name connect port connection-interval| name | The name of the host that maps to one or more IP addresses. Do not use an IP address. |
| port | The port number to which the distributed servers are configured. |
| connection-interval | The time, in minutes, that elapses between availability checks. |
No connection parameter is set.
Global configuration
This command first appeared in Cisco IOS Release 11.1 IA.
When this parameter is configured, the Director will attempt to create a TCP connection to each of the distributed servers on a configured port (for example, port 80 for HTTP servers) over the configured time interval. Servers that yield unsuccessful TCP connection attempts will be marked as unavailable. Following a failed TCP connection, the Director uses a linear backoff algorithm to create subsequent TCP connections to the server to determine when it is again available. This algorithm is used to smoothly handle changes in server or network availability.
The initial connection trial to a server that is labeled as "up" is done three times in rapid succession. If no connection is successful, the percentage confidence that the server is down is set to 10 percent. The retry interval is calculated as the configured interval multiplied by the confidence percentage with a minimum of one minute. Each successive connection attempt is done once and each time the attempt is unsuccessful the confidence percentage is incremented by 10 percent until it reaches 100 percent.
The following example sets the connect interval to 5 minutes to the distributed servers on port 80:
DD(config)#ip director host www.sleet.com connect 80 5
ip director host priority
To configure the order in which the Director considers metrics when picking a server, use the ip director host priority global configuration command. To turn off metric priorities, use the no form of this command.
ip director host name priority {[drp-ser n] [drp-int n] [drp-ext n] [random n]| name | The name of the host that maps to one or more IP addresses. Do not use an IP address. |
| drp-ser n | DRP server metric. Range is 1 to 100.
Sends a DRP request to all DRP server agents, asking them for the IGP route metric between them and the distributed server(s) that they support. This distance can be used with the DRP-internal metric (drp-int) in order to get a finer distance calculation between the distributed servers and edge of the BGP autonomous system in the direction of the client originating the DistributedDirector query. If a true BGP border router is used as a DRP server agent, the DRP-server metric will return the IGP route metric between the distributed server and the BGP border router (autonomous system edge). Because DRP-server metrics should not change frequently, DistributedDirector issues DRP-server queries (and caches the results) every 10 minutes. |
| drp-int n | DRP internal metric. Range is 1 to 100.
Sends a DRP request to all DRP server agents, asking them for the distance from themselves to the edge of their BGP autonomous system in the direction of the client originating the DNS query. This distance can be used along with the DRP-external metric to help determine the distance between the router and the client originating the DNS query. If the client and the DRP server agent are in the same autonomous system, this metric returns the IGP cost metric between the client and the DRP server agent. |
| drp-ext n | DRP to external metric. Range is 1 to 100.
Sends a DRP request to all DRP server agents, asking them for the BGP distance between them and the client originating the DNS query. This distance represents the number of BGP hops between the autonomous system of the DRP server agent and the autonomous system of the client originating the DNS query. Because this is BGP information, the DRP server agents need to have access to full Internet BGP information for this to be useful. |
| random n | Random metric. Range is 1 to 100.
Selects a random number for each distributed server and defines the "best" server as the one with the smallest random number assignment. Using this metric alone results in random redirection of clients to the distributed servers. Because this metric requires no routing table information, it does not trigger DRP requests to the DRP server agents. |
| admin n | Administrative metric. Range is 1 to 100.
Specifies a simple preference of one server over another. If the administrative metric has been explicitly set to zero, the Director will not consider the server, so the server is taken out-of-service. |
No priority parameter is set.
Global configuration
This command first appeared in Cisco IOS Release 11.1 IA.
If multiple servers end up with the same metric value, the next metric is considered to determine the "best" server. If multiple metrics have the same priority value, the metrics are added to obtain a composite metric. For example, if two metrics have the same priority value, they are first multiplied by their weight values (if specified) and then added together to form the composite metric.
If you do not specify weights for a group of distributed servers, there are no default weights for the Director, and you have specified priority values, the weight values are set to 1.
Any metrics that have a nonzero weight and are assigned no priority value are set to a priority value of 101. They are considered after all other metrics that have priority values. As a result, if no priority values are specified for any metrics, metrics are treated additively to form one composite metric.
If you do not use priority and multiple servers have the same metric value, the server whose last IP address was looked at will be returned as the "best" server. If you want to return a random IP address in the case of a tie, use metric priority with the ran metric as the last criterion.
To turn off all priorities on all metrics associated with this host name, use the command no ip director host name priority. You can turn off the priority for a specific metric or metrics using the no ip director host name priority [drp-ser] [drp-int] [drp-ext] [random] [admin] command.
Following example sets the external metric as the first priority and the administrative priority as the second:
DD(config)#ip director host www.sleet.com priority drp-ext 1 admin 2
ip director host connect
To set host-specific weights for the metrics the Director used to determine the best server within a specific virtual host name, use the ip director host weights global configuration command. Use the no form of this command to turn off weights for a host.
ip director host name weights {[drp-ser n] [drp-int n] [drp-ext n] [random n]| name | The name of the host that maps to one or more IP addresses. Do not use an IP address. |
| drp-ser n | DRP server metric. Range is 1 to 100.
Sends a DRP request to all DRP server agents, asking them for the IGP route metric between them and the distributed server(s) that they support. This distance can be used with the DRP-internal metric (drp-int) in order to get a finer distance calculation between the distributed servers and edge of the BGP autonomous system in the direction of the client originating the DistributedDirector query. If a true BGP border router is used as a DRP server agent, the DRP-server metric (drp-ser) will return the IGP route metric between the distributed server and the BGP border router (autonomous system edge). Because DRP-server metrics should not change frequently, DistributedDirector issues DRP-server queries (and caches the results) every 10 minutes. |
| drp-int n | DRP internal metric. Range is 1 to 100.
Sends a DRP request to all DRP server agents, asking them for the distance from themselves to the edge of their BGP autonomous system in the direction of the client originating the DNS query. This distance can be used along with the DRP-external metric to help determine the distance between the router and the client originating the DNS query. If the client and the DRP server agent are in the same autonomous system, this metric returns the IGP cost metric between the client and the DRP server agent. |
| drp-ext n | DRP to external metric. Range is 1 to 100.
Sends a DRP request to all DRP server agents, asking them for the BGP distance between them and the client originating the DNS query. This distance represents the number of BGP hops between the autonomous system of the DRP server agent and the autonomous system of the client originating the DNS query. Because this metric is BGP information, the DRP server agents need to have access to full Internet BGP information for this metric to be useful. |
| random n | Random metric. Range is 1 to 100.
Selects a random number for each distributed server and defines the "best" server as the one with the smallest random number assignment. Using this metric alone results in random redirection of clients to the distributed servers. Because this metric requires no routing table information, it does not trigger DRP requests to the DRP server agents. |
| admin n | Administrative metric. Range is 1 to 100.
Specifies a simple preference of one server over another. If the administrative metric has been explicitly set to zero, the Director will not consider the server, so the server is taken out-of-service. |
No host weights are set. If ip director default-weights are configured, then those weights are the default.
Global configuration
This command first appeared in Cisco IOS Release 11.1 IA.
Use host-specific weights when you want to use different metric weights for different virtual host names (for example, www.sleet.com and ftp.sleet.com).
If desired, host-specific weights can instead be configured on the Director's default DNS server.
For example, you could configure host-specific weights with the following DNS TXT record:
hostnamein txt "ciscoDD: weights{[drp-intn][drp-extn][drp-sern][randomn][adminn]}"
To use the default weights for all metrics associated with this host name, use the command no ip director host name weights. To use the default weights for a specific metric or metrics use the no ip director host name weights [drp-ser] [drp-int] [drp-ext] [random] [admin] command.
Following is an example of this command:
DD(config)#ip director host www.sleet.com weights drp-int 4
ip director default-weights
show ip director host
To specify a virtual address for HTTP session redirector mode, use the ip director ip-address global configuration command. Use the no form of the command to cancel the use of this virtual address.
ip director ip-address Director-virtual-IP-address| Director-virtual-IP-address | The virtual IP address the Director will receive HTTP requests on. |
No virtual address is defined.
Global configuration
This command first appeared in Cisco IOS Release 11.1 IA.
The Director must listen for HTTP requests to port 80 on a virtual web-server IP address. To specify the virtual IP address that the Director will receive HTTP requests on, use the ip director ip-address command.
You can specify multiple IP addresses with separate commands. The IP address must be a valid and unused address on the subnet the Director is connected to. (A good choice is the next host number after the Director interface address.)
Following is an example of this command:
DD(config)#ip director ip-address 34.34.34.34
A dagger (+) indicates that the command is documented in the Cisco IOS command reference publications.
show ip aliases+
show ip director
To associate a distributed server with its DRP server agent, use the ip director server drp-association global configuration command. Use the no form of this command to cancel a server DRP association.
ip director server {hostname | host-ip-address} drp-association {name | ip-address}| hostname | Host name of a distributed server. |
| host-ip-address | IP address of a distributed server. |
| name | Name of the distributed server's DRP server agent. |
| ip-address | IP address of the distributed server's DRP server agent. |
No distributed servers are associated with any DRP server agents.
Global configuration
This command first appeared in Cisco IOS Release 11.1 IA.
If you intend to configure any DRP metrics, you must associate each distributed server with its DRP server agent.
The following is an example of this command:
DD(config)#ip director server 11.0.0.2 drp-association 11.0.0.3
show ip director servers
To specify Director preference of one server over others or to take a server out-of-service, use the ip director server preference global configuration command. The no form of the command cancels any server preference value.
ip director server {hostname | host-ip-address} preference [cost]| hostname | Host name of a server. |
| host-ip-address | IP address of a serve. |
| cost | (Optional) An integer in the range 0 to 100. Specifies the preference of one server over another (the larger the number, the lower the preference). Zero takes a server out-of-service. |
No preference
Global configuration
This command first appeared in Cisco IOS Release 11.1 IA.
This command sets the administrative metric for a server. If the metric is set to zero, the server is not considered when sorting addresses, which takes the server out-of-service.
This command overrides any other value for the administrative metric for this host.
The following example sets the preference of a web server to 60:
DD(config)#ip director server 10.0.0.2 preference 60
ip director access-list
ip director cache
ip director default-weights
show ip director servers
To specify a time-to-live (TTL) value, use the ip director ttl global configuration command. Use the no form of this command to return the TTL value to the default.
ip director ttl seconds| seconds | Time, in seconds, that the end-user client will keep DNS A records received from the Director. It can be number in the range 0 to 2147483647. The default is 0. |
Zero
Global configuration
This command first appeared in Cisco IOS Release 11.1 IA.
This command tells the end-user clients how long to keep DNS A records received from the Director. In most situations, the default value (0) is appropriate. If you increase the value, clients can cache a name-to-address pairing longer, which reduces the need to get new information from the Director.
The following example sets the TTL value to 100 seconds:
DD(config)#ip director ttl 100
show ip director
To identify the Director as the primary DNS name server for a domain and identify the Director as the Start of Authority (SOA) record source, use the ip dns primary global configuration command. Use the no form of this command to remove the Director as the primary DNS name server.
ip dns primary domain soa primary contact [refresh [retry [expire [minimum]]]]| domain | The domain or subdomain name. |
| primary | The DNS host name of the Director. |
| contact | The host name of the administrative contact for this DNS zone. |
| refresh | (Optional) The time interval in seconds that must elapse between each poll of the primary by the secondary name server. You may specify a refresh value alone, or you may also specify the retry, expire, or minimum values, in that order. The default is 21600 seconds (6 hours). |
| retry | (Optional) The time interval in seconds between successive connection attempts by the secondary name server to reach the primary name server in the event that the first attempt fails. When you specify a retry value you must first specify the refresh value. The default is 900 seconds (15 minutes). |
| expire | (Optional) The time in seconds after which the secondary name server's data expires (TTL) if it cannot reach the primary name server. When you specify an expire value you must first specify the refresh and retry values, in that order. The default is 7776000 seconds (90 days). |
| minimum | (Optional) The time in seconds that other servers should cache data (TTL) from the name server. When you specify a minimum value, you must first specify the refresh, retry, and expire values, in that order. The default is 86400 seconds (24 hours). |
The Director is not defined as the primary DNS name server.
Global configuration
This command first appeared in Cisco IOS Release 11.1 IA.
Although the Director can be configured as an authoritative DNS name server, it does not support zone transfers.
The following example makes the private DNS server dd.sleet.com authoritative for the www.sleet.com subdomain and sets the administrative contact for the zone as sysadmin@sleet.com:
DD(config)# ip dns primary www.sleet.com soa dd.sleet.com sysadmim.sleet.com
A dagger (+) indicates that the command is documented in the Cisco IOS command reference publications.
debug domain+
ip host
show hosts+
To enable an access list for DRP on the Director or a Cisco router, use the ip drp access-group global configuration command. To remove the list, use the no form of the command.
ip drp access-group access-list-number| access-list-number | Number of a standard IP access list in the range 1 to 99. |
Answer all queries.
Global configuration
This command first appeared in Cisco IOS Release 11.1 IA.
This command applies an access list to DRP, thereby controlling what incoming DRP packets are acted on. If both a key chain and an access group have been specified, both security measures must permit access before a request is processed.
The following command ensures that only incoming DRP packets matching access list 1 are passed to the DRP agent for processing. All others are ignored:
DD(config)#ip drp access-group 1
A dagger (+) indicates that the command is documented in the Cisco IOS command reference publications.
ip director access-list
ip drp authentication key-chain
ip drp server
show access-lists+
show ip drp
To configure MD5 authentication for DRP on the Director or a Cisco router, use the ip drp authentication key-chain global configuration command. To remove the key chain, use the no form of this command.
ip drp authentication key-chain key-chain-name| key-chain-name | Name of the key chain containing one or more authentication keys. The key chain is a string of characters without spaces. |
No MD5 authentication for DRP
Global configuration
This command first appeared in Cisco IOS Release 11.2.
When a key chain and a key are configured, the key is used to authenticate all DRP requests and responses. The key on the response agent must match the key on the primary agent. Use the key, key chain, and key-string commands to configure the key.
The following example configures a key chain named tg817wrn:
DD(config)#ip drp authentication key-chain tg817wrn
A dagger (+) indicates that the command is documented in the Cisco IOS command reference publications.
ip director access-list
ip drp access-group
ip drp server
key
key chain
key-string
show ip drp
show key chain+
To enable DRP on a Cisco router, use the ip drp server global configuration command. The no form of this command disables DRP.
ip drp serverThis command has no arguments or keywords.
Not enabled
Global configuration
This command first appeared in Cisco IOS Release 11.1 IA.
DRP is normally disabled. Use this command to enable it on your DRP server agents.
The following command turns on the DRP server agent:
DD(config)#ip drp server
ip director access-list
ip drp access-group
ip drp authentication key-chain
show ip drp
To define a static host name-to-address mapping in the host cache, use the ip host global configuration command. To remove the name-to-address mapping, use the no form of this command.
ip host name [tcp-port-number] address1 [address2...address8]| name | Name of the host. The first character can be either a letter or a number. If you use a number, the operations you can perform are limited. |
| tcp-port-number | (Optional) TCP port number to connect to when using the defined host name in conjunction with an EXEC connect or Telnet command. The default is Telnet (port 23). |
| address1 | Associated IP address. |
| address2...address8 | (Optional) Additional associated IP address. You can bind up to eight addresses to a host name. |
Disabled
Global configuration
The first character can be either a letter or a number. If you use a number, the operations you can perform (such as ping) are limited.
The following example defines three distributed servers as members of the www.sleet.com domain:
ip host www.sleet.com 10.0.0.2 11.0.0.2 12.0.0.2
To specify the address of one or more name servers to use for name and address resolution, use the ip name-server global configuration command. To remove the addresses specified, use the no form of this command.
ip name-server DNS-server-IP-address| DNS-server-IP-address | The IP address of the DNS server. For DNS caching name server mode, the IP address is for the private DNS server. For HTTP session redirector mode, the IP address is for the primary DNS server. |
No server is specified.
Global configuration
The Director requests DNS information from the specified DNS server. For DNS caching name server mode, the DNS server is the private DNS server; for HTTP session redirector mode, the DNS server is the primary DNS server. The DNS server must be configured to provide the correct information to the Director.
Following is an example of this command:
DD(config)#ip name-server 10.11.12.13
A dagger (+) indicates that the command is documented in the Cisco IOS command reference publications.
show host+
To identify an authentication key on a key chain, use the key key chain configuration command. To remove the key from the key chain, use the no form of this command.
key number| number | Identification number of an authentication key on a key chain. The range of keys is 0 to 2147483647. The key identification numbers need not be consecutive. |
No key exists on the key chain.
Key chain configuration
Currently, only RIP Version 2 and DRP use authentication keys. It is useful to have multiple keys on a key chain so that the software can sequence through the keys as they become invalid after time, based on the accept-lifetime and send-lifetime settings.
To remove all keys, remove the key chain by using the no key chain command.
If authentication is enabled, the software sends a RIP or DRP packet for every active key on the key chain. Therefore, if two keys on the key chain happen to be active based on the send-lifetime values, the software sends two RIP or DRP packets every 30 seconds (one authenticated with each key).
The following example configures a key chain called trees. In this example, the software will always accept and send willow as a valid key. The key chestnut will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The overlap allows for migration of keys or a discrepancy in the router's set time. Likewise, the key birch immediately follows chestnut, and there is a half hour leeway on each side to handle time-of-day differences.
interface ethernet 0
ip rip authentication key-chain trees
ip rip authentication mode md5
!
router rip
network 172.19.0.0
version 2
!
key chain trees
key 1
key-string willow
key 2
key-string chestnut
accept-lifetime 13:30:00 Jan 25 1996 duration 7200
send-lifetime 14:00:00 Jan 25 1996 duration 3600
key 3
key-string birch
accept-lifetime 14:30:00 Jan 25 1996 duration 7200
send-lifetime 15:00:00 Jan 25 1996 duration 3600
A dagger (+) indicates that the command is documented in the Cisco IOS command reference publications.
accept-lifetime+
key chain
key-string
send-lifetime+
show key chain+
To enable authentication for routing protocols, identify a group of authentication keys by using the key chain global configuration command. To remove the key chain, use the no form of this command.
key chain name-of-chain| name-of-chain | Name of a key chain. A key chain must have at least one key, and can have up to 2147483647 keys. |
No key chain exists.
Global configuration
Currently only RIP Version 2 and DRP use authentication keys. You must configure a key chain with keys to enable authentication on RIP and DRP packets.
You can identify multiple key chains, but it makes sense to use one key chain per interface per routing protocol. Upon specifying the key chain command, you enter key chain mode.
The following example configures a key chain called trees. In this example, the software will always accept and send willow as a valid key. The key chestnut will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The overlap allows for migration of keys or a discrepancy in the router's set time. Likewise, the key birch immediately follows chestnut, and there is a half hour leeway on each side to handle time-of-day differences.
interface ethernet 0
ip rip authentication key-chain trees
ip rip authentication mode md5
!
router rip
network 172.19.0.0
version 2
!
key chain trees
key 1
key-string willow
key 2
key-string chestnut
accept-lifetime 13:30:00 Jan 25 1996 duration 7200
send-lifetime 14:00:00 Jan 25 1996 duration 3600
key 3
key-string birch
accept-lifetime 14:30:00 Jan 25 1996 duration 7200
send-lifetime 15:00:00 Jan 25 1996 duration 3600
A dagger (+) indicates that the command is documented in the Cisco IOS command reference publications.
accept-lifetime+
ip rip authentication key-chain+
key
key-string
send-lifetime+
show key chain+
To specify the authentication string for a key, use the key-string key chain key configuration command. To remove the authentication string, use the no form of this command.
key-string text| text | Authentication string that must be sent and received in the packets using the routing protocol being authenticated. The string can contain from 1 to 80 uppercase and lowercase alphanumeric characters, except that the first character cannot be a number. |
No key exists.
Key chain key configuration
Currently only RIP Version 2 and DRP use authentication keys. Each key can have only one key string.
If password encryption is configured (with the service password-encryption command), the software saves the key string as encrypted text. When you write to the terminal with the show running-config command, the software displays key-string 7 encrypted text.
The following example configures a key chain called trees. In this example, the software will always accept and send willow as a valid key. The key chestnut will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The overlap allows for migration of keys or a discrepancy in the router's set time. Likewise, the key birch immediately follows chestnut, and there is a half hour leeway on each side to handle time-of-day differences.
interface ethernet 0
ip rip authentication key-chain trees
ip rip authentication mode md5
!
router rip
network 172.19.0.0
version 2
!
key chain trees
key 1
key-string willow
key 2
key-string chestnut
accept-lifetime 13:30:00 Jan 25 1996 duration 7200
send-lifetime 14:00:00 Jan 25 1996 duration 3600
key 3
key-string birch
accept-lifetime 14:30:00 Jan 25 1996 duration 7200
send-lifetime 15:00:00 Jan 25 1996 duration 3600
A dagger (+) indicates that the command is documented in the Cisco IOS command reference publications.
accept-lifetime+
key
key chain
send-lifetime+
service password-encryption +
show key chain+
To show the Director status, use the show ip director EXEC command.
show ip directorThis command has no arguments or keywords.
EXEC
This command first appeared in Cisco IOS Release 11.1 IA.
The show ip director command reports various types of information about the settings of Director parameters. You can use this information to troubleshoot operational and configuration problems, such as:
Following is sample output:
DD>show ip directorDistributed Director status: Queries processed: 12 TTL for reply A RRs when sorted by DD: 0 secs Queries awaiting processing by DD: 0 Queries awaiting metric info = 0 Metric info. wait time min/avg/max = 0.000/0.504/0.504 secs Director cache is on Cache time for sort cache entries: 60 secs Director sort cache hits = 7 Director Response Protocol: 34 requests, 34 replies, 0 bad replies Authentication key-chain "not defined" Output queue length = 0
Table 10-8 describes the fields shown in the display.
| Field | Description |
|---|---|
| Distributed Director status: | |
| Queries processed | The number of requests for information the Director has processed. |
| TTL for reply A RRs when sorted by DD | The time-to-live value for DNS "A" resource record replies, when sorted by the Director. |
| Queries awaiting processing by DD | The number of queries in the queue to be processed. This number is usually between 0 and 10. |
| Queries awaiting metric info | The number of outstanding requests being held until metric information (for example drp-int and drp-ext metrics) arrives. |
| Metric info. wait time min/avg/max | The minimum, average, and maximum time queries are held before DRP replies are received and the metric information processed by the Director. |
| Director cache is on | Indicates if the Director's cache is on or off. |
| Cache time for sort cache entries | When the Director's cache is on, the length of time the Director keeps sorted metric values. This time is configurable using the ip director cache-time command. (Not shown if the cache is off.) |
| Director sort cache hits | When the Director's cache is on, the number of times requests were satisfied with contents of the cache. (Not shown if the cache is off.) |
| Director Response Protocol: | |
| requests | The number of requests the DRP has received. |
| replies | The number of replies the DRP has sent. |
| bad replies | The number of DRP replies received that were not correctly formatted or whose version number was not within an acceptable range. |
| Authentication key-chain | Indicates whether an MD5 authentication key chain was configured for the Director. |
| Output queue length | The number of requests that have been made by the Director for the DRP server(s) and are waiting in the Director's output queue because they have not yet been sent to the appropriate DRP server. |
show ip director access-list
show ip director cache
show ip director default-weights
show ip director server
show ip drp
To show the Director access lists, use the show ip director access-list EXEC command.
show ip director access-list [number]| number | (Optional) An access list number. If unspecified, all access lists are shown. |
EXEC
This command first appeared in Cisco IOS Release 11.1 IA.
This command lets you view your access list definitions on the Director.
Following is sample output, which shows the number of the defined access list and what the address restrictions are for that list:
DD>show ip director access-list 1Director Agent Names access list 1 permit ^ftp.* deny .*
show ip director
show ip director cache
show ip director default-weights
show ip director server
show ip drp
To show Director cache information, use the show ip director cache EXEC command.
show ip director cacheThis command has no arguments or keywords.
EXEC
This command first appeared in Cisco IOS Release 11.1 IA.
The show ip director cache command can help in troubleshooting problems related to the manner in which the Director sorts addresses for clients. It reports the final rank and priority of each address, along with the values of all metrics involved. Furthermore, it indicates which metrics actually have valid values.
Following is sample output:
DD#show ip director cacheDirector cache is on Cache time for sort cache entries: 60 secs Director sort cache hits = 7 Entries: www.hacks.org: for client 172.19.169.15, used 0 times, valid for: 00:00:30 server 172.19.169.99, rank 63, priority 101 random incomplete: 0 DRP route lookup external to AS complete: 0 administrative preference complete: 60 DRP route lookup internal to AS complete: 3 DRP distance to associated server incomplete: 0 server 130.21.34.10, rank 42, priority 101, best random incomplete: 0 DRP route lookup external to AS complete: 0 administrative preference complete: 40 DRP route lookup internal to AS complete: 2 DRP distance to associated server incomplete: 0
Table 10-9 describes the fields shown in the display.
| Field | Description |
|---|---|
| Director cache | Indicates whether Director caching is enabled or disabled |
| Cache time for sort cache entries | The length of time the Director keeps sorted metric values. This time is configurable using the ip director cache-time command. |
| Director sort cache hits | The number of times requests were satisfied with contents of the cache. |
| Entries: | |
| DNS-name: for client | An end-user client that accessed the DNS name. |
| used n times | The number of times a client accessed the DNS name. |
| valid for or expired | Either expired or valid. If valid, indicates the time and the values that are cached. If expired, then the DRP server agents are queried again. |
| server | The distributed server to which the client was sent. |
| rank | Together with priority, determines the sorting of the addresses. Priority is considered first. All addresses with the lowest priority are taken in order of ran, lowest to highest. The addresses with the next highest priority are then taken in order of their rank, lowest to highest, etc. The "best" address in a list is the one with the lowest rank among addresses with the lowest priority. |
| priority | Indicates a priority metric weight is set for this metric. If no priority is set for the metric, the priority is shown as 101. |
| best | The address which was determined to be the "best" one for this client, and which was returned. The "best" address in a list is the one with the lowest rank among addresses with the lowest priority. |
| random incomplete | Value of the random metric. |
| DRP route lookup external to AS complete | Value of the drp-ext metric. |
| administrative preference complete | Value of the admin metric. |
| DRP route lookup internal to AS complete | Value of the drp-int metric. |
| DRP distance to associated server incomplete | Value of the drp-ser metric. |
show ip director
show ip director access-list
show ip director default-weights
show ip director server
show ip drp
To show the Director default weights, use the show ip director default-weights EXEC command.
show ip director default-weightsThis command has no arguments or keywords.
EXEC
This command first appeared in Cisco IOS Release 11.1 IA.
Use the show ip director default-weights command to view the default weights which are in use. This information is used during address sorting for any host names that do not have associated host-specific metric weight information. This information can be very useful in diagnosing problems related to incorrect or inconsistent address sorting in the Director.
Following is sample output:
DD>sh ip dir defDirector default metric weights: random weight = 0 DRP route lookup external to AS weight = 0 administrative preference weight = 1 DRP route lookup internal to AS weight = 1
Table 10-10 describes the fields shown in the display.
| Field | Description |
|---|---|
| random weight | Random metric weight value. |
| DRP route lookup external to AS weight | DRP external metric weight value. |
| administrative preference weight | Administrative metric weight value. |
| DRP route lookup internal to AS weight | DRP internal metric weight value. |
show ip director
show ip director access-list
show ip director cache
show ip director server
show ip drp
To display the Director host information, use the show ip director hosts EXEC command.
show ip director hosts [host]| host | (Optional) The IP address or host name of a distributed server. |
EXEC
This command first appeared in Cisco IOS Release 11.1 IA.
The show ip director hosts command can help with troubleshooting problems related to correct operation of the Director, including the correct sorting of addresses in several ways. Key elements of the command output and their uses are shown below:
Following is sample output:
DD>show ip director hosts 133.22.33.11Server www.hacks.org (133.22.33.11) Advertised 0 times, last at never, preference none Corresponding DRP agent is 133.22.33.2
Table 10-11 describes the fields shown in the display.
| Field | Description |
|---|---|
| Server | The host name and IP address of the distributed server. |
| Advertised n times | The number of times this distributed server's address has been returned to clients as the "best" one for them. |
| last at | The time at which this distributed server's address was last "advertised." |
| preference | The value of the administrative preference metric for this distributed server. |
| Corresponding DRP agent is | The IP address of the distributed server's DRP server agent. |
ip director host priority
ip director host weights
To display the Director server preference information, use the show ip director servers EXEC command.
show ip director servers [name | ip-address]| name | (Optional) The host name of a distributed server |
| ip-address | (Optional) The IP address of a distributed server. |
EXEC
This command first appeared in Cisco IOS Release 11.1 IA.
If a name or ip-address is not specified, all distributed servers are shown.
The show ip director servers command can help with troubleshooting problems related to correct operation of the Director, including the correct sorting of addresses in several ways. Key elements of the command output and their uses are shown below:
Following is sample output:
DD>show ip director serversServer www.hacks.org (172.19.169.99) Advertised 12 times, last at 00:15:08, preference none Corresponding DRP agent is 172.19.169.13 Distance to associated DRP router: 0
Table 10-12 describes the fields shown in the display.
| Field | Description |
|---|---|
| Server | The DNS name (host or domain name) or IP address (or both), that the Director associates with this distributed server. |
| Advertised | The number times the web server address was advertised as the IP address for the subdomain or host name. |
| last at | The last time the web server address was advertised as the subdomain name or host name. |
| preference | The web server's preference setting. |
| Corresponding DRP agent | The IP address of the Director Response Protocol (DRP) server agent that supports the distributed server. |
| Distance to associated DRP router | The internal routing protocol distance between the web server and its associated DRP router. |
show ip director
show ip director access-list
show ip director cache
show ip director default-weights
show ip director server
show ip drp
To display DRP statistics on the Director or a DRP server agent, use the show ip drp EXEC command.
show ip drpThis command has no arguments or keywords.
EXEC
This command first appeared in Cisco IOS Release 11.1 IA.
The show ip drp command can help diagnose problems with the DRP protocol. This command can be used on the Director and on a DRP server agent-enabled router.
Following is sample output:
DD>show ip drpDirector Responder Protocol Agent is enabled 183 director requests, 183 successful lookups, 0 failures, 0 no route
Table 10-13 describes significant fields shown in the display.
| Field | Description |
|---|---|
| Director Responder Protocol Agent is | The Director Responder Protocol (DRP) agent is enabled to receive requests from and respond to the DistributedDirector, or it is disabled. |
| director requests | The number of requests the Director sent to this DRP agent. |
| successful lookups | Of the number of requests, the number that were looked up successfully. That is, the information requested was looked up or obtained successfully. |
| failures | Of the number of requests, the number that were not looked up successfully. A failure occurs when either the authentication of the query received from the Director fails or the DRP version of this DRP agent is incompatible with the version that appears in the query packet from the Director.
A large number of failures might indicate that there is a problem with MD5 encryption keys. |
| no route | Of the number of requests, the number that did not receive responses.
A large number of no route responses might indicate that one or more of the DRP routers does not have complete enough routing information. |
show ip director
show ip director access-list
show ip director cache
show ip director default-weights
show ip director server
This section contains syntax summaries of commands mentioned in the appendixes of this guide. Refer to the Cisco IOS configuration guides and command references for additional information about these commands.
configure {terminal | memory | network}
To enter global configuration mode, use the configure privileged EXEC command. You must be in global configuration mode to enter global configuration commands.
| terminal | Executes configuration commands from the terminal. |
| memory | Executes the commands stored in NVRAM. |
| network | The copy rcp running-config or copy tftp running-config command replaces the configure network command. If you use rcp, see the copy rcp command for more information on copy rcp running-config. If you use TFTP, see the copy tftp command for more information on copy tftp running-config. |
copy running-config {rcp | startup-config | tftp}
To copy the router's running configuration file to another destination, use one of the listed copy running-config EXEC commands. The copy running-config startup-config command replaces the write memory command. The copy running-config rcp or copy running-config tftp command replaces the write network command.
| rcp | Specifies a copy operation to a network server using rcp. |
| startup-config | Specifies the configuration used for initialization as the destination of the copy operation. |
| tftp | Specifies a TFTP server as the destination of the copy operation. |
show controllers e1 [slot/port]
Use the show controllers e1 privileged EXEC command to display information about the E1 links supported by the Network Processor Module (NPM) (Cisco DistributedDirector 4700-M)
| slot | (Optional) Specifies the backplane slot number and can be 0, 1, 2, 3, or 4. |
| port | (Optional) Specifies the port number of the controller and can be 0 or 1. |
show controllers ethernet number
Use the show controllers ethernet EXEC command to display information on the Cisco DistributedDirector 2501.
| number | Interface number of the Ethernet interface. |
To display the configuration information currently running on the terminal, use the show running-config EXEC command. This command replaces the write terminal command.
show startup-config
To display the contents of NVRAM (if present and valid) or to show the configuration file pointed to by the CONFIG_FILE environment variable, use the show startup-config EXEC command. This command replaces the show configuration command.
show version
Use the show version EXEC command to display the configuration of the system hardware, the software version, the names and sources of configuration files, and the boot images.
write memory
The copy running-config startup-config command replaces this command. Refer to the description of the copy running-config command for more information on copy running-config startup-config.
|
|