Chapter 5.

Interface Commands
Interface configuration is one of the most fundamental aspects of getting a router online.
There are many kinds of interfaces, corresponding to different physical media and lowerlevel protocols; some of the interface types are listed in Table 5-1. For the most part, each
media type has its own configuration commands, although a few commands are common to
all interfaces. The interface is where much of IP configuration takes place: it's where you
set addresses and netmasks and specify how the interface interacts with the routing protocol
you have chosen.

Table 5-1. Interface types

Type

Description

async

Async lines are for modem dial-in and dial-out connections. The AUX port is
an async line. Terminal servers have numerous async lines for modem
connections.

atm

ATM (Asynchronous Transfer Mode) interfaces are used for connections to

an ATM switch. This includes DSL connections.

serial

Serial ports are often connected to CSU/DSUs for point-to-point leased lines
(56k, T1, etc.).

ethernet

Ethernet ports supporting 10 megabits/second.

fastethernet Ethernet ports supporting 10 and 100 megabits/second.

bri

BRI (Basic Rate Interface) for ISDN (2B + D service).

tokenring

Token ring network interfaces.

fddi

Fiber Distributed Data Interconnect.

hub

A hub that is built into the router and treated as an interface.

hssi

High-Speed Serial Interface. Supports speeds up to 52 Mbps.

Table 5-1. Interface types

Type

Description

loopback

A virtual interface on the router.

null

Bit bucket interface. Anything sent to this interface is discarded. Used for
simple route filtering.

pos

Packet over Sonet interfaces.

vlan

Virtual LAN interfaces.

5.1. Naming and Numbering Interfaces

Interfaces are configured by the interface command, followed by an interface name,
followed by a port number. The space between the interface name and the port number is
optional. For example:
interface
interface
interface
interface

serial 0
serial 1
ethernet 0
ethernet 1

Serial port 0
Serial port 1
Ethernet port 0
Ethernet port 1

On high-end routers, the interface cards are in slots; each slot has a series of ports. To
specify these interfaces, use the slot /port naming scheme. For example, the Ethernet
interface on port 5 of the card in slot 4 would be called:
interface ethernet 4/5

The interface command is followed by other commands that perform the actual
configuration. If you're entering commands at the console, the interface command
changes the prompt to Router(config-if)#.
VIP2 (Versatile Interface Processor) cards have two Ethernet ports per card. To
accommodate these cards, use the syntax card/slot/port to specify a particular Ethernet
interface. For example, Fast Ethernet card 2 on slot 1 on port 0 would be called:
interface fastethernet 2/1/0

5.2. Basic Interface Configuration Commands

The following basic commands apply to just about any type of interface.

5.2.1. shutdown
The shutdown command disables an interface. The interface does not transmit packets after
it has been shut down; all routing protocols are informed that the interface is unavailable.
interface serial0
shutdown

Use the no shutdown command to restart an interface that has been shut down:
Router#config terminal
Router(config)#interface serial 0
Router(config-if)#no shutdown

There can be side effects to an interface shutdown. The nature of these side effects depends
on the interface type. Table 5-2 shows some of the possible side effects.

Table 5-2. Possible side effects of an interface shutdown

Interface

Side effect of a shutdown

Ethernet

Drops link-status indicator to the remote hub or switch

Serial

Drops DTR signal

FDDI

Activates optical bypass switch

Token ring

Removes interface from the token ring

The shutdown command can also be applied to a subinterface. In this case, it stops protocol
processing on that subinterface without affecting the other subinterfaces or dropping the
entire interface.

5.2.2. Interface Descriptions

An interface's description shows up in the router's configuration and in the output from the
show interfaces command. This description is for informational purposes only; it helps
you remember the configuration of the interface. For example:
interface serial0
description T1 Connection to Baltimore (Good place to document the
circuit id!)

Use the no form of this command to remove the description:

no description

5.2.3. Setting the IP Address and Subnet Mask

Setting the IP address on an interface is fairly simple: use the ip address command,
followed by the address and the subnet mask. For example:
interface ethernet0
ip address 10.10.1.65 255.255.255.224

This command sets the interface IP address to 10.10.1.65 and the subnet mask to
255.255.255.224.

5.2.3.1 Secondary IP address(es)

The secondary keyword allows an interface to have more than one IP address. You can
have as many secondary addresses as you like, but keep in mind that each will take
processing power and will have an effect on the router. If you are using more than one
secondary address, chances are you are doing something wrong with your network
configuration.
For example, suppose we had an Ethernet segment with a 255.255.255.224 subnet, which
allows 30 hosts per subnet, as in Figure 5-1 (before). Everything is working fine. Then one
day your boss comes in and tells you to add 30 more hosts on the segment. The bad news is
that there are no more Ethernet ports on your router and you need to add the new machine's
addresses today.

Figure 5-1. Using a secondary IP address

After a few minutes of panic, you weigh your options. One is to resubnet the network. You
would then need to change the subnet masks on every machine, which is time-consuming.
Even if you are using DHCP, a massive network reorganization is bound to be timeconsuming and disruptive for your users.
The second, easier option is to add another subnet to the Ethernet segment by using the
secondary command. In the old configuration, the original subnet was 10.10.1.64 with 30
hosts. In the new configuration, we add a second subnet, 10.10.1.96, to the segment:
interface ethernet0
ip address 10.10.1.65 255.255.255.224
ip address 10.10.1.97 255.255.255.224 secondary

Initially, the interface was assigned the address 10.10.1.65; we could assign .66 through .94
to hosts on the segment (.95 is reserved for broadcasts). After adding the .96 subnet, we can
assign addresses 10.10.1.98 through 10.10.1.126 as well; .97 is assigned to the ethernet0
interface as its secondary address. We can go a step further and add yet another subnet,
10.10.1.128, by assigning 10.10.1.129 as an additional secondary address. This gives us a
total of three subnets. We can add as many secondary addresses as we want.
interface ethernet 0
ip address 10.10.1.65 255.255.255.224
ip address 10.10.1.97 255.255.255.224 secondary
ip address 10.10.1.129 255.255.255.224 secondary

Some pitfalls with secondary addresses are:

Secondary IP addresses are not supported by OSPF.

Routing updates are not sent out to secondary subnets due to split horizon. For a
definition of split horizon and how it relates to routing, see Chapter 8. However,
split horizon can be disabled.

Too many secondary IP addresses often means you are doing something wrong with
your network design.

Host broadcasts may or may not be heard by hosts on the other subnets, depending
on the broadcast address used by the host and the hosts' implementations.

5.2.4. Other Common Interface Commands

You will encounter the following commands frequently as you work with interfaces on
Cisco routers:

bandwidth
The bandwidth command does not have anything to do with configuring the speed
of an interface. Rather, it defines the interface speed for calculating routing metrics
and other purposes. You would use this command to tell the router the interface's
actual speed if for some reason the default bandwidth was not correct (for example,
for a fractional T1 line, the router will use the speed of a full T1 as the default
bandwidth), or to "lie" about an interface's bandwidth to influence route metric
calculations and steer traffic in a particular direction. Obviously, giving the router
incorrect information about an interface's bandwidth is an iffy proposition, but there
are times when that's the easiest way to achieve the result you want.

ip directed-broadcasts
A directed broadcast is a broadcast that is sent to a specific network or set of
networks. They are frequently used in denial-of-service attacks, in which someone
outside your network tries to overwhelm it with illegitimate traffic. To reduce your
vulnerability to such attacks, Cisco routers drop directed broadcasts by default. To
enable forwarding of directed broadcasts, use the ip directed-broadcasts
command.

ip proxy-arp
Enabling proxy ARP on an interface allows the router to respond to ARP requests
for hosts that it knows about, but that aren't directly reachable by the host making
the ARP request. If the router receives an ARP request for a host and the router has a

route to that host, the router sends an ARP response with its own data link address to
the requestor. The requesting host then sends packets to the router, who in turn
forwards them on to the correct destination host.
For example, a host connected via a PPP dial-up link won't be visible to hosts
connected to the router via an Ethernet. If a host on an Ethernet sends an ARP
request for a host connected via PPP, the router will respond to the ARP request on
behalf of the PPP host, listing its own Ethernet address as the destination. The router
then takes responsibility for forwarding the packets to the PPP host.

ip source-route
Source routing allows packets to include their own routing information in their
headers. This feature is often abused. Source routing is enabled by default but is
frequently disabled using the command no ip source-route.

ip unreachables
This command enables the generation of ICMP protocol unreachable messages (the
default). These messages are generated when the router receives a nonbroadcast
message for a protocol it doesn't recognize. This command is usually used in its
negative form (no ip unreachables) and is often used on the null interface.
Now let's look at some of the specific interface types you're likely to encounter.

5.3. The Loopback Interface

The loopback interface is a virtual interface that is always up and available after it has been
configured. Note that the loopback interface is not tied to the address 127.0.0.1. It's an
interface like any other, and can be assigned its own address. A loopback interface is often
used as a termination address for some routing protocols, because it never goes down.
Another common use of a loopback address is to identify a router. For example, say you
want to find out whether a particular router is up. You know that the router has an
ethernet0 interface with an IP address of 10.10.1.1. You ping 10.10.1.1 and don't get a
response. Does this mean your router is down? It's possible that the router is up and that the
ping reached the router on another interface, but you didn't receive a response because
ethernet0 is down. To find out unambiguously whether the router is alive, you have to
ping another interface. But that interface might be down, causing the same scenario to
occur. To avoid this problem, you can configure the router's loopback interface with a
unique address. Then, when you want to telnet or ping your router, use the loopback
interface's IP address. This method ensures that you will get a response no matter how your
packets reach the router.

Here's how to assign an IP address to a loopback interface:

interface loopback 0
ip address 10.10.1.2 255.255.255.255

Other ways to use the loopback interface include:

1. Using the unnumbered command on serial links mixed with the loopback interface
to eliminate wasted IP addresses on serial links.
2. Various routing protocols, such as OSPF and BGP, make use of a router ID, which
should be the address of a link that is always up. The loopback interface is great for
this purpose. (OSPF and BGP are discussed in Chapter 9 and Chapter 10,
respectively.)
3. Use the address of a loopback interface as the IP address for all management
software. The management software will test whether the router is alive by pinging
the loopback interface's IP address.

5.5. Ethernet and Fast Ethernet Interfaces

Give an Ethernet or Fast Ethernet interface an IP address, and it's ready to go. It's a good
idea to give the interface a description, but that's not required. Also, as with all interfaces,
don't forget the no shutdown command. For Fast Ethernet interfaces, you can also specify
the interface speed and whether it's operating at full or half duplex:
interface Ethernet0
description Internal Office Network
ip address 10.10.1.1 255.255.255.248
no shutdown
interface FastEthernet1
description Fast Network for fileservers
ip address 10.10.1.17 255.255.255.248
! Set the speed to 100 (which is the default)
speed 100
! Set the duplex to full
duplex full
no shutdown

5.5.1. Ethernet Encapsulation

By default, an Ethernet uses ARPA encapsulation (standard Ethernet Version 2.0). However,
you can specify another encapsulation type using the encapsulation command. For
example:
interface ethernet 0
encapsulation arpa
ip address 10.10.1.10 255.255.255.248

The possible encapsulation types are shown in Table 5-3.

Table 5-3. Ethernet encapsulation types

Keyword

Encapsulation type

arpa

Standard Ethernet Version 2.0

isol

IEEE 802.3 Encapsulation

snap

IEEE 803.3 Encapsulation per RFC 1042

All the devices connected to an Ethernet must share the same encapsulation type; if they do
not, they will not be able to communicate. If you're not sure of the encapsulation type,
you're probably using ARPA.

5.10. Interface show Commands

The router keeps track of lots of information about its interfaces: the number of packets
sent, the number of errors, addresses, etc. You can get most of this information by using one
of the show commands.

5.10.1. Clearing the show Command Counters

Much of the information the router tracks is numeric: for example, running counts of the
number of packets that went out the interface and related items. These counters aren't
particularly meaningful unless you know when the counter started counting. To clear the
counters that are displayed in the show interface commands, use the clear counters
command. This command does not clear the values that are retrieved from SNMP
commands, but only the values reported by the show commands discussed in this section.
Here are some typical clear counters commands:
Router#clear counters ethernet0
Router#clear counters serial0
Router#clear counters

The first two commands clear the counters for a specific interface; the last command clears
the counters for all the interfaces.

All counters are unsigned long integers, which means they can go up
to about 4 billion before they roll over to 0 (2^32 - 1).

5.10.2. Listing All Interfaces

If you don't know what physical interfaces are available on your router, use the show
version command. You'll find a list of interfaces at the end of its output. Here's what
happens on a Cisco 2524:
Router>show version
...
cisco 2524 (68030) processor (revision J) with 6144K/2048K bytes of
memory.
Processor board ID 08291960, with hardware revision 00000000
Bridging software.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
1 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
FT1 CSU/DSU for Serial Interface 0
No module installed for Serial Interface 1
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read ONLY)

This router has one Ethernet port, two serial ports, and one built-in CSU/DSU installed on
serial interface 0.

5.10.3. Using the show interface Commands

The show interface command displays protocol-specific statistics for the interface. All
interfaces report both generic information and media-specific information. For example,
here's what you get if you ask for information about an Ethernet segment:
Router>show interface ethernet0
Ethernet0 is up, line protocol is up
Hardware is Lance, address is 0010.7b39.e28e (bia 0010.7b39.e28e)
Description: Office Ethernet segment
Internet address is 10.10.1.1/29
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 2000 bits/sec, 3 packets/sec
5 minute output rate 17000 bits/sec, 3 packets/sec
11938498 packets input, 4102863937 bytes, 0 no buffer
Received 60515 broadcasts, 0 runts, 0 giants, 0 throttles
8 input errors, 0 CRC, 0 frame, 0 overrun, 8 ignored, 0 abort
0 input packets with dribble condition detected
12556989 packets output, 1981671402 bytes, 0 underruns
0 output errors, 11702 collisions, 1 interface resets
0 babbles, 0 late collision, 20150 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

Table 5-5 shows how to interpret this information.

Table 5-5. Information from a show interface command

Field

Meaning

Up/down

Whether the interface is up and configured. If the interface is

administratively down, the shutdown command has been applied to this
interface. If the interface is down, it is not receiving any signal from the
attached network cable.

Line protocol

Whether the encapsulation protocol is up or down for this interface. If

Table 5-6. Explanation of show ip interface output

Output

Network address
translation is disabled

Explanation
Specifies whether NAT is enabled on this interface. The ip nat
command enables address translation. However, it requires some
extensive configuration. For more information, see Chapter 12.

Here's the output from show ip interface brief. The output is fairly straightforward,
except for the meaning of the Method column. This column is the same as the "Address
determined" field in Table 5-6.
Router#show ip interface brief
Interface
IP-Address
Ethernet0
10.200.212.1
Ethernet1
10.200.210.30
Serial0
unassigned
Serial1
unassigned

OK?
YES
YES
YES
YES

Method
NVRAM
NVRAM
unset
unset

Status
Protocol
up
up
up
up
administratively down down
administratively down down