ip

Use the ip command to configure TCP/IP settings for the GigaVUE® HC Series node’s Mgmt port, including the default gateway, DNS server, and domain name. Note that most users configure these settings using the config jump-start script during the initial deployment of the system. Refer to the Hardware Installation Guide for details.

The ip command has the following syntax:

ip
   default-gateway <next hop IP address> [interface name (eth0, eth1...)]
   dhcp
      default-gateway yield-to-static
      hostname <hostname>
      primary intf <interface name>
      send-hostname
   domain-list <domain name>
   filter
      chain <chain>
         clear
         policy <policy>
         rule <append tail | insert <rule number> | set <rule number> | modify <rule number>> target <target>
      move <old rule number> to <new rule number>
         [comment <comment> | dest-addr <network prefix> <netmask> | dest-port <port or port range> |
         dup-delete | in-intf <interface>| not-dest-addr <network prefix> <netmask> | not-dest-port <port
         or port range> | not-in-intf <interface> | not-out-intf <interface> | not-protocol <protocol> |
         not-source-addr <network prefix> <netmask> | not-source-port <port or port range> | out-intf
         <interface> | protocol <protocol> | source-addr <network prefix> <netmask> | source-port
         <port or port range> | state <state>]
      enable
      options include-bridges
   host <hostname> <IP address>
   map-hostname
   name-server <IPv4 or IPv6 address>
   route <network prefix> <netmask | mask length> <next hop IP address or interface name>

The following table describes the arguments for the ip command:

Argument

Description

default-gateway <next hop IP address> [interface name (eth0, eth1...)]

Specifies the default gateway for the Mgmt port (eth0). The default gateway is where the Mgmt port will send IP packets for distribution to remote networks. For example:

(config) # ip default-gateway 192.168.1.1 eth0

dhcp
   default-gateway yield-to-static
   hostname <hostname>
   primary intf <interface name>
   send-hostname

Configures global DHCP settings as follows:

default-gateway yield-to-static—Preserves any statically configured default gateway instead of using an address received through DHCP.
hostname—Specifies the hostname to be sent during DHCP client negotiation (if send-hostname is enabled).
primary intf—Sets the interface from which non-interface-specific configuration (resolver and routes) will be accepted through DHCP. Leave this set to eth0 (the Mgmt port).
send-hostname—Sends a hostname during negotiation.

domain-list <domain name>

Adds a domain name to use when resolving hostnames.

filter
   chain <chain>
      clear
      policy <policy>
      rule <append tail | insert | set | modify | move>
   enable
   options include-bridges

Configures IP filtering as follows:

chain <chain>—Specifies the chain. The only chains allowed are FORWARD, INPUT, and OUTPUT.
o clear—Deletes all rules from a given chain.

Note:  The clear parameter deletes all IP filter rules, which can result in loss of connectivity between nodes in a cluster. Rather than clearing all IP filters, delete only the specific filters that are no longer required. If you use clear, the following warning is displayed:

ST1 [ST1: standby] (config) # ip filter chain FORWARD clear

WARNING !! Clearing the ip filter INPUT chain may impact mgmt and clustering ports and operations!!

Enter 'YES' to confirm this operation:

o policy <policy>—Sets the policy (the default target) for a specified chain. The only targets allowed are ACCEPT and DROP. The rules on this chain will be overrides of this default.
o rule—Appends, inserts, sets, modifies, or moves a rule. The chains and targets allowed are the same as for policy. For details on rules, refer to rule.
enable—Enables or disables IP filtering of network traffic. The default is disabled.
options include-bridges—Enables or disables IP packet filtering for bridges. The default is disabled. (This is not supported.)

The default policies for each chain are as follows:

OUTPUT: ACCEPT
INPUT: DROP
FORWARD: DROP

For configuration examples, refer to the IP Filter Chains for Security.

rule <append tail | insert <rule number> | set <rule number> | modify <rule number>> target <target> move <old rule number> to <new rule number> [comment
<comment>
   dest-addr <network prefix> <netmask>
   dest-port <port or port range>
   dup-delete
   in-intf <interface>
   not-dest-addr <network prefix> <netmask>
   not-dest-port <port or port range>
   not-in-intf <interface>
   not-out-intf <interface>
   not-protocol <protocol>
   not-source-addr <network prefix> <netmask>
   not-source-port <port or port range>
   out-intf <interface>
   protocol <protocol>
   source-addr <network prefix> <netmask>
   source-port <port or port range>
   state <state>]

Specifies the position of a rule, which is determined by the arguments that follow rule, as follows:

append tail—Adds a new rule after all existing rules.
insert <rule number>—Inserts a new rule before the existing rule with the specified rule number. The specified rule number must be an existing rule. The specified rule number and all rules above it will be renumbered to make room for the new rule.
set <rule number>—Specifies the rule number of an existing rule and overwrites it with the new rule.
modify <rule number>—Modifies an existing rule at a specified rule number.
move—Moves an existing rule to a different position in the same chain. It is inserted at the new location, removed from the old location, and the surrounding rules are renumbered.

Note the following:

Rule numbers are contiguous (there are no spaces between rule numbers).
There must always be at least one rule.
You can have multiple rules with the same target.
All of the arguments after the target are optional.

The targets are as follows:

ACCEPT
DROP

Netmask can be specified either as a netmask or a mask length (for example: 255.255.255.0 or /24).

Dup-delete specifies that after adding or modifying a rule, delete all other existing rules that are duplicates of it. (Duplicates are otherwise not detected.)

The available protocols are as follows:

tcp, udp, icmp, igmp, ah, esp, all

If tcp or udp are specified, you can specify source or destination ports.

State classifies the packet relative to existing connections. The states are as follows:

ESTABLISHED—means it is associated with an existing connection that has seen traffic in both directions.
RELATED—means it opens a new connection, but one that is related to an established connection.
NEW—means it opens a new, unrelated connection.

You can enter more than one state by separating them with a comma.

host <hostname> <IP address>

Configures a static mapping between the specified hostname and IPv4 address. The hostname must be a valid Domain Name Service (DNS) name.

map-hostname

Enables the map-hostname argument to ensure a static host mapping for the current hostname.

name-server <IPv4 or IPv6 address>

Adds another DNS name server address to the GigaVUE HC Series node’s list.

route <network prefix> <netmask | mask length> <next hop IP address or interface name>

Configures a static routing entry for the GigaVUE HC Series node’s Mgmt port, telling the system that any traffic destined for a particular network should be sent to a particular destination. You can specify the netmask using either the bitcount format (for example, /24) or the dotted-quad format (for example, 255.255.255.0). For example:

(config) # ip route 10.16.0.0 255.255.255.0 192.168.1.1

Related Commands

The following table summarizes other commands related to the ip command:

Task

Command

Displays the active default route.

show ip default-gateway

Displays the configured default route.

show ip default-gateway static

Displays DHCP configuration information.

show ip dhcp

Displays IP filtering state.

show ip filter

Displays IP filtering state (including unconfigured rules).

show ip filter all

Displays IP filtering configuration.

show ip filter configured

Displays active routes, both dynamic and static.

show ip route

Displays configured static routes.

show ip route static

Deletes the current default route.

(config) # no ip default-gateway

Installs default gateway from DHCP, even if there is already a statically configured one.

(config) # no ip dhcp default-gateway yield-to-static

Reverts to using the system hostname for DHCP client negotiation.

(config) # no ip dhcp hostname

Reverts to the default interface from which non-interface-specific configuration (resolver and routes) will be accepted through DHCP.

(config) # no ip dhcp primary-intf

Does not send a hostname during DHCP client negotiation.

(config) # no ip dhcp send-hostname

Deletes a domain name.

(config) # no ip domain-list mydomain

Resets the policy (the default target) for a specified chain to the default.

(config) # no ip filter chain FORWARD policy

If you specify a chain and rule, deletes the rule and renumbers rules to close the gap. If you specify a chain only, deletes all the rules in that chain and resets the chain's policy to the default.

(config) # no ip filter chain INPUT rule 3

Disables IP filtering.

(config) # no ip filter enable

Does not apply IP filters to bridges. (This is not supported.)

(config) # no ip filter options include-bridges

Deletes static hostname/IPv4 address mappings from a specified host.

(config) # no ip host myhost 10.10.10.10

Deletes static hostname/IPv4 address mappings from the localhost.

(config) # no ip host localhost 10.10.10.10

Does not ensure a static host mapping for the current hostname.

(config) # no ip map-hostname

Deletes a name server using IPv4 or IPv6 address.

(config) # no ip name-server 1.1.1.1

Deletes a static route.

(config) # no ip route 0.0.0.0 /21