Cisco IOS IP Routing: OSPF Command Reference
OSPF Commands: A through ip ospf demand-circuit
Downloads: This chapterpdf (PDF - 1.87MB) The complete bookPDF (PDF - 3.88MB) | The complete bookePub (ePub - 426.0KB) | Feedback

OSPF Commands: A through ip ospf demand-circuit

Contents

OSPF Commands: A through ip ospf demand-circuit

area authentication

To enable authentication for an Open Shortest Path First (OSPF) area, use the area authentication command in router configuration mode. To remove an authentication specification of an area or a specified area from the configuration, use the no form of this command.

area authentication commandarea area-id authentication [message-digest]

no area area-id authentication [message-digest]

Syntax Description

area-id

Identifier of the area for which authentication is to be enabled. The identifier can be specified as either a decimal value or an IP address.

message-digest

(Optional) Enables Message Digest 5 (MD5) authentication on the area specified by the area-id argument.

Command Default

Type 0 authentication (no authentication)

Command Modes

Router configuration

Command History

Release

Modification

10.0

This command was introduced.

11.0

The message-digest keyword was added.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

Specifying authentication for an area sets the authentication to Type 1 (simple password) as specified in RFC 1247. If this command is not included in the configuration file, authentication of Type 0 (no authentication) is assumed.

The authentication type must be the same for all routers and access servers in an area. The authentication password for all OSPF routers on a network must be the same if they are to communicate with each other via OSPF. Use the ip ospf authentication-key interface command to specify this password.

If you enable MD5 authentication with the message-digest keyword, you must configure a password with the ip ospf message-digest-key interface command.

To remove the authentication specification for an area, use the noform of this command with the authentication keyword.


Note


To remove the specified area from the software configuration, use the no area area-idcommand (with no other keywords). That is, the no area area-id command removes all area options, such as area authentication, area default-cost, area nssa, area range, area stub, and area virtual-link.


Examples

The following example mandates authentication for areas 0 and 10.0.0.0 of OSPF routing process 201. Authentication keys are also provided.

interface ethernet 0
 ip address 192.168.251.201 255.255.255.0
 ip ospf authentication-key adcdefgh
!
interface ethernet 1
 ip address 10.56.0.201 255.255.0.0
 ip ospf authentication-key ijklmnop
!
router ospf 201
 network 10.0.0.0 0.255.255.255 area 10.0.0.0
 network 192.168.0.0 0.0.255.255 area 0
 area 10.0.0.0 authentication
 area 0 authentication

Related Commands

Command

Description

area default-cost

Specifies a cost for the default summary route sent into a stub area.

area stub

Defines an area as a stub area.

ip ospf authentication-key

Assigns a password to be used by neighboring routers that are using the simple password authentication of OSPF.

ip ospf message-digest-key

Enables OSPF MD5 authentication.

area authentication (key-chain)

To enable authentication trailer for an Open Shortest Path First version 3 (OSPFv3) area, use the area authentication command in router configuration mode or in address-family configuration mode. To disable the authentication trailer, use theno form of this command.

area area-id authentication {key-chain chain-name | null }

no area area-id authentication {key-chain | null }

Syntax Description

area-id

Area ID assigned to the OSPFv3 area. This can be either a decimal value or a valid IPv6 prefix. There is no default.

authentication

Enables area authentication.

key-chain

Configures a key chain for cryptographic authentication keys.

chain-name

Name of the authentication key that is valid..

null

(Optional) Enables Message Digest 5 (MD5) authentication on the area specified by the area-id argument.

Command Default

No authentication trailer is enabled for an OSPFv3 area.

Command Modes

Router configuration (config-router)

Router address family configuration (config-router-af)

Command History

Release

Modification

Cisco IOS XE Release 3.11S

This command was introduced.

Usage Guidelines

Use the area authenticationcommand to enable authentication trailer on all interfaces in the area.

Examples

The following example enables the authentication trailer for an OSPFv3 area:

Device(config-router-af)# area 1 authentication key-chain ospf-1

Related Commands

Command

Description

ospfv3 authentication (key-chain)

Specifies the cryptographic authentication keys for an OSPFv3 instance.

authentication mode (OSPF)

Specifies the authentication mode used in OSPFv3.

area default-cost

To specify a cost for the default summary route that is sent into a stub area or not-so-stubby area (NSSA), use the area default-cost command in router address family topology or router configuration mode. To remove the assigned default route cost, use the no form of this command.

area default-cost commandarea area-id default-cost cost

no area area-id default-cost cost

Syntax Description

area-id

Identifier for the stub area or NSSA. The identifier can be specified as either a decimal value or an IP address.

cost

Cost for the default summary route used for a stub or NSSA. The acceptable value is a 24-bit number.

Command Default

cost: 1

Command Modes

Router address family topology configuration (config-router-af-topology) Router configuration (config-router)

Command History

Release

Modification

10.0

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SRB

This command was made available in router address family topology configuration mode.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

This command is used only on an Area Border Router (ABR) attached to a stub area or NSSA.

There are two stub area router configuration commands: the stub and default-cost options of the area command. In all routers and access servers attached to the stub area, the area should be configured as a stub area using the stub option of the area command. Use the default-cost option only on an ABR attached to the stub area. The default-cost option provides the metric for the summary default route generated by the ABR into the stub area.


Note


To remove the specified area from the software configuration, use the no area area-id command (with no other keywords). That is, the no area area-id command removes all area options, such as area authentication, area default-cost, area nssa, area range, area stub, and area virtual-link.


Release 12.2(33)SRB

If you plan to configure the Multi-Topology Routing (MTR) feature, you need to enter the area default-costcommand in router address family topology configuration mode in order for this OSPF router configuration command to become topology-aware.

Examples

The following example assigns a default cost of 20 to stub network 10.0.0.0:

interface ethernet 0
 ip address 10.56.0.201 255.255.0.0
!
router ospf 201
 network 10.0.0.0 0.255.255.255 area 10.0.0.0
 area 10.0.0.0 stub
 area 10.0.0.0 default-cost 20

Related Commands

Command

Description

area authentication

Enables authentication for an OSPF area.

area stub

Defines an area as a stub area.

area filter-list

To filter prefixes advertised in type 3 link-state advertisements (LSAs) between Open Shortest Path First (OSPF) areas of an Area Border Router (ABR), use the area filter-list command in router address family topology or router configuration mode. To change or cancel the filter, use the no form of this command.

area area-id filter-list prefix prefix-list-name { in | out }

no area area-id filter-list prefix prefix-list-name { in | out }

Syntax Description

area-id

Identifier of the area for which filtering is configured. The identifier can be specified as either a decimal value or an IP address.

prefix

Indicates that a prefix list is used.

prefix-list-name

Name of a prefix list.

in

The prefix list is applied to prefixes advertised to the specified area from other areas.

out

The prefix list is applied to prefixes advertised out of the specified area to other areas.

Command Default

This command is disabled by default. The router will not filter prefixes.

Command Modes

Router address family topology configuration (config-router-af-topology) Router configuration (config-router)

Command History

Release

Modification

12.0(15)S

This command was introduced.

12.2(4)T

This command was integrated into Cisco IOS Release 12.2(4)T.

12.2(28)SB

This command was integrated into Cisco IOS Release 12.2(28)SB.

12.2(33)SRB

This command was made available in router address family topology configuration mode.

Usage Guidelines

With this feature enabled in the “in” direction, all type 3 LSAs originated by the ABR to this area, based on information from all other areas, are filtered by the prefix list. Type 3 LSAs that were originated as a result of the area range command in another area are treated like any other type 3 LSA that was originated individually. Any prefix that does not match an entry in the prefix list is implicitly denied.

With this feature enabled in the “out” direction, all type 3 LSAs advertised by the ABR, based on information from this area to all other areas, are filtered by the prefix list. If the area range command has been configured for this area, type 3 LSAs that correspond to the area range are sent to all other areas, only if at least one prefix in the area range matches an entry in the prefix list.

If all specific prefixes are denied by the prefix list, type 3 LSAs that correspond to the area range command will not be sent to any other area. Prefixes that are not permitted by the prefix list are implicitly denied.

Release 12.2(33)SRB

If you plan to configure the Multi-Topology Routing (MTR) feature, you need to enter the area filter-listcommand in router address family topology configuration mode in order for this OSPF router configuration command to become topology-aware.

Examples

The following example filters prefixes that are sent from all other areas to area 1:

area 1 filter-list prefix AREA_1 in 

Related Commands

Command

Description

area range

Consolidates and summarizes routes at an area boundary.

area nssa

To configure a not-so-stubby area ( NSSA), use the area nssa command in router address family topology or router configuration mode. To remove the NSSA distinction from the area, use the no form of this command.

area nssa commandarea area-id nssa [no-redistribution] [ default-information-originate [metric] [metric-type] ] [no-summary] [nssa-only]

no area area-id nssa [no-redistribution] [ default-information-originate [metric] [metric-type] ] [no-summary] [nssa-only]

Syntax Description

area-id

Identifier for the stub area or NSSA. The identifier can be specified as either a decimal value or an IP address.

no-redistribution

(Optional) Used when the router is an NSSA Area Border Router (ABR) and you want the redistribute command to import routes only into the normal areas, but not into the NSSA area.

default-information- originate

(Optional) Used to generate a Type 7 default into the NSSA area. This keyword takes effect only on the NSSA ABR or the NSSA Autonomous System Boundary Router (ASBR).

metric

(Optional) Specifies the OSPF default metric.

metric-type

(Optional) Specifies the OSPF metric type for default routes.

no-summary

(Optional) Allows an area to be an NSSA but not have summary routes injected into it.

nssa-only

(Optional) Limits the default advertisement to this NSSA area by setting the propagate (P) bit in the type-7 LSA to zero.

Command Default

No NSSA area is defined.

Command Modes

Router address family topology configuration (config-router-af-topology) Router configuration (config-router)

Command History

Release

Modification

10.0

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SRB

This command was made available in router address family topology configuration mode.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

15.0(1)M

This command was modified. The nssa-only keyword was added.

15.2(1)E

This command was integrated into Cisco IOS Release 15.2(1)E.

Usage Guidelines

To remove the specified area from the software configuration, use the no area area-idcommand (with no other keywords). That is, the no area area-id command removes all area options, including area authentication, area default-cost, area nssa, area range, area stub, and area virtual-link.

Release 12.2(33)SRB

If you plan to configure the Multi-Topology Routing (MTR) feature, you need to enter the area nssacommand in router address family topology configuration mode in order for this OSPF router configuration command to become topology-aware.

Examples

The following example makes area 1 an NSSA area:

router ospf 1
 redistribute rip subnets
 network 172.19.92.0 0.0.0.255 area 1
 area 1 nssa

Related Commands

Command

Description

redistribute

Redistributes routes from one routing domain into another routing domain.

area nssa translate

To configure a not-so-stubby area ( NSSA) and to configure the OSPF Forwarding Address Suppression in Translated Type-5 LSAs feature, use the area nssa translatecommand in router address family topology or router configuration mode. To remove the NSSA distinction from the area, use the no form of this command.

area nssa translate commandarea area-id nssa translate type7 [always] [suppress-fa] [ default-information-originate [ metric ospf-metric ] [ metric-type ospf-link-state-type ] [nssa-only] ] [no-ext-capability] [no-redistribution] [no-summary]

no area area-id nssa translate type7 [always] [suppress-fa] [ default-information-originate [ metric ospf-metric ] [ metric-type ospf-link-state-type ] [nssa-only] ] [no-ext-capability] [no-redistribution] [no-summary]

Syntax Description

area-id

Identifier for the stub area or NSSA. The identifier can be specified as either a decimal value or an IP address.

translate

Translates one type of link-state advertisement (LSA) to another type of LSA. This keyword takes effect only on an NSSA Area Border Router (ABR) or an NSSA Autonomous System Boundary Router (ASBR).

type7

(Required) Translates a Type-7 LSA to a Type-5 LSA. This keyword takes effect only on an NSSA ABR or an NSSA ASBR.

always

(Optional) Configures an NSSA ABR router as a forced NSSA LSA translator. The NSSA ABR router unconditionally translates Type-7 LSAs to Type-5 LSAs. You can configure the always keyword only in router configuration mode, not in router address family topology configuration mode.

suppress-fa

(Optional) Suppresses the forwarding address of the Type-7 LSAs from being placed in the Type-5 LSAs. This keyword takes effect only on an NSSA ABR or an NSSA ASBR.

default-information-originate

(Optional) Used to generate a Type 7 default into the NSSA area. This keyword takes effect only on the NSSA ABR or the NSSA Autonomous System Boundary Router (ASBR).

metric

(Optional) Configures the OSPF default metric.

ospf-metric

Specifies the OSPF default metric in the range from 0 to 16777214.

metric-type

(Optional) Configures the OSPF metric type for default routes.

ospf-link-state-type

Specifies OSPF metric type in the range from 1 to 2.

nssa-only

(Optional) Limits the default advertisement to this NSSA area by setting the propagate (P) bit in the type-7 LSA to zero..

no-ext-capability

(Optional) Specifies that domain-specific capabilities are not sent to NSSA.

no-redistribution

(Optional) Specifies that the redistribute command will import routes only into the normal areas, not into the NSSA area. Used when the router is an NSSA ABR.

no-summary

(Optional) Allows an area to be an NSSA but not have summary routes injected into it.

Command Default

The ABRs connecting an NSSA and the backbone areas elect one of them to translate LSAs, which means that a router might be elected as translator.

Command Modes

Router address family topology configuration (config-router-af-topology) Router configuration (config-router)

Release

Modification

12.2(15)T

This command was introduced.

12.2(27)SBC

This command was integrated into Cisco IOS Release 12.2(27)SBC.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SRB

This command was made available in router address family topology configuration mode.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

15.1(2)S

This command was modified. Support for the always keyword was added.

15.2(1)E

This command was integrated into Cisco IOS Release 15.2(1)E.

Usage Guidelines

To configure the OSPF Forwarding Address Suppression in Translated Type-5 LSAs feature, configure the translate type7 suppress-fa keywords. Consider the following caution.


Caution


Configuring the OSPF Forwarding Address Suppression in Translated Type-5 LSAs feature causes the router to be noncompliant with RFC 1587. Also, suboptimal routing might result because there might be better paths to reach the destination’s forwarding address. This feature should not be configured without careful consideration and not until the network topology is understood.


If the the no-redistribution or default-information-originate keywords are used, two separate lines for the area nssa command appear in the configuration file for ease of readability. For example, if the area 6 nssa translate type7 suppress-fa no-redistributioncommand is configured, the following lines would appear in the configuration file:

router ospf 1
 area 6 nssa no-redistribution
 area 6 nssa translate type7 suppress-fa

Cisco IOS Release 15.1(2)S and later releases support RFC 3101 and include the always keyword, which allows you to configure an NSSA ABR router as a forced NSSA LSA translator. This means that the NSSA ABR router will unconditionally assume the role of LSA translator, preempting the default behavior, which would only include it among the candidates to be elected as translator.


Note


Even a forced translator might not translate all LSAs; translation depends on the contents of each LSA.


You can configure the always keyword only in router configuration mode, not in router address family topology configuration mode.

To remove the specified area from the software configuration, use the no area area-idcommand (with no other keywords). That is, the no area area-id command removes all area options, such as area authentication, area default-cost, area nssa, area range, area stub, and area virtual-link.

Release 12.2(33)SRB

If you plan to configure the Multi-Topology Routing (MTR) feature with this command, you you must do so in router address family topology configuration mode in order for this OSPF router configuration command to become topology-aware.

Examples

The following example causes OSPF to translate Type-7 LSAs from area 1 to Type-5 LSAs, but not place the Type-7 forwarding address into the Type-5 LSAs. OSPF places 0.0.0.0 as the forwarding address in the Type-5 LSAs.

router ospf 2
 network 172.19.92.0 0.0.0.255 area 1
 area 1 nssa translate type7 suppress-fa

The following example configures an NSSA ABR as a forced LSA translator.

Router(config-router)# area 10 nssa translate type7 always

Related Commands

Command

Description

redistribute

Redistributes routes from one routing domain into another routing domain.

area range

To consolidate and summarize routes at an area boundary, use the a rea range command in router configuration mode. To disable this function, use the noform of this command.

area area-id range ipv6-prefix /prefix-length [ advertise | not-advertise ] [ cost cost ]

no area area-id range ipv6-prefix /prefix-length [ advertise | not-advertise ] [ cost cost ]

Syntax Description

area-id

Identifier of the area about which routes are to be summarized. It can be specified as either a decimal value or as an IPv6 prefix.

ipv6-prefix

IPv6 prefix.

/ prefix-length

IPv6 prefix length.

advertise

(Optional) Sets the address range status to advertise and generates a Type 3 summary link-state advertisement (LSA).

not-advertise

(Optional) Sets the address range status to DoNotAdvertise. The Type 3 summary LSA is suppressed, and the component networks remain hidden from other networks.

cost cost

(Optional) Metric or cost for this summary route, which is used during OSPF SPF calculation to determine the shortest paths to the destination. The value can be 0 to 16777215.

Command Default

This command is disabled by default.

Command Modes

Router configuration

Command History

Release

Modification

10.0

This command was introduced.

12.0(24)S

Support for IPv6 was added. The cost keyword and cost argument were added.

12.2(15)T

Support for IPv6 was added. The cost keyword and cost argument were added.

12.2(18)S

This command was integrated into Cisco IOS Release 12.2(18)S.

12.2(28)SB

This command was integrated into Cisco IOS Release 12.2(28)SB.

12.2(25)SG

This command was integrated into Cisco IOS Release 12.2(25)SG.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SXH

This command was integrated into Cisco IOS Release 12.2(33)SXH.

Cisco IOS XE Release 2.1

This command was introduced on Cisco ASR 1000 Series Routers.

Usage Guidelines

The area range command is used only with Area Border Routers (ABRs). It is used to consolidate or summarize routes for an area. The result is that a single summary route is advertised to other areas by the ABR. Routing information is condensed at area boundaries. External to the area, a single route is advertised for each address range. This behavior is called route summarization

Multiple area router configuration commands specifying the range option can be configured. Thus, OSPF can summarize addresses for many different sets of address ranges.

This command has been modified for Open Shortest Path First (OSPF) for IPv6. Users can now enter the IPv6 address syntax.


Note


To remove the specified area from the software configuration, use the no area area-idcommand (with no other keywords). That is, the no area area-id command removes all area options, such as area default-cost, area nssa, area range, area stub, and area virtual-link.


Examples

The following example specifies one summary route to be advertised by the ABR to other areas for all subnets on network 10.0.0.0 and for all hosts on network 192.168.110.0:

interface Ethernet0/0
 no ip address
 ipv6 enable
 ipv6 ospf 1 area 1
!
ipv6 router ospf 1
 router-id 192.168.255.5
 log-adjacency-changes
 area 1 range 2001:0DB8:0:1::/64

The following example shows the IPv6 address syntax:

Router(config-rtr)# area 1 range ?
 X:X:X:X::X/<0-128>  IPv6 prefix x:x::y/z

area sham-link

To configure a sham-link interface on a provider edge (PE) router in a Multiprotocol Label Switching (MPLS) VPN backbone, use the area sham-link command in router configuration or address family configuration mode. To remove the sham link, use the no form of this command.

area area-id sham-link source-address destination-address authentication key-chain chain-name [ cost number ] [ ttl-security hops hop-count ]

no area area-id sham-link source-address destination-address authentication key-chain chain-name

Syntax Description

area-id

ID number of the Open Shortest Path First (OSPF) area assigned to the sham link. Valid values: numeric value from 1 to 4294967295 or valid IP address, in A.B.C.D format. There is no default.

source-address

IP address associated with the sham-link source.

destination-address

IP address associated with the destination router.

authentication

Enables sham link authentication.

key-chain

Configures a key-chain for cryptographic authentication keys.

chain-name

Name of the authentication key that is valid.

cost number

(Optional) Specifies the OSPF cost to send IP packets over the sham-link interface. The number argument range is from 1 to 65535.

ttl-security hops hop-count

(Optional) Configures Time-to-Live (TTL) security on a sham link. The hop-count argument range is from 1 to 254.

Command Default

A sham link interface is not configured on the router. The default cost is 1.

Command Modes

Router configuration (config-router)

Address family configuration (config-router-af)

Command History

Release

Modification

12.2(8)T

This command was introduced.

12.0(21)ST

This command was integrated into Cisco IOS Release 12.0(21)ST, and support for Cisco 12000 series Internet routers was added.

12.0(22)S

This command was integrated into Cisco IOS Release 12.0(22)S, and support for Cisco 10000 series Internet routers was added.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

12.2(33)SRC

The ttl-security hops hop-count keywords and argument were added.

15.0(1)M

This command was integrated into Cisco IOS Release 15.0(1)M.

Cisco IOS XE Release 3.6S

This command was modified. Support for Cisco ASR 1000 series routers was added.

15.2(4)S

This command was integrated into Cisco IOS Release 15.2(4)S. This command was made available in the address family configuration mode.

Cisco IOS XE Release 3.7S

This command was modified. The command was made available in the address family configuration mode.

Cisco IOS XE Release 3.11S

The authentication key-chain keywords were added.

Usage Guidelines

In the MPLS VPN environment, several VPN client sites can be connected in the same OSPF area. If these sites are connected over a backdoor link in addition to the VPN backbone, all traffic passes over the backdoor link instead of over the VPN backbone. OSPF always selects intra-area routes over inter-area (external) routes.

To correct this default OSPF behavior in an MPLS VPN, use the area sham-link command to configure a sham link between two PEs to connect the sites through the MPLS VPN backbone. A sham link represents an intra-area (unnumbered point-to-point) connection between PEs. All other routers in the area use the sham link to calculate intra-area shortest path first (SPF) routes to the remote site.

Configure the source and destination addresses of the sham link as a host route mask (255.255.255.255) on the PE routers that serve as the endpoints of the sham link. The source and destination IP addresses must belong to the VPN routing and forwarding instance (VRF) and be advertised by Border Gateway Protocol (BGP) to remote PE routers. The sham-link endpoint addresses should not be advertised by OSPF.

In an IPv6 environment, the source and destination must be global scope IPv6 addresses in the correct VRF. The source address should be a local interface address, typically a loopback. The destination address should be learned from BGP, not OSPFv3.

Use the ttl-security hops hop-count keywords and argument to enable checking of TTL values on OSPF packets from neighbors or to set TTL values sent to neighbors. This feature adds an extra layer of protection to OSPF. This option is not configurable for OSPFv3.

Examples

The following example shows how to configure a sham link between two PE routers in an MPLS VPN backbone by using the area sham-link command on each router:

Router1(config)# interface loopback 55
Router1(config-if)# ip vrf forwarding v1
Router1(config-if)# ip address 10.0.0.1 255.255.255.255
!
Router1(config)# router ospf 2 vrf v1
Router1(config-router)# log-adjacency-changes
Router1(config-router)# area 120 sham-link 10.0.0.1 172.16.0.1 cost 1
Router1(config-router)# redistribute bgp 1 subnets
Router1(config-router)# network 10.2.0.1 255.255.255.255 area 1
Router1(config-router)# network 10.120.0.0 0.255.255.255 area 120
Router1(config-router)# network 10.140.0.0 0.255.255.255 area 120
!
Router2(config)# interface loopback 44
Router2(config-if)# ip vrf forwarding v1
Router2(config-if)# ip address 172.16.0.1 255.255.255.255
!
Router2(config)# router ospf 2 vrf v1
Router2(config-router)# log-adjacency-changes
Router2(config-router)# area 120 sham-link 172.16.0.1 10.0.0.1 cost 1
Router2(config-router)# redistribute bgp 1 subnets
Router2(config-router)# network 10.2.0.1 255.255.255.255 area 1
Router2(config-router)# network 10.120.0.0 0.255.255.255 area 120
Router2(config-router)# network 10.140.0.0 0.255.255.255 area 120
!

The following example shows how to configure TTL security for a sham link in OSPFv3 for IPv6:

Device(config)# router ospfv3 1
Device(config-router)# address-family ipv6 unicast vrf vrf1
Device(config-router-af)#area 1 sham-link 2001:DB8:1::1 2001:DB8:0:A222::2 ttl-security hops 10

The following example shows how to configure the authentication using a key chain for sham-links:

area 1 sham-link 1.1.1.1 authentication key-chain ospf-chain-1

Related Commands

Command

Description

ttl-security hops

Enables checking of TTL values on OSPF packets from neighbors or setting TTL values sent to neighbors.

area sham-link (OSPFv3)

To configure a sham-link interface on a provider edge (PE) router in a Multiprotocol Label Switching (MPLS) VPN backbone, use the area sham-link command in address family configuration mode. To remove the sham link, use the no form of this command.

area area-id sham-link source-address destination-address [ cost number ] [ ttl-security hops hop-count ]

no area area-id sham-link source-address destination-address

Syntax Description

area-id

OSPFv3 area assigned to the sham link. The range is from 1 to 4294967295. The area number may be configured in IPv4 address format A.B.C.D There is no default.

source-address

IPv6 address associated with the sham-link source.

destination-address

IPv6 address associated with the destination router.

cost number

(Optional) Specifies the OSPFv3 cost to send IP packets over the sham-link interface. The range is from 1 to 65535.

ttl-security hops hop-count

(Optional) Configures Time-to-Live (TTL) security on a sham link. The range is from 1 to 254.

Command Default

A sham link interface is not configured on the router. The default cost is 1.

Command Modes

Address family configuration (config-router-af)

Command History

Release

Modification

15.2(2)S

This command was introduced.

Cisco IOS XE Release 3.6S

This command was integrated into Cisco IOS XE Release 3.6S.

15.1(1)SY

This command was integrated into Cisco IOS Release 15.1(1)SY.

15.2(4)M

This command was integrated into Cisco IOS Release 15.2(4)M.

Usage Guidelines

In the MPLS VPN environment, several VPN client sites can be connected in the same OSPFv3 area. If these sites are connected over a backdoor link in addition to the VPN backbone, all traffic passes over the backdoor link instead of over the VPN backbone. OSPFv3 always selects intra-area routes over inter-area (external) routes.

To correct this default OSPFv3 behavior in an MPLS VPN, use the area sham-link command to configure a sham link between two PEs to connect the sites through the MPLS VPN backbone. A sham link represents an intra-area (unnumbered point-to-point) connection between PEs. All other routers in the area use the sham link to calculate intra-area shortest path first (SPF) routes to the remote site.

Configure the source and destination addresses of the sham link as an IPv6 host route mask (/128) on the PE routers that serve as the endpoints of the sham link. The source and destination IP addresses must belong to the VPN routing and forwarding instance (VRF) and be advertised by Border Gateway Protocol (BGP) to remote PE routers. The sham-link endpoint addresses should not be advertised by OSPFv3.

The source and destination must be global scope IPv6 addresses in the correct VRF. The source address should be a local interface address, typically a loopback. The destination address should be learned from BGP, not OSPFv3.

Use the ttl-security hops hop-count keywords and argument to enable checking of TTL values on OSPFv3 packets from neighbors or to set TTL values sent to neighbors. This option adds an extra layer of protection to OSPFv3. This option is not configurable for OSPFv3.

Examples

The following example shows how to configure an OSPFv3 sham link between two PE routers in an MPLS VPN backbone by using the area sham-link command on each router:

Device(config-vrf)# interface loopback 0
Device(config-if)# description Sham-link endpoint
Device(config-if)# vrf forwarding vrf1
Device(config-if)# ipv6 address 0:0:0:7272::72/128
Device(config-if)# ipv6 enable
Device(config-if)# router ospfv3 1
Device(config router)# address-family ipv6 unicast vrf vrf1
Device(config router-af)# redistribute bgp 2
Device(config router-af)# area 0 sham-link 0:0:0:7272::72 0:0:0:7373::73 cost 100


The following example shows how to configure TTL security for a sham link in OSPFv3 for IPv6:

Device(config)# router ospfv3 1
Device(config-router)# address-family ipv6 unicast vrf vrf1
Device(config-router-af)# area 1 sham-link 2001:DB8:1::1 2001:DB8:0:A222::2 ttl-security hops 10

Related Commands

address-family ipv6

Enters address family configuration mode for configuring routing sessions, such as BGP, that use standard IPv6 address prefixes.

redistribute OSPFv3

Redistributes IPv6 and IPv4 routes from one routing domain into another routing domain.

router ospfv3

Enters OSPFv3 router configuration mode for the IPv4 or IPv6 address family.

vrf forwarding

Associates a VRF instance or a virtual network with an interface or subinterface.

area stub

To define an area as a stub area, use the area stub command in router address family topology or router configuration mode. To disable this function, use the no form of this command.

area stub commandarea area-id stub [no-summary]

no area area-id stub [no-summary]

Syntax Description

area-id

Identifier for the stub area; either a decimal value or an IP address.

no-summary

(Optional) Prevents an Area Border Router (ABR) from sending summary link advertisements into the stub area.

Command Default

No stub area is defined.

Command Modes

Router address family topology configuration (config-router-af-topology) Router configuration (config-router)

Command History

Release

Modification

10.0

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SRB

This command was made available in router address family topology configuration mode.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

You must configure the area stub command on all routers and access servers in the stub area. Use the area router configuration command with the default-cost keyword to specify the cost of a default internal route sent into a stub area by an ABR.

There are two stub area router configuration commands: the stub and default-cost options of the area router configuration command. In all routers attached to the stub area, the area should be configured as a stub area using the stub keyword of the area command. Use the default-cost keyword only on an ABR attached to the stub area. The default-cost keyword provides the metric for the summary default route generated by the ABR into the stub area.

To further reduce the number of link-state advertisements (LSAs) sent into a stub area, you can configure the no-summary keyword on the ABR to prevent it from sending summary LSAs (LSA type 3) into the stub area.


Note


To remove the specified area from the software configuration, use the no area area-idcommand (with no other keywords). That is, the no area area-id command removes all area options, such as area authentication, area default-cost, area nssa, area range, area stub, and area virtual-link.


Release 12.2(33)SRB

If you plan to configure the Multi-Topology Routing (MTR) feature, you need to enter the area stubcommand in router address family topology configuration mode in order for this OSPF router configuration command to become topology-aware.

Examples

The following example assigns a default cost of 20 to stub network 10.0.0.0:

interface ethernet 0
 ip address 10.56.0.201 255.255.0.0
!
router ospf 201
 network 10.0.0.0 0.255.255.255 area 10.0.0.0
 area 10.0.0.0 stub
 area 10.0.0.0 default-cost 20

Related Commands

Command

Description

area authentication

Enables authentication for an OSPF area.

area default-cost

Specifies a cost for the default summary route sent into a stub area.

area virtual-link

To define an Open Shortest Path First (OSPF) virtual link, use the area virtual-link command in router address family topology, router configuration, or address family configuration mode. To remove a virtual link, use the no form of this command.

area area-id virtual-link router-id authentication key-chain chain-name [ hello-interval seconds ] [ retransmit-interval seconds ] [ transmit-delay seconds ] [ dead-interval seconds ] [ ttl-security hops hop-count ]

no area area-id virtual-link router-id authentication key-chain chain-name

Syntax Description

area-id

Area ID assigned to the virtual link. This can be either a decimal value or a valid IPv6 prefix. There is no default.

router-id

Router ID associated with the virtual link neighbor. The router ID appears in the show ip ospf or show ipv6 display command. There is no default.

authentication

Enables virtual link authentication.

key-chain

Configures a key-chain for cryptographic authentication keys.

chain-name

Name of the authentication key that is valid.

hello-interval seconds

(Optional) Specifies the time (in seconds) between the hello packets that the Cisco IOS software sends on an interface. The hello interval is an unsigned integer value to be advertised in the hello packets. The value must be the same for all routers and access servers attached to a common network. The range is from 1 to 8192. The default is 10.

retransmit-interval seconds

(Optional) Specifies the time (in seconds) between link-state advertisement (LSA) retransmissions for adjacencies belonging to the interface. The retransmit interval is the expected round-trip delay between any two routers on the attached network. The value must be greater than the expected round-trip delay. The range is from 1 to 8192. The default is 5.

transmit-delay seconds

(Optional) Specifies the estimated time (in seconds) required to send a link-state update packet on the interface. The integer value that must be greater than zero. LSAs in the update packet have their age incremented by this amount before transmission. The range is from 1 to 8192. The default value is 1.

dead-interval seconds

(Optional) Specifies the time (in seconds) that hello packets are not seen before a neighbor declares the router down. The dead interval is an unsigned integer value. The default is four times the hello interval, or 40 seconds. As with the hello interval, this value must be the same for all routers and access servers attached to a common network.

ttl-security hops hop-count

(Optional) Configures Time-to-Live (TTL) security on a virtual link. The hop-count argument range is from 1 to 254.

Command Default

No OSPF virtual link is defined.

Command Modes

Router address family topology configuration (config-router-af-topology)

Router configuration (config-router)

Address family configuration (config-router-af)

Command History

Release

Modification

10.0

This command was introduced.

12.0(24)S

Support for IPv6 was added.

12.2(15)T

Support for IPv6 was added.

12.2(18)S

This command was integrated into Cisco IOS Release 12.2(18)S.

12.2(28)SB

This command was integrated into Cisco IOS Release 12.2(28)SB.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SRB

This command was made available in router address family topology configuration mode.

12.2(33)SXH

This command was integrated into Cisco IOS Release 12.2(33)SXH.

12.2(33)SRC

The ttl-security hops hop-count keywords and argument were added.

15.0(1)M

This command was integrated into Cisco IOS Release 15.0(1)M.

15.2(4)S

This command was integrated into Cisco IOS Release 15.2(4)S. This command was made available in the address family configuration mode.

Cisco IOS XE Release 3.7S

This command was integrated into Cisco IOS XE Release 3.7S. This command was made available in the OSPFv3 address family configuration mode.

15.1(1)SY

This command was integrated into Cisco IOS Release 15.1(1)SY.

Cisco IOS XE Release 3.11S

This command was integrated into Cisco IOS XE Release 3.11S. The authentication key-chain keywords were added.

Usage Guidelines

In OSPF, all areas must be connected to a backbone area. A lost connection to the backbone can be repaired by establishing a virtual link.

The shorter the hello interval, the faster topological changes will be detected, but more routing traffic will ensue. The setting of the retransmit interval should be conservative, or needless retransmissions will result. The value should be larger for serial lines and virtual links.

You should choose a transmit delay value that considers the transmission and propagation delays for the interface.

To configure a virtual link in OSPF for IPv6, you must use a router ID instead of an address. In OSPF for IPv6, the virtual link takes the router ID rather than the IPv6 prefix of the remote router.

Use the ttl-security hops hop-count keywords and argument to enable checking of TTL values on OSPF packets from neighbors or to set TTL values sent to neighbors. This feature adds an extra layer of protection to OSPF.


Note


In order for a virtual link to be properly configured, each virtual link neighbor must include the transit area ID and the corresponding virtual link neighbor router ID. To display the router ID, use the show ip ospf or the show ipv6 ospf command in privileged EXEC mode.



Note


To remove the specified area from the software configuration, use the no area area-id command (with no other keywords). That is, the no area area-id command removes all area options, such as area default-cost, area nssa, area range, area stub, and area virtual-link.


Release 12.2(33)SRB

If you plan to configure the Multitopology Routing (MTR) feature, you need to enter the area virtual-link command in router address family topology configuration mode in order for this OSPF router configuration command to become topology-aware.

Examples

The following example establishes a virtual link with default values for all optional parameters:

ipv6 router ospf 1
 log-adjacency-changes
 area 1 virtual-link 192.168.255.1

The following example establishes a virtual link in OSPF for IPv6:

ipv6 router ospf 1
 log-adjacency-changes
 area 1 virtual-link 192.168.255.1 hello-interval 5

The following example shows how to configure TTL security for a virtual link in OSPFv3 for IPv6:

Device(config)# router ospfv3 1
Device(config-router)# address-family ipv6 unicast vrf vrf1
Device(config-router-af)# area 1 virtual-link 10.1.1.1 ttl-security hops 10


The following example shows how to configure the authentication using a key chain for virtual-links:

area 1 virtual-link 1.1.1.1 authentication key-chain ospf-chain-1

Related Commands

Command

Description

area

Configures OSPFv3 area parameters.

show ip ospf

Enables the display of general information about OSPF routing processes.

show ipv6 ospf

Enables the display of general information about OSPF routing processes.

ttl-security hops

Enables checking of TTL values on OSPF packets from neighbors or setting TTL values sent to neighbors.

authentication mode (OSPF)

To specify authentication mode used in Open Shortest Path First version 3 (OSPFv3) , use the authentication mode command in router configuration mode or in address-family configuration mode. To restore defaultnormal authentication mode, use theno form of this command.

authentication mode {strict | deployment | normal}

no authentication mode {strict | deployment | normal}

Syntax Description

strict

Disables the usage of expired keys for authentication of OSPFv3 packets.

deployment

Provides seamless deployment by allowing maintaining adjacency between authentication trailer enabled and not-yet-enabled devices.

normal

Restores to default mode of authentication in the address family.

Command Default

The default mode of authentication isnormal mode.

Command Modes

Router configuration (config-router)

Router address family configuration (config-router-af)

Command History

Release

Modification

Cisco IOS XE Release 3.11S

This command was introduced.

Usage Guidelines

The strict mode prevents usage of last expired send key for authentication of outgoing packets and also disables the usage of expired accept keys for authentication of receiving packets. The strict mode is stricter than the normal mode. See section-3 of RFC 6506 for more details on the normal mode behavior.

OSPFv3 in deployment mode sends packets with both authentication trailer and checksums. While receiving packets, authentication trailer is verified but does not affect adjacency. These changes allows the device in deployment mode to maintain neighborship with both non-enabled and authentication trailer enabled devices. While in deployment mode, the show ospfv3 neighbor detail command displays an additional line that shows whether last packet was successfully authenticated.

Examples

The following example shows how to specify the authentication type for an OSPFv3 instance using the deployment mode of operation:

Device(config-router-af)# authentication mode deployment

Related Commands

Command

Description

ospfv3 authentication (key-chain)

Specifies the cryptographic authentication keys for an OSPFv3 instance.

area authentication (key-chain)

Enables authentication trailer for an OSPFv3 area.

auto-cost

To control how Open Shortest Path First (OSPF) calculates default metrics for the interface, use the auto-costcommand in router configuration mode. To assign cost based only on the interface type, use the no form of this command.

auto-cost commandauto-cost reference-bandwidth mbps

no auto-cost reference-bandwidth

Syntax Description

reference-bandwidth mbps

Rate in Mbps (bandwidth). The range is from 1 to 4294967; the default is 100.

Command Default

100 Mbps

Command Modes

Router configuration

Command History

Release

Modification

11.2

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

In Cisco IOS Release 10.3 and later releases, by default OSPF will calculate the OSPF metric for an interface according to the bandwidth of the interface. For example, a 64K link will get a metric of 1562, and a T1 link will have a metric of 64.

The OSPF metric is calculated as the ref-bw value divided by the bandwidth, with mbps equal to 108 by default, and bandwidth determined by the bandwidth (interface)command. The calculation gives FDDI a metric of 1.

If you have multiple links with high bandwidth (such as FDDI or ATM), you might want to use a larger number to differentiate the cost on those links.

The value set by the ip ospf cost command overrides the cost resulting from the auto-cost command.

Examples

The following example changes the cost of the FDDI link to 10, while the gigabit Ethernet link remains at a cost of 1. Thus, the link costs are differentiated.

router ospf 1
 auto-cost reference-bandwidth 1000

Related Commands

Command

Description

ip ospf cost

Explicitly specifies the cost of sending a packet on an interface.

BFD Deterministic Offload

To host a BFD session either in hardware or software on ES + line cards for Cisco 7600 routers, use the platform bfd offload-timer command in the global configuration mode. Set the Tx timer lower than, or equal to the offload-timer limit, to host the BFD session in hardware, if resources are available. Set the Tx timer that is higher than the offload timer limit to host the BFD session in software.

platform bfd offload-timer offload timer

Syntax Description

bfd

Indicates the platform specific BFD commands.

timer-limit

Specifies the tx-timer limit, which if exceeded by any interface session, denies hardware offload for that session. It specifies the rate, in milliseconds, at which BFD packets will be offloaded. The valid range for the milliseconds argument is from 50 to 999.

Command Default

None

Command Modes

Global configuration

Command History

Release Modification
15.3(3)S

This command was introduced on the Cisco 7600 series routers.

Usage Guidelines

None

Examples

The following shows a sample configuration for the command:

Router# enable
Router#configure terminal
Router(config)#platform bfd offload-timer 450
Router(config)#end

capability lls

To enable the use of the Link-Local Signalling (LLS) data block in originated Open Shortest Path First (OSPF) packets and reenable OSPF nonstop forwarding (NSF) awareness, use the capability llscommand in router configuration mode. To disable LLS and OSPF NSF awareness, use the no form of this command.

capability lls

no capability lls

Syntax Description

This command has no arguments or keywords.

Command Default

LLS is enabled.

Command Modes

Router configuration

Command History

Release

Modification

12.2(15)T

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.2(33)SXH

This command was integrated into Cisco IOS Release 12.2(31)SXH.

Usage Guidelines

You might want to disable NSF awareness by disabling the use of the LLS data block in originated OSPF packets. You might want to disable NSF awareness if the router has no applications using LLS.

If NSF is configured and you try to disable LLS, you will receive the error message, “OSPF Non-Stop Forwarding (NSF) must be disabled first.”

If LLS is disabled and you try to configure NSF, you will receive the error message, “OSPF Link-Local Signaling (LLS) capability must be enabled first.”

Examples

The following example disables LLS support and OSPF NSF awareness:

router ospf 2
 no capability lls

capability transit

To reenable Open Shortest Path First (OSPF) area capability transit after it has been disabled, use the capability transit command in router configuration mode. To disable OSPF area capability transit on all areas for a router process, use the no form of this command.

capability transit

no capability transit

Syntax Description

This command has no arguments or keywords.

Command Default

OSPF area capability transit is enabled.

Command Modes

Router configuration

Command History

Release

Modification

12.0(27)S

This command was introduced.

12.3(7)T

This command was integrated into Cisco IOS Release 12.3(7)T.

12.2(25)S

This command was integrated into Cisco IOS Release 12.2(25)S.

12.2(27)SBC

This command was integrated into Cisco IOS Release 12.2(27)SBC.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SXH

This command was integrated into Cisco IOS Release 12.2(33) SXH.

Usage Guidelines

OSPF area capability transit is enabled by default, allowing the OSPF Area Border Router to install better-cost routes to the backbone area through the transit area instead of the virtual links. If you want to retain a traffic pattern through the virtual-link path, you can disable capability transit by entering the no capability transit command. If paths through the transit area are discovered, they are most likely to be more optimal paths, or at least equal to, the virtual-link path. To reenable capability transit, enter the capability transit command.

If you need to verify whether OSPF area capability transit is enabled for a specific routing process, enter the show ip ospf command.

Examples

The following example shows how to disable OSPF area capability transit on all areas for a router process named ospf 1. A show ip ospf command is issued first to display the current areas that have area capability transit enabled. The no capability transit command is then entered to disable OSPF area capability transit on all areas for the router process ospf 1.

Router# show ip ospf
 Routing Process "ospf 1" with ID 10.1.1.1
 Supports only single TOS(TOS0) routes
 Supports opaque LSA
 Supports Link-local Signaling (LLS)
!Supports area transit capability
It is an area border router
 Initial SPF schedule delay 5000 msecs
 Minimum hold time between two consecutive SPFs 10000 msecs
 Maximum wait time between two consecutive SPFs 10000 msecs
 Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
 LSA group pacing timer 240 secs
 Interface flood pacing timer 33 msecs
 Retransmission pacing timer 66 msecs
 Number of external LSA 8. Checksum Sum 0x02853F
 Number of opaque AS LSA 0. Checksum Sum 0x000000
 Number of DCbitless external and opaque AS LSA 0
 Number of DoNotAge external and opaque AS LSA 0
 Number of areas in this router is 2. 2 normal 0 stub 0 nssa
!Number of areas transit capable is 1
External flood list length 0
    Area BACKBONE(0)
        Number of interfaces in this area is 3
        Area has no authentication
        SPF algorithm last executed 00:02:21.524 ago
        SPF algorithm executed 11 times
        Area ranges are
        Number of LSA 49. Checksum Sum 0x19B5FA
        Number of opaque link LSA 0. Checksum Sum 0x000000
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 38
        Flood list length 0
    Area 1
        Number of interfaces in this area is 3
       !This area has transit capability: Virtual Link Endpoint
        Area has no authentication
        SPF algorithm last executed 00:02:36.544 ago
        SPF algorithm executed 9 times
        Area ranges are
        Number of LSA 42. Checksum Sum 0x1756D5
        Number of opaque link LSA 0. Checksum Sum 0x000000
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0
Router(config)# router ospf 1
Router(router-config)# no capability transit

Related Commands

Command

Description

show ip ospf

Displays general information about OSPF routing processes.

capability vrf-lite

To suppress the provider edge (PE) specific checks on a router when the Open Shortest Path First (OSPF) process is associated with the VPN routing and forwarding instance (VRF), use the capabilityvrf-lite command in router configuration mode. To restore the checks, use the no form of this command.

capability vrf-lite

no capability vrf-lite

Syntax Description

This command has no arguments or keywords.

Command Default

Disabled. PE specific checks are performed if the process is associated with VRF command modes.

Command Modes

Router configuration (config-router)

Command History

Release

Modification

12.0(21)ST

This command was introduced.

12.0(22)S

This command was integrated into Cisco IOS Release 12.0(22)S.

12.2(8)B

This command was integrated into Cisco IOS Release 12.2(8)B.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

This command works only if the OSPF process is associated with the VRF.

When the OSPF process is associated with the VRF, several checks are performed when link-state advertisements (LSAs) are received. PE checks are needed to prevent loops when the PE is performing a mutual redistribution between OSPF and Border Gateway Protocol (BGP) interfaces.

The table below describes the PE checks performed when Type-3, Type-5, and Type-7 LSAs are received.

Table 1 PE Checks Performed
Note   

The OSPF VRF process acts as an Area Border Router (ABR) when you configure an OSPF process that is associated with a VRF without the capability vrf-lite.

Type-3 LSA received

The DN bit is checked. If the DN bit is set, the Type-3 LSA is not considered during the shortest path first (SPF) calculation.

Type-5 or -7 LSA received

If the Tag in the LSA is equal to the VPN-tag, the Type-5 or-7 LSA is not considered during the SPF calculation.

In some situations, performing PE checks might not be desirable. The concept of VRFs can be used on a router that is not a PE router (that is, a router that is not running BGP). With the capabilityvrf-lite command, the checks can be turned off to allow correct population of the VRF routing table with routes to IP prefixes.

Examples

This example shows a router configured with multi-VRF:

router ospf 100 vrf grc
 capability vrf-lite

capability vrf-lite (OSPFv3)

To suppress the provider edge (PE)-specific checks on a router when the Open Shortest Path First version 3 (OSPFv3) process is associated with the VPN routing and forwarding (VRF) instance, use the capability vrf-lite command in address family configuration mode. To restore the checks, use the no form of this command.

capability vrf-lite

no capability vrf-lite

Syntax Description

This command has no arguments or keywords.

Command Default

Disabled. PE-specific checks are performed if the process is associated with VRF command modes.

Command Modes

Address family configuration (config-router-af)#

Command History

Release

Modification

15.2(2)S

This command was introduced.

Cisco IOS XE Release 3.6S

This command was integrated into Cisco IOS XE Release 3.6S.

15.1(1)SY

This command was integrated into Cisco IOS Release 15.1(1)SY.

15.2(4)M

This command was integrated into Cisco IOS Release 15.2(4)M.

15.2(1)E

This command was integrated into Cisco IOS Release 15.2(1)E.

Usage Guidelines

This command works only if the OSPFv3 process is associated with the VRF.

When the OSPFv3 process is associated with the VRF, several checks are performed when link-state advertisements (LSAs) are received. PE checks are needed to prevent loops when the PE is performing a mutual redistribution between OSPF and Border Gateway Protocol (BGP) interfaces.

The table below describes the PE checks performed when inter-area-prefix LSAs, AS-External LSAs, or not-so-stubby area (NSSA) LSAs are received.

Table 2 PE Checks Performed

LSA Received

Check

Inter-area-prefix LSAs, AS-External LSAs or NSSA LSAs received

The down bit (DN) is checked. If the DN bit is set, the inter-area-prefix LSAs, AS-External LSAs or NSSA LSAs is not considered during the SPF calculation.

Inter-Area-Prefix-LSAs LSA received from nonbackbone area

The OSPFv3 VRF process acts as an Area Border Router (ABR) and the PE router does ABR-specific checks. Most noticeably, the router does not consider during shortest path first (SPF) calculation inter-area-prefix LSAs received from a nonbackbone (nonzero) area. The capability vrf-lite command disconnects the OSPFv3 process from the Multiprotocol Label Switching (MPLS) VPN super-backbone and the router loses ABR status (unless the OSPFv3 process is configured with active backbone and nonbackbone areas).

Examples

The following example shows a router in IPv6 address-family configuration mode reconfigured with multi-VRF:

router ospfv3 1
!
address-family ipv6 unicast vrf v2
 capability vrf-lite  
exit-address-family

Related Commands

address-family ipv6

Enters address family configuration mode for configuring routing sessions, such as BGP, that use standard IPv6 address prefixes.

router ospfv3

Enters OSPFv3 router configuration mode for the IPv4 or IPv6 address family.

clear proximity ip ospf

To clear redistribution based on the Open Shortest Path First (OSPF) routing process ID, use the clear proximity ip ospf command in privileged EXEC mode.

clear proximity ip ospf [pid] { process | redistribution | counters [ neighbor [neighbor-interface] [neighbor-id] ] }

Syntax Description

pid

(Optional) Process ID.

process

Reset OSPF process.

redistribution

Clear OSPF route redistribution.

counters

OSPF counters.

neighbor

(Optional) Neighbor statistics per interface.

neighbor-interface

(Optional) Neighbor interface.

neighbor-id

(Optional) Neighbor ID.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

11.1

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

15.2(1)S

This command was modified. The proximitykeyword was added.

Usage Guidelines

Use the pidargument to clear only one OSPFprocess. If the pid argumentis not specified,all OSPF processesare cleared.

Examples

The following example shows how to clear all OSPF processes:

Device# clear proximity ip ospf process

clear ip ospf force-spf

To start the shortest path first (SPF) algorithm without clearing the Open Shortest Path First (OSPF) database, use the clear ip ospf force-spf command in privileged EXEC mode.

clear ip ospf [process-id] force-spf

Syntax Description

process-id

(Optional) Process identifier (ID). The range is from 1 to 65535.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

15.0(1)M

This command was introduced.

12.2(33)SRE

The command was integrated into Cisco IOS Release 12.2(33)SRE.

12.2(33)XNE

The command was integrated into Cisco IOS Release 12.2(33)XNE.

Usage Guidelines

The clear ip ospf force-spf command is used in troubleshooting and for testing purposes. This command is used to verify if the currently computed routes are correct, to generate debug messages, and so on.

Examples

The following example shows how to start the SPF algorithm without first clearing the OSPF database:

Router# clear ip ospf 1000 force-spf
 

Related Commands

Command

Description

clear ip ospf redistribution

Clears redistribution based on the OSPF routing process ID.

clear ip ospf traffic

To clear Open Shortest Path First (OSPF) traffic statistics, use the clear ip ospf traffic command in user EXEC or privileged EXEC mode.

clear ip ospf [process-id] traffic [ interface-type interface-number ]

Syntax Description

process-id

(Optional) Process ID. If the process-id argument is included, only traffic statistics for the specified routing process are cleared.

interface-type

(Optional) Interface type.

interface-number

(Optional) interface number.

Command Modes

User EXEC Privileged EXEC

Command History

Release

Modification

12.3(11)T

This command was introduced.

12.0(28)S

This command was integrated into Cisco IOS Release 12.0(28)S.

Examples

The following example clears OSPF traffic statistics for the OSPF process 100:

Router# clear ip ospf 100 traffic

Related Commands

Command

Description

show ip ospf traffic statistics

Displays OSPF traffic statistics.

clear ipv6 ospf traffic

To reset counters and clear IPv6 OSPFv3 traffic statistics, use the clear ipv6 ospf traffic command privileged EXEC mode.

clear ipv6 ospf traffic

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC

Command History

Release

Modification

12.4(6)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.2(33)SRB

This command was integrated into Cisco IOS Release 12.2(33)SRB.

Examples

The following example resets the counters and clears the OSPFv3 traffics statistics:

Router# clear ipv6 ospf traffic

Related Commands

Command

Description

clear ip ospf traffic

Clears OSPFv2 traffic statistics.

show ip ospf traffic

Displays OSPFv2 traffic statistics.

show ipv6 ospf traffic

Displays OSPFv3 traffic statistics.

compatible rfc1583

To restore the method used to calculate summary route costs per RFC 1583, use the compatible rfc1583command in router configuration mode. To disable RFC 1583 compatibility, use the no form of this command.

compatible rfc1583

no compatible rfc1583

Syntax Description

This command has no arguments or keywords.

Command Default

Compatible with RFC 1583.

Command Modes

Router configuration

Command History

Release

Modification

12.1(2)T

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

This command is backward compatible with Cisco IOS Release 12.0.

To minimize the chance of routing loops, all Open Shortest Path First (OSPF) routers in an OSPF routing domain should have RFC compatibility set identically.

Because of the introduction of RFC 2328, OSPF Version 2, the method used to calculate summary route costs has changed. Use the no compatible rfc1583 command to enable the calculation method used per RFC 2328.

Examples

The following example specifies that the router process is compatible with RFC 1583:

router ospf 1 
 compatible rfc1583
 !

compatible rfc1587

To replace RFC 3101 compatibility with RFC 1587 compatibility for route selection in not-so-stubby area (NSSA) Area Border Routers (ABRs), use the compatible rfc1587command in router configuration mode or address family configuration mode. To restore RFC 3101 compatibility, use the no form of this command.

compatible rfc1587

no compatible rfc1587

Syntax Description

This command has no arguments or keywords.

Command Default

Route selection is compatible with RFC 3101.

Command Modes

Router configuration (config-router)
Address family configuration (config-router-af)

Command History

Release

Modification

15.1(2)S

This command was introduced.

15.2(4)S

This command was modified. Support for OSPFv3 was added.

Cisco IOS XE Release 3.7S

This command was integrated into Cisco IOS XE Release 3.7S.

Usage Guidelines

In Cisco IOS Release 15.1(2)S and later releases, RFC 3101 replaces RFC 1587, and RFC 3101 behavior is automatically enabled. You can choose the route selection behavior by configuring a router to run as RFC 3101 or RFC 1587 compatible.

See Appendix F of RFC3101 The OSPF Not-So-Stubby Area (NSSA) Option for a detailed list of differences between RFC1587 and RFC3101.

Examples

The following example specifies that the router process is compatible with RFC 1587:

Router> enable
Router# configure terminal
Router(config)# router ospfv3 1
Router(config-router)# compatible rfc1587

domain-id (OSPFv3)

To configure the BGP/MPLS VPN domain ID, use the domain-id command in address-family configuration mode. To restore the default value, use the no form of this command.

domain-id type type-value value hex-value

no domain-id type type-value value hex-value

Syntax Description

type type-value

BGP extended community used to carry the domain-id.

value hex-value

An arbitrary 48-bit number encoded as 12 hexadecimal digits.

Command Default

The default value for the domain-id command is NULL.

Command Modes

address-family configuration

Command History

Release

Modification

Cisco IOS XE Release 3.6S

This command was introduced.

15.2(4)S

This command was integrated into Cisco IOS Release 15.2(4)S.

15.2(4)M

This command was integrated into Cisco IOS Release 15.2(4)M.

15.1(1)SY

This command was integrated into Cisco IOS Release 15.1(1)SY .

15.2(1)E

This command was integrated into Cisco IOS Release 15.2(1)E.

Usage Guidelines

The value of the BGP extended community used to carry the domain-id can be one of 0005, 0105, 0205, or 8005. In OSPFv2, a default non-NULL domain-id is provided by using the process-id of the router instance. In OSPFv3, the default value is NULL.

default-information originate (OSPF)

To generate a default external route into an Open Shortest Path First (OSPF) routing domain, use the default-information originate command in router configuration or router address family topology configuration mode. To disable this feature, use the no form of this command.

default-information originate [always] [ metric metric-value ] [ metric-type type-value ] [ route-map map-name ]

no default-information originate [always] [ metric metric-value ] [ metric-type type-value ] [ route-map map-name ]

Syntax Description

always

(Optional) Always advertises the default route regardless of whether the software has a default route.

Note   

The always keyword includes the following exception when the route map is used. When a route map is used, the origination of the default route by OSPF is not bound to the existence of a default route in the routing table and the always keyword is ignored.

metric metric-value

(Optional) Metric used for generating the default route. If you omit a value and do not specify a value using the default-metric router configuration command, the default metric value is 10. The value used is specific to the protocol.

metric-type type-value

(Optional) External link type associated with the default route that is advertised into the OSPF routing domain. It can be one of the following values:

  • Type 1 external route.

  • Type 2 external route.

The default is type 2 external route.

route-map map-name

(Optional) The routing process will generate the default route if the route map is satisfied.

Command Default

This command is disabled by default. No default external route is generated into the OSPF routing domain.

Command Modes

Router configuration (config-router) Router address family topology configuration (config-router-af-topology)

Command History

Release

Modification

10.0

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SRB

This command was made available in router address family topology configuration mode.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

Whenever you use the redistribute or the default-information router configuration command to redistribute routes into an OSPF routing domain, the Cisco IOS software automatically becomes an Autonomous System Boundary Router (ASBR). However, an ASBR does not, by default, generate a default route into the OSPF routing domain. The software must still have a default route for itself before it generates one, except when you have specified the always keyword.

When a route map is used, the origination of the default route by OSPF is not bound to the existence of a default route in the routing table.

Release 12.2(33)SRB

If you plan to configure the Multi-Topology Routing (MTR) feature, you need to enter the default-information originatecommand in router address family topology configuration mode in order for this OSPF router configuration command to become topology-aware.

Examples

The following example specifies a metric of 100 for the default route that is redistributed into the OSPF routing domain and specifies an external metric type of 1:

router ospf 109
 redistribute eigrp 108 metric 100 subnets
 default-information originate metric 100 metric-type 1

Related Commands

Command

Description

default-information

Accepts exterior or default information into Enhanced Interior Gateway Routing Protocol (EIGRP) processes.

default-metric

Sets default metric values for routes.

redistribute (IP)

Redistributes routes from one routing domain into another routing domain.

default-metric (OSPF)

To set default metric values for the Open Shortest Path First (OSPF) routing protocol, use the default-metric command in router address family topology or router configuration mode. To r eturn to the default state, use the no form of this command.

default-metric metric-value

no default-metric metric-value

Syntax Description

metric-value

Default metric value appropriate for the specified routing protocol.

Command Default

Built-in, automatic metric translations, as appropriate for each routing protocol. The metric of redistributed connected and static routes is set to 0.

Command Modes

Router address family topology configuration (config-router-af-topology) Router configuration (config-router)

Command History

Release

Modification

10.0

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SRB

This command was made available in router address family topology configuration mode.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

T he default-metric command is used in conjunction with the redistribute router configuration command to cause the current routing protocol to use the same metric value for all redistributed routes. A default metric helps solve the problem of redistributing routes with incompatible metrics. Whenever metrics do not convert, using a default metric provides a reasonable substitute and enables the redistribution to proceed.


Note


When enabled, the default-metric command applies a metric value of 0 to redistributed connected routes. The default-metric command does not override metric values that are applied with the redistribute command.


Release 12.2(33)SRB

If you plan to configure the Multi-Topology Routing (MTR) feature, you need to enter the default-metric command in router address family topology configuration mode in order for this OSPF router configuration command to become topology-aware.

Examples

The following example shows a router in autonomous system 109 using both the Routing Information Protocol (RIP) and the OSPF routing protocols. The example advertises OSPF-derived routes using RIP and assigns the OSPF-derived routes a RIP metric of 10.

router rip
 default-metric 10
 redistribute ospf 109

Related Commands

Command

Description

redistribute (IP)

Redistributes routes from one routing domain into another routing domain.

discard-route

To reinstall an external or internal discard route that was previously removed, use the discard-route command in router address family topology configuration or router configuration mode. To remove an external or internal discard route, use the no form of this command.

discard-route [ external [distance] ] [ internal [distance] ]

no discard-route [ external [distance] ] [ internal [distance] ]

Syntax Description

external

(Optional) Specifies the discard-route entry for redistributed summarized routes on an Autonomous System Boundary Router (ASBR).

internal

(Optional) Specifies the discard-route entry for summarized internal routes on the Area Border Router (ABR).

distance

(Optional) Administrative distance. A value between 1 and 254. The default administrative distance for external and internal discard routes is 254 and 110, respectively.

Command Default

External and internal discard-route entries are installed.

Command Modes

Router address family topology configuration (config-router-af-topology) Router configuration (config-router)

Command History

Release

Modification

12.1(1)T

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SRB

This command was made available in router address family topology configuration mode.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

12.4(15)T

The distance argument was added.

12.2(33)SRC

The distance argument was integrated into Cisco IOS Release 12.2(33)SRC.

12.2(33)SB

This command was integrated into Cisco IOS Release 12.2(33)SB.

Usage Guidelines

External and internal discard-route entries are installed in routing tables by default. During route summarization, routing loops may occur when data is sent to a nonexisting network that appears to be a part of the summary, and the router that is performing the summarization has a less specific route (pointing back to the sending router) for this network in its routing table. To prevent the routing loop, a discard route entry is installed in the routing table of the ABR or ASBR.

If for any reason you do not want to use the external or internal discard route, remove the discard route by entering the no discard-route command with the external or internal keyword.

Release 12.2(33)SRB

If you plan to configure the Multi-Topology Routing (MTR) feature, you need to enter the discard-routecommand in router address family topology configuration mode in order for this OSPF router configuration command to become topology-aware.

Release 12.4(15)T

Prior to Cisco IOS Release 12.4(15)T, both external and internal discard routes were installed using the default OSPF intra-area administrative distance 110. You can now modify this default distance for discard routes by entering a new administrative distance for the distance argument of the discard-route command.

Examples

The following display shows the discard-route functionality installed by default. When external or internal routes are summarized, a summary route to Null0 will appear in the router output from the show ip route command. See the router output lines that refer to Null0:

Router# show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
      172.16.0.0/24 is variably subnetted, 3 subnets, 2 masks
C        172.16.0.128/25 is directly connected, Loopback1
O        172.16.0.0/24 is a summary, 00:00:14, Null0
C        172.16.0.0/25 is directly connected, Loopback0
      172.31.0.0/24 is variably subnetted, 3 subnets, 2 masks
C        172.31.0.128/25 is directly connected, Loopback3
O        172.31.0.0/24 is a summary, 00:00:02, Null0
C        172.31.0.0/25 is directly connected, Loopback2
C     192.168.0.0/24 is directly connected, Ethernet0/0
Router# show ip route ospf
      172.16.0.0/24 is variably subnetted, 3 subnets, 2 masks
O        172.16.0.0/24 is a summary, 00:00:29, Null0
      172.16.0.0/24 is variably subnetted, 3 subnets, 2 masks
O        172.16.0.0/24 is a summary, 00:00:17, Null0

When the no discard-route command with the internal keyword is entered, notice the following route change, indicated by the router output lines that that refer to Null0:

Router# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# router ospf 1
Router(config-router)# no discard-route internal 
Router(config-router)# end
Router# show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
      172.16.0.0/24 is variably subnetted, 3 subnets, 2 masks
C        172.16.0.128/25 is directly connected, Loopback1
C        172.16.0.0/25 is directly connected, Loopback0
      172.31.0.0/24 is variably subnetted, 3 subnets, 2 masks
C        172.31.0.128/25 is directly connected, Loopback3
O        172.31.0.0/24 is a summary, 00:00:02, Null0
C        172.31.0.0/25 is directly connected, Loopback2
C     192.168.0.0/24 is directly connected, Ethernet0/0
Router# show ip route ospf
      172.31.0.0/24 is variably subnetted, 3 subnets, 2 masks
O        172.16.0.0/24 is a summary, 00:04:14, Null0

Next, the no discard-route command with the external keyword is entered to remove the external discard route entry:

Router# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# router ospf 1
Router(config-router)# no discard-route external 
Router(config-router)# end

The following router output from the show running-config command confirms that both the external and internal discard routes have been removed from the routing table of the router. See the router output lines that that refer to discard routes.

Router# show running-config
Building configuration...
Current configuration : 1114 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
.
.
.
router ospf 1
 log-adjacency-changes
 no discard-route external
 no discard-route internal
 area 1 range 172.16.0.0 255.255.255.0
 summary-address 172.31.0.0 255.255.255.0
 redistribute rip subnets
 network 192.168.0.0 0.0.0.255 area 0
 network 172.16.0.0 0.0.0.255 area 1
!

Related Commands

Command

Description

show ip route

Displays the current state of the routing table.

show running-config

Displays the contents of the currently running configuration file, the configuration for a specific interface, or map class information.

distance ospf

To define Open Shortest Path First (OSPF) route administrative distances based on route type, use the distance ospf command in router address family topology or router configuration mode. To restore the default value, use the no form of this command.

distance ospf commanddistance ospf { external dist1 | inter-area dist2 | intra-area dist3 }

no distance ospf

Syntax Description

external dist1

(Optional) Sets the distance for routes from other routing domains, learned by redistribution. Range is 1 to 255. The default value is 110.

inter-area dist2

(Optional) Sets the distance for all routes from one area to another area. Range is 1 to 255. The default value is 110.

intra-area dist3

(Optional) Sets the distance for all routes within an area. Range is 1 to 255. The default value is 110.

Command Default

dist1 : 110

dist2 : 110

dist3 : 110

Command Modes

Router address family topology configuration (config-router-af-topology) Router configuration (config-router)

Command History

Release

Modification

11.1(14)

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SRB

This command was made available in router address family topology configuration mode.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

You must specify at least one of the keywords.

This command performs the same function as the distance command used with an access list. However, the distance ospfcommand allows you to set a distance for an entire group of routes, rather than a specific route that passes an access list.

A common reason to use the distance ospf command is when you have multiple OSPF processes with mutual redistribution, and you want to prefer internal routes from one over external routes from the other.

Release 12.2(33)SRB

If you plan to configure the Multi-Topology Routing (MTR) feature, you need to enter the distance ospfcommand in router address family topology configuration mode in order for this OSPF router configuration command to become topology-aware.

Examples

The following example changes the external distance to 200, making the route less reliable:

Examples

router ospf 1
 redistribute ospf 2 subnet
 distance ospf external 200
!
router ospf 2
 redistribute ospf 1 subnet
 distance ospf external 200

Examples

router ospf 1
 redistribute ospf 2 subnet
 distance ospf external 200
!
router ospf 2
 redistribute ospf 1 subnet
 distance ospf external 200

Related Commands

Command

Description

distance (IP)

Defines an administrative distance.

distance (OSPF)

To define an administrative distance, use the distance command in router configuration mode or VRF configuration mode. To remove the distance command and restore the system to its default condition, use the no form of this command.

distance weight [ ip-address wildcard-mask [ access-list name ] ]

no distance weight ip-address wildcard-mask [ access-list-name ]

Syntax Description

weight

Administrative distance. Range is 10 to 255. Used alone, the weight argument specifies a default administrative distance that the software uses when no other specification exists for a routing information source. Routes with a distance of 255 are not installed in the routing table. The table in the “Usage Guidelines” section lists the default administrative distances.

ip-address

(Optional) IP address in four-part dotted-decimal notation.

wildcard-mask

(Optional) Wildcard mask in four-part, dotted-decimal format. A bit set to 1 in the wildcard-mask argument instructs the software to ignore the corresponding bit in the address value.

access-list-name

(Optional) Name of an IP access list to be applied to incoming routing updates.

Command Default

If this command is not specified, the administrative distance is the default. The table in the “Usage Guidelines” section lists the default administrative distances.

Command Modes

Router configuration (config-router)

VRF configuration (config-vrf)

Command History

Release

Modification

2.0

This command was introduced

3.2

This command was modified. The ip-address and wildcard-mask arguments for the no form of the command changed from optional to required.

3.3.0

This command was modified. It was added under the VRF configuration mode.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the appropriate task IDs. If the user group assignment is preventing you from using a command contact your AAA administrator for assistance.

An administrative distance is an integer from 10 to 255. In general, the higher the value, the lower the trust rating. An administrative distance of 255 means that the routing information source cannot be trusted at all and should be ignored. Weight values are subjective; no quantitative method exists for choosing weight values.

If an access list is used with this command, it is applied when a network is being inserted into the routing table. This behavior allows you to filter networks based on the IP prefix supplying the routing information. For example, you could filter possibly incorrect routing information from networking devices not under your administrative control.

The order in which you enter distance commands can affect the assigned administrative distances, as shown in the “Examples” section. The following table lists default administrative distances.

Table 3 Default Administrative Distances

Rate Source

Default Distance

Connected interface

0

Static route out on interface

0

Static route to next hop

1

EIGRP summary route

5

External BGP

20

Internal EIGRP

90

OSPF

110

IS-IS

115

RIP version 1 and 2

120

External EIGRP

170

Internal BGP

200

Unknown

255

Task ID

Task ID

Operations

ospf

read, write

Examples

In the following example, the router ospf command sets up Open Shortest Path First (OSPF) routing instance 1. The first distance command sets the default administrative distance to 255, which instructs the software to ignore all routing updates from networking devices for which an explicit distance has not been set. The second distance command sets the administrative distance for all devices on the network 192.168.40.0 to 90.

Device# configure terminal
Device (config)# router ospf 1
Device (config-ospf)# distance 255
Device (config-ospf)# distance 90 192.168.40.0 0.0.0.255

Related Commands

Command

Description

distance bgp

Allows the use of external, internal, and local administrative distances that could be a better route to a BGP node.

distance ospf

Allows the use of external, internal, and local administrative distances that could be a better route to an OSPF node.

router ospf

Configures the OSPF routing process.

domain-id (OSPF)

To change the OSPF domain ID that is used during the redistribution of BGP VPNv4 routes to OSPF, use the domain-id command in router configuration mode. To restore the default value, use the no form of this command.

domain-id { ip-address [secondary] | null | type type-value value hex-value [secondary] }

no domain-id [ ip-address [secondary] | null | type type-value value hex-value [secondary] ]

Syntax Description

ip-address

OSPF domain ID in IP address format.

secondary

(Optional) Specifies the secondary domain ID in IP address format.

null

No domain ID is associated with the process.

type type-value

OSPF domain ID type in hexadecimal format.

value hex-value

OSPF domain ID value in hexadecimal format.

secondary

(Optional) Specifies the secondary domain ID type in hexadecimal format.

Command Default

The default value for the domain-id command is equal to the OSPF process ID.

Command Modes

Router configuration

Command History

Release

Modification

12.3(2)

This command was introduced.

Usage Guidelines

The domain ID is an 8-byte value that identifies the OSPF domain of the prefix. When the OSPF route is redistributed to the BGP VPNv4 route in the MPLS VPN context, the domain ID extended community is attached to the BGP update. The domain ID is used on the egress provider-edge (PE) router, when the BGP VPNv4 route is redistributed to OSPF to decide what type of link-state advertisement (LSA) to generate as a result of the redistribution of the BGP VPNv4 route.

Examples

The following example shows how to change the OSPF domain ID using the domain-id command where the primary domain ID is a valid IP address and the secondary domain ID is a valid hexadecimal value:

Router(config)# router ospf 100 vrf abcd
Router(config-router)# domain-id 10.2.3.4
Router(config-router)# domain-id type 0005 value CAFECAFECAFE secondary

domain-id (OSPFv3)

To configure the BGP/MPLS VPN domain ID, use the domain-id command in address-family configuration mode. To restore the default value, use the no form of this command.

domain-id type type-value value hex-value

no domain-id type type-value value hex-value

Syntax Description

type type-value

BGP extended community used to carry the domain-id.

value hex-value

An arbitrary 48-bit number encoded as 12 hexadecimal digits.

Command Default

The default value for the domain-id command is NULL.

Command Modes

address-family configuration

Command History

Release

Modification

Cisco IOS XE Release 3.6S

This command was introduced.

15.2(4)S

This command was integrated into Cisco IOS Release 15.2(4)S.

15.2(4)M

This command was integrated into Cisco IOS Release 15.2(4)M.

15.1(1)SY

This command was integrated into Cisco IOS Release 15.1(1)SY .

15.2(1)E

This command was integrated into Cisco IOS Release 15.2(1)E.

Usage Guidelines

The value of the BGP extended community used to carry the domain-id can be one of 0005, 0105, 0205, or 8005. In OSPFv2, a default non-NULL domain-id is provided by using the process-id of the router instance. In OSPFv3, the default value is NULL.

domain-tag

To s et the Open Shortest Path First (OSPF) domain tag value for Type-5 or Type-7 link-state advertisements (LSAs) when OSPF is used as a protocol between a provider edge (PE) router and customer edge (CE) router, use the domain-tag command in router configuration mode. To reinstate the default tag value, use the no form of this command.

domain-tag tag-value

no domain-tag tag-value

Syntax Description

tag-value

Tag value. A 32-bit value entered in decimal format. The default value is calculated based on the Border Gateway Protocol (BGP) autonomous system number of the Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) backbone. The four highest bits are set to 1101 according to RFC 1745. The lowest 16 bits map the BGP autonomous system (AS) number of the MPLS VPN backbone. If a user specifies the tag-value, the value does not have to follow any particular format.

Command Default

The default value is calculated based on the BGP autonomous system number of the MPLS VPN backbone. The four highest bits are set to 1101 according to RFC 1745. The lowest 16 bits map the BGP autonomous system number of the MPLS VPN backbone.

Command Modes

Router configuration

Command History

Release

Modification

12.1(7)

This command was introduced.

12.1(7)E

This command was integrated into Cisco IOS Release 12.1(7)E.

12.1(7)EC

This command was integrated into Cisco IOS Release 12.1(7)EC.

12.0(17)ST

This command was integrated into Cisco IOS Release 12.0(17)ST.

12.2(2)B

This command was integrated into Cisco IOS Release 12.2(4)B.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

When OSPF is used between a PE router and a CE router, BGP routes that come from the MPLS backbone are redistributed to OSPF. These redistributed routes can be announced in Type-3, Type-5, or Type-7 LSAs. If the redistribution of the BGP routes results in Type-5 or Type-7 LSAs, the External Route Tag will be set to the value of the tag. If another PE router receives a Type-5 or Type-7 LSA with an External Route Tag equal to the set tag value, it will ignore the LSA, therefore preventing the redistributed routes that originated from the MPLS backbone from returning via some other location on the MPLS backbone.

Examples

The following example configures the tag value 777:

Router(config)# router ospf 10 vrf grc
Router(config-router)# domain-tag 777

The show ip ospf database command is entered to verify that the tag value 777 has been applied to the External Route Tag:

Router# show ospf database external 192.168.50.1
            OSPF Router with ID (192.168.239.66) (Process ID 10)
               Type-5 AS External Link States
  LS age: 18
  Options: (No TOS-capability, DC)
  S Type: AS External Link
  Link State ID: 192.168.238.1 (External Network Number )
  Advertising Router: 192.168.239.66
  LS Seq Number: 80000002
  Checksum: 0xDAB0
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        TOS: 0 
        Metric: 1 
        Forward Address: 0.0.0.0
        External Route Tag: 777
.
.
.
              OSPF Router with ID (198.168.237.56) (Process ID 1)

Related Commands

Command

Description

show ospf database

Displays lists of information related to the OSPF database for a specific router.

fast-reroute keep-all-paths

To create a list of all the candidate repair paths considered when a per-prefix loop-free alternate (LFA) Fast Reroute (FRR) route is computed, use the fast-reroute keep-all-paths command in router configuration mode. To disable prefix priority, use the no form of this command.

fast-reroute keep-all-paths

no fast-reroute keep-all-paths

Syntax Description

This command has no arguments or keywords.

Command Default

A list of candidate repair paths is not created.

Command Modes

Router configuration (config-router)#

Command History

Release

Modification

15.1(3)S

This command was introduced.

Cisco IOS XE Release 3.4S

This command was integrated into Cisco IOS XE Release 3.4S.

Usage Guidelines

You can use the fast-reroute keep-all-paths command to display all the candidate repair paths that are considered when an LFA FRR repair path is computed. You can use this list to troubleshoot repair paths without having to enable debugs, but it greatly increases memory consumption so it should be reserved for testing.

Examples

The following example shows how to create a list of all the candidate LFA FRR repair paths considered:

Router(config-router)# fast-reroute keep-all-paths
 

Related Commands

Command

Description

debug ip ospf fast-reroute

Displays debugging information for per-prefix LFA FRR paths.

fast-reroute per-prefix enable (OSPF)

Configures a per-prefix LFA FRR path that redirects traffic to an alternative next hop other than the primary neighbor.

fast-reroute tie-break (OSPF)

Configures the tiebreaking policy in selecting an LFA FRR repair path.

ip ospf fast-reroute per-prefix

Configures an interface as either protecting or protected.

prefix-priority

Configures a set of prefixes to have high priority for protection in an OSPF local RIB.

show ip ospf fast-reroute

Displays information about prefixes protected by LFA FRR repair paths.

show ip ospf interface

Displays OSPF interface information.

show ip ospf neighbor

Displays OSPF neighbor information on a per-interface basis.

show ip ospf rib

Displays information for the OSPF local RIB or locally redistributed routes.

fast-reroute per-prefix enable (OSPF)

To configure a per-prefix loop-free alternate (LFA) Fast Reroute (FRR) path that redirects traffic to an alternative next hop other than the primary neighbor, use the fast-reroute per-prefix enable command in router configuration mode. To disable prefix priority, use the no form of this command.

fast-reroute per-prefix enable [ area area-id ] prefix-priority { high | low }

no fast-reroute per-prefix enable [ area area-id ] prefix-priority { high | low }

Syntax Description

area

(Optional) Specifies an area in which to enable LFA FRR.

area-id

OSPF area ID expressed as a decimal value or in IP address format.

prefix-priority

Specifies the priority of prefixes to be protected.

high

Sets the prefix priority to high.

low

Sets the prefix priority to low.

Command Default

LFA is enabled.

Command Modes

Router configuration (config-router)#

Command History

Release

Modification

15.1(3)S

This command was introduced.

Cisco IOS XE Release 3.4S

This command was integrated into Cisco IOS XE Release 3.4S.

Examples

The command in the following example configures an LFA and specifies the prefix priority for protection:

Router(config-router)# fast-reroute per-prefix enable prefix-priority low
 

Related Commands

Command

Description

debug ip ospf fast-reroute

Displays debugging information for per-prefix LFA FRR paths.

fast-reroute keep-all-paths

Creates a list of all the candidate repair paths that were considered when a per-prefix LFA FRR route was computed.

fast-reroute tie-break (OSPF)

Configures the FRR tiebreaking priority.

ip ospf fast-reroute per-prefix

Configures an interface as either protecting or protected.

prefix-priority

Configures a set of prefixes to have high priority for protection in an OSPF local RIB.

show ip ospf fast-reroute

Displays information about prefixes protected by LFA FRR repair paths.

show ip ospf interface

Displays OSPF interface information.

show ip ospf neighbor

Displays OSPF neighbor information on a per-interface basis.

show ip ospf rib

Displays information for the OSPF local RIB or locally redistributed routes.

fast-reroute per-prefix remote-lfa maximum-cost

To configure the maximum distance to the tunnel endpoint in a per-prefix loop-free alternate (LFA) fast reroute (FRR) path that redirects traffic to a remote LFA, use the fast-reroute per-prefix remote-lfa maximum-cost command in router configuration mode. To disable the configuration, use the no form of this command.

fast-reroute per-prefix remote-lfa [ area area-id ] maximum-cost distance

no fast-reroute per-prefix remote-lfa [ area area-id ] maximum-cost distance

Syntax Description

area

(Optional) Specifies an area in which to enable LFA FRR.

area-id

(Optional) OSPF area ID expressed as a decimal value or in IP address format.

distance

Specifies the value of the maximum distance to the tunnel endpoint.

Command Default

The maximum distance to the remote LFA is not enabled.

Command Modes

Router configuration (config-router)

Command History

Release

Modification

15.2(2)S

This command was introduced.

Usage Guidelines

Use this command to limit routers to which remote LFA can create an automatic tunnel to the vicinity of the calculating router.

Examples

The following example shows how to set a maximum cost of 30 in area 2:

Router(config-router)# fast-reroute per-prefix remote-lfa area 2 maximum-cost 30

Related Commands

Command

Description

fast-reroute per-prefix remote-id tunnel

Configures a per-prefix LFA FRR path that redirects traffic to a remote LFA tunnel.

show ip ospf fast-reroute remote-lfa tunnels

Displays a list of tunnel interfaces created by the FRR manager on behalf of OSPF.

fast-reroute per-prefix remote-lfa tunnel

To configure a per-prefix loop-free alternate (LFA) fast reroute (FRR) path that redirects traffic to a remote LFA tunnel, use the fast-reroute per-prefix remote-lfa tunnel command in router configuration mode. To disable remote LFA, use the no form of this command.

fast-reroute per-prefix remote-lfa [ area area-id ] tunnel mpls-ldp

no fast-reroute per-prefix remote-lfa [ area area-id ] tunnel mpls-ldp

Syntax Description

area

(Optional) Specifies an area in which to enable LFA FRR.

area-id

(Optional) OSPF area ID expressed as a decimal value or in IP address format.

mpls-ldp

Enables remote LFA tunneling via Multiprotocol Label Switching (MPLS)-Label Distribution Protocol (LDP).

Command Default

A remote LFA is not enabled.

Command Modes

Router configuration (config-router)#

Command History

Release

Modification

15.2(2)S

This command was introduced.

Usage Guidelines

Use this command to enable the remote LFA feature and to configure the type of an automatically created tunnel.

Examples

The following example shows how to configure a remote per-prefix LFA FRR in area 2. The remote tunnel type is specified as MPLS-LDP:

Router(config-router)# fast-reroute per-prefix remote-lfa area 2 tunnel mpls-ldp

Related Commands

Command

Description

fast-reroute per-prefix remote-lfa maximum-cost

Configures the maximum distance to the tunnel endpoint.

show ip ospf fast-reroute remote-lfa tunnels

Displays a list of tunnel interfaces created by the FRR manager on behalf of OSPF.

fast-reroute tie-break (OSPF)

To configure the tiebreaking policy in selecting in a loop-free alternate (LFA) Fast Reroute (FRR) repair path, use the fast-reroute tie-break command in router configuration mode. To disable the configuration, use the no form of this command.

fast-reroute tie-break { broadcast-interface-disjoint | downstream | interface-disjoint | linecard-disjoint | node-protecting | primary-path | secondary-path | srlg } [required] { index attribute-priority | lowest-metric index attribute-priority }

no fast-reroute tie-break { broadcast-interface-disjoint | downstream | interface-disjoint | linecard-disjoint | node-protecting | primary-path | secondary-path | srlg } [required] { index attribute-priority | lowest-metric index attribute-priority }

Syntax Description

broadcast-interface-disjoint

Configures the interface protection attribute.

downstream

Configures LFAs whose metric to the protected destination is lower than the metric of the protecting node to the destination.

interface-disjoint

Configures the interface protection attribute.

linecard-disjoint

Configures the linecard protection attribute.

node-protecting

Configures the node-protecting repair path attribute.

primary-path

Configures the equal-cost multipath attribute.

secondary-path

Configures the not-equal-cost multipath attribute.

srlg

Configures the shared risk link group (SRLG) attribute.

required

(Optional) Specifies that the tiebreaker is required.

index

Specifies the tiebreak attribute priority.

attribute-priority

The tiebreak attribute priority number. Valid values are from 1 to 255.

lowest-metric

(Configures the lowest metric repair path attribute.

Command Default

If you do not configure a tiebreaker policy, repair path attributes are assigned in the following priority order:

  1. SRLG

  2. Primary path

  3. Interface disjoint

  4. Lowest metric

  5. Line-card disjoint

  6. Node protecting

  7. Broadcast-interface disjoint

Command Modes

Router configuration (config-router)#

Command History

Release

Modification

15.1(3)S

This command was introduced.

Cisco IOS XE Release 3.4S

This command was integrated into Cisco IOS XE Release 3.4S.

Usage Guidelines

You must configure the router ospf command before you can configure the fast-reroute tie-break command. You can use the show ip ospf fast-reroute command to display the default, or the current, tiebreak configuration.

The tiebreaker policy is evaluated in the configured or the default order. If the evaluation does not select any candidate, the repair path is selected by implicit load balancing. This means that repair path selection varies depending on the prefix.

The primary-path and secondary-path keywords configure the same attribute: configuring one automatically deletes the other from the tiebreaker policy.

You can configure the required keyword for all attributes except lowest metric. To be selected as the LFA repair path, a candidate must have all the tiebreaker attributes that are configured as “required.”

Examples

The commands in the following example configures a tiebreaking policy that prioritizes SRLG as a required tiebreaker and sets the priority index for it and for the lower-priority tiebreaking attributes:

Router(config-router)# fast-reroute tie-break
 srlg required index
 10
Router(config-router)# fast-reroute tie-break
 linecard-disjoint index 15
Router(config-router)# fast-reroute tie-break downstream index 20

Related Commands

Command

Description

debug ip ospf fast-reroute

Displays debugging information for per-prefix LFA FRR paths.

fast-reroute keep-all-paths

Creates a list of all the candidate repair paths that were considered when a per-prefix LFA FRR route was computed.

fast-reroute per-prefix enable (OSPF)

Configures a per-prefix loop-free alternative (LFA) route that redirects traffic to an alternative next hop other than the primary neighbor.

ip ospf fast-reroute per-prefix

Configures an interface as either protecting or protected.

prefix-priority

Configures a set of prefixes to have high priority for protection in an OSPF local RIB.

router ospf

Configures an OSPF routing process.

show ip ospf fast-reroute

Displays information about prefixes protected by LFA FRR repair paths.

show ip ospf interface

Displays OSPF interface information.

show ip ospf neighbor

Displays OSPF neighbor information on a per-interface basis.

show ip ospf rib

Displays information for the OSPF local RIB or locally redistributed routes.

ignore lsa mospf

To suppress the sending of syslog messages when the router receives link-state advertisement (LSA) Type 6 Multicast OSPF ( MOSPF) packets, which are unsupported, use the ignore lsa mospfcommand in router configuration mode. To restore the sending of syslog messages, use the no form of this command.

ignore lsa mospf commandignore lsa mospf

no ignore lsa mospf

Syntax Description

This command has no arguments or keywords.

Command Default

This command is disabled by default. Each MOSPF packet causes the router to send a syslog message.

Command Modes

Router configuration

Command History

Release

Modification

11.1

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

Cisco routers do not support LSA Type 6 MOSPF packets, and they generate syslog messages if they receive such packets. If the router is receiving many MOSPF packets, you might want to configure the router to ignore the packets and thus prevent a large number of syslog messages.

Examples

The following example configures the router to suppress the sending of syslog messages when it receives MOSPF packets:

router ospf 109
 ignore lsa mospf

interface-id snmp-if-index

To configure Open Shortest Path First (OSPF) interfaces with Simple Network Management Protocol (SNMP) MIB-II interface Index (ifIndex) identification numbers, use the interface-id snmp-if-indexcommand in router configuration mode. To revert to the original interface numbering, use the no form of this command.

interface-id snmp-if-index

no interface-id snmp-if-index

Syntax Description

This command has no arguments or keywords.

Command Default

SNMP MIB-II ifIndex numbering for interfaces is disabled.

Command Modes

Router configuration

Command History

Release

Modification

12.4(6)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.2(33)SRB

This command was integrated into Cisco IOS Release 12.2(33)SRB.

Cisco IOS XE Release 2.6

This command was integrated into Cisco IOS XE Release 2.6

Usage Guidelines

The advantage to using SNMP MIB-II ifIndex numbers to identify OSPF interfaces is that the ifIndex number corresponds to the number that a user will see reported by SNMP. Using the SNMP MIB-II ifIndex is also suggested, but not required, by RFC 2328 for OSPFv2 and by RFC 2740 for OSPFv3.

If you want to use the SNMP MIB-II ifIndex numbers, all interfaces that have OSPF enabled must have an SNMP ifIndex number assigned or else OSPF will not be enabled on those interfaces.


Note


A user may choose not to configure SNMP MIB-II ifIndex numbers in order to maintain consistent behavior across upgrades and among routers that may not have the functionality offered with Cisco IOS Release 12.4(6)T and later releases.


Examples

The following example configures the OSPF interfaces to use SNMP MIB-II ifIndex ID numbers. The output from the show snmp mib ifmib ifindex command verifies the configuration.

Router> enable
Router# configure terminal
Router(config)# router ospf 1
Router(config-router)# interface-id snmp-if-index
 
Router(config-router)# end
Router# show snmp mib ifmib ifindex serial13/0
Serial13/0: Ifindex = 53
Router# show ip ospf 1 1 data router self-originate
            OSPF Router with ID (192.168.3.1) (Process ID 1)
                 Router Link States (Area 1)
  LS age: 66
  Options: (No TOS-capability, DC)
  LS Type: Router Links
  Link State ID: 192.168.3.1
  Advertising Router: 192.168.3.1
  LS Seq Number: 80000003
  Checksum: 0xE38F
  Length: 36
  Number of Links: 1
    Link connected to: another Router (point-to-point)
     (Link ID) Neighboring Router ID: 192.168.3.7
     (Link Data) Router Interface address: 0.0.0.49
      Number of MTID metrics: 0
       TOS 0 Metrics: 64

Related Commands

Command

Description

show snmp mib ifmib ifindex

Displays SNMP interface index identification numbers (ifIndex values) for all the system interfaces or the specified system interface.

ip ospf area

To enable Open Shortest Path First version 2 (OSPFv2) on an interface, use the ip ospf area command in interface configuration mode. To disable OSPFv2 on the interface, use the no form of this command.

ip ospf process-id area area-id [ secondaries none ]

no ip ospf process-id area [ secondaries none ]

Syntax Description

process-id

A decimal value in the range from 1 to 65535 that identifies the process ID.

area-id

A decimal value in the range from 0 to 4294967295, or an IP address.

secondaries none

(Optional) Prevents secondary IP addresses on the interface from being advertised.

Command Default

If the secondaries nonekeywords are entered in the no form of this command, the secondary IP addresses will be advertised. If the secondaries nonekeywords are not present, OSPFv2 will be disabled.

Command Modes

Interface configuration (config-if) Virtual network interface (config-if-vnet)

Command History

Release

Modification

12.0(29)S

This command was introduced.

12.3(11)T

This command was integrated into Cisco IOS Release 12.3(11)T.

12.2(1)SB

This command was integrated into Cisco IOS Release 12.2(1)SB.

12.2(33)SRB

This command was integrated into Cisco IOS Release 12.2(33)SRB.

Cisco IOS XE Release 3.2S

This command was modified. Support was added for this command in virtual network interface configuration mode.

15.2(2)SNI

This command was implemented on the Cisco ASR 901 Series Aggregation Services Routers.

15.2(1)E

This command was integrated into Cisco IOS Release 15.2(1)E.

Usage Guidelines

OSPF is enabled on an interface when the network address for the interface matches the range of addresses that is specified by the network area command that is entered in router configuration mode. You can enable OSPFv2 explicitly on an interface with the ip ospf area command that is entered in interface configuration mode. This capability simplifies the configuration of unnumbered interfaces with different areas.

The ip ospf areacommand that is entered in interface configuration mode will supersede the effects of the network areacommand. Therefore, an interface that is configured with the ip ospf area command in interface configuration mode will not be affected by the network areacommand.


Note


If you later disable the ip ospf area command, the interface will still run OSPFv2 as long as its network address matches the range of addresses that is specified by the network areacommand.


Examples

The following example enables OSPFv2 on Ethernet interface 0/0/2 and prevents secondary IP addresses from being advertised:

Router(config)# interface Ethernet0/0/2
Router(config-if)# ip ospf 10 area 0 secondaries none

Related Commands

Command

Description

interface

Configures an interface type and enters interface configuration mode.

network area

Defines the interfaces on which OSPF runs and defines the area ID for those interfaces.

show ip ospf interface

Displays OSPF-related interface information.

ip ospf authentication

To specify the authentication type for an interface, use the ip ospf authentication command in interface or virtual network interface configuration mode. To remove the authentication for an interface, use the no form of this command.

ip ospf authentication [ key-chain name | message-digest | null ]

no ip ospf authentication

Syntax Description

key-chain name

(Optional) Specifies key chain name for cryptographic authentication keys.

message-digest

(Optional) Specifies that message-digest authentication is used.

null

(Optional) Specifies that no authentication is used. Use this keyword to override password or message-digest authentication if the keyword is configured for an area.

Command Default

The authentication type for an interface is not configured.

Command Modes

Interface configuration (config-if)

Virtual network interface configuration (config-if-vnet)

Command History

Release

Modification

12.0

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Cisco IOS XE Release 3.2S

This command was integrated into Cisco IOS XE Release 3.2S. Support was added for this command in virtual network interface configuration mode.

15.2(2)SNI

This command was implemented on the Cisco ASR 901 Series Aggregation Services Routers.

Cisco IOS XE Release 3.10S

This command was modified. The key-chain keyword and name argument were added.

Usage Guidelines

Before using the ip ospf authentication key-chain command, for the key to be operational, configure a password for the interface using the ip ospf authentication-key command. If you use the ip ospf authentication message-digest command, configure the message-digest key for the interface using the ip ospf message-digest-key command.

Before using the ip ospf authentication key-chain command for cryptographic authentication on an interface, define a key chain, a key ID, and a key string, and configure the key with the cryptographic algorithm.

If the authentication type is not specified for an interface, the authentication type for the area is used (the area default is null authentication).

Examples

The following example shows how to enable message-digest authentication:

Device> enable
Device# configure terminal
Device(config)# interface GigabitEthernet0/0/0
Device (config-if)# ip ospf authentication message-digest
Device (config-if)# end

Examples

The following example shows how to enable cryptographic authentication:

Device> enable
Device# configure terminal
Device(config)# interface GigabitEthernet0/0/0
Device (config-if)# ip ospf authentication key-chain samplekeychain
Device (config-if)# end

Related Commands

Command

Description

area authentication

Enables authentication for an OSPF area.

ip ospf authentication-key

Assigns a password to be used by neighboring routers that are using the simple password authentication of OSPF.

ip ospf message-digest-key

Enables OSPF MD5 authentication.

ip ospf authentication-key

To assign a password to be used by neighboring routers that are using the Open Shortest Path First (OSPF) simple password authentication, use the ip ospf authentication-key command in interface configuration mode. To remove a previously assigned OSPF password, use the no form of this command.

ip ospf authentication-keypassword

no ip ospf authentication-key

Syntax Description

password

Any continuous string of characters that can be entered from the keyboard up to 8 bytes in length.

Command Default

No password is specified.

Command Modes

Interface configuration (config-if) Virtual network interface (config-if-vnet)

Command History

Release

Modification

10.0

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Cisco IOS XE Release 3.2S

This command was modified. Support was added for this command in virtual network interface configuration mode.

Usage Guidelines

The password created by this command is used as a “key” that is inserted directly into the OSPF header when the Cisco IOS software originates routing protocol packets. A separate password can be assigned to each network on a per-interface basis. All neighboring routers on the same network must have the same password to be able to exchange OSPF information.


Note


The Cisco IOS software will use this key only when authentication is enabled for an area with the area authentication router configuration command.


Examples

The following example enables the authentication key with the string yourpass:

ip ospf authentication-key yourpass

Related Commands

Command

Description

area authentication

Enables authentication for an OSPF area.

ip ospf authentication

Specifies authentication type for an interface.

ip ospf bfd

To enable Bidirectional Forwarding Detection (BFD) on a specific interface configured for Open Shortest Path First (OSPF), use the ip ospf bfdcommand in interface configuration mode. To disable BFD on the OSPF interface, use the disable keyword. To remove the ospf bfd command, use the no form of this command.

ip ospf bfd [disable]

no ip ospf bfd

Syntax Description

disable

(Optional) Disables BFD for OSPF on a specified interface.

Command Default

When the disable keyword is not used, the default behavior is to enable BFD support for OSPF on the interface.

Command Modes

Interface configuration (config-if) Virtual network interface (config-if-vnet)

Command History

Release

Modification

12.2(18)SXE

This command was introduced.

12.0(31)S

This command was integrated into Cisco IOS Release 12.0(31)S.

12.4(4)T

This command was integrated into Cisco IOS Release 12.4(4)T.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Cisco IOS XE Release 3.2S

This command was modified. Support was added for this command in virtual network interface configuration mode.

15.1(2)SNG

This command was implemented on the Cisco ASR 901 Series Aggregation Services Routers.

Usage Guidelines

Enter the ip ospf bfd command to configure an OSPF interface to use BFD for failure detection. If you have used the bfd-all interfaces command in router configuration mode to globally configure all OSPF interfaces for an OSPF process to use BFD, you can enter the ip ospf bfd command in interface configuration mode with the disable keyword to disable BFD for a specific OSPF interface.

Examples

In the following example, the interface associated with OSPF, Fast Ethernet interface 3/0, is configured for BFD:

Router> enable
Router# configure terminal
Router(config)# interface fastethernet 3/0
Router(config-if)# ip ospf bfd
Router(config-if)# end

Related Commands

Command

Description

bfd all-interfaces

Enables BFD for all interfaces for a BFD peer.

ip ospf cost

To explicitly specify the cost of sending a packet on an interface, use the ip ospf cost command in interface configuration mode. To reset the path cost to the default value, use the no form of this command.

ip ospf costinterface-cost

no ip ospf cost interface-cost

Syntax Description

interface-cost

Unsigned integer value expressed as the link-state metric. It can be a value in the range from 1 to 65535.

Command Default

No default cost is predefined.

Command Modes

Interface configuration (config-if) Virtual network interface (config-if-vnet)

Command History

Release

Modification

10.0

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Cisco IOS XE Release 3.2S

This command was modified. Support was added for this command in virtual network interface configuration mode.

Usage Guidelines

You can set the metric manually using this command, if you need to change the default. Using the bandwidth command changes the link cost as long as this command is not used.

The link-state metric is advertised as the link cost in the router link advertisement. We do not support type of service (ToS), so you can assign only one cost per interface.

In general, the path cost is calculated using the following formula:

108 / bandwidth

Using this formula, the default path costs were calculated as noted in the following list. If these values do not suit your network, you can use your own method of calculating path costs.

  • 56-kbps serial link--Default cost is 1785

  • 64-kbps serial link--Default cost is 1562

  • T1 (1.544-Mbps serial link)--Default cost is 64

  • E1 (2.048-Mbps serial link)--Default cost is 48

  • 4-Mbps Token Ring--Default cost is 25

  • Ethernet--Default cost is 10

  • 16-Mbps Token Ring--Default cost is 6

  • FDDI--Default cost is 1

  • X25--Default cost is 5208

  • Asynchronous--Default cost is 10,000

  • ATM-- Default cost is 1

Examples

The following example sets the interface cost value to 65:

ip ospf cost 65

ip ospf database-filter all out

To filter outgoing link-state advertisements (LSAs) to an Open Shortest Path First (OSPF) interface, use the ip ospf database-filter all out command in interface or virtual network interface configuration modes. To restore the forwarding of LSAs to the interface, use the no form of this command.

ip ospf database-filter all out [disable]

no ip ospf database-filter all out

Syntax Description

disable

(Optional) Disables the filtering of outgoing LSAs to an OSPF interface; all outgoing LSAs are flooded to the interface.

Note   

This keyword is available only in virtual network interface mode.

Command Default

This command is disabled by default. All outgoing LSAs are flooded to the interface.

Command Modes

Interface configuration (config-if)

Virtual network interface (config-if-vnet)

Command History

Release

Modification

12.0

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Cisco IOS XE Release 3.2S

This command was modified. The disable keyword was added. Support was added for this command in virtual network interface configuration mode.

15.0(1)SY

This command was modified. The disable keyword was added. Support was added for this command in virtual network interface configuration mode.

15.1(1)SG

This command was integrated into Cisco IOS Release 15.1(1)SG.

Cisco IOS XE Release 3.3SG

This command was integrated into Cisco IOS XE Release 3.3SG.

15.3(2)T

This command was integrated into Cisco IOS Release 15.3(2)T.

Usage Guidelines

This command performs the same function that the neighbor database-filter command performs on a neighbor basis.

If the ip ospf database-filter all out command is enabled for a virtual network and you want to disable it, use the disable keyword in virtual network interface configuration mode.

Examples

The following example prevents filtering of OSPF LSAs to broadcast, nonbroadcast, or point-to-point networks reachable through Ethernet interface 0:

interface ethernet 0
 ip ospf database-filter all out

Related Commands

Command

Description

neighbor database-filter

Filters outgoing LSAs to an OSPF neighbor.

ip ospf dead-interval

To set the interval during which at least one hello packet must be received from a neighbor before the router declares that neighbor down, use the ip ospf dead-interval command in interface configuration mode. To restore the default value, use the no form of this command.

ip ospf dead-interval { seconds | minimal hello-multiplier multiplier }

no ip ospf dead-interval

Syntax Description

seconds

Interval (in seconds) during which the router must receive at least one hello packet from a neighbor or else that neighbor is removed from the peer list and does not participate in routing. The range is 1 to 65535. The value must be the same for all nodes on the network.

minimal

Sets the dead interval to 1 second. Using this keyword requires that the hello-multiplierkeyword and multiplier argument are also configured.

hello-multiplier multiplier

Integer value in the range from 3 to 20, representing the number of hello packets sent during 1 second.

Command Default

seconds : Four times the interval set by the ip ospf hello-interval command.

Command Modes

Interface configuration (config-if) Virtual network interface (config-if-vnet)

Command History

Release

Modification

10.0

This command was introduced.

12.0(23)S

The minimal keyword, hello-multiplier keyword and multiplier argument were added to allow Open Shortest Path First (OSPF) support for fast hello packets.

12.2(27)SBC

This command was integrated into Cisco IOS Release 12.2(27)SBC.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Cisco IOS XE Release 3.2S

This command was modified. Support was added for this command in virtual network interface configuration mode.

Usage Guidelines

The dead interval is advertised in OSPF hello packets. This value must be the same for all networking devices on a specific network.

Specifying a smaller dead interval (seconds) will give faster detection of a neighbor being down and improve convergence, but might cause more routing instability.


Note


When the ip ospf dead-interval minimalcommand is configured, there is no guarantee that the OSPF hello process will get the CPU cycles that are needed to maintain routing stability when the CPU is temporarily busy. Hence this configuration should be used with caution.

OSPF Support for Fast Hello Packets

By specifying the minimal and hello-multiplier keywords with a multiplier argument, you are enabling OSPF fast hello packets. The minimalkeyword sets the dead interval to 1 second, and the hello-multiplier value sets the number of hello packets sent during that 1 second, thus providing subsecond or “fast” hello packets.

When fast hello packets are configured on the interface, the hello interval advertised in the hello packets that are sent out this interface is set to 0. The hello interval in the hello packets received over this interface is ignored.

The dead interval must be consistent on a segment, whether it is set to 1 second (for fast hello packets) or set to any other value. The hello multiplier need not be the same for the entire segment as long as at least one hello packet is sent within the dead interval.

Use the show ip ospf interface command to verify the dead interval and fast hello interval.

Examples

The following example sets the OSPF dead interval to 20 seconds:

interface ethernet 1
 ip ospf dead-interval 20

The following example configures OSPF fast hello packets; the dead interval is 1 second and there are five hello packets sent every second:

interface ethernet 1
 ip ospf dead-interval minimal hello-multiplier 5

Related Commands

Command

Description

ip ospf hello-interval

Interval between hello packets that the Cisco IOS software sends on the interface.

show ip ospf interface

Displays OSPF-related information.

ip ospf demand-circuit

To configure Open Shortest Path First (OSPF) to treat the interface as an OSPF demand circuit, use the ip ospf demand-circuit command in interface configuration mode or virtual network interface configuration mode. To remove the OSPF demand circuit functionality from the interface, use the no form of this command.

ip ospf demand-circuit [disable] [ignore]

no ip ospf demand-circuit

Syntax Description

disable

(Optional) Disables OSPF from treating the interface as an OSPF demand circuit.

Note   

This keyword is available only in virtual network interface mode.

ignore

(Optional) Ignores requests from other routers to operate the link in demand-circuit mode.

Command Default

The circuit is not an OSPF demand circuit.

Command Modes

Interface configuration (config-if)

Virtual network interface (config-if-vnet)

Command History

Release

Modification

11.2

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Cisco IOS XE Release 3.2S

This command was modified. The disable and ignore keywords were added. Support was added for this command in virtual network interface configuration mode.

15.1(4)M

This command was integrated into Cisco IOS Release15.1(4)M.

15.0(1)SY

This command was modified. The disable and ignore keywords were added. Support was added for this command in virtual network interface configuration mode.

15.1(1)SG

This command was integrated into Cisco IOS Release 15.1(1)SG.

Cisco IOS XE Release 3.3SG

This command was integrated into Cisco IOSXE Release 3.3SG.

15.3(2)T

This command was integrated into Cisco IOS Release 15.3(2)T.

Usage Guidelines

On point-to-point interfaces, only one end of the demand circuit must be configured with the ip ospf demand-circuit command. Periodic hello messages are suppressed and periodic refreshes of link-state advertisements (LSAs) do not flood the demand circuit. This command allows the underlying data-link layer to be closed when the topology is stable. In point-to-multipoint topology, only the multipoint end must be configured with this command.

If the ip ospf demand-circuit command is enabled for a virtual network and you want to disable it, use the disable keyword in virtual network interface configuration mode.

Examples

The following example shows how to configure an OSPF demand circuit for an ISDN on-demand circuit:

Router# configure terminal
Router(config)# router ospf 1
Router(config-router)# network 10.0.3.0 255.255.255.0 area 0
Router(config-router)# exit
Router(config)# interface BRI0
Router(config-if)# ip ospf demand-circuit

The following example shows how to prevent OSPF demand circuit operation on a multipoint hub interface:

outer# configure terminal
Router(config)# interface Dialer0
Router(config-if)# ip ospf network point-to-multipoint
Router(config-if)# ip ospf demand-circuit ignore

Related Commands

Command

Description

ip ospf network point-to-multipoint

Configures the OSPF network type to point-to-multipoint.

network area

Defines the OSPF interfaces and area ID.

router ospf

Configures the OSPF routing process.

show ip ospf

Displays information about OSPF routing processes.