Table Of Contents
IP Routing Protocols Commands
aggregate-address
area authentication
area default-cost
area-password
area range
area stub
area virtual-link
autonomous-system (EGP)
auto-summary
bgp always-compare-med
bgp confederation identifier
bgp confederation peers
bgp default local-preference
bgp fast-external-fallover
clear arp-cache
clear ip bgp
clear ip bgp peer-group
clear ip dvmrp route
clear ip eigrp neighbors
clear ip igmp group
clear ip mroute
clear ip route
clear ip sd
default-information allowed
default-information originate (BGP)
default-information originate (EGP)
default-information originate (OSPF)
default-metric
default-metric (BGP, EGP, OSPF, and RIP)
default-metric (IGRP and Enhanced IGRP)
distance
distance bgp
distance eigrp
distribute-list in
distribute-list out
ip address
ip as-path access-list
ip community-list
ip default-network
ip dvmrp accept-filter
ip dvmrp default-information
ip dvmrp metric
ip gdp
ip hello-interval eigrp
ip hold-time eigrp
ip igmp access-group
ip igmp join-group
ip igmp query-interval
ip irdp
ip local policy route-map
ip mroute
ip mroute-cache
ip multicast rate-limit
ip multicast-routing
ip multicast ttl-threshold
ip ospf authentication-key
ip ospf cost
ip ospf dead-interval
ip ospf hello-interval
ip ospf message-digest-key
ip ospf network
ip ospf priority
ip ospf retransmit-interval
ip ospf transmit-delay
ip ospf-name-lookup
ip pim
ip pim message-interval
ip pim nbma-mode
ip pim query-interval
ip pim rp-address
ip policy route-map
ip route
ip sd listen
ip split-horizon
ip split-horizon eigrp
ip summary-address eigrp
match as-path
match community-list
match interface
match ip address
match ip next-hop
match ip route-source
match length
match metric
match route-type
match tag
mbranch
metric holddown
metric maximum-hops
metric weights
mrbranch
mtrace
neighbor (EGP, IGRP, RIP)
neighbor (OSPF)
neighbor advertisement-interval
neighbor any
neighbor any third-party
neighbor configure-neighbors
neighbor default-originate
neighbor distribute-list
neighbor ebgp-multihop
neighbor filter-list
neighbor neighbor-list
neighbor next-hop-self
neighbor password
neighbor peer-group (creating)
neighbor peer-group (assigning members)
neighbor remote-as
neighbor route-map
neighbor send-community
neighbor third-party
neighbor update-source
neighbor version
neighbor weight
network (BGP)
network (EGP)
network (Enhanced IGRP)
network (IGRP)
network (RIP)
network area
network backdoor
network weight
offset-list
ospf auto-cost-determination
passive-interface
redistribute
route-map
router bgp
router egp
router egp 0
router eigrp
router igrp
router ospf
router rip
set as-path
set automatic-tag
set community
set default interface
set interface
set ip default next-hop
set ip next-hop
set level
set local-preference
set metric
set metric-type
set next-hop
set origin
set tag
set weight
show ip bgp
show ip bgp cidr-only
show ip bgp community
show ip bgp community-list
show ip bgp filter-list
show ip bgp inconsistent-as
show ip bgp neighbors
show ip bgp paths
show ip bgp peer-group
show ip bgp regexp
show ip bgp summary
show ip dvmrp route
show ip egp
show ip eigrp neighbors
show ip eigrp topology
show ip eigrp traffic
show ip igmp groups
show ip igmp interface
show ip irdp
show ip local policy
show ip mcache
show ip mroute
show ip ospf
show ip ospf border-routers
show ip ospf database
show ip ospf interface
show ip ospf neighbor
show ip ospf virtual-links
show ip pim interface
show ip pim neighbor
show ip pim rp
show ip protocols
show ip route
show ip route summary
show ip route supernets-only
show ip sd
show route-map
summary-address
synchronization
table-map
timers basic (EGP, RIP, IGRP)
timers bgp
timers egp
traffic-share
validate-update-source
variance
IP Routing Protocols Commands
Cisco's implementation of the Internet Protocol (IP) suite provides all major services contained in the Transmission Control Protocol/IP (TCP/IP) specifications.
Use the commands in this chapter to configure and monitor the IP routing protocols. For IP routing protocol configuration information and examples, refer to the "Configuring IP Routing Protocols" chapter of the Access and Communication Servers Configuration Guide.
aggregate-address
Use the aggregate-address router configuration command to create an aggregate entry in a BGP routing table. Use the no form of this command to disable this feature.
aggregate-address address mask [as-set] [summary-only] [suppress-map map-name]
[advertise-map map-name] [attribute-map map-name]
no aggregate-address address mask [as-set] [summary-only] [suppress-map map-name]
[advertise-map map-name] [attribute-map map-name]
Syntax Description
address
|
Aggregate address.
|
mask
|
Aggregate mask.
|
as-set
|
(Optional) Generates autonomous system set path information.
|
summary-only
|
(Optional) Filters more specific routes from updates.
|
suppress-map map-name
|
(Optional) Name of route-map to suppress.
|
advertise-map map-name
|
(Optional) Name of route map used to select the routes to create AS-SET origin communities.
|
attribute-map map-name
|
(Optional) Name of route map used to set the attribute of the aggregate route.
|
Default
Disabled
Command Mode
Router configuration
Usage Guidelines
You can implement aggregate routing in BGP either by redistributing an aggregate route into BGP or by using this conditional aggregate routing feature.
Using the aggregate-address command with no arguments will create an aggregate entry in the BGP routing table if there are any more-specific routes available that fall in the specified range. The aggregate route will be advertised as coming from your autonomous system and has the atomic aggregate attribute set to show that information might be missing. (By default, the atomic aggregate attribute is set unless you specify the as-set keyword in the aggregate-address command.)
Using the as-set keyword creates an aggregate entry using the same rules that the command follows without this keyword, but the path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized. Do not use this form of aggregate-address when aggregating many paths, because this route must be continually withdrawn and re-updated as autonomous system path reachability information for the summarized routes changes.
Using the summary-only keyword not only creates the aggregate route (for example, 193.*.*.*) but will also suppress advertisements of more specific routes to all neighbors. If you only want to suppress advertisements to certain neighbors, you may use the neighbor distribute-list command, with caution. If a more-specific route leaks out, all BGP speakers will prefer that route over the less- specific aggregate you are generating (using longest-match routing).
Using the suppress-map keyword creates the aggregate route but suppresses advertisement of specified route maps. You can use the match clauses of route maps to selectively suppress some more specific routes of the aggregate and leave others unsuppressed. IP access lists and autonomous system path access lists match clauses are supported.
Example
In the following example, an aggregate address is created. The path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized.
aggregate-address 192.168.0.0 255.0.0.0 as-set
Related Commands
match as-path
match ip address
route-map
area authentication
Use the area authentication router configuration command to enable authentication for an OSPF area. Use the no form of this command with the authentication keyword to remove the area's authentication specification. Use the command no area area-id (with no other keywords) to remove the specified area from the access server's configuration.
area area-id authentication [message-digest]
no area area-id authentication
no area area-id
Syntax Description
area-id
|
Identifier of the area for which authentication is to be enabled. The identifier can be specified as either a decimal value or an IP address.
|
message-digest
|
(Optional) Enables MD5 authentication on the area specified by area-id.
|
Default
Type 0 authentication (no authentication)
Command Mode
Router configuration
Usage Guidelines
Specifying authentication for an area sets the authentication to Type 1 (simple password) as specified in RFC 1247. If this command is not included in the configuration file, authentication of Type 0 (no authentication) is assumed.
The authentication type must be the same for all access servers in an area. The authentication password for all OSPF access servers on a network must be the same if they are to communicate with each other via OSPF. Use the ip ospf authentication-key interface configuration command to specify this password.
If you enable MD5 authentication with the message-digest keyword, you must configure a password with the ip ospf message-digest-key command.
To remove the area's authentication specification, use the no form of this command with the authentication keyword. To remove the specified area from the router's configuration, use the command no area area-id (with no other keywords).
Example
The following example mandates authentication for areas 0 and 10.0.0.0 of OSPF routing process 201. Authentication keys are also provided.
ip address 172.19.251.201 255.255.255.0
ip ospf authentication-key adcdefgh
ip address 10.56.0.201 255.255.0.0
ip ospf authentication-key ijklmnop
network 10.0.0.0 0.255.255.255 area 10.0.0.0
network 172.19.0.0 0.0.255.255 area 0
area 10.0.0.0 authentication
Related Commands
area default-cost
area stub
ip ospf authentication-key
area default-cost
Use the area default-cost router configuration command to specify a cost for the default summary route sent into a stub area. Use the no form of this command to remove the assigned default route cost.
area area-id default-cost cost
no area area-id default-cost cost
Syntax Description
area-id
|
Identifier for the stub area. The identifier can be specified as either a decimal value or as an IP address.
|
cost
|
Cost for the default summary route used for a stub area. The acceptable value is a 24-bit number.
|
Default
Cost of 1
Command Mode
Router configuration
Usage Guidelines
This command is used only on an Area Border Router (ABR) attached to a stub area.
There are two stub area router configuration commands: the stub and default-cost options of the area command. In all access servers attached to the stub area, the area should be configured as a stub area using the stub option of the area command. Use the default-cost option only on an ABR attached to the stub area. The default-cost option provides the metric for the summary default route generated by the ABR into the stub area.
Example
The following example assigns a default-cost of 20 to stub network 10.0.0.0:
ip address 10.56.0.201 255.255.0.0
network 10.0.0.0 0.255.255.255 area 10.0.0.0
area 10.0.0.0 default-cost 20
Related Commands
area authentication
area stub
area-password
To configure the IS-IS area authentication password, use the area-password router configuration command. To disable the password, use the no form of this command.
area-password password
no area-password [password]
Syntax Description
password
|
Password you assign.
|
Default
No area password is defined.
Command Mode
Router configuration
Usage Guidelines
This password is inserted in Level 1 (station router level) link state PDUs (LSPs), complete sequence number PDUs (CSNPs), and partial sequence number PDUs (PSNP).
Example
The following example assigns an area authentication password:
area range
Use the area range router configuration command to consolidate and summarize routes at an area boundary. Use the no form of this command to disable this function for the specified area.
area area-id range address mask
no area area-id range address mask
Syntax Description
area-id
|
Identifier of the area about which routes are to be summarized. It can be specified as either a decimal value or as an IP address.
|
address
|
IP address.
|
mask
|
IP mask.
|
Default
Disabled
Command Mode
Router configuration
Usage Guidelines
This command is only used with access servers acting as Area Border Routers (ABRs). It is used to consolidate or summarize routes for an area. The result is that a single summary route is advertised to other areas by the ABR. Routing information is condensed at area boundaries. External to the area, a single route is advertised for each address range. This is called route summarization.
Multiple area router configuration commands specifying the range option can be configured. Thus, OSPF can summarize addresses for many different sets of address ranges.
Example
The following example specifies one summary route to be advertised by the access server acting as an ABR to other areas for all subnets on network 10.0.0.0 and for all hosts on network 192.168.110.0:
ip address 192.168.110.201 255.255.255.0
ip address 10.56.0.201 255.255.0.0
network 10.0.0.0 0.255.255.255 area 10.0.0.0
network 192.168.110.0 0.0.0.255 area 0
area 10.0.0.0 range 10.0.0.0 255.0.0.0
area 0 range 192.168.110.0 255.255.255.0
area stub
Use the area stub router configuration command to define an area as a stub area. Use the no form of this command to disable this function for the specified area.
area area-id stub
no area area-id stub
Syntax Description
area-id
|
Identifier for the stub area. The identifier can be either a decimal value or an IP address.
|
no-summary
|
(Optional) Prevents an Area Border Router from sending summary link advertisements into the stub area.
|
Default
No stub area is defined.
Command Mode
Router configuration
Usage Guidelines
This command must be configured on all access servers in the stub area. Use the area router configuration command with the default-cost option to specify the cost of a default internal access server sent into a stub area by an access server acting as an Area Border Router (ABR).
There are two stub area router configuration commands: the stub and default-cost options of the area router configuration command. In all access servers attached to the stub area, the area should be configured as a stub area using the stub option of the area command. Use the default-cost option only on an ABR attached to the stub area. The default-cost option provides the metric for the summary default route generated by the Area Border Router (ABR) into the stub area.
Example
The following example assigns a default cost of 20 to stub network 10.0.0.0:
ip address 10.56.0.201 255.255.0.0
network 10.0.0.0 0.255.255.255 area 10.0.0.0
area 10.0.0.0 default-cost 20
Related Commands
area authentication
area default-cost
area virtual-link
To define an OSPF virtual link, use the area virtual-link router configuration command with the optional parameters. To remove a virtual link, use the no form of this command.
area area-id virtual-link router-id [hello-interval seconds] [retransmit-interval seconds]
[transmit-delay seconds] [dead-interval seconds] [authentication-key password]
no area area-id virtual-link router-id [hello-interval seconds] [retransmit-interval seconds]
[transmit-delay seconds] [dead-interval seconds] [authentication-key password]
Syntax Description
area-id
|
Area ID assigned to the transit area for the virtual link. This can be either a decimal value or a valid IP address. There is no default.
|
router-id
|
Router ID associated with the virtual link neighbor. The router ID appears in the show ip ospf display. It is internally derived by each access server from the access server's interface IP addresses. This value must be entered in the format of an IP address. There is no default.
|
hello-interval seconds
|
(Optional) Time in seconds between the Hello packets that the router sends on an interface. Unsigned integer value to be advertised in the router's Hello packets. The value must be the same for all routers attached to a common network. The default is 10 seconds.
|
retransmit-interval seconds
|
(Optional) Time in seconds between link state advertisement retransmissions for adjacencies belonging to the interface. Expected round-trip delay between any two routers on the attached network. The value must be greater than the expected round-trip delay. The default is 5 seconds.
|
transmit-delay seconds
|
(Optional) Estimated time in seconds it takes to transmit a link state update packet on the interface. Integer value that must be greater than zero. Link state advertisements in the update packet have their age incremented by this amount before transmission. The default value is 1 second.
|
dead-interval seconds
|
(Optional) Time in seconds that a router's Hello packets are not seen before its neighbors declare the router down. Unsigned integer value. The default is four times the Hello interval, or 40 seconds. As with the Hello interval, this value must be the same for all routers attached to a common network.
|
authentication-key key
|
(Optional) Password to be used by neighboring routers. Any continuous string of characters that you can enter from the keyboard up to 8 bytes long. This string acts as a key that will allow the authentication procedure to generate or verify the authentication field in the OSPF header. This key is inserted directly into the OSPF header when originating routing protocol packets. A separate password can be assigned to each network on a per-interface basis. All neighboring routers on the same network must have the same password to be able to route OSPF traffic. The password is encrypted in the configuration file if the service password-encryption command is enabled. There is no default value.
|
message-digest-key keyid md5 key
|
(Optional) Key identifier and password to be used by neighboring routers and this router for MD5 authentication. The keyid is a number in the range 1 through 255. The key is an alphanumeric string of up to 16 characters. All neighboring routers on the same network must have the same key identifier and key to be able to route OSPF traffic. There is no default value.
|
Default
area-id: No area ID is predefined.
router-id: No router ID is predefined.
hello-interval seconds: 10 seconds
retransmit-interval seconds: 10 seconds
transmit-delay seconds: 1 second
dead-interval seconds: 40 seconds
authentication-key password: No password is predefined.
message-digest-key keyid md5 key: No key is predefined.
Command Mode
Router configuration
Usage Guidelines
In OSPF, all areas must be connected to a backbone area. If the connection to the backbone is lost, it can be repaired by establishing a virtual link.
The smaller the Hello interval, the faster topological changes will be detected, but more routing traffic will ensue.
The setting of the retransmit interval should be conservative, or needless retransmissions will result. The value should be larger for serial lines and virtual links.
The transmit delay value should take into account the transmission and propagation delays for the interface.
An access server will use the specified authentication key only when authentication is enabled for the backbone with the area area-id authentication router configuration command.
The two authentication schemes, simple text and MD5 authentication, are mutually exclusive. You can specify one or the other or neither. Any keywords and arguments you specify after authentication-key key or message-digest-key keyid md5 key are ignored. Therefore, specify any optional arguments before such a keyword-argument combination.
Note
Each virtual link neighbor must include the transit area ID and the corresponding virtual link neighbor's router ID in order for a virtual link to be properly configured. Use the show ip ospf EXEC command to see the router ID of an access server.
Examples
The following example establishes a virtual link with default values for all optional parameters:
network 10.0.0.0 0.255.255.255 area 10.0.0.0
area 10.0.0.0 virtual-link 36.3.4.5
The following example establishes a virtual link with MD5 authentication:
network 10.0.0.0 0.255.255.255 area 10.0.0.0
area 10.0.0.0 virtual-link 10.3.4.5 message-digest-key 3 md5 sa5721bk47
Related Command
A dagger (†) indicates that the command is documented in another chapter.
area authentication
service password-encryption †
show ip ospf
autonomous-system (EGP)
Use the autonomous-system global configuration command to specify the local autonomous system that the access server resides in for EGP. Use the no form of this command to remove the autonomous system number.
autonomous-system local-as
no autonomous-system local-as
Syntax Description
local-as
|
Local autonomous system number to which the access server belongs
|
Default
No local autonomous system is specified.
Command Mode
Global configuration
Usage Guidelines
Before you can set up EGP routing, you must specify an autonomous system number. The local autonomous system number will be included in EGP messages sent by the access server.
Example
The following sample configuration specifies an autonomous system number of 110:
Related Command
router egp
auto-summary
To restore the default behavior of automatic summarization of subnet routes into network-level routes, use the use the auto-summary router configuration command. To disable this feature, use the no form of this command.
auto-summary
no auto-summary
Syntax Description
This command has no arguments or keywords.
Default
Enabled
Command Mode
Router configuration
Usage Guidelines
By default, BGP does not accept subnets redistributed from IGP. To advertise and carry subnet routes in BGP, use an explicit network command or the no auto-summary command. If you disable auto-summarization and have not entered a network command, you will not advertise network routes for networks with subnet routes unless they contain a summary route.
IP Enhanced IGRP summary routes are given an administrative distance value of 5. You cannot configure this value.
Example
In the following example, network numbers are not summarized automatically:
The following example disables automatic summarization for router process eigrp 109:
Related Command
ip summary-address eigrp
bgp always-compare-med
To allow the comparison of the Multi Exit Discriminator (MED) for paths from neighbors in different autonomous systems, use the bgp always-compare-med router configuration command. To disallow the comparison, use the no form of this command.
bgp always-compare-med
no bgp always-compare-med
Syntax Description
This command has no arguments or keywords.
Default
The router does not compare MEDs for paths from neighbors in different autonomous systems.
Command Mode
Router configuration
Usage Guidelines
The MED is one of the parameters that is considered when selecting the best path among many alternative paths. The path with a lower MED is preferred over a path with a higher MED.
By default, during the best path selection process, MED comparision is done only among paths from the same autonomous system. This command changes the default behavior by allowing comparision of MEDs among paths regardless of the autonomous system from which the paths are received.
Example
In the following example, the BGP speaker in autonomous system 100 is configured to compare MEDs among alternative paths, regardless of the autonomous system from which the paths are received:
bgp confederation identifier
To specify a BGP confederation identifier, use the bgp confederation identifier router configuration command. To remove the confederation identifier, use the no form of this command.
bgp confederation identifier autonomous-system
no bgp confederation identifier autonomous-system
Syntax Description
autonomous-system
|
Autonomous system number that internally includes multiple autonomous systems.
|
Default
No confederation identifier is configured.
Command Mode
Router configuration
Usage Guidelines
Another way to reduce the IBGP mesh is to divide an autonomous system into multiple autonomous systems and group them into a single confederation. Each autonomous system is fully meshed within itself, and has a few connections to another autonomous system in the same confederation. Even though the peers in different autonomous systems have EBGP sessions, they exchange routing information as if they are IBGP peers. Specifically, the next-hop and local preference information is preserved. This enables to you to retain a single Interior Gateway Protocol (IGP) for all of the autonomous systems. To the outside world, the confederation looks like a single autonomous system.
Example
In the following example, the autonomous system is divided into autonomous systems 4001, 4002, 4003, 4004, 4005, 4006, and 4007 and identified by the confederation identifier 5. Neighbor 1.2.3.4 is someone inside your routing domain confederation. Neighbor 3.4.5.6 is someone outside your routing domain confederation. To the outside world, there appears to be a single autonomous system with the number 5.
bgp confederation identifier 5
bgp confederation peers 4002 4003 4004 4005 4006 4007
neighbor 1.2.3.4 remote-as 4002
neighbor 3.4.5.6 remote-as 510
Related Command
bgp confederation peers
bgp confederation peers
To configure the autonomous systems that belong to the confederation, use the bgp confederation peers router configuration command. To remove an autonomous system from the confederation, use the no form of this command.
bgp confederation peers autonomous-system [autonomous-system]
no bgp confederation peers autonomous-system [autonomous-system]
Syntax Description
autonomous-system
|
Autonomous system number.
|
Default
No confederation peers are configured.
Command Mode
Router configuration
Usage Guidelines
The autonomous systems specified in this command are visible internally to a confederation. Each autonomous system is fully meshed within itself. The bgp confederation identifier command specifies the confederation that the autonomous systems belong to.
Example
The following example specifies that autonomous systems 1090, 1091, 1092, and 1093 belong to a single confederation:
bgp confederation peers 1091 1092 1093
Related Command
bgp confederation identifier
bgp default local-preference
Use the bgp default local-preference router configuration command to change the default local preference value of 100. Use the no form of this command to revert to the default setting.
bgp default local-preference value
no bgp default local-preference value
Syntax Description
value
|
Local preference value. Higher is more preferred. Integer from 0 through 4294967295.
|
Default
Local preference value of 100
Command Mode
Router configuration
Usage Guidelines
Generally, the default value of 100 allows you to easily define a particular path as less preferable than paths with no local preference attribute. The preference is sent to all access servers in the local autonomous system.
Example
In the following example, the default local preference value is raised from the default of 100 to 200:
bgp default local-preference 200
Related Command
set local-preference
bgp fast-external-fallover
Use the bgp fast-external-fallover router configuration command to immediately reset the BGP sessions of any directly adjacent external peers if the link used to reach them goes down. Use the no form of this command to disable this feature.
bgp fast-external-fallover
no bgp fast-external-fallover
Syntax Description
This command has no arguments or keywords.
Default
Enabled
Command Mode
Router configuration
Example
In the following example, the automatic resetting of BGP sessions is disabled:
no bgp fast-external-fallover
clear arp-cache
Use the clear arp-cache EXEC command to remove all dynamic entries from the ARP cache and to clear the fast-switching cache.
clear arp-cache
Syntax Description
This command has no arguments or keywords.
Command Mode
EXEC
Example
The following example removes all dynamic entries from the ARP cache and clears the fast-switching cache:
clear ip bgp
To reset a BGP connection, use the clear ip bgp EXEC command at the system prompt.
clear ip bgp {* | address}
Syntax Description
*
|
Resets all current BGP sessions.
|
address
|
Resets only the identified BGP neighbor.
|
Command Mode
EXEC
Usage Guidelines
Use this command whenever any of the following changes occur:
•
Additions or changes to the BGP-related access lists
•
Changes to BGP-related weights
•
Changes to BGP-related distribution lists
•
Changes in the BGP timer's specifications
•
Changes to the BGP administrative distance
Example
The following example resets all current BGP sessions:
Related Commands
show ip bgp
timers bgp
clear ip bgp peer-group
To remove all of the members of a BGP peer group, use the clear ip bgp peer-group EXEC command.
clear ip bgp peer-group tag
Syntax Description
tag
|
Name of the BGP peer group to clear.
|
Command Mode
EXEC
Example
The following example removes all members from the BGP peer group internal:
clear ip bgp peer-group internal
Related Command
neighbor peer-group (assigning members)
clear ip dvmrp route
To delete routes from the DVMRP routing table, use the clear ip dvmrp route EXEC command.
clear ip dvmrp route {* | route}
Syntax Description
*
|
Clears all routes.
|
route
|
Clears the longest matched route. Can be an IP address, a network number, or an IP DNS name.
|
Command Mode
EXEC
Examples
The following example deletes route 10.1.1.1 from the DVMRP routing table:
clear ip dvmrp route 10.1.1.1
The following example deletes network 10.0.0.0 from the DVMRP routing table:
clear ip dvmrp route 10.0.0.0
clear ip eigrp neighbors
To delete entries from the neighbor table, use the clear ip eigrp neighbors EXEC command.
clear ip eigrp neighbors [ip-address | type number]
Syntax Description
ip-address
|
(Optional) Address of the neighbor.
|
type number
|
(Optional) Interface type and number. Specifying these arguments removes from the neighbor table all entries learned via this interface.
|
Command Mode
EXEC
Example
The following example removes the neighbor whose address is 172.20.8.3:
clear ip eigrp neighbors 172.20.8.3
Related Command
show ip eigrp neighbors
clear ip igmp group
To delete entries from the IGMP cache, use the clear ip igmp group EXEC command.
clear ip igmp group [group-name | group-address | type number]
Syntax Description
group-name
|
(Optional) Name of the multicast group, as defined in the DNS hosts table or with the ip host command.
|
group-address
|
(Optional) Address of the multicast group. This is a multicast IP address in four-part dotted notation.
|
type number
|
(Optional) Interface type and number.
|
Command Mode
EXEC
Usage Guidelines
The IGMP cache contains a list of the multicast groups of which hosts on the directly connected LAN are members. If the access server has joined a group, it is also listed in the cache.
To delete all entries from the IGMP cache, specify the clear ip igmp group command with no arguments.
Example
The following example clears entries for the multicast group 172.16.255.1 from the IGMP cache:
clear ip igmp group 172.16.255.1
Related Commands
A dagger (†) indicates that the command is documented in another chapter.
ip host †
show ip igmp groups
show ip igmp interface
clear ip mroute
To delete entries from the IP multicast routing table, use the clear ip mroute EXEC command.
clear ip mroute * | {group-name [source-address] | group-address [source-address]}
Syntax Description
*
|
Deletes all entries from the IP multicast routing table.
|
group-name
|
Name of the multicast group, as defined in the DNS hosts table or with the ip host command.
|
group-address
|
Address of the multicast group. This is a multicast IP address in four-part dotted notation.
|
source-address
|
(Optional) Address of a multicast source that is transmitting to the group. A source does not need to be a member of the group. If you specify source-address, you must specify either group-name or group-address.
|
Command Mode
EXEC
Examples
The following example deletes all entries from the IP multicast routing table:
The following example deletes from the IP multicast routing table all sources on the 10.3.0.0 subnet that are transmitting to the multicast group 172.22.205.42. Note that this example deletes all sources on network 10.3, not individual sources.
clear ip mroute 172.22.205.42 10.3.0.0
Related Commands
A dagger (†) indicates that the command is documented in another chapter.
ip host †
show ip mroute
clear ip route
Use the clear ip route EXEC command to remove one or more routes from the IP routing table.
clear ip route {network [mask] | *}
Syntax Description
network
|
Network or subnet address to remove.
|
mask
|
(Optional) Network mask associated with the IP address you wish to remove.
|
*
|
Removes all entries.
|
Command Mode
EXEC
Example
The following example removes a route to network 172.30.0.0 from the IP routing table:
clear ip route 172.30.0.0
Related Command
show ip route
clear ip sd
To delete a session directory cache entry, use the clear ip sd EXEC command.
clear ip sd [group-address | "session-name"]
Syntax Description
group-address
|
(Optional) All sessions associated with the IP group address are deleted.
|
"session-name"
|
(Optional) Only the session directory entry by this name is deleted. The session name is enclosed in quotation marks and is not case-sensitive.
|
Command Mode
EXEC
Usage Guidelines
If neither argument is specified, the entire session directory cache is deleted.
Examples
The following example deletes the entire session directory cache:
The following example deletes sessions with the group address 224.2.0.1 from the session directory cache:
The following example deletes the session entry called mbone audio from the session directory cache:
clear ip sd "mbone audio"
Related Command
ip sd listen
default-information allowed
To control the redistribution of routing information between IGRP or IP Enhanced IGRP processes, use the default-information allowed router configuration command. To suppress IGRP or IP Enhanced IGRP exterior or default routes when they are received by an IP Enhanced IGRP process, use the no default-information allowed in command. To suppress IGRP or IP Enhanced IGRP exterior routes in updates, use the no default-information allowed out command.
default-information allowed {in | out} [route-map map-tag]
no default-information allowed {in | out} [route-map map-tag]
Syntax Description
in
|
Allows IP Enhanced IGRP exterior or default routes to be received by an IP Enhanced IGRP process.
|
out
|
Allows IP Enhanced IGRP exterior routes to be advertised in updates.
|
route-map map-tag
|
(Optional) Indicates that the route map should be interrogated to filter the importation of routes from this source routing protocol to the current routing protocol. The argument map-tag is the identifier of a configured route map. If you specify route-map without specifying map-tag, no routes are imported. If you omit route-map, all routes are redistributed.
|
Default
Normally, exterior routes are always accepted and default information is passed between IGRP processes when doing redistribution.
Command Mode
Router configuration
Usage Guidelines
The default network of 0.0.0.0 used by RIP cannot be redistributed by IGRP or IP Enhanced IGRP.
Example
The following example allows IGRP exterior or default routes to be received by the IGRP process in autonomous system 23:
default-information allowed in
The following example allows IP Enhanced IGRP exterior or default routes to be received by the IP Enhanced IGRP process in autonomous system 23:
default-information allowed in
default-information originate (BGP)
Use the default-information originate router configuration command to allow the redistribution of network 0.0.0.0 into BGP. Use the no form of this command to prevent the redistribution of network 0.0.0.0 into BGP.
default-information originate
no default-information originate
Syntax Description
This command has no arguments or keywords.
Default
Disabled
Command Mode
Router configuration
Usage Guidelines
The same functionality will result from the network 0.0.0.0 command, using the network router configuration command.
Example
The following example configures BGP to redistribute network 0.0.0.0 into BGP:
default-information originate
default-information originate (EGP)
Use the default-information originate router configuration command to explicitly configure EGP to generate a default route. Use the no form of this command to disable this function.
default-information originate
no default-information originate
Syntax Description
This command has no arguments or keywords.
Default
Disabled
Command Mode
Router configuration
Usage Guidelines
Because EGP can use network 0.0.0.0 as a default route, EGP must be explicitly configured to generate a default route. If the next hop for the default route can be advertised as a third party, it will be included as a third party.
Example
The following example configures EGP to generate a default route:
default-information originate
default-information originate (OSPF)
Use the default-information originate router configuration command to generate a default route into an OSPF routing domain. Use the no form of this command to disable generation of a default route into the specified OSPF routing domain.
default-information originate [always] [metric metric-value] [metric-type type-value]
[route-map map-name]
no default-information originate [always] [metric metric-value] [metric-type type-value]
[route-map map-name]
Syntax Description
originate
|
For OSPF, causes the access server to generate a default external route into an OSPF domain if the access server already has a default route and you want to propagate to other access servers.
|
always
|
(Optional) For OSPF, the default route always will be advertised whether or not the access server has a default route.
|
metric metric-value
|
(Optional) Metric used for generating the default route. If a value is not specified for this option, and no value is specified using the default-metric router configuration command, the default metric value is 10. The value used is specific to the protocol.
|
metric-type type-value
|
(Optional) For OSPF, the external link type associated with the default route advertised into the OSPF routing domain. It can be one of two values:
1—Type 1 external route
2—Type 2 external route
If a metric-type is not specified, the access server adopts a Type 2 external route.
|
route-map map-name
|
(Optional) Routing process will generate the default route if the route-map is satisfied.
|
Default
Disabled
Command Mode
Router configuration
Usage Guidelines
Whenever you use the redistribute or the default-information router configuration commands to redistribute routes into an OSPF routing domain, the access server automatically becomes an Autonomous System Boundary Router. However, an Autonomous System Boundary Router does not, by default, generate a default route into the OSPF routing domain. The access server still needs to have a default route for itself before it generates one, except when you have specified the always keyword.
When you use this command for the OSPF process, the default network must reside in the routing table and you must satisfy the route-map map-name keyword. Use the default-information originate always route-map map-name form of the command when you do not want the dependency on the default network in the routing table.
Examples
The following example specifies a metric of 100 for the default route redistributed into the OSPF routing domain and an external metric type of Type 1:
redistribute igrp 108 metric 100 subnets
default-information originate metric 100 metric-type 1
Related Command
redistribute
default-metric
Use the default-metric router configuration command to set default metric values for the RIP, EGP, IGRP, Enhanced IGRP, and BGP routing protocols. Use the no form of this command to remove the metric value and return to the default state.
default-metric number
no default-metric number
Syntax Description
number
|
Default metric value appropriate for the specified routing protocol.
|
Default
Built-in, automatic metric translations, as appropriate for each routing protocol
Command Mode
Router configuration
Usage Guidelines
This command is used in conjunction with the redistribute router configuration command to cause the current routing protocol to use the same metric value for all redistributed routes. A default metric helps solve the problem of redistributing routes with incompatible metrics. Whenever metrics do not convert, using a default metric provides a reasonable substitute and enables the redistribution to proceed.
In BGP, this sets the MULTI_EXIT_DISC metric. (The name of this metric for BGP Versions 2 and 3 is INTER_AS.)
Example
The following example shows an access server in autonomous system 109 using both the RIP and the IGRP routing protocols. The example advertises IGRP-derived routes using the RIP protocol and assigns the IGRP-derived routes a RIP metric of 10.
Related Command
redistribute
default-metric (BGP, EGP, OSPF, and RIP)
To set default metric values for the BGP, EGP, OSPF, and RIP routing protocols, use this form of the default-metric router configuration command. To return to the default state, use the no form of this command.
default-metric number
no default-metric number
Syntax Description
number
|
Default metric value appropriate for the specified routing protocol.
|
Default
Built-in, automatic metric translations, as appropriate for each routing protocol
Command Mode
Router configuration
Usage Guidelines
The default-metric command is used in conjunction with the redistribute router configuration command to cause the current routing protocol to use the same metric value for all redistributed routes. A default metric helps solve the problem of redistributing routes with incompatible metrics. Whenever metrics do not convert, using a default metric provides a reasonable substitute and enables the redistribution to proceed.
In BGP, this sets the multiple exit discriminator (MED) metric. (The name of this metric for BGP Versions 2 and 3 is INTER_AS.)
Example
The following example shows a router in autonomous system 109 using both the RIP and the OSPF routing protocols. The example advertises OSPF-derived routes using the RIP protocol and assigns the IGRP-derived routes a RIP metric of 10.
Related Command
redistribute
default-metric (IGRP and Enhanced IGRP)
Use this form of the default-metric router configuration command to set metrics for IGRP. Use the no form of this command to remove the metric value and return to the default state.
default-metric bandwidth delay reliability loading mtu
no default-metric bandwidth delay reliability loading mtu
Syntax Description
bandwidth
|
Minimum bandwidth of the route in kilobits per second
|
delay
|
Route delay in tens of microseconds
|
reliability
|
Likelihood of successful packet transmission expressed as a number between 0 and 255 (255 is 100 percent reliability)
|
loading
|
Effective bandwidth of the route expressed as a number between 0 and 255 (255 is 100 percent loading)
|
mtu
|
Minimum Maximum Transmission Unit (MTU) size for the route
|
Default
Built-in, automatic metric translations
Command Mode
Router configuration
Usage Guidelines
IGRP metric defaults have been carefully set to work for a wide variety of networks. Take great care in changing these values.
Automatic metric translations for IGRP are only supported when redistributing from IGRP or static.
Example
The following example takes redistributed RIP metrics and translates them into IGRP metrics with values as follows: bandwidth = 1000, delay = 100, reliability = 250, loading = 100, and mtu =1500.
default-metric 1000 100 250 100 1500
Related Command
redistribute
distance
To define an administrative distance, use the distance router configuration command. To remove a distance definition, use the no form of this command.
distance weight [address mask [access-list-number]] [ip]
no distance weight [address mask [access-list-number]] [ip]
Syntax Description
weight
|
Administrative distance. This can be an integer from 10 to 255. (The values 0 through 9 are reserved for internal use.) Used alone, the argument weight specifies a default administrative distance that the access server uses when no other specification exists for a routing information source. Routes with a distance of 255 are not installed in the routing table.
|
address
|
(Optional) IP address in four-part dotted notation.
|
mask
|
(Optional) IP address mask in four-part dotted-decimal format. A bit set to 1 in the mask argument instructs the access server to ignore the corresponding bit in the address value.
|
access-list-number
|
(Optional) Number of a standard IP access list to be applied to incoming routing updates.
|
ip
|
(Optional) IP-derived routes for IS-IS. Can be applied independently for IP routes and ISO CLNS routes.
|
Default
Default administrative distances are shown in .
Table 19-1 Default Administrative Distances
Route Source
|
Default Distance
|
Connected interface
|
0
|
Static route
|
1
|
External BGP
|
20
|
IGRP
|
100
|
OSPF
|
110
|
RIP
|
120
|
EGP
|
140
|
Internal BGP
|
200
|
Unknown
|
255
|
Command Mode
Router configuration
Usage Guidelines
Numerically, an administrative distance is an integer between 0 and 255. In general, the higher the value, the lower the trust rating. An administrative distance of 255 means the routing information source cannot be trusted at all and should be ignored.
When the optional access list number is used with this command, it is applied when a network is being inserted into the routing table. This behavior allows filtering of networks according to the IP address of the access server supplying the routing information. This could be used, as an example, to filter out possibly incorrect routing information from access servers not under your administrative control.
The order in which you enter distance commands can affect the assigned administrative distances in unexpected ways (see "Example" for further clarification).
Weight values are also subjective; there is no quantitative method for choosing weight values.
For BGP, the distance command sets the administrative distance of the External BGP route.
Theshow ip protocols EXEC command displays the default administrative distance for a specified routing process.
Example
In the following example, the router igrp global configuration command sets up IGRP routing in autonomous system number 109. The network router configuration commands specify IGRP routing on networks 192.168.7.0 and 172.28.0.0. The first distance router configuration command sets the default administrative distance to 255, which instructs the access server to ignore all routing updates from access servers for which an explicit distance has not been set. The second distance command sets the administrative distance for all access servers on the Class C network 192.168.7.0 to 90. The third distance command sets the administrative distance for the access server with the address 172.28.1.3 to 120.
distance 90 192.168.7.0 0.0.0.255
distance 120 172.28.1.3 0.0.0.0
Related Command
distance bgp
distance bgp
To allow the use of external, internal, and local administrative distances that could be a better route to a node, use the distance bgp router configuration command. To return to the default values, use the no form of this command.
distance bgp external-distance internal-distance local-distance
no distance bgp
Syntax Description
external-distance
|
Administrative distance for BGP external routes. External routes are routes for which the best path is learned from a neighbor external to the autonomous system. Acceptable values are from 1 to 255. The default is 20. Routes with a distance of 255 are not installed in the routing table.
|
internal-distance
|
Administrative distance for BGP internal routes. Internal routes are those routes that are learned from another BGP entity within the same autonomous system. Acceptable values are from 1 to 255. The default is 200. Routes with a distance of 255 are not installed in the routing table.
|
local-distance
|
Administrative distance for BGP local routes. Local routes are those networks listed with a network router configuration command, often as back doors, for that access server or for networks that are being redistributed from another process. Acceptable values are from 1 to 255. The default is 200. Routes with a distance of 255 are not installed in the routing table.
|
Default
external-distance: 20
internal-distance: 200
local-distance: 200
Command Mode
Router configuration
Usage Guidelines
An administrative distance is a rating of the trustworthiness of a routing information source, such as an individual access server or a group of access servers. Numerically, an administrative distance is an integer between 0 and 255. In general, the higher the value, the lower the trust rating. An administrative distance of 255 means the routing information source cannot be trusted at all and should be ignored.
Use this command if another protocol is known to be able to provide a better route to a node than was actually learned via external BGP, or if some internal routes should really be preferred by BGP.
Note
Changing the administrative distance of BGP internal routes is considered dangerous and is not recommended. One problem that can arise is the accumulation of routing table inconsistencies, which can break routing.
Example
In the following example, internal routes are known to be preferable to those learned through the IGP, so the administrative distance values are set accordingly:
neighbor 172.29.6.6 remote-as 123
neighbor 172.28.1.1 remote-as 47
Related Command
distance
distance eigrp
To allow the use of internal and external administrative distances that could be a better route to a node, use the distance eigrp router configuration command. To reset these values to their defaults, use the no form of this command.
distance eigrp internal-distance external-distance
no distance eigrp
Syntax Description
internal-distance
|
Administrative distance for IP Enhanced IGRP internal routes. Internal routes are those that are learned from another entity within the same autonomous system. It can be a value from 1 to 255. The default is 90.
|
external-distance
|
Administrative distance for IP Enhanced IGRP external routes. External routes are those for which the best path is learned from a neighbor external to the autonomous system. It can be a value from 1 to 255. The default is 170.
|
Default
internal-distance: 90
external-distance: 170
Command Mode
Router configuration
Usage Guidelines
An administrative distance is a rating of the trustworthiness of a routing information source, such as an individual access server or a group of access servers. Numerically, an administrative distance is an integer between 0 and 255. In general, the higher the value, the lower the trust rating. An administrative distance of 255 means the routing information source cannot be trusted at all and should be ignored.
Use the distance eigrp command if another protocol is known to be able to provide a better route to a node than was actually learned via external IP Enhanced IGRP or if some internal routes should really be preferred by IP Enhanced IGRP.
lists the default administrative distances.
Table 19-2 Default Enhanced IGRP Administrative Distances
Route Source
|
Default Distance
|
Connected interface
|
0
|
Static route
|
1
|
Enhanced IGRP summary route
|
5
|
External BGP
|
20
|
Internal Enhanced IGRP
|
90
|
IGRP
|
100
|
OSPF
|
110
|
IS-IS
|
115
|
RIP
|
120
|
EGP
|
140
|
External Enhanced IGRP
|
170
|
Internal BGP
|
200
|
Unknown
|
255
|
To display the default administrative distance for a specified routing process, use the show ip protocols EXEC command.
Example
In the following example, the router eigrp global configuration command sets up IP Enhanced IGRP routing in autonomous system number 109. The network router configuration commands specify IP Enhanced IGRP routing on networks 192.168.7.0 and 172.28.0.0. The first distance router configuration command sets the default administrative distance to 255, which instructs the access server to ignore all routing updates from access servers for which an explicit distance has not been set. The second distance router configuration command sets the administrative distance for all access servers on the Class C network 192.168.7.0 to 90. The third distance router configuration command sets the administrative distance for the access server with the address 172.28.1.3 to 120.
! use caution when executing the next two commands!
distance 90 192.168.7.0 0.0.0.255
distance 120 172.28.1.3 0.0.0.0
Related Command
show ip protocols
distribute-list in
To filter networks received in updates, use the distribute-list in router configuration command. To change or cancel the filter, use the no form of this command.
distribute-list access-list-number in [type number]
no distribute-list access-list-number in [type number]
Syntax Description
access-list-number
|
Standard IP access list number. The list defines which networks are to be received and which are to be suppressed in routing updates.
|
type
|
(Optional) Interface type.
|
number
|
(Optional) Interface number.
|
Default
Disabled
Command Mode
Router configuration
Usage Guidelines
If no interface is specified, the access list will be applied to all incoming updates.
Example
The following example causes only two networks to be accepted by a RIP routing process: network 0.0.0.0 (the RIP default) and network 172.16.0.0.
access-list 1 permit 0.0.0.0
access-list 1 permit 172.16.0.0
access-list 1 deny 0.0.0.0 255.255.255.255
Related Commands
A dagger (†) indicates that the command is documented in another chapter.
access-list †
distribute-list out
redistribute
distribute-list out
To suppress networks from being advertised in updates, use the distribute-list out router configuration command. To cancel this function, use the no form of this command.
distribute-list access-list-number out [interface-name | routing-process |
autonomous-system-number]
no distribute-list access-list-number out [interface-name | routing-process |
autonomous-system-number]
Syntax Description
access-list-number
|
Standard IP access list number. The list defines which networks are to be sent and which are to be suppressed in routing updates.
|
interface-name
|
(Optional) Name of a particular interface. Does not apply to OSPF.
|
routing-process
|
(Optional) Name of a particular routing process, or the keyword static or connected.
|
autonomous-system-number
|
A decimal number between 1 and 65535.
|
Default
Disabled
Command Mode
Router configuration
Usage Guidelines
When redistributing networks, a routing process name can be specified as an optional trailing argument to the distribute-list command. This causes the access list to be applied to only those routes derived from the specified routing process. After this access list is applied, any access list specified by a distribute-list command without a process name argument will be applied. Addresses not specified in the distribute-list command will not be advertised in outgoing routing updates.
To filter networks received in updates, use the distribute-list in command.
Examples
The following example would cause only one network to be advertised by a RIP routing process: network 172.16.0.0.
access-list 1 permit 172.16.0.0
access-list 1 deny 0.0.0.0 255.255.255.255
Related Commands
A dagger (†) indicates that the command is documented in another chapter.
access-list †
distribute-list in
redistribute
ip address
Use the ip address interface configuration command to specify the IP address on an interface. Use the no form of this command to remove the specified secondary address.
ip address address mask [secondary]
no ip address address mask [secondary]
Syntax Description
address mask
|
IP address and mask.
|
secondary
|
(Optional) Address to be added as a secondary address.
|
Default
Disabled
Command Mode
Interface configuration
Usage Guidelines
The optional keyword secondary allows an unlimited number of secondary addresses to be specified. Secondary addresses are treated like primary addresses, except that the system never generates datagrams other than routing updates with secondary source addresses. IP broadcasts and ARP requests are handled properly, as are interface routes in the IP routing table.
Secondary IP addresses can be used in many situations. The following are common applications:
•
There may not be enough host addresses for a particular network segment. For example, your subnetting allows up to 254 hosts per logical subnet, but on one physical subnet you need to have 300 host addresses. Using secondary IP addresses on the access servers allows you to have two logical subnets using one physical subnet.
•
Many older networks were built using Level 2 bridges. The judicious use of secondary addresses can aid in the transition to a subnetted, access server-based network. Access servers on an older, bridged segment can be easily made aware that there are many subnets on that segment.
•
Two subnets of a single network might otherwise be separated by another network. This situation is not permitted when subnets are in use. In these instances, the first network is extended, or layered on top of the second network using secondary addresses.
Note
If any access server on a network segment uses a secondary address, all other access servers on that same segment must also use a secondary address from the same network or subnet. An inconsistent use of secondary addresses on a network segment can very quickly lead to routing loops.
Example
The following example specifies 172.16.1.27 as the primary address and 192.168.7.17 as a secondary address for Ethernet interface 0:
ip address 172.16.1.27 255.255.255.0
ip address 192.168.7.17 255.255.255.0 secondary
ip as-path access-list
Use the ip as-path access-list global configuration command to define a BGP-related access list. Use the no form of this command to disable use of the access list.
ip as-path access-list access-list-number {permit | deny} as-regular-expression
no ip as-path access-list access-list-number {permit | deny} as-regular-expression
Syntax Description
access-list-number
|
Integer from 1 to 199 that indicates the regular expression access list number.
|
permit
|
Permits access for matching conditions.
|
deny
|
Denies access to matching conditions.
|
as-regular-expression
|
Autonomous system in the access list using a regular expression. See the "Regular Expressions" appendix for information on forming regular expressions.
|
Default
No access lists are defined.
Command Mode
Global configuration
Usage Guidelines
You can specify an access list filter on both inbound and outbound BGP routes. In addition, you can assign weights based on a set of filters. Each filter is an access list based on regular expressions. If the regular expression matches the representation of the autonomous system path of the route as an ASCII string, then the permit or deny condition applies. The autonomous system path does not contain the local autonomous system number. Use the ip as-path access-list global configuration command to define an BGP access list, and the neighbor router configuration command to apply a specific access list.
See the "Regular Expressions" appendix for information on forming regular expressions.
Example
The following example specifies that the BGP neighbor with IP address 172.28.1.1 is not sent advertisements about any path through or from the adjacent autonomous system 123:
ip as-path access-list 1 deny _123_
ip as-path access-list 1 deny ^123 .*
! The space in the above expression (^123.*) is required.
neighbor 172.29.6.6 remote-as 123
neighbor 172.28.1.1 remote-as 47
neighbor 172.28.1.1 filter-list 1 out
Related Commands
neighbor distribute-list
neighbor filter-list
ip community-list
To create a community list for BGP and control access to it, use the ip community-list global configuration command. To delete the community list, use the no form of this command.
ip community-list community-list-number {permit | deny} community-number
no ip community-list community-list-number
Syntax Description
community-list-number
|
Integer 1 through 99 that identifies one or more permit or deny groups of communities.
|
permit
|
Permits access for a matching condition.
|
deny
|
Denies access for a matching condition.
|
community-number
|
Community number configured by a set community command. Valid value is one of the following:
• 1 through 4294967200. You can specify a single number or multiple numbers separated by a space.
• internet—The Internet community.
• no-export—Do not advertise this route to an EBGP peer.
• no-advertise—Do not advertise this route to any peer (internal or external).
|
Default
Once you permit a value for the community number, the community list defaults to an implicit deny for everything else that has not been permitted.
Command Mode
Global configuration
Example
In the following example, the access server permits all routes except the routes with the communities 5 and 10 or 10 and 15:
ip community-list 1 deny 5 10
ip community-list 1 deny 10 15
ip community-list 1 permit internet
Related Command
set community
ip default-network
Use the ip default-network global configuration command to select a network as a candidate route for computing the gateway of last resort. Use the no form of this command to remove the route.
ip default-network network-number
no ip default-network network-number
Syntax Description
network-number
|
Number of the network
|
Default
If the access server has a directly connected interface onto the specified network, the dynamic routing protocols running on that access server will generate (or source) a default route. For RIP, this is flagged as the pseudonetwork 0.0.0.0; for IGRP, it is the network itself, flagged as an exterior route.
Command Mode
Global configuration
Usage Guidelines
The access server uses both administrative distance and metric information to determine the default route. Multiple ip default-network commands can be given. All candidate default routes, both static (that is, flagged by ip default-network) and dynamic, appear in the routing table preceded by an asterisk.
If the IP routing table indicates that the specified network number is subnetted and a non-zero subnet number is specified, then the system will automatically configure a static summary route. This static summary route is configured instead of a default network. The effect of the static summary route is to cause traffic destined for subnets that are not explicitly listed in the IP routing table to be routed using the specified subnet.
Examples
The following example defines a static route to network 10.0.0.0 as the static default route:
ip route 10.0.0.0 255.0.0.0 172.16.3.4
ip default-network 10.0.0.0
If the following command was issued on an access server not connected to network 172.29.0.0, the access server might choose the path to that network as a default route when the network appeared in the routing table:
ip default-network 172.29.0.0
Related Command
show ip route
ip dvmrp accept-filter
To configure an acceptance filter for incoming DVMRP reports, use the ip dvmrp accept-filter interface configuration command. To disable this feature, use the no form of this command.
ip dvmrp accept-filter access-list-number [distance]
no ip dvmrp accept-filter access-list-number [distance]
Syntax Description
access-list-number
|
Number of a standard IP access list. This can be a number from 1 to 99. A value of 0 means that all sources are accepted with the configured distance.
|
distance
|
(Optional) Administrative distance to the destination.
|
Default
All destinations are accepted with a distance of 0.
Command Mode
Interface configuration
Usage Guidelines
Any sources that match the access list are stored in the DVMRP routing table.
The distance is used to compare with the same source in the unicast routing table. The route with the lower distance (either the route in the unicast or DVMRP routing table) takes precedence when computing the Reverse Path Forwarding (RPF) interface for a source of a multicast packet.
By default, the administrative distance for DVMRP routes is 0. This means that they always take precedence over unicast routing table routes. If you have two paths to a source, one through unicast routing (using PIM as the multicast routing protocol) and another path using DVMRP (unicast and multicast routing), and if you want to use the PIM path, use the ip dvmrp accept-filter command to increase the administrative distance for DVMRP routes. For example, if the unicast routing protocol is Enhanced IGRP, which has a default administrative distance of 90, you could define and apply the following access list so the RPF interface used to accept multicast packets will be through the Enhanced IGRP/PIM path:
ip dvmrp accept-filter 1 100
access-list 1 permit 0.0.0.0 255.255.255.255
Example
The following example applies access list 57 to the interface and sets a distance of 4:
access-list 57 permit 172.16.0.0 0.0.255.255
access-list 57 permit 192.168.37.0 0.0.0.255
access-list 57 deny 0.0.0.0 255.255.255.255
ip dvmrp accept-filter 57 4
Related Commands
distance
ip dvmrp metric
show ip dvmrp route
ip dvmrp default-information
To advertise network 0.0.0.0 to DVMRP neighbors on an interface, use the ip dvmrp default-information interface configuration command. To prevent the advertisement, use the no form of this command.
ip dvmrp default-information {originate | only}
no ip dvmrp default-information {originate | only}
Syntax Description
originate
|
Other routes more specific than 0.0.0.0 can also be advertised.
|
only
|
No DVMRP routes other than 0.0.0.0 are advertised.
|
Default
Disabled
Command Mode
Interface configuration
Usage Guidelines
This command should only be used when the access server is a neighbor to mrouted version 3.6 machines. The mrouted protocol is a public domain implementation of DVMRP.
You can use the ip dvmrp metric command with the ip dvmrp default-information command to tailor the metric used when advertising the default route 0.0.0.0. By default, metric 1 is used.
Example
The following example configures the access server to advertise network 0.0.0.0, in addition to other networks, to DVMRP neighbors:
ip dvmrp default-information originate
Related Command
ip dvmrp metric
ip dvmrp metric
To configure the metric associated with a set of destinations for DVMRP reports, use the ip dvmrp metric interface configuration command. To disable this function, use the no form of this command.
ip dvmrp metric metric [list access-list-number] [protocol process-id] | [dvmrp]
no ip dvmrp metric metric [list access-list-number] [protocol process-id] | [dvmrp]
Syntax Description
metric
|
Metric associated with a set of destinations for DVMRP reports. It can be a value from 0 to 32. A value of 0 means that the route is not advertised. A value of 32 is equivalent to infinity (unreachable).
|
list access-list-number
|
(Optional) Number of an access list. If you specify this argument, only the multicast destinations that match the access list are reported with the configured metric. Any destinations not advertised because of split horizon do not use the configured metric.
|
protocol
|
(Optional) Name of unicast routing protocol. It can be bgp, egp, eigrp, igrp, isis, ospf, rip, or static. (Note that these are the protocol names you can specify with a router protocol command.)
If you specify these arguments, only routes learned by the specified routing protocol are advertised in DVMRP report messages.
|
process-id
|
(Optional) Process ID number of the unicast routing protocol.
|
dvmrp
|
(Optional) Allows routes from the DVMRP routing table to be advertised with the configured metric or filtered.
|
Default
No metric is preconfigured. Only directly connected subnets and networks are advertised to neighboring DVMRP access servers.
Command Mode
Interface configuration
Usage Guidelines
When PIM is configured on an interface and DVMRP neighbors are discovered, the access server sends DVMRP report messages for directly connected networks. The ip dvmrp metric command enables DVMRP report messages for multicast destinations that match the access list. Usually, the metric for these routes is 1. Under certain circumstances, it may be desirable to tailor the metric used for various unicast routes.
Use the access-list-number argument in conjunction with the protocol process-id arguments to selectively list the destinations learned from a given routing protocol.
If you do not specify this command, only directly connected subnets are advertised via DVMRP.
To display DVMRP activity, use the debug ip dvmrp command.
Example
The following example connects a PIM cloud to a DVMRP cloud. Access list 1 permits the sending of DVMRP reports to the DVMRP access servers advertising all sources in the 192.168.35.0 network with a metric of 1. Access list 2 permits all other destinations, but the metric of 0 means that no DVMRP reports are sent for these destinations.
access-list 1 permit 192.168.35.0 0.0.0.255
access-list 1 deny 0.0.0.0 255.255.255.255
access-list 2 permit 0.0.0.0 255.255.255.255
Related Commands
A dagger (†) indicates that the command is documented in the Debug Command Reference publication.
debug ip dvmrp †
ip dvmrp accept-filter
ip gdp
Use the ip gdp interface configuration command to enable GDP routing on an interface. Use the no form of this command to disable GDP routing, with all default parameters.
ip gdp [priority number | reporttime seconds | holdtime seconds]
no ip gdp
Syntax Description
priority number
|
(Optional) Alters the GDP priority; default is a priority of 100. A larger number indicates a higher priority.
|
reporttime seconds
|
(Optional) Alters the GDP reporting interval; the default is 5 seconds for broadcast media such as Ethernets, and never for nonbroadcast media such as X.25.
|
holdtime seconds
|
(Optional) Alters the GDP default hold time of 15 seconds.
|
Default
priority = 100
reporttime = 5 seconds for broadcast media; 0 for nonbroadcast media
holdtime = 15 seconds
Command Mode
Interface configuration
Usage Guidelines
When enabled on an interface, GDP updates report the primary and secondary IP addresses of that interface.
Example
In the following example, GDP is enabled on Ethernet interface 1 with a report time of 10 seconds, and priority and hold time set to their defaults (because none are specified):
ip hello-interval eigrp
To configure the hello interval for the IP Enhanced IGRP routing process designated by an autonomous system number, use the ip hello-interval eigrp interface configuration command. To restore the default value, use the no form of this command.
ip hello-interval eigrp autonomous-system-number seconds
no ip hello-interval eigrp autonomous-system-number seconds
Syntax Description
autonomous-system-number
|
A decimal number between 1 and 65535.
|
seconds
|
Hello interval, in seconds
|
Default
For slow-speed, NBMA networks: 60 seconds
For all other networks: 5 seconds
Command Mode
Interface configuration
Usage Guidelines
The default of 60 seconds applies only to nonbroadcast, multiaccess (NBMA) media. Low speed is considered to be a rate of T1 or slower, as specified with the bandwidth interface configuration command. Note that for the purposes of Enhanced IGRP, Frame Relay and SMDS networks may or may not be considered to be NBMA. These networks are considered NBMA if the interface has not been configured to use physical multicasting; otherwise they are considered not to be NBMA.
Example
The following example sets the hello interval for Ethernet interface 0 to 10 seconds:
ip hello-interval eigrp 109 10
Related Command
ip hold-time eigrp
ip hold-time eigrp
To configure the hold time for a particular Enhanced IGRP routing process designated by the autonomous system number, use the ip hold-time eigrp interface configuration command. To restore the default value, use the no form of this command.
ip hold-time eigrp autonomous-system-number seconds
no ip hold-time eigrp autonomous-system-number seconds
Syntax Description
autonomous-system-number
|
A decimal number between 1 and 65535.
|
seconds
|
Hold time, in seconds.
|
Default
For slow-speed, NBMA networks: 180 seconds
For all other networks: 15 seconds
Command Mode
Interface configuration
Usage Guidelines
On very congested and large networks, the default hold time might not be sufficient time for all routers to receive hello packets from their neighbors. In this case, you may want to increase the hold time.
The hold time is three times the hello interval. If the current value for the hold time is less than two times the hello interval, the hold time is reset.
If an access server does not receive a hello packet within the specified hold time, routes through the access server are considered available.
Increasing the hold time delays route convergence across the network.
The default of 180 seconds applies only to low speed, nonbroadcase, multiaccess (NBMA) media. Low speed is considered to be a rate of T1 or slower, as specified with the bandwidth interface configuration command.
Example
The following example sets the hold time for Ethernet interface 0 to 40 seconds:
ip hold-time eigrp 109 40
Related Command
ip hello-interval eigrp
ip igmp access-group
To control the multicast groups that hosts on the subnet serviced on an interface can join, use the ip igmp access-group interface configuration command. To disable groups on an interface, use the no form of this command.
ip igmp access-group access-list-number
no ip igmp access-group access-list-number
Syntax Description
access-list-number
|
Number of a standard IP access list. This can be a number from 1 to 99.
|
Default
All groups are allowed on an interface.
Command Mode
Interface configuration
Example
In the following example, host services by Ethernet interface 0 can join the group 172.25.2.2 only:
access-list 1 172.25.2.2 0.0.0.0
Related Command
ip igmp join-group
ip igmp join-group
To have the access server join a multicast group, use the ip igmp join-group interface configuration command. To cancel membership in a multicast group, use the no form of this command.
ip igmp join-group group-address
no ip igmp join-group group-address
Syntax Description
group-address
|
Address of the multicast group. This is a multicast IP address in four-part dotted notation.
|
Default
No multicast group memberships are predefined.
Command Mode
Interface configuration
Usage Guidelines
IP packets that are addressed to the group address are passed to the IP client process in the access server.
If all the multicast-capable access servers that you administer are members of a multicast group, pinging that group causes all access servers to respond. This can be a useful administrative and debugging tool.
Another reason to have an access server join a multicast group is when other hosts on the network have a bug in IGRP that prevents them from correctly answering IGMP queries. Having the access server join the multicast group causes upstream access servers to maintain multicast routing table information for that group and keeps the paths for that group active.
Example
In the following example, the access server joins multicast group 172.25.2.2:
ip igmp join-group 172.25.2.2
Related Commands
A dagger (†) indicates that the command is documented in another chapter.
ip igmp access-group
ping †
ip igmp query-interval
To configure the frequency at which the access server sends IGMP host-query messages, use the ip igmp query-interval interface configuration command. To return to the default frequency, use the no form of this command.
ip igmp query-interval seconds
no ip igmp query-interval
Syntax Description
seconds
|
Frequency, in seconds, at which to transmit IGMP host-query messages. The can be a value from 0 to 65535. The default is 60 seconds.
|
Default
60 seconds
Command Mode
Interface configuration
Usage Guidelines
Multicast access servers send host membership query messages (referred to as host-query messages) to discover which multicast groups have members on the access server's attached networks. Hosts respond with IGMP report messages indicating that they wish to receive multicast packets for specific groups (that is, indicating that the host wants to become a member of the group). Host-query messages are addresses to the all-hosts multicast group, which has the address 172.24.0.1, and have an IP TTL value of 1.
The designated router for a LAN is the only access server that sends IGMP host-query messages. The designated router is elected according to the multicast routing protocol that runs on the LAN.
Note
Changing this value may severely impact multicast forwarding.
Example
The following example changes the frequency at which the designated router sends IGMP host-query messages to 2 minutes:
ip igmp query-interval 120
Related Commands
ip pim query-interval
show ip igmp groups
ip irdp
Use the ip irdp interface configuration command to enable ICMP Router Discovery Protocol (IRDP) processing on an interface. Use the no form of this command to disable IRDP routing on the specified interface.
ip irdp [multicast | holdtime seconds | maxadvertinterval seconds | minadvertinterval
seconds | preference number | address address [number]]
no ip irdp
Syntax Description
multicast
|
(Optional) Use the multicast address (172.24.0.1) instead of IP broadcasts.
|
holdtime seconds
|
(Optional) Length of time in seconds advertisements are held valid. Default is three times the maxadvertinterval value. Must be greater than maxadvertinterval and cannot be greater than 9000 seconds.
|
maxadvertinterval seconds
|
(Optional) Maximum interval in seconds between advertisements. The default is 600 seconds.
|
minadvertinterval seconds
|
(Optional) Minimum interval in seconds between advertisements. The default is 0.75 times the maxadvertinterval. If you change the maxadvertinterval value, this value defaults to three-quarters of the new value.
|
preference number
|
(Optional) Access server's preference value. The allowed range is -231 to 231. The default is 0. A higher value increases the access server's preference level. You can modify a particular access server so that it will be the preferred access server to which others home.
|
address address [number]
|
(Optional) IP address (address) to proxy advertise, and optionally, its preference value (number).
|
Default
Disabled
When enabled, IRDP uses these defaults:
•
Broadcast IRDP advertisements
•
Maximum interval between advertisements: 600 seconds
•
Minimum interval between advertisements: 0.75 times maxadvertinterval
•
Preference: 0
Command Mode
Interface configuration
Usage Guidelines
If you change maxadvertinterval, the other two values also change, so it is important to change maxadvertinterval first before changing either holdtime or minadvertinterval.
The ip irdp multicast command allows for compatibility with Sun Microsystems Solaris, which requires IRDP packets to be sent out as multicasts. Many implementations cannot receive these multicasts; ensure end host ability before using this command.
Example
The following example illustrates how to set the various IRDP processes:
! enable irdp on interface Ethernet 0
interface ethernet 0
ip irdp
! send IRDP advertisements to the multicast address
ip irdp multicast
! increase access server preference from 100 to 50
ip irdp preference 50
! set maximum time between advertisements to 400 secs
ip irdp maxadvertinterval 400
! set minimum time between advertisements to 100 secs
ip irdp minadvertinterval 100
! advertisements are good for 6000 seconds
ip irdp holdtime 6000
! proxy-advertise 172.16.14.5 with default access server preference
ip irdp address 172.16.14.5
! 0 proxy-advertise 172.16.14.6 with preference of 50
ip irdp address 172.16.14.6 50
ip local policy route-map
To identify a route map to use for local policy routing, use the ip local policy route-map global configuration command. To disable local policy routing, use the no form of this command.
ip local policy route-map map-tag
no ip local policy route-map map-tag
Syntax Description
map-tag
|
Name of the route map to use for local policy routing. The name must match a map-tag specified by a route-map command.
|
Default
Packets that are generated by the router are not policy routed.
Command Mode
Global configuration
Usage Guidelines
Packets that are generated by the router are not normally policy routed. However, you can use this command to policy route such packets. You might enable local policy routing if you want packets originated at the router to take a route other than the obvious shortest path.
The ip local policy route-map command identifies a route map to use for local policy routing. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which packets should be policy routed. The set commands specify the set actions—the particular policy routing actions to perform if the criteria enforced by the match commands are met. The no ip local policy route-map command deletes the reference to the route map and disables local policy routing.
Example
In the following example, packets with a destination IP address matching that allowed by extended access list 131 are sent to the router at IP address 174.21.3.20:
ip local policy route-map xxx
set ip next-hop 174.21.3.20
Related Commands
match ip address
match length
route-map
set default interface
set interface
set ip default next-hop
set ip next-hop
show ip local policy
ip mroute
To configure a multicast static route (mroute), use the ip mroute global configuration command. To remove the route, use the no form of this command.
ip mroute source mask [protocol as-number] {rpf-address | type number} [distance]
no ip mroute source mask [protocol as-number] {rpf-address | type number} [distance]
Syntax Description
source
|
IP address of the multicast source.
|
mask
|
Mask on the IP address of the multicast source.
|
protocol
|
(Optional) Unicast routing procotol that you are using.
|
as-number
|
(Optional) Autonomous system number of the routing protocol you are using, if applicable.
|
rpf-address
|
Incoming interface for the mroute. If the Reverse Path Forwarding address rpf-address is a PIM neighbor, PIM Joins, Grafts, and Prunes are sent to it. The rpf-address can be a host IP address of a directly connected system or a network/subnet number. When it is a route, a recursive lookup is done from the unicast routing table to find a directly connected system. If rpf-address is not specified, the interface type number is used as the incoming interface.
|
type number
|
Interface type and number for the mroute.
|
distance
|
(Optional) Determines whether a unicast route, DVMRP route, or static mroute should be used for RPF lookup. The lower distances have better preference. If static has the same distance as the other two RPF sources, the static mroute takes precedence. The default is 0.
|
Default
distance: 0
Command Mode
Global configuration
Usage Guidelines
This command allows you to statically configure where multicast sources are located (even though the unicast routing table says something different).
When a source range is specified, the rpf-address applies only to those sources.
Examples
The following example configures all sources via a single interface (in this case, a tunnel):
ip mroute 0.0.0.0 255.255.255.255 tunnel0
The following example configures all specific sources within a network number are reachable through 171.68.10.13:
ip mroute 171.69.0.0 255.255.0.0 171.68.10.13
The following example causes this multicast static route to take effect if the unicast routes for any given destination go away:
ip mroute 0.0.0.0 255.255.255.255 serial0 200
ip mroute-cache
To configure IP multicast fast switching, use the ip mroute-cache interface configuration command. To disable IP multicast fast switching, use the no form of this command.
ip mroute-cache
no ip mroute-cache
Syntax Description
This command has no arguments or keywords.
Default
Enabled
Command Mode
Interface configuration
Usage Guidelines
If fast switching is disabled on an incoming interface for a multicast routing table entry, the packet will be sent at process level for all interfaces in the outgoing interface list.
If fast switching is disabled on an outgoing interface for a multicast routing table entry, the packet is process level switched for that interface, but might be fast-switched for other interfaces in the outgoing interface list.
When fast switching is enabled (like unicast routing), debug messages are not logged. If you want to log debug messages, disable fast switching.
Example
The following example disables IP multicast fast switching on the interface:
ip multicast rate-limit
To control the rate a sender from the source-list can send to a multicast group in the group-list, use the ip multicast rate-limit interface configuration command. To remove the control, use the no form of this command.
ip multicast rate-limit {in | out} [group-list access-list] [source-list access-list] kbps
no multicast rate-limit {in | out} [group-list access-list] [source-list access-list] kbps
Syntax Description
in
|
Only packets at the rate of kbps or slower are accepted on the interface.
|
out
|
Only a maximum of kbps will be transmitted on the interface.
|
group-list access-list
|
(Optional) Specifies the access list number that controls which multicast groups are subject to the rate limit.
|
source-list access-list
|
(Optional) Specifies the access list number that controls which senders are subject to the rate limit.
|
kbps
|
Kilobits per second transmission rate.
|
Default
kbps = 0, meaning that there is no limit on the rate traffic is sent.
Command Mode
Interface configuration
Usage Guidelines
If a router receives a packet and in the last second the user has sent over the limit, the packet is dropped; otherwise, it is forwarded.
Example
In the following example, packets to any group from sources in network 171.69.0.0 will have their packets rate-limited to 64 kilobits per second:
ip multicast rate-limit out group-list 1 source-list 2 64
access-list 1 permit 0.0.0.0 255.255.255.255
access-list 2 permit 171.69.0.0 0.0.255.255
ip multicast-routing
To enable IP multicast routing on the access server, use the ip multicast-routing global configuration command. To disable IP multicast routing, use the no form of this command.
ip multicast-routing
no ip multicast-routing
Syntax Description
This command has no keywords or arguments.
Default
IP multicast routing is disabled.
Command Mode
Global configuration
Usage Guidelines
When IP multicast routing is disabled, the access server does not forward any multicast packets.
Example
The following example enables IP multicast routing on the access server:
Related Command
ip pim
ip multicast ttl-threshold
To configure the time-to-live (TTL) threshold of packets being forwarded out an interface, use the ip multicast ttl-threshold interface configuration command. To return to the default TTL threshold, use the no form of this command.
ip multicast ttl-threshold ttl
no ip multicast ttl-threshold [ttl]
Syntax Description
ttl
|
Time-to-live value, in hops. It can be a value from 0 to 255. The default value is 0, which means that all multicast packets are forwarded out the interface.
|
Default
0, which means that all multicast packets are forwarded on the interface.
Command Mode
Interface configuration
Usage Guidelines
Any multicast packets with a TTL value less than the threshold are not forwarded out the interface.
You should configure the TTL threshold only on border routers. Conversely, access servers on which you configure a TTL threshold value automatically become border routers.
This command replaces the ip multicast-threshold command, which is obsolete.
Example
In the following example, you set the TTL threshold on a border router to 200, which is a very high value. This means that multicast packets must have a TTL greater than 200 in order to be forwarded out this interface. Multicast applications generally set this value well below 200. Therefore, setting a value of 200 means that no packets will be forwarded out the interface.
ip multicast ttl-threshold 200
ip ospf authentication-key
Use the ip ospf authentication-key interface configuration command to assign a password to be used by neighboring access servers that are using OSPF's simple password authentication. Use the no form of this command to remove any previously assigned OSPF password.
ip ospf authentication-key password
no ip ospf authentication-key
Syntax Description
password
|
Any continuous string of characters that can be entered from the keyboard up to 8 bytes in length.
|
Default
No password is specified.
Command Mode
Interface configuration
Usage Guidelines
The password created by this command is used as a "key" that is inserted directly into the OSPF header when the access server originates routing protocol packets. A separate password can be assigned to each network on a per-interface basis. All neighboring access servers on the same network must have the same password to be able to exchange OSPF information.
Note
A access server will use this key only when authentication is enabled for an area with the area authentication router configuration command.
Example
In the following example, the authentication key is enabled with the string yourpass:
ip ospf authentication-key yourpass
Related Command
area authentication
ip ospf cost
To explicitly specify the cost of sending a packet on an interface, use the ip ospf cost interface configuration command. To reset the path cost to the default value, use the no form of this command.
ip ospf cost cost
no ip cost
Syntax Description
cost
|
Unsigned integer value expressed as the link state metric. It can be a value in the range 1 to 65535.
|
Default
No default cost is predefined.
Command Mode
Interface configuration
Usage Guidelines
Unlike IGRP, you must set this metric manually using this command, if you need to change the default. Changing the bandwidth does not change the link cost.
The link state metric is advertised as the link cost in the access server's router link advertisement. We do not support Type of Service (TOS), so you can assign only one cost per interface.
In general, the path cost is calculated as follows:
108
³
Bandwidth
Using the above formula, the default path costs were calculated as noted in the following list. If these values do not suit your network, you can use your own method of calculating path costs.
•
56-kbps Serial Link—Default cost is 1785
•
64-kbps Serial Link—Default cost is 1562
•
T1 (1.544-Mbps Serial Link)—Default cost is 65
•
E1 (2.048-Mbps Serial Link)—Default cost is 48
•
4-Mbps Token Ring—Default cost is 25
•
Ethernet—Default cost is 10
•
16-Mbps Token Ring—Default cost is 6
•
FDDI—Default cost is 1
Example
The following example sets the interface cost value to 65:
ip ospf dead-interval
Use the ip ospf dead-interval interface configuration command to set the number of seconds that an access server's Hello packets must not have been seen before its neighbors declare the access server down. Use the no form of this command to reset the length of time to the default value.
ip ospf dead-interval seconds
no ip ospf dead-interval
Syntax Description
seconds
|
Unsigned integer that specifies the interval in seconds; the value must be the same for all nodes on the network.
|
Default
Four times the interval set for the ip ospf hello-interval command
Command Mode
Interface configuration
Usage Guidelines
The interval is advertised in the access server's Hello packets. This value must be the same for all access servers on a specific network.
Example
The following example sets the OSPF dead interval to 60 seconds:
interface ethernet 1
ip ospf dead-interval 60
Related Command
ip ospf hello-interval
ip ospf hello-interval
Use the ip ospf hello-interval interface configuration command to specify the interval between Hello packets that the access server sends on the interface. Use the no form of this command to reset the interval to the default value.
ip ospf hello-interval seconds
no ip ospf hello-interval
Syntax Description
seconds
|
Unsigned integer that specifies the interval in seconds. The value must be the same for all nodes on a specific network.
|
Default
10 seconds
Command Mode
Interface configuration
Usage Guidelines
This value is advertised in the access server's Hello packets. The smaller the Hello interval, the faster topological changes will be detected, but more routing traffic will ensue. This value must be the same for all access servers on a specific network.
Example
The following example sets the interval between Hello packets to 15 seconds:
ip ospf hello-interval 15
Related Command
ip ospf dead-interval
ip ospf message-digest-key
To enable OSPF MD5 authentication, use the ip ospf message-digest-key interface configuration command. To remove an old MD5 key, use the no form of this command.
ip ospf message-digest-key keyid md5 key
no ip ospf message-digest-key keyid
Syntax Description
keyid
|
An identifier in the range 1 through 255.
|
key
|
Alphanumeric password of up to 16 bytes.
|
Default
OSPF MD5 authentication is disabled.
Command Mode
Interface configuration
Usage Guidelines
Usually there is one key per interface, which is used to generate authentication information when sending packets and to authenticate incoming packets. The same key identifier on the neighbor router must have the same key value.
The process of changing keys is as follows. Suppose the current configuration is as follows:
ip ospf message-digest-key 100 md5 OLD
You change the configuration to the following:
ip ospf message-digest-key 101 md5 NEW
The system assumes its neighbors do not have the new key yet, so it begins a rollover process. It sends multiple copies of the same packet, each authenticated by different keys. In this example, the system sends out two copies of the same packet—the first one authenticated by key 100 and the second one authenticated by key 101.
Rollover allows neighboring routers to continue communication while the network administrator is updating them with the new key. Rollover stops once the local system finds that all its neighbors know the new key. The system detects that a neighbor has the new key when it receives packets from the neighbor authenticated by the new key.
After all neighbors have been updated with the new key, the old key should be removed. In this example, you would enter the following:
no ip ospf message-digest-key 100
Then, only key 101 is used for authentication on Ethernet interface 1.
We recommend that you not keep more than one key per interface. Every time you add a new key, you should remove the old key to prevent the local system from continuing to communicate with a hostile system that knows the old key. Removing the old key also reduces overhead during rollover.
Example
The following example sets a new key 19 with the password 8ry4222:
ip ospf message-digest-key 10 md5 xvv560qle
ip ospf message-digest-key 19 md5 8ry4222
Related Command
area authentication
ip ospf network
Use the ip ospf network interface configuration command to configure the OSPF network type to a type other than the default for a given media. Use the no form of this command to restore the default.
ip ospf network {broadcast | non-broadcast}
no ip ospf network
Syntax Description
broadcast
|
Sets the network type to broadcast.
|
non-broadcast
|
Sets the network type to nonbroadcast.
|
Default
Depends on the network type
Command Mode
Interface configuration
Usage Guidelines
Using this feature, you can configure broadcast networks as nonbroadcast multiaccess networks when, for example, you have access servers in your network that do not support multicast addressing. You can also configure nonbroadcast multiaccess networks, such as X.25, Frame Relay, and SMDS, as broadcast networks. This feature saves you from having to configure neighbors.
If this command is issued on an interface that does not allow it, it will be ignored.
Example
The following example sets your OSPF network as a broadcast network:
interface serial 0
ip address 192.168.77.17 255.255.255.0
ip ospf network broadcast
encapsulation frame-relay
Related Commands
A dagger (†) indicates that the command is documented in another chapter.
frame-relay map †
neighbor (OSPF)
x25-map †
ip ospf priority
Use the ip ospf priority interface configuration command to set the access server's priority, which helps determine the designated access server for this network. Use the no form of this command to reset the access server priority to the default value.
ip ospf priority number
no ip ospf priority
Syntax Description
number
|
8-bit unsigned integer that specifies the priority. The range is from 0 to 255.
|
Default
Priority of 1
Command Mode
Interface configuration
Usage Guidelines
When two access servers attached to a network both attempt to become the designated access server; the one with the higher priority takes precedence. If there is a tie, the access server with the higher ID takes precedence. A access server with a priority set to zero is ineligible to become the designated access server or backup designated access server. Access server priority is only configured for interfaces to multiaccess networks (in other words, not point-to-point networks).
This priority value is used when you configure OSPF for nonbroadcast networks using the neighbor router configuration command for OSPF.
Example
The following example sets the access server priority value to 4:
interface ethernet 0
ip ospf priority 4
Related Commands
ip ospf network
neighbor (OSPF)
ip ospf retransmit-interval
To specify the number of seconds between link state advertisement retransmissions for adjacencies belonging to the interface, use the ip ospf retransmit-interval interface configuration command. Use the no form of this command to reset the link state advertisement retransmission interval to the default value.
ip ospf retransmit-interval seconds
no ip ospf retransmit-interval
Syntax Description
seconds
|
Number of seconds between retransmissions; it must be greater than the expected round-trip delay between any two access servers on the attached network. The range is 1 to 65535 seconds. The default is 5 seconds.
|
Default
5 seconds
Command Mode
Interface configuration
Usage Guidelines
When an access server sends a link state advertisement (LSA) to its neighbor, it keeps the LSA until it receives back the acknowledgment. If it receives no acknowledgment in seconds, it will retransmit the LSA.
The setting of this parameter should be conservative, or needless retransmission will result. The value should be larger for serial lines and virtual links.
Example
The following example sets the retransmit-interval value to 8 seconds:
interface ethernet 2
ip ospf retransmit-interval 8
ip ospf transmit-delay
Use the ip ospf transmit-delay interface configuration command to set the estimated number of seconds it takes to transmit a link state update packet on the interface. Use the no form of this command to reset the estimated transmission time to the default value.
ip ospf transmit-delay seconds
no ip ospf transmit-delay
Syntax Description
seconds
|
Integer that specifies the number of seconds it takes to transmit a link state update. The range is 1 to 65535 seconds.
|
Default
1 second
Command Mode
Interface configuration
Usage Guidelines
Link state advertisements in the update packet must have their age incremented by the amount specified in the seconds argument before transmission. The value assigned should take into account the transmission and propagation delays for the interface.
If the delay is not added before transmission over a link, the time in which the LSA propagates over the link is not considered. This setting has more significance on very low speed links.
Example
The following example sets the retransmit-delay value to 3 seconds:
interface ethernet 0
ip ospf transmit-delay 3
ip ospf-name-lookup
Use the ip ospf-name-lookup global configuration command to configure OSPF to look up Domain Name System (DNS) names for use in all OSPF show EXEC command displays. Use the no form of this command to disable the feature.
ip ospf-name-lookup
no ip ospf-name-lookup
Syntax Description
This command has no arguments or keywords.
Default
Disabled
Command Mode
Global configuration
Usage Guidelines
This feature makes it easier to identify an access server because it is displayed by name rather than by its access server ID or neighbor ID.
Example
The following example configures OSPF to look up DNS names for use in all OSPF show EXEC command displays:
Sample Display
The following is sample output of the show ip ospf database EXEC command, for example, once you have enabled the DNS name lookup feature.
Router# show ip ospf database
OSPF Router with id (192.168.41.1) (Autonomous system 109)
Router Link States (Area 0.0.0.0)
Link ID ADV Router Age Seq# Checksum Link count
192.168.41.1 cs 381 0x80000003 0x93BB 4
192.168.34.2 neon 380 0x80000003 0xD5C8 2
Net Link States (Area 0.0.0.0)
Link ID ADV Router Age Seq# Checksum
192.168.32.1 cs 381 0x80000001 0xC117
ip pim
To enable PIM on an interface, use the ip pim interface configuration command. To disable PIM on the interface, use the no form of this command.
ip pim [dense-mode | sparse-mode]
no ip pim [dense-mode | sparse-mode]
Syntax Description
dense-mode
|
(Optional) Enables dense mode of operation.
|
sparse-mode
|
(Optional) Enables sparse mode of operation.
|
Default
IP multicast routing is disabled on all interfaces.
There is no default mode setting.
Command Mode
Interface configuration
Usage Guidelines
Enabling PIM on an interface also enables IGMP operation on that interface. An interface can be configured to be in dense mode or sparse mode. The mode describes how the access server populates its multicast routing table and how the access server forwards multicast packets it receives from its directly connected LANs. In populating the multicast routing table, dense-mode interfaces are always added to the table. Sparse-mode interfaces are added to the table only when periodic join messages are received from downstream access servers or there is a directly connected member on the interface.
Initially, a dense-mode interface forwards multicast packets until the access server determines that there are group members or downstream access servers, or until a prune message is received from a downstream access server. Then, the dense-mode interface will periodically forward multicast packets out the interface until the same conditions occur. Dense mode assumes that there are multicast group members present. Dense-mode access servers never send a join message. They do send prune messages as soon as they determine they have no members or downstream PIM access servers.
A sparse-mode interface is used only for multicast forwarding if a join message is received from a downstream access server or if there are group members directly connected to the interface. Sparse mode assumes that there are no other multicast group members present. When sparse-mode access servers want to join the shared path, they periodically send join messages toward the RP. When sparse-mode access servers want to join the source path, they periodically send join messages toward the source; they also send periodic prune messages toward to RP to prune the shared path.
Examples
The following command enables sparse-mode PIM on tunnel interface 0 and sets the address of the RP access server to 192.168.0.8:
ip pim rp-address 192.168.0.8
The following commands enable dense-mode PIM multicast routing on Ethernet interface 1:
Related Commands
ip multicast-routing
ip pim rp-address
show ip igmp interface
ip pim message-interval
To configure the frequency at which a sparse-mode PIM access server sends periodic sparse-mode
join/prune PIM messages, use the ip pim message-interval global configuration command. To return to the default interval, use the no form of this command.
ip pim message-interval seconds
no ip pim message-interval [seconds]
Syntax Description
seconds
|
Interval, in seconds, at which periodic sparse-mode join and prune PIM messages are sent. It can be a number from 1 to 65535. The default is 60 seconds.
|
Default
60 seconds
Command Mode
Global configuration
Usage Guidelines
The join-and-prune message interval should be the same for all access servers in the internetwork.
A access server is pruned from a group if a join message is not heard from it in three times the message interval specified by the seconds argument. By default, this is 3 minutes.
Note
Changing this value may severely impact multicast forwarding.
Example
The following example changes the PIM message interval to 90 seconds:
ip pim message-interval 90
Related Commands
ip igmp query-interval
ip pim query-interval
ip pim nbma-mode
To configure a multiaccess WAN interface to be in nonbroadcast, multiaccess mode, use the ip pim nbma-mode interface configuration command. To disable this feature, use the no form of this command.
ip pim nbma-mode
no pim nbma-mode
Syntax Description
This command has no arguments or keywords.
Default
Disabled
Command Mode
Interface configuration
Usage Guidelines
Use this command on Frame Relay, SMDS, or ATM only, especially when these media do not have native multicast available. Do not use this command on multicast-capable LANs such as Ethernet or FDDI.
When this command is configured, each PIM Join message is kept track of in the outgoing interface list of a multicast routing table entry. Therefore, only PIM WAN neighbors that have joined for the group will get packets sent as data link unicasts. This command should only be used when ip pim sparse-mode is configured on the interface. This command is not recommended for LANs that have natural multicast capabilities.
Example
The following example configures an interface to be in nonbroadcast, multiaccess mode:
Related Command
ip pim sparse-mode
ip pim query-interval
To configure the frequency of PIM router-query messages, use the ip pim query-interval interface configuration command. To return to the default interval, use the no form of this command.
ip pim query-interval seconds
no ip pim query-interval [seconds]
Syntax Description
seconds
|
Interval, in seconds, at which periodic PIM router-query messages are sent. It can be a number from 1 to 65535. The default is 30 seconds.
|
Default
30 seconds
Command Mode
Interface configuration
Usage Guidelines
Routers that are configured for IP multicast send PIM router-query messages to determine which access server will be the designated router for each LAN segment (subnet). The designated router is responsible for sending IGMP host-query messages to all hosts on the directly connected LAN. When operating in sparse mode, the designated router is responsible for sending source registration messages to the RP. The designated router is the access server with the largest IP address.
Example
The following example changes the PIM router-query message interval to 45 seconds:
Related Command
ip igmp query-interval
ip pim message-interval
ip pim rp-address
To configure the address of a PIM rendezvous point (RP) for a particular group, use the ip pim rp-address global configuration command. To remove an RP address, use the no form of this command.
ip pim rp-address ip-address [access-list-number]
no ip pim rp-address ip-address [access-list-number]
Syntax Description
ip-address
|
IP address of an access server to be a PIM RP. This is a unicast IP address in four-part dotted notation.
|
access-list-number
|
(Optional) Access list number; defines which multicast groups the RP should be used for. Standard IP access list. The number can be in the range 1 to 100.
|
Default
No PIM RPs are preconfigured.
Command Mode
Global configuration
Usage Guidelines
You must configure the IP address of RPs in leaf routers only. Leaf routers are those access servers that are directly connected either to a multicast group member or to a sender of multicast messages.
The RP address is used by first-hop access servers to send register packets on behalf of source multicast hosts to the RP. This address is also used by access servers on behalf of multicast hosts that want to become members of a group to send join messages towards the RP. The RP must be a PIM access server; however, it does not require any special configuration to recognize that it is the RP. Also, RPs are not members of the multicast group; rather, they serve as a "meeting place" for multicast sources and group members.
Choosing the access server that will be an RP requires prior coordination between the people who want to be members of the multicast group. You should examine the length of the paths between members and sources. Remember that most multicast members will eventually want to join to the source tree that is the shortest route between the source and the group member.
You can configure an access server to use a single RP for more than one group. The conditions specified by the access list determine which groups the RP can be used for. If no access list is configured, the RP is used for all groups.
A PIM access server can use multiple RPs.
First-hop access servers for multicast sources send register packets to all configured RPs. First-hop access servers for multicast group members send join packets to one RP at a time. Once this access server begins receiving multicast packets for the group, it will have joined one RP tree. Because the access server does not want to receive multiple copies of the same packet, it joins only one RP tree.
Examples
The following example sets the PIM RP address to 192.168.37.33 for all multicast groups:
ip pim rp-address 192.168.37.33
The following example sets the PIM RP address to 192.168.6.22 for the multicast group 172.25.2.2 only:
access list 1 172.25.2.2 0.0.0.0
pi pim rp-address 192.168.6.22 1
ip policy route-map
To identify a route map to use for policy routing on an interface, use the ip policy route-map interface configuration command. To disable policy routing on the interface, use the no form of this command.
ip policy route-map map-tag
no ip policy route-map map-tag
Syntax Description
map-tag
|
Name of the route map to use for policy routing. Must match a map-tag specified by a route-map command.
|
Default
No policy routing occurs on the interface.
Command Mode
Interface configuration
Usage Guidelines
You might enable policy routing if you want your packets to take a route other than the obvious shortest path.
The ip policy route-map command identifies a route map to use for policy routing. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which policy routing is allowed for the interface. The set commands specify the set actions—the particular policy routing actions to perform if the criteria enforced by the match commands are met. The no ip policy route-map command deletes the pointer to the route map.
Example
In the following example, packets with the destination IP address of 174.95.16.18 are sent to the router at IP address 174.21.3.20:
ip policy route-map wethersfield
match ip address 174.95.16.18
set ip next-hop 174.21.3.20
Related Commands
match ip address
match length
route-map
set default interface
set interface
set ip default next-hop
set ip next-hop
ip route
Use the ip route global configuration command to establish static routes. Use the no form of this command to remove the static routes.
ip route network [mask] {address | interface} [distance]
no ip route
Syntax Description
network
|
Internet address of the target network or subnet
|
mask
|
(Optional) Network mask that lets you mask network and subnetwork bits
|
address
|
Internet address of the next hop that can be used to reach that network
|
interface
|
Network interface to use
|
distance
|
(Optional) An administrative distance
|
Default
No static routes are established.
Command Mode
Global configuration
Usage Guidelines
A static route is appropriate when the access server cannot dynamically build a route to the destination.
If you specify an administrative distance, you are flagging a static route that can be overridden by dynamic information. For example, IGRP-derived routes have a default administrative distance of 100. To have a static route that would be overridden by an IGRP dynamic route, specify an administrative distance greater than 100. Static routes have a default administrative distance of 1.
Static routes that point to an interface will be advertised via RIP, IGRP, and other dynamic routing protocols, regardless of whether redistribute static commands were specified for those routing protocols. This is because static routes that point to an interface are considered in the routing table to be connected and hence lose their static nature. However, if you define a static route to an interface that is not one of the networks defined in a network command, no dynamic routing protocols will advertise the route unless a redistribute static command is specified for these protocols.
Examples
In the following example, an administrative distance of 110 was chosen. In this case, packets for network 10.0.0.0 will be routed through to the access server at 172.16.3.4 if dynamic information with administrative distance less than 110 is not available.
ip route 10.0.0.0 255.0.0.0 172.16.3.4 110
In the following example, packets for network 172.16.0.0 will be routed to the access server at 172.16.6.6:
ip route 172.16.0.0 255.255.0.0 172.16.6.6
ip sd listen
To enable the router to listen to session directory advertisements, use the ip sd listen interface configuration command. To disable this feature, use the no form of this command.
ip sd listen
no ip sd listen
Syntax Description
This command has no arguments or keywords.
Default
Disabled
Command Mode
Interface configuration
Usage Guidelines
Session Directory Protocol is a multicast application for creating desktop conferencing sessions. It creates group addresses and allows the user to specify the scope of the group and whether audio, video, or whiteboard applications will be invoked when others open the session.
The ip sd listen command merely enables the router to listen to session directory advertisements. The router joins the default session directory group (group 224.2.127.255) on the interface. Use this command to get contact information.
Example
The following example enables the router to listen to session directory advertisements:
Related Commands
clear ip sd
show ip sd
ip split-horizon
Use the ip split-horizon interface configuration command to enable the split-horizon mechanism. Use the no form of this command to turn off the split-horizon mechanism.
ip split-horizon
no ip split-horizon
Syntax Description
This command has no arguments or keywords.
Default
Varies with media
Command Mode
Interface configuration
Usage Guidelines
For all interfaces, except those for which either Frame Relay or SMDS encapsulation is enabled, the default condition for this command is ip split-horizon; in other words, the split horizon feature is active. If the interface configuration includes either the encapsulation frame-relay or encapsulation smds interface configuration commands, then the default is for split horizon to be disabled by default. Split horizon is not disabled by default for interfaces using any of the X.25 encapsulations.
Note
For networks that include links over X.25 PSNs, the neighbor router configuration command can be used to defeat the split horizon feature. You can as an alternative explicitly specify the no ip split-horizon command in your configuration. However, if you do so you must similarly disable split horizon for all access servers in any relevant multicast groups on that network.
If split horizon has been disabled on an interface and you wish to enable it, use the ip split-horizon command to restore the split horizon mechanism.
Note
Changing the state of the default for the ip split-horizon command is not recommended, unless you are certain that your application requires making a change to properly advertise routes. If split horizon is disabled on a serial interface (and that interface is attached to a packet-switched network), you must disable split horizon for all access servers in any relevant multicast groups on that network.
Example
The following example illustrates a simple example of disabling split horizon on a serial link. In this example, the serial link is connected to an X.25 network:
ip split-horizon eigrp
To enable IP Enhanced IGRP split horizon, use the ip split-horizon eigrp interface configuration command. To disable split horizon, use the no form of this command.
ip split-horizon eigrp autonomous-system-number
no ip split-horizon eigrp autonomous-system-number
Syntax Description
autonomous-system-number
|
A decimal number between 1 and 65535.
|
Default
Enabled
Command Mode
Interface configuration
Usage Guidelines
For networks that include links over X.25 PSNs, you can use the neighbor router configuration command to defeat the split horizon feature. As an alternative, you can explicitly specify the no ip split-horizon eigrp command in your configuration. However, if you do so, you must similarly disable split horizon for all access servers in any relevant multicast groups on that network.
Do not change the default state of split horizon unless you are certain that your application requires the change to properly advertise routes. Remember that if split horizon is disabled on a serial interface and that interface is attached to a packet-switched network, you must disable split horizon for all access servers in any relevant multicast groups on that network.
Example
The following example disables split horizon on a serial link connected to an X.25 network:
no ip split-horizon eigrp
Related Commands
ip split-horizon
neighbor
ip summary-address eigrp
To configure a summary aggregate address for a specified interface, use the ip summary-address eigrp interface configuration command. To disable a configuration, use the no form of this command.
ip summary-address eigrp autonomous-system-number address mask
no ip summary-address eigrp autonomous-system-number address mask
Syntax Description
autonomous-system-number
|
A decimal number between 1 and 65535.
|
address
|
IP summary aggregate address to apply to an interface.
|
mask
|
Subnet mask.
|
Default
No summary aggregate addresses are predefined.
Command Mode
Interface configuration
Usage Guidelines
IP Enhanced IGRP summary routes are given an administrative distance value of 5. You cannot configure this value.
Example
The following example sets the IP summary aggregate address for Ethernet interface 0:
ip summary-address eigrp 109 192.168.0.0 255.255.0.0
Related Command
auto-summary
match as-path
Use the match as-path route-map configuration command to match a BGP autonomous system path access list. Use the no form of this command to remove the path list entry.
match as-path path-list-number
no match as-path path-list-number
Syntax Description
path-list-number
|
Autonomous system path access list. An integer from 1 through 199.
|
Default
No path lists are defined.
Command Mode
Route-map configuration
Usage Guidelines
The values set by the match and set commands override global values. For example, the weights assigned with the match as-path and set weight route-map commands override the weights assigned using the neighbor weight and neighbor filter-list commands.
A route map can have several parts. Any route that does not match at least one match clause relating to a route-map command will be ignored; that is, the route will not be advertised for outbound route maps and will not be accepted for inbound route maps. If you want o modify only some data, you must configure second route-map section with an explicit match specified.
The implemented weight is based on the first matched autonomous system path.
Example
In the following example, the autonomous system path is set to match BGP autonomous system path access list 20:
Related Commands
route-map
set automatic-tag
match community-list
To match a BGP community, use the match community-list route-map configuration command. To remove the community list entry, use the no form of this command.
match community-list community-list-number [exact]
no match community-list community-list-number [exact]
Syntax Description
community-list-number
|
Community list number in the range from 1 through 99.
|
exact
|
(Optional) Indicates an exact match is required.
|
Default
No community list is defined.
Command Mode
Route-map configuration
Usage Guidelines
A route map can have several parts. Any route that does not match at least one match clause relating to a route-map command will be ignored; that is, the route will not be advertised for outbound route maps and will not be accepted for inbound route maps. If you want to modify only some data, you must configure a second route-map section with an explicit match specified.
Matching based on community list is one of the types of match clauses applicable to BGP.
Examples
In the following example, the routes that match community list 1 will have the weight set to 100. Any route that has community 109 will have the weight set to 100.
ip community-list 1 permit 109
In the following example, the routes that match community list 1 will have the weight set to 200. Any route that has community 109 alone will have the weight set to 200.
ip community-list 1 permit 109
match community-list 1 exact
Related Commands
ip community-list
route-map
set weight
match interface
To distribute any routes that have their next hop out one of the interfaces specified, use the match interface route-map configuration command. To remove the match interface entry, use the no form of this command.
match interface type number...type number
no match interface type number...type number
Syntax Description
type
|
Interface type
|
number
|
Interface number
|
Default
No match interfaces are defined.
Command Mode
Route-map configuration
Usage Guidelines
Use the route-map global configuration command, and the route-map configuration commands match and set, to define the conditions for redistributing routes from one routing protocol into another. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which redistribution is allowed for the current route-map. The set commands specify the set actions—the particular redistribution actions to perform if the criteria enforced by the match commands are met. The no route-map command deletes the route map.
The match route-map configuration command has multiple formats. The match commands may be given in any order, and all match commands must "pass" to cause the route to be redistributed according to the set actions given with the set commands. The no forms of the match commands remove the specified match criteria.
A route map can have several parts. Any route that does not match at least one match clause relating to a route-map command will be ignored; that is, the route will not be advertised for outbound route maps and will not be accepted for inbound route maps. If you want o modify only some data, you must configure second route-map section with an explicit match specified.
Example
In the following example, routes that have their next hop out Ethernet interface 0 will be distributed:
match interface ethernet 0
Related Commands
route-map
set automatic-tag
match ip address
To distribute any routes that have a destination network number address that is permitted by a standard or extended access list, or to perform policy routing on packets, use the match ip address route-map configuration command. To remove the match ip address entry, use the no form of this command.
match ip address access-list-number...access-list-number
no match ip address access-list-number...access-list-number
Syntax Description
access-list-number
|
Number of a standard or extended access list. It can be an integer from 1 through 199.
|
Default
No access list numbers are specified.
Command Mode
Route-map configuration
Usage Guidelines
Use route maps to redistribute routes or to subject packets to policy routing. Both purposes are described in this section.
•
Redistribution
Use the route-map global configuration command, and the match and set route-map configuration commands, to define the conditions for redistributing routes from one routing protocol into another. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which redistribution is allowed for the current route-map. The set commands specify the set actions—the particular redistribution actions to perform if the criteria enforced by the match commands are met. The no route-map command deletes the route map.
The match route-map configuration command has multiple formats. The related match commands are listed in the section "Related Commands for Redistribution." The match commands can be given in any order, and all match commands must "pass" to cause the route to be redistributed according to the set actions given with the set commands. The no forms of the match commands remove the specified match criteria.
When you are passing routes through a route map, a route map can have several parts. Any route that does not match at least one match clause relating to a route-map command will be ignored; that is, the route will not be advertised for outbound route maps and will not be accepted for inbound route maps. If you want to modify only some data, you must configure a second route-map section with an explicit match specified.
•
Policy Routing
Another purpose of route maps is to enable policy routing. Use the ip policy route-map interface configuration command, in addition to the route-map global configuration command, and the match and set route-map configuration commands to define the conditions for policy routing packets. Each route-map command has a list of match and set commands associated with it. The related match and set commands are listed in the section "Related Commands for Policy Routing." The match commands specify the match criteria—the conditions under which policy routing occurs. The set commands specify the set actions—the particular routing actions to perform if the criteria enforced by the match commands are met. You might want to policy route packets based on their source, for example, using an access list.
Examples
In the following example, routes that have addresses specified by access list numbers 5 or 80 will be distributed:
In the following policy routing example, packets that have addresses specified by access list numbers 6 or 25 will be routed to Ethernet interface 0:
ip policy route-map chicago
Related Commands for Redistribution
match as-path
match community-list
match interface
match ip next-hop
match ip route-source
match metric
match route-type
match tag
route-map
set as-path
set automatic-tag
set community
set level
set local-preference
set metric
set metric-type
set next-hop
set origin
set tag
set weight
Related Commands for Policy Routing
ip policy route-map
match length
route-map
set default interface
set interface
set ip default next-hop
set ip next-hop
match ip next-hop
Use the match ip next-hop route-map configuration command to redistribute any routes that have a next-hop access server address passed by one of the access lists specified. Use the no form of this command to remove the next-hop entry.
match ip next-hop access-list-number...access-list-number
no match ip next-hop access-list-number...access-list-number
Syntax Description
access-list-number
|
Number of an access list. It can be an integer from 1 through 99.
|
Default
Routes are distributed freely, without being required to match a next-hop address.
Command Mode
Route-map configuration
Usage Guidelines
Use the route-map global configuration command, and the route-map configuration commands match and set, to define the conditions for redistributing routes from one routing protocol into another. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which redistribution is allowed for the current route-map. The set commands specify the set actions—the particular redistribution actions to perform if the criteria enforced by the match commands are met. The no route-map command deletes the route map.
The match route-map configuration command has multiple formats. The match commands may be given in any order, and all match commands must "pass" to cause the route to be redistributed according to the set actions given with the set commands. The no forms of the match commands remove the specified match criteria.
A route map can have several parts. Any route that does not match at least one match clause relating to a route-map command will be ignored; that is, the route will not be advertised for outbound route maps and will not be accepted for inbound route maps. If you want o modify only some data, you must configure second route-map section with an explicit match specified.
Example
In the following example, routes that have a next-hop access server address passed by access list 5 or 80 will be distributed:
Related Commands
match as-path
match community-list
match interface
match ip address
match ip route-source
match metric
match route-type
match tag
route-map
set as-path
set automatic-tag
set community
set level
set local-preference
set metric
set metric-type
set next-hop
set origin
set tag
set weight
match ip route-source
Use the match ip route-source route-map configuration command for any routes that have been advertised by access servers at the address specified by the access lists. Use the no form of this command to remove the route-source entry.
match ip route-source access-list-number...access-list-number
no match ip route-source access-list-number...access-list-number
Syntax Description
access-list-number
|
Number of an access list. It can be an integer from 1 through 99.
|
Default
No filtering on route source.
Command Mode
Route-map configuration
Usage Guidelines
Use the route-map global configuration command, and the route-map configuration commands match and set, to define the conditions for redistributing routes from one routing protocol into another. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria— the conditions under which redistribution is allowed for the current route-map. The set commands specify the set actions—the particular redistribution actions to perform if the criteria enforced by the match commands are met. The no route-map command deletes the route map.
The match route-map configuration command has multiple formats. The match commands may be given in any order, and all match commands must "pass" to cause the route to be redistributed according to the set actions given with the set commands. The no forms of the match commands remove the specified match criteria.
A route map can have several parts. Any route that does not match at least one match clause relating to a route-map command will be ignored; that is, the route will not be advertised for outbound route maps and will not be accepted for inbound route maps. If you want o modify only some data, you must configure second route-map section with an explicit match specified.
There are situations in which a route's next hop and source access server address are not the same.
Example
In the following example, routes that have been advertised by access servers at the addresses specified by access lists 5 and 80 will be distributed:
match ip route-source 5 80
Related Commands
match as-path
match community-list
match interface
match ip address
match ip next-hop
match metric
match route-type
match tag
route-map
set as-path
set automatic-tag
set community
set level
set local-preference
set metric
set metric-type
set next-hop
set origin
set tag
set weight
match length
To base policy routing on the Level 3 length of a packet, use the match length route-map configuration command. To remove the entry, use the no form of this command.
match length min max
no match length min max
Syntax Description
min
|
Minimum Level 3 length of the packet, inclusive, allowed for a match. Range is 0 through 0x7FFFFFFF.
|
max
|
Maximum Level 3 length of the packet, inclusive, allowed for a match. Range is 0 through 0x7FFFFFFF.
|
Default
No policy routing on the length of a packet.
Command Mode
Route-map configuration
Usage Guidelines
Use the ip policy route-map interface configuration command, the route-map global configuration command, and the match and set route-map configuration commands, to define the conditions for policy routing packets. The ip policy route-map command identifies a route map by name. Each route-map has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which policy routing occurs. The set commands specify the set actions—the particular routing actions to perform if the criteria enforced by the match commands are met.
The match route-map configuration command has multiple formats. The match commands can be given in any order, and all match commands must "pass" to cause the packet to be routed according to the set actions given with the set commands. The no forms of the match commands remove the specified match criteria.
You might want to base your policy routing on the length of packets so that your interactive traffic and bulk traffic are directed to different routers.
Example
In the following example, packets 3 to 200 bytes long, inclusive, will be routed to FDDI interface 0.
ip policy route-map interactive
Related Commands
ip policy route-map
match ip address
route-map
set default interface
set interface
set ip default next-hop
set ip next-hop
match metric
Use the match metric route-map configuration command for any routes with the metric specified. Use the no form of this command to remove the entry.
match metric metric-value
no match metric metric-value
Syntax Description
metric-value
|
Route metric. This may be an IGRP five-part metric. A metric value from 0 through 4294967295.
|
Default
No filtering on a metric value.
Command Mode
Route-map configuration
Usage Guidelines
Use the route-map global configuration command, and the route-map configuration commands match and set, to define the conditions for redistributing routes from one routing protocol into another. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which redistribution is allowed for the current route-map. The set commands specify the set actions—the particular redistribution actions to perform if the criteria enforced by the match commands are met. The no route-map command deletes the route map.
The match route-map configuration command has multiple formats. The match commands may be given in any order, and all match commands must "pass" to cause the route to be redistributed according to the set actions given with the set commands. The no forms of the match commands remove the specified match criteria.
A route map can have several parts. Any route that does not match at least one match clause relating to a route-map command will be ignored; that is, the route will not be advertised for outbound route maps and will not be accepted for inbound route maps. If you want o modify only some data, you must configure second route-map section with an explicit match specified.
Example
In the following example, routes with the metric 5 will be redistributed.
Related Commands
match as-path
match community-list
match interface
match ip address
match ip next-hop
match route-type
match tag
route-map
set as-path
set automatic-tag
set community
set level
set local-preference
set metric
set metric-type
set next-hop
set origin
set tag
set weight
match route-type
Use the match route-type route-map configuration command for any routes that are of the specified type. Use the no form of this command to remove the route-type entry.
match route-type {local | internal | external [type-1 | type-2]}
no match route-type {local | internal | external [type-1 | type-2]}
Syntax Description
local
|
Locally generated BGP routes.
|
internal
|
OSPF intra-area and interarea routes or Enhanced IGRP internal routes.
|
external [type-1 | type-2]
|
OSPF external routes, or Enhanced IGRP external routes. For OSPF, external type-1 matches only type 1 external routes and external type-2 matches only type 2 external routes.
|
Default
Disabled
Command Mode
Route-map configuration
Usage Guidelines
Use the route-map global configuration command, and the route-map configuration commands match and set, to define the conditions for redistributing routes from one routing protocol into another. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which redistribution is allowed for the current route-map. The set commands specify the set actions—the particular redistribution actions that you should perform if the criteria enforced by the match commands are met. The no route-map command deletes the route map.
The match route-map configuration command has multiple formats. The match commands may be given in any order, and all match commands must "pass" to cause the route to be redistributed according to the set actions given with the set commands. The no forms of the match commands remove the specified match criteria.
A route map can have several parts. Any route that does not match at least one match clause relating to a route-map command will be ignored; that is, the route will not be advertised for outbound route maps and will not be accepted for inbound route maps. If you want to modify only some data, you must configure second route-map section with an explicit match specified.
Example
In the following example, internal routes will be redistributed:
match route-type internal
Related Commands
match as-path
match community-list
match interface
match ip address
match ip next-hop
match ip route-source
match metric
match tag
route-map
set as-path
set automatic-tag
set community
set level
set local-preference
set metric
set metric-type
set next-hop
set origin
set tag
set weight
match tag
Use the match tag command for any routes stored in the routing table with one of the tags specified. Use the no form of this command to remove the tag entry.
match tag tag-value...tag-value
no match tag tag-value...tag-value
Syntax Description
tag-value
|
List of one or more route tag values. An integer from 0 through 4294967295.
|
Default
No match tag values are defined.
Command Mode
Route-map configuration
Usage Guidelines
Use the route-map global configuration command, and the route-map configuration commands match and set, to define the conditions for redistributing routes from one routing protocol into another. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which redistribution is allowed for the current route-map. The set commands specify the set actions—the particular redistribution actions to perform if the criteria enforced by the match commands are met. The no route-map command deletes the route map.
The match route-map configuration command has multiple formats. The match commands may be given in any order, and all match commands must "pass" to cause the route to be redistributed according to the set actions given with the set commands. The no forms of the match commands remove the specified match criteria.
A route map can have several parts. Any route that does not match at least one match clause relating to a route-map command will be ignored; that is, the route will not be advertised for outbound route maps and will not be accepted for inbound route maps. If you want o modify only some data, you must configure second route-map section with an explicit match specified.
Example
In the following example, routes stored in the routing table with tag 5 will be redistributed:
Related Commands
match as-path
match community-list
match interface
match ip address
match ip next-hop
match ip route-source
match metric
match route-type
route-map
set as-path
set automatic-tag
set community
set level
set local-preference
set metric
set metric-type
set next-hop
set origin
set tag
set weight
mbranch
To trace a branch of a multicast tree for a specific group, use the mbranch EXEC command.
mbranch {group-address | group-name} branch-address [ttl]
Syntax Description
group-address
|
Address of the multicast group. This is a multicast IP address in four-part dotted notation.
|
group-name
|
Name of the multicast group, as defined in the DNS hosts table or with the ip host command.
|
branch-address
|
Address of an access server that is on the tree branch. This is a unicast IP address in four-part dotted notation.
|
ttl
|
(Optional) Time-to-live value, in hops, that is used in trace request packets sent to the branch access server. The default value is 30.
|
Command Mode
EXEC
Usage Guidelines
The mbranch command sends multicast IGMP trace request packets to the specified branch access server. It displays information about the branch starting with the local (requesting) access server and ending with the branch access server. This is considered to be the forward direction.
The information returned shows how a multicast packet sourced by this access server will be forwarded by each access server on the path to the access server with the branch address.
The access server with the address branch-address is the only access server that responds to the trace request packets. The response is unicast to the source.
It is important to specify a value for the ttl argument if you are tracing through an access server on which a multicast threshold has been set with the ip multicast-threshold interface configuration command.
Sample Display
The following is sample output from the mbranch command. This trace is between the same access servers as shown in the example for the mrbranch command. Note the order of responses. Also note that the outgoing interface list is the same.
PIM2# mbranch 172.24.255.2 192.168.118.2
Type escape sequence to abort.
Tracing route to group CBONE-WB (172.24.255.2) to 192.168.118.2
Response from 10.17.118.10, 76 msec
1 PIM9 (10.1.22.9) <- PIM2 (10.1.37.2)
Interface list: 172.16.62.0/24 172.16.22.0/24 10.7.0.0/16
2 PIM-CR (172.16.62.18) <- PIM9 (172.16.62.52)
Interface list: 172.16.20.0/24 172.16.53.0/24 172.16.50.0/24
10.16.0.0/16 10.17.0.0/16
3 10.17.118.10 <- 10.17.20.31
Interface list: 192.168.118.0/26 192.168.118.192/26
The mbranch command is interactive if you specify only the word mbranch. The following output shows sample responses to the system prompts:
Target IP group address or name:224.0.255.1
Target IP router address or name:sj-eng-f2
Source address or name:<CR>
Type escape sequence to abort.
Tracing route to group cbone-audio.cisco.com (224.0.255.1) to 171.69.4.139
Response from sj-eng-f2.cisco.com (171.69.4.139), 4 msec
1 sj-eng-cc2.cisco.com (171.69.121.2)<- 0.0.0.0
Interface list: 171.69.4.0/24
2 sj-eng-f2.cisco.com (171.69.4.139)<- sj-eng-cc2.cisco.com (171.69.4.135)
Interface list: 171.69.60.128/26
describes the fields shown in the display.
Table 19-3 Mbranch Field Descriptions
Field
|
Description
|
Response from 10.17.118.10
|
Address of the access server from which the response to the trace request packets came. This is a different interface on the access server to which you sent the packet.
|
76 msec
|
How long it took to receive the response.
|
1
|
Order number of access servers in the trace path. In this example, the request went through 3 access servers to reach the access server that responded to the request.
|
PIM9 (10.1.22.9) <- PIM2 (10.1.37.2)
|
Route of the trace request. In this example, the request went from the access server PIM2 to the access server PIM9 (PIM2 is considered to be PIM9's RPF neighbor), then from PIM9 to PIM-CR, and finally to the access server at 10.17.118.10.
|
Interface list: 172.16.62.0/24 172.16.22.0/24 10.7.0.0/16
|
Interfaces out which a multicast packet forwarded by the access server listed on the right side of the previous line (here, PIM2) will be forwarded. In this example, you interpret this line as follows: When the trace packet reached PIM9, it was replicated three times and one copy was sent out each of the three interfaces listed (172.16.62.0, 172.16.22.0, and 10.7.0.0). The interface list shows the subnet number and the mask rather than the interface name. This allows you to more easily figure out the packet's path because you can connect all like-numbered subnets together as a tree in order to detect loops. The source of the multicast packet is always the address of the access server that started the mbranch (in this case, 10.1.37.2). The list does not include interfaces that failed access list conditions or TTL threshold criteria.
|
Related Commands
ip multicast ttl-threshold
mbranch
metric holddown
Use the metric holddown router configuration command to keep new IGRP routing information from being used for a certain period of time. Use the no form of this command to disable metric holddown.
metric holddown
no metric holddown
Syntax Description
This command has no arguments or keywords.
Default
Disabled
Command Mode
Router configuration
Usage Guidelines
Holddown keeps new routing information from being used for a certain period of time. This can prevent routing loops caused by slow convergence. It is sometimes advantageous to disable holddown to increase the network's ability to quickly respond to topology changes; this command provides this function.
Use the metric holddown command if other access servers within the IGRP autonomous system are not configured with no metric holddown. If all access servers are not configured the same way, you increase the possibility of routing loops.
Example
The following example disables metric holddown:
Related Commands
metric maximum-hops
metric weights
timers basic (EGP, RIP, IGRP)
metric maximum-hops
Use the metric maximum-hops router configuration command to cause the IP routing software to advertise those routes with a hop count higher than is specified by the command (IGRP only) as unreachable. Use the no form of this command to reset the value to the default.
metric maximum-hops hops
no metric maximum-hops hops
Syntax Description
hops
|
Maximum hop count (in decimal). The default value is 100 hops; the maximum number of hops that can be specified is 255.
|
Default
100 hops
Command Mode
Router configuration
Usage Guidelines
This command provides a safety mechanism that breaks any potential count-to-infinity problems. It causes the IP routing software to advertise routes with a hop count greater than the value assigned to the hops argument as unreachable.
Example
In the following example, an access server in autonomous system 71 attached to network 10.15.0.0 wants a maximum hop count of 200, doubling the default. The network administrators decided to do this because they have a complex WAN that can generate a large hop count under normal (nonlooping) operations.
Related Commands
metric holddown
metric weights
metric weights
Use the metric weights router configuration command to allow the tuning of the IGRP metric calculations. Use the no form of this command to reset the values to their defaults.
metric weights tos k1 k2 k3 k4 k5
no metric weights
Syntax Description
tos
|
Type of service. Currently it must always be zero.
|
k1-k5
|
Constants that convert an IGRP metric vector into a scalar quantity.
|
Default
tos=0
k1 = 1
k2 = 0
k3 = 1
k4 = 0
k5 = 0
Command Mode
Router configuration
Usage Guidelines
Use this command to alter the default behavior of IGRP routing and metric computation and allow the tuning of the IGRP metric calculation for a particular type of service (TOS).
If k5 equals 0, the composite IGRP metric is computed according to the following formula:
metric = [k1 * bandwidth + (k2 * bandwidth)/(256 - load) + k3 * delay]
If k5 does not equal zero, an additional operation is done:
metric = metric * [k5 / (reliability + k4)]
Bandwidth is inverse minimum bandwidth of the path in bits per second scaled by a factor of 10*1010. The range is from a 1200 bps line to 10 Gbps.
Delay is in units of 10 microseconds. This gives a range of 10 microseconds to 168 seconds. A delay of all ones indicates that the network is unreachable.
The delay parameter is stored in a 24-bit field, in tens of microseconds. Hence, the delay can be from 1 (10 microseconds) to hex FFFFFF (decimal 16777215), which corresponds to 167.77215 seconds. A delay of all ones (that is, a delay of 16777215) indicates that the network is unreachable.
lists the default values used for several common media.
Table 19-4 Bandwidth Values by Media Type
Media Type
|
Delay
|
Bandwidth
|
Satellite
|
200,000 (2 sec)
|
20 (500 Mbit)
|
Ethernet
|
100 (1 ms)
|
1,000
|
1.544 Mbps
|
2000 (20 ms)
|
6,476
|
64 kbps
|
2000
|
156,250
|
56 kbps
|
2000
|
178,571
|
10 kbps
|
2000
|
1,000,000
|
1 kbps
|
2000
|
10,000,000
|
Reliability is given as a fraction of 255. That is, 255 is 100 percent reliability or a perfectly stable link.
Load is given as a fraction of 255. A load of 255 indicates a completely saturated link.
Example
The following example sets the metric weights to slightly different values than the defaults:
metric weights 0 2 0 2 0 0
Related Commands
A dagger (†) indicates that the command is documented in another chapter.
bandwidth †
delay †
metric holddown
metric maximum-hops
mrbranch
To trace a branch of a multicast tree for a group in the reverse direction, use the mrbranch EXEC command.
mrbranch {group-address | group-name} branch-address [ttl]
Syntax Description
group-address
|
Address of the multicast group. This is a multicast IP address in four-part dotted notation.
|
group-name
|
Name of the multicast group, as defined in the DNS hosts table or with the ip host command.
|
branch-address
|
Address of an access server on the tree branch. This is a unicast IP address in four-part dotted notation.
|
ttl
|
(Optional) Time-to-live value, in hops, that is used in trace request packets sent to the branch access server. The default value is 30.
|
Command Mode
EXEC
Usage Guidelines
The mrbranch command sends trace request packets to the specified branch access server. Queries are sent recursively to all the access servers in the branch. This command displays information about the branch starting with the access server farthest away and working towards the requesting access server. This is considered to be the reverse direction.
The information returned shows how a multicast packet sourced by this access server will be forwarded by each access server along the branch.
The access server with the address branch-address responds to the trace request packets. The requesting access server then sends a query to the access server that is the first access server's RPF neighbor. Both the request and response packets have unicast addresses.
The number of packets generated by this command is two times the number of access servers between the source access server and the specified branch access server.
Sample Display
The following is sample output from the mrbranch command. This example is between the same access server as shown in the mbranch command. Note the order of the responses. Also note that the outgoing interface list is the same.
PIM2# mrbranch 172.24.255.2 10.17.118.10
Type escape sequence to abort.
Tracing route to group CBONE-WB (172.24.255.2) from 10.17.118.10
Response from 10.17.118.10, 68 msec
1 10.17.118.10 <- 10.17.20.31
Interface list: 192.168.118.0/26 192.168.118.192/26
Response from PIM-CR (172.16.62.18), 12 msec
1 PIM-CR (172.16.62.18) <- PIM9 (172.16.62.52)
Interface list: 172.16.20.0/24 172.16.53.0/24 172.16.50.0/24
10.16.0.0/16 10.17.0.0/16
Response from PIM9 (172.16.62.52), 8 msec
1 PIM9 (172.16.62.52) <- PIM2 (10.1.37.2)
Interface list: 172.16.22.0/24 172.16.62.0/24 10.7.0.0/16
The mrbranch command is interactive if you specify only the word mrbranch. The following output shows sample responses to the system prompts:
Target IP group address or name:224.0.255.1
Target IP router address or name:sj-eng-f2
Source address or name:<CR>
Type escape sequence to abort.
Tracing route to group cbone-audio.cisco.com (224.0.255.1) to 171.69.4.139
Response from sj-eng-f2.cisco.com (171.69.4.139), 4 msec
1 sj-eng-f2.cisco.com (171.69.4.139)<- sj-eng-cc2.cisco.com (171.69.4.135)
Interface list: 171.69.60.128/26
Response from sj-eng-f2.cisco.com (171.69.121.2), 4 msec
1 sj-eng-cc2.cisco.com (171.69.121.2)<- 0.0.0.0
Interface list: 171.69.4.0/24
describes the fields shown in the display.
Table 19-5 Mrbranch Field Descriptions
Field
|
Description
|
Tracing route to group CBONE-WB (172.24.255.2) from 10.17.118.10
|
Route that is being traced.
|
68 msec
|
How long it took to receive the response.
|
Response from 10.17.118.10
|
Address of the access server from which the response to the trace request packets came.
|
1
|
Order number of access servers in the trace path.
|
10.17.118.10 <- 10.17.20.31
|
RPF (reverse path forwarding) neighbor information. The first response in this example indicates that a multicast packet sent from the access server PIM2 will be received on interface 10.17.118.10. This multicast packet should have been forwarded from 10.17.20.31 because that is the address that this access server would use as the next-hop access server (found in the IP routing table) to send a unicast packet back to the original source (PIM2) of the multicast packet.
|
Interface list: 192.168.118.0/26 192.168.118.192/26
|
Interfaces out which a multicast packet from the access server listed on the right side of the previous line (here, for the group 172.24.255.2 that had been forwarded by 10.17.20.31) will be forwarded. The list does not include interfaces that failed access list conditions or TTL threshold criteria.
|
Related Commands
mbranch
show ip mroute
mtrace
To trace the entire multicast tree for the specified group, use the mtrace user EXEC command.
mtrace {group-address | group-name} [ttl]
Syntax Description
group-address
|
Address of the multicast group. This is a multicast IP address in four-part dotted notation.
|
group-name
|
Name of the multicast group, as defined in the DNS hosts table or with the ip host command.
|
ttl
|
(Optional) Time-to-live value. Access servers at a distance of ttl hops from the local access server respond with a record of the path to each of them. The ttl argument can be a number from 0 to 32. The default value is 1, which generates responses from all access servers directly connected to the local access server.
|
Command Mode
EXEC
Usage Guidelines
The trace request generated by the mtrace command is multicast to the multicast group. Responses are unicast to the source access server.
Responses are delayed by the responders.
Note
Use the mtrace command with caution, because it can cause a very large number of packets to be directed to the source access server. Consider using the mrbranch command instead to trace an individual branch of the tree.
Sample Display
The following is sample output from the mtrace command:
Router> mtrace 172.24.255.1
Type escape sequence to abort.
Tracing route to group CBONE-AUDIO (172.24.255.1)
Response from PIM4 (192.168.36.131), 7 msec
1 PIM4 (192.168.36.131) <- 0.0.0.0
Interface list: 192.168.37.0/24 10.20.0.0/16
Response from PIM3 (192.168.36.130), 4 msec
1 PIM3 (192.168.36.130) <- 0.0.0.0
Interface list: 192.168.35.160/27
Response from PIM4 (192.168.37.33), 2 msec
1 PIM4 (192.168.37.33) <- 0.0.0.0
Interface list: 10.20.0.0/16
Response from PIM9 (10.1.22.9), 20 msec
1 PIM9 (10.1.22.9) <- PIM2 (10.1.37.2)
Interface list: 172.16.62.0/24 172.16.22.0/24 10.7.0.0/16
Response from ITCHY (192.168.37.2), 3 msec
1 ITCHY (192.168.37.2) <- 0.0.0.0
describes the fields shown in the display.
Table 19-6 Mtrace Field Descriptions
Field
|
Description
|
Tracing route to group CBONE-AUDIO (172.24.255.1)
|
Name and address of group for which routes are being traced.
|
Response from PIM4 (192.168.37.33)
|
Address of the access server from which the response to the trace request packets came.
|
7msec
|
How long it took to receive the response.
|
Interface list: 192.168.37.0/24 10.20.0.0/16
|
Interface out which a multicast packet from the access server listed on the right side of the previous line will be forwarded.
|
Related Commands
mbranch
mrbranch
neighbor (EGP, IGRP, RIP)
Use this form of the neighbor router configuration command to define a neighboring access server with which to exchange routing information. Use the no form of this command to remove an entry.
neighbor ip-address
no neighbor ip-address
Syntax Description
ip-address
|
IP address of a peer access server with which routing information will be exchanged
|
Default
No neighboring access servers are defined.
Command Mode
Router configuration
Usage Guidelines
For exterior routing protocol EGP, this command specifies routing peers. For normally broadcast protocols such as IGRP or RIP, this command permits the point-to-point (nonbroadcast) exchange of routing information. When used in combination with the passive-interface router configuration command, routing information can be exchanged between a subset of access servers on a LAN.
Multiple neighbor commands can be used to specify additional neighbors or peers.
OSPF has its own version of the neighbor command. See the neighbor (OSPF) command page in this chapter.
Examples
The following example establishes an EGP neighbor:
In the following example, IGRP updates are sent to all interfaces on network 172.16.0.0 except Ethernet interface 1. However, in this case a neighbor router configuration command is included. This command permits the sending of routing updates to specific neighbors. One copy of the routing update is generated per neighbor.
passive-interface ethernet 1
Related Command
passive-interface
neighbor (OSPF)
Use this form of the neighbor router configuration command to configure OSPF access servers interconnecting to nonbroadcast networks. Use the no form of this command with the appropriate IP address and arguments to remove the configuration.
neighbor ip-address [priority number] [poll-interval seconds]
no neighbor ip-address [priority number] [poll-interval seconds]
Syntax Description
ip-address
|
Interface IP address of the neighbor.
|
priority number
|
(Optional) 8-bit number indicating the access server priority value of the nonbroadcast neighbor associated with the IP address specified. The default is 0.
|
poll-interval seconds
|
(Optional) Unsigned integer value reflecting the poll interval. RFC 1247 recommends that this value should be much larger than the Hello interval. The default is 2 minutes (120 seconds).
|
Default
No configuration is specified.
Command Mode
Router configuration
Usage Guidelines
X.25 and Frame Relay provide an optional broadcast capability that can be configured in the map to allow OSPF to run as a broadcast network. At the OSPF level you can configure the access server as a broadcast network. See the x25 map and frame-relay map interface configuration command descriptions in "X.25 Commands" and "Frame Relay Commands" chapters, respectively, of this manual for more detail.
One neighbor entry must be included in the access server's configuration for each known nonbroadcast network neighbor. The neighbor address has to be on the primary address of the interface.
If a neighboring access server has become inactive (Hello packets have not been seen for the Router DeadInterval period), it may still be necessary to send Hello packets to the dead neighbor. These Hello packets will be sent at a reduced rate called Poll Interval.
When the access server first starts up, it sends only Hello packets to those access servers with non-zero priority, that is, access servers that are eligible to become designated routers and backup designated routers. After designated routers and backup designated routers are selected, they will then start sending Hello packets to all neighbors in order to form adjacencies.
Example
The following example declares an access server at address 172.16.3.4 on a nonbroadcast network, with a priority of 1 and a poll-interval of 180:
router ospf
neighbor 172.16.3.4 priority 1 poll-interval 180
Related Command
ip ospf priority
neighbor advertisement-interval
Use the neighbor advertisement-interval router configuration command to set the minimum interval between sending BGP routing updates. Use the no form of this command to remove an entry.
neighbor {ip-address | peer-group-name} advertisement-interval seconds
no neighbor {ip-address | peer-group-name} advertisement-interval seconds
Syntax Description
ip-address
|
Neighbor's IP address.
|
peer-group-name
|
Name of a BGP peer group.
|
seconds
|
Time in seconds. Integer from 0 through 600.
|
Default
30 seconds for external peers and 5 seconds for internal peers.
Command Mode
Router configuration
Example
In the following example, the minimum time between sending BGP routing updates is set to
10 seconds:
neighbor 10.4.4.4 advertisement-interval 10
neighbor any
Use the neighbor any router configuration command to control how neighbor entries are added to the routing table for both EGP and BGP. Use the no form of this command to remove the configuration.
neighbor any [access-list-number]
no neighbor any [access-list-number]
Syntax Description
access-list-number
|
(Optional) Access list number the neighbor must be accepted by to be allowed to peer with the EGP or BGP process. If no list is specified, any neighbor will be allowed to peer with the access server.
|
Default
No configuration is specified.
Command Mode
Router configuration
Example
In the following example, only neighbors permitted by access list 1 are allowed to peer with the local router:
access-list 1 permit 10.0.0.0 0.255.255.255
! global access list assignment
Related Commands
A dagger (†) indicates that the command is documented in another chapter.
access-list †
neighbor any third-party
router egp 0
neighbor any third-party
Use the neighbor any third-party router configuration command to configure an EGP process that determine which neighbors will be treated as the next hop in EGP advertisements. Use the no form of this command to remove the configuration.
neighbor any third-party ip-address [internal | external]
no neighbor any third-party ip-address [internal | external]
Syntax Description
ip-address
|
IP address of the third-party access server that is to be the next hop in EGP advertisements.
|
internal
|
(Optional) Indicates that the third-party access server should be listed in the internal section of the EGP update.
|
external
|
(Optional) Indicates that the third-party access server should be listed in the external section of the EGP update.
|
Default
No EGP process is configured.
Command Mode
Router configuration
Example
The following example specifies the particular neighbors that an EGP process will view as peers:
access-list 2 permit 10.0.0.0 0.255.255.255
! global access list assignment
neighbor any third-party 10.1.1.1
Related Commands
neighbor any
router egp 0
neighbor configure-neighbors
Use the neighbor configure-neighbors router configuration command to instruct the access server to treat temporary neighbors that have been accepted by a template as if they had been configured by hand. The no form of this command causes any new neighbor accepted by the template to be treated as temporary.
neighbor template-name configure-neighbors
no neighbor template-name configure-neighbors
Syntax Description
template-name
|
A user selectable designation that identifies a particular template (an arbitrary word).
|
Default
New neighbors are treated as temporary.
Command Mode
Router configuration
Usage Guidelines
Under normal circumstances, neighbors that are allowed to connect to the access server because you had configured a template are treated as temporary. When a temporary neighbor disconnects, the local access server will not try to actively reestablish a connection with it. In addition, information about temporary neighbors will not show up in the access server configuration (show running-config).
When configure-neighbors is enabled on a particular template, any neighbor accepted by that template will be treated as if it had been manually configured. These neighbors will show up in show running-config displays and will be written to the nonvolatile configuration if a copy running-config startup-config command is issued.
Example
In the following example, any BGP speaker matching access-list 7 can connect to the access server and exchange information. Any neighbor that connects will be treated as if it had been manually configured.
access-list 7 permit 172.29.3.0 0.0.0.255
neighbor internal-ethernet neighbor-list 7
neighbor internal-ethernet configure-neighbors
Related Command
neighbor neighbor-list
neighbor default-originate
To allow a BGP speaker (the local router) to send the default route 0.0.0.0 to a neighbor for use as a default route, use the neighbor default-originate router configuration command. To remove the default route, use the no form of this command.
neighbor {ip-address | peer-group-name} default-originate [route-map map-name]
no neighbor {ip-address | peer-group-name} default-originate [route-map map-name]
Syntax Description
ip-address
|
Neighbor's IP address.
|
peer-group-name
|
Name of a BGP peer group.
|
map-name
|
(Optional) Name of the route map. The route map allows route 0.0.0.0 to be injected conditionally.
|
Default
No default route is sent to the neighbor.
Command Mode
Router configuration
Usage Guidelines
This command does not require the presence of 0.0.0.0 in the local router. When used with a route map, the default route 0.0.0.0 is injected if the route map contains a match ip address clause and there is a route that matches the IP access list exactly. The route map can contain other match clauses also.
Examples
In the following example, the local router injects route 0.0.0.0 to the neighbor 160.89.2.3 unconditionally:
neighbor 160.89.2.3 remote-as 200
neighbor 160.89.2.3 default-originate
In the following example, the local router injects route 0.0.0.0 to the neighbor 160.89.2.3 only if there is a route to 198.92.68.0:
neighbor 160.89.2.3 remote-as 200
neighbor 160.89.2.3 default-originate route-map default-map
route-map default-map 10 permit
access-list 1 permit 198.92.68.0
neighbor distribute-list
Use the neighbor distribute-list router configuration command to distribute BGP neighbor information as specified in an access list. Use the no form of this command to remove an entry.
neighbor {ip-address | peer-group-name} distribute-list access-list-number {in | out}
no neighbor {ip-address | peer-group-name} distribute-list access-list-number {in | out}
Syntax Description
ip-address
|
Neighbor's IP address.
|
peer-group-name
|
Name of a BGP peer group.
|
access-list-number
|
Predefined access list number. Only standard access lists can be used with this command.
|
in
|
Access list is applied to incoming advertisements to that neighbor.
|
out
|
Access list is applied to outgoing advertisements from that neighbor.
|
Default
No BGP neighbor is specified.
Command Mode
Router configuration
Usage Guidelines
Using distribute lists is one of two ways to filter BGP advertisements. The other way is to use autonomous system-path filters, as with the ip as-path access-list global configuration command and the neighbor
filter-list command.
If you specify a BGP peer group by using the peer-group-name argument, all of the members of the peer group will inherit the characteristic configured with this command. Specifying the command with an IP address will override the value inherited from the peer group.
Example
The following example applies list 39 to incoming advertisements to neighbor 172.23.4.1:
neighbor 172.23.4.1 distribute-list 39 in
Related Commands
ip as-path access-list
neighbor filter-list
neighbor ebgp-multihop
Use the neighbor ebgp-multihop router configuration command to accept and attempt BGP connections to external peers residing on networks that are not directly connected. Use the no form of this command to return to the default of allowing only directly connected neighbors.
neighbor {ip-address | peer-group-name} ebgp-multihop
no neighbor {ip-address | peer-group-name}
Syntax Description
ip-address
|
IP address of the BGP-speaking neighbor.
|
peer-group-name
|
Name of a BGP peer group.
|
Default
Only directly connected neighbors are allowed.
Command Mode
Router configuration
Usage Guidelines
This feature should only be used under the guidance of technical support staff.
If you specify a BGP peer group by using the peer-group-name argument, all of the members of the peer group will inherit the characteristic configured with this command.
Example
The following example allows connections to or from neighbor 172.16.1.1, which resides on a network that is not directly connected:
neighbor 172.16.1.1 ebgp-multihop
neighbor filter-list
Use the neighbor filter-list router configuration command to set up BGP filters, using access lists defined with the ip as-path access-list command. Use the no form of this command to disable this function.
neighbor {ip-address | peer-group-name} filter-list access-list-number {in | out |
weight weight}
no neighbor {ip-address | peer-group-name} filter-list access-list-number {in | out |
weight weight}
Syntax Description
ip-address
|
IP address of the neighbor.
|
peer-group-name
|
Name of a BGP peer group.
|
access-list-number
|
Number of an access for the autonomous system path. You define this access list with the ip as-path access-list command.
|
in
|
Access list to incoming routes.
|
out
|
Access list to outgoing routes.
|
weight weight
|
Assigns a relative importance to incoming routes matching autonomous system paths. Acceptable values are 0 to 65535.
|
Default
Disabled
Command Mode
Router configuration
Usage Guidelines
This command establishes filters on both inbound and outbound BGP routes. Any number of weight filters are allowed on a per-neighbor basis, but only one in or out filter is allowed. The weight of a route affects BGP's route-selection rules.
The implemented weight is based on the first matched autonomous system path. Weights indicated when an autonomous system path is matched override the weights assigned by global neighbor commands. In other words, the weights assigned with the match as-path and set weight route-map commands override the weights assigned using the neighbor weight and neighbor filter-list commands.
See the "Regular Expressions" appendix for information on forming regular expressions.
If you specify a BGP peer group by using the peer-group-name argument, all of the members of the peer group will inherit the characteristic configured with this command. Specifying the command with an IP address will override the value inherited from the peer group.
Example
In the following example, the BGP neighbor with IP address 172.28.1.1 is not sent advertisements about any path through or from the adjacent autonomous system 123:
ip as-path access-list 1 deny _123_
ip as-path access-list 1 deny ^123 .*
! The space in the above expression (^123 .*)is required.
neighbor 172.29.6.6 remote-as 123
neighbor 172.28.1.1 remote-as 47
neighbor 172.28.1.1 filter-list 1 out
Related Commands
ip as-path access-list
neighbor distribute-list
neighbor weight
neighbor neighbor-list
Use the neighbor neighbor-list router configuration command to configure BGP to support anonymous neighbor peers by configuring a neighbor template. Use the no form of this command to delete the template, and also cause any temporary neighbors accepted by the template to be shut down and removed.
neighbor template-name neighbor-list access-list-number
no neighbor template-name neighbor-list
Syntax Description
template-name
|
A user selectable designation that identifies a particular template (an arbitrary word).
|
access-list-number
|
An IP access list number in the range 1 through 99.
|
Default
No configuration is defined.
Command Mode
Router configuration
Usage Guidelines
To specify a group of anonymous neighbors, configure a neighbor template rather than specifically configure each neighbor. The template allows you to specify an IP access list which defines remote systems that can establish a BGP connection to the access server. External BGP peers must be on a directly connected Ethernet unless they are overridden by the neighbor ebgp-multihop command.
Once you specify a template, you configure the template as if it were a regular neighbor entry, such as setting the protocol version or filter lists, so that anonymous neighbors accepted by the template will receive the settings of the template.
These neighbors accepted by the template appear in the show ip bgp summary and show ip bgp neighbor displays, although they do not appear in the access server configuration. When the session is disconnected, all knowledge about the neighbor is discarded and the access server will not attempt to actively re-establish a connection.
You can use the neighbor configure-neighbors command to request that the access server treat peers learned through a template as if they were manually configured neighbors. These peers will then show up in show running-config displays and can be stored as part of the nonvolatile configuration.
Examples
In the following example, any BGP speaker from 172.29.3.0 can connect to the access server and exchange information:
access-list 7 permit 172.29.3.0 0.0.0.255
neighbor internal-ethernet neighbor-list 7
neighbor internal-ethernet configure-neighbors
In the following example, any BGP speaker in the connected internet can establish a BGP connection to the local access server, and the local access server will send them routing information. However, the distribute-list clause instructs the local access server to ignore all information these remote BGP speakers send to it.
access-list 9 permit 0.0.0.0 255.255.255.255
access-list 10 deny 0.0.0.0 255.255.255.255
neighbor route-server-peers neighbor-list 9
neighbor route-server-peers distribute-list 10 in
Related Commands
A dagger (†) indicates that the command is documented in another chapter.
access-list (standard) †
neighbor configure-neighbors
neighbor ebgp-multihop
neighbor next-hop-self
Use the neighbor next-hop-self router configuration command to configure the access server to disable next-hop processing on BGP updates. Use the no form of this command to disable this feature.
neighbor ip-address next-hop-self
no neighbor ip-address next-hop-self
Syntax Description
ip-address
|
IP address of the BGP-speaking neighbor
|
Default
Disabled
Command Mode
Router configuration
Usage Guidelines
This command is useful in nonmeshed networks such as Frame Relay or X.25 where BGP neighbors may not have direct access to all other neighbors on the same IP subnet.
If you specify a BGP peer group by using the peer-group-name argument, all of the members of the peer group will inherit the characteristic configured with this command. Specifying the command with an IP address will override the value inherited from the peer group.
Example
The following example forces all updates destined for 172.16.1.1 to advertise this access server as the next hop:
neighbor 172.16.1.1 next-hop-self
neighbor password
To enable MD5 authentication on a TCP connection between two BGP peers, use the neighbor password router configuration command. To disable this feature, use the no form of this command.
neighbor {ip-address | peer-group-name} password string
no neighbor {ip-address | peer-group-name} password
Syntax Description
ip-address
|
IP address of the BGP-speaking neighbor.
|
peer-group-name
|
Name of a BGP peer group.
|
string
|
Case-sensitive password of up to 80 characters. The first character cannot be a number. The string can contain any alphanumeric characters, including spaces. You cannot specify a password in the format number-space-anything. The space after the number causes problems.
|
Default
Disabled
Command Mode
Router configuration
Usage Guidelines
You can invoke authentication between two BGP peers, causing each segment sent on the TCP connection between them to be verified. This feature must be configured with the same password on both BGP peers; otherwise, the connection between them will not be made. The authentication feature uses the MD5 algorithm. Specifying this command causes the generation and checking of the MD5 digest on every segment sent on the TCP connection.
Configuring a password for a neighbor causes existing sessions to be torn down and a new one made.
If you specify a BGP peer group by using the peer-group-name argument, all of the members of the peer group will inherit the characteristic configured with this command.
If a router has a password configured for a neighbor, but the neighbor router does not, a message like the following will appear on the console while the routers attempt to establish a BGP session between them:
%TCP-6-BADAUTH: No MD5 digest from [peer's IP address]:11003 to [local router's
IP address]:179
Similarly, if the two routers have different passwords configured, a message like the following will appear on the console:
%TCP-6-BADAUTH: Invalid MD5 digest from [peer's IP address]:11004 to [local router's
IP address]:179
Example
The following example enables the authentication feature between this router and the BGP neighbor at 172.16.1.1. The password that must also be configured for the neighbor is bla4u00=2nkq.
neighbor 172.16.1.1 password bla4u00=2nkq
Related Command
neighbor peer-group (creating)
neighbor peer-group (creating)
To create a BGP peer group, use the neighbor peer-group router configuration command. To remove the peer group and all of its members, use the no form of this command.
neighbor peer-group-name peer-group
no neighbor peer-group-name peer-group
Syntax Description
peer-group-name
|
Name of the BGP peer group.
|
Default
There is no BGP peer group.
Command Mode
Router configuration
Usage Guidelines
Often in a BGP speaker, there are many neighbors configured with the same update policies (that is, same outbound route maps, distribute lists, filter lists, update source, and so on). Neighbors with the same update policies can be grouped into peer groups to simplify configuration and make update calculation more efficient.
Once a peer group is created with the neighbor peer-group command, it can be configured with the neighbor commands. By default, members of the peer group inherit all of the configuration options of the peer group. Members can also be configured to override the options that do not affect outbound updates.
Peer group members will always inherit the following: remote-as (if configured), version, update-source, out-route-map, out-filter-list, out-dist-list, minimum-advertisement-interval, and next-hop-self. All of the peer group members will inherit changes made to the peer group.
If a peer group is not configured with a remote-as, the members can be configured with the neighbor {ip-address | peer-group-name} remote-as command. This allows you to create peer groups containing EBGP neighbors.
Example for an IBGP Peer Group
In the following example, the peer group named internal configures the members of the peer group to be IBGP neighbors. By definition, this is an IBGP peer group because the router bgp command and the neighbor remote-as command indicate the same autonomous system (in this case, AS 100). All the peer group members use loopback 0 as the update source and use set-med as the outbound route-map. The inbound filter-list command shows that except 171.69.232.55 all the neighbor has filter-list 2 as the inbound filter list.
neighbor internal peer-group
neighbor internal remote-as 100
neighbor internal update-source loopback 0
neighbor internal route-map set-med out
neighbor internal filter-list 1 out
neighbor internal filter-list 2 in
neighbor 172.19.232.53 peer-group internal
neighbor 172.19.232.54 peer-group internal
neighbor 172.19.232.55 peer-group internal
neighbor 172.19.232.55 filter-list 3 in
Example for an EBGP Peer Group
In the following example, the peer group external-peers is defined without the neighbor remote-as command. This is what makes it an EBGP peer group. Each individaul member of the peer group is configured with its respective AS-number separately. Thus the peer group consists of members from autonomous systems 200, 300 and 400. All the peer group members have set-metric route map as an outbound route map and filter-list 99 as an outbound filter list. Except for neighbor 172.19.232.110, all of them have 101 as the inbound filter list.
neighbor external-peers peer-group
neighbor external-peers route-map set-metric out
neigbhor external-peers filter-list 99 out
neighbor external-peers filter-list 101 in
neighbor 172.19.232.90 remote-as 200
neighbor 172.19.232.90 peer-group external-peers
neighbor 172.19.232.100 remote-as 300
neighbor 172.19.232.100 peer-group external-peers
neighbor 172.19.232.110 remote-as 400
neighbor 172.19.232.110 peer-group external-peers
neighbor 172.19.232.110 filter-list 400 in
Related Commands
clear ip bgp peer-group
neighbor peer-group (creating)
neighbor peer-group (assigning members)
show ip bgp peer-group
neighbor peer-group (assigning members)
To configure a BGP neighbor to be a member of a peer group, use the neighbor peer-group router configuration command. To remove the neighbor from the peer group, use the no form of this command.
neighbor ip-address peer-group peer-group-name
no neighbor ip-address peer-group peer-group-name
Syntax Description
ip-address
|
IP address of the BGP neighbor who belongs to the peer group specified by the tag.
|
peer-group-name
|
Name of the BGP peer group to which this neighbor belongs.
|
Default
There are no BGP neighbors in a peer group.
Command Mode
Router configuration
Usage Guidelines
The neighbor at the IP address indicated inherits all the configured options of the peer group.
Example
In the following example,
neighbor internal peer-group
neighbor internal remote-as 100
neighbor internal update-source loopback 0
neighbor internal route-map set-med out
neighbor internal filter-list 1 out
neighbor internal filter-list 2 in
neighbor 172.19.232.53 peer-group internal
neighbor 172.19.232.54 peer-group internal
neighbor 172.19.232.55 peer-group internal
neighbor 172.19.232.55 filter-list 3 in
Related Commands
neighbor peer-group (creating)
neighbor remote-as
neighbor remote-as
Use the neighbor remote-as router configuration command to add an entry to the BGP neighbor table. Use the no form of this command to remove a neighbor.
neighbor {ip-address | peer-group-name} remote-as number
no neighbor {ip-address | peer-group-name} remote-as number
Syntax Description
ip-address
|
Neighbor's IP address.
|
peer-group-name
|
Name of a BGP peer group.
|
number
|
Autonomous system to which the neighbor belongs.
|
Default
There are no BGP neighbor peers.
Command Mode
Router configuration
Usage Guidelines
Specifying a neighbor with an autonomous system number that matches the autonomous system number specified in the router bgp global configuration command identifies the neighbor as internal to the local autonomous system. Otherwise, the neighbor is considered external.
If you specify a BGP peer group by using the peer-group-name argument, all of the members of the peer group will inherit the characteristic configured with this command.
Examples
The following example specifies that the access server at the address 172.16.1.2 is a neighbor in autonomous system number 109:
neighbor 172.16.1.2 remote-as 109
In the following example, a BGP access server is assigned to autonomous system 109, and two networks are listed as originating in the autonomous system. Then the addresses of three remote access servers (and their autonomous systems) are listed. The access server being configured will share information about networks 172.16.0.0 and 192.168.7.0 with the neighbor access servers. The first access server listed is in the same Class B network address space, but in a different autonomous system; the second neighbor command illustrates specification of an internal neighbor (with the same autonomous system number) at address 172.16.234.2; and the last neighbor command specifies a neighbor on a different network.
neighbor 172.16.200.1 remote-as 167
neighbor 172.16.234.2 remote-as 109
neighbor 172.50.64.19 remote-as 99
neighbor route-map
Use the neighbor route-map router configuration command to apply a route map to incoming or outgoing routes. Use the no form of this command to remove the entry.
neighbor {ip-address | peer-group-name} route-map route-map-name {in | out}
no neighbor {ip-address | peer-group-name} route-map route-map-name {in | out}
Syntax Description
ip-address
|
Neighbor's IP address.
|
peer-group-name
|
Name of a BGP peer group.
|
route-map-name
|
Name of route map.
|
in
|
Apply to incoming routes.
|
out
|
Apply to outgoing routes.
|
Default
No route maps are applied to a peer.
Command Mode
Router configuration
Usage Guidelines
If an outbound route map is specified, it is proper behavior to only advertise routes that match at least one section of the route map.
If you specify a BGP peer group by using the peer-group-name argument, all of the members of the peer group will inherit the characteristic configured with this command. Specifying the command with an IP address will override the value inherited from the peer group.
Examples
In the following example, route map "internal-map" is applied to incoming route from 192.168.70.24:
neighbor 192.168.70.24 route-map internal-map in
neighbor send-community
To specify that a COMMUNITIES attribute should be sent to a BGP neighbor, use the neighbor send-community router configuration command. To remove the entry, use the no form of this command.
neighbor {ip-address | peer-group-name} send-community
no neighbor {ip-address | peer-group-name} send-community
Syntax Description
ip-address
|
Neighbor's IP address.
|
peer-group-name
|
Name of a BGP peer group.
|
Default
No COMMUNITIES attribute is sent to any neighbor.
Command Mode
Router configuration
Usage Guidelines
If you specify a BGP peer group by using the peer-group-name argument, all of the members of the peer group will inherit the characteristic configured with this command.
Examples
In the following example, the router belongs to autonomous system 109 and is configured to send the communities attribute to its neighbor at IP address 192.168.70.23:
neighbor 192.168.70.23 send-community
Related Commands
ip community-list
match community-list
set community
neighbor third-party
Use the neighbor third-party router configuration command to send updates regarding EGP third-party access servers. Use the no form of this command to disable these updates.
neighbor ip-address third-party third-party-ip-address [internal | external]
no neighbor ip-address third-party third-party-ip-address [internal | external]
Syntax Description
ip-address
|
IP address of the EGP peer.
|
third-party-ip-address
|
Address of the third-party access server on the network shared by the Cisco access server and the EGP peer specified by address.
|
internal
|
(Optional) Indicates that the third-party access server should be listed in the internal section of the EGP update. This is the default.
|
external
|
(Optional) Indicates that the third-party access server should be listed in the external section of the EGP update.
|
Default
Disabled
Command Mode
Router configuration
Usage Guidelines
Using this third-party mechanism, EGP tells its peer that another access server (the third party) on the shared network is the appropriate access server for some set of destinations. If updates mentioning third-party access servers are desired, use this command.
All networks reachable through the third-party access server will be listed in the EGP updates as reachable by the access server. The optional internal and external keywords indicate whether the third-party access server should be listed in the internal or external section of the EGP update. Normally, all networks are mentioned in the internal section.
This command can be used multiple times to specify additional third-party access servers.
Examples
In the following example, routes learned from access server 172.16.6.99 will be advertised to 172.16.6.5 as third-party internal routes:
neighbor 172.16.6.5 third-party 172.16.6.99 internal
In the following example, routes learned from 172.16.6.100 will be advertised to 172.16.6.5 as third-party external routes:
neighbor 172.16.6.5 third-party 172.16.6.100 external
neighbor update-source
Use the neighbor update-source router configuration command to configure the access server to allow internal BGP sessions to use any operational interface for TCP connections. Use the no form of this command to restore the interface assignment to the closest interface, also called the
best-local-address.
neighbor {ip-address | peer-group-name} update-source interface
no neighbor {ip-address | peer-group-name} update-source interface
Syntax Description
ip-address
|
IP address of the BGP-speaking neighbor.
|
peer-group-name
|
Name of a BGP peer group.
|
interface
|
Loopback interface.
|
Default
Best-local-address
Command Mode
Router configuration
Usage Guidelines
This feature works in conjunction with the Loopback interface feature described in the "Configuring Interfaces" chapter of the Access and Communication Servers Configuration Guide.
If you specify a BGP peer group by using the peer-group-name argument, all of the members of the peer group will inherit the characteristic configured with this command.
Example
In the following example, BGP TCP connections for the specified neighbor will be sourced with Loopback interface's IP address rather than the best-local-address:
neighbor 192.168.2.3 remote-as 110
neighbor 192.168.2.3 update-source Loopback0
neighbor version
Use the neighbor version router configuration command to configure the access server to accept only a particular version. Use the no form of this command to return the version to the default level of that neighbor.
neighbor {ip-address | peer-group-name} version value
no neighbor {ip-address | peer-group-name} version value
Syntax Description
ip-address
|
IP address of the BGP-speaking neighbor.
|
peer-group-name
|
Name of a BGP peer group.
|
value
|
BGP version number. The version can be set to 2 to force the router to only use Version 2 with the specified neighbor. The default is to use Version 4 and dynamically negotiate down to Version 2 if requested.
|
Default
Version 4
Command Mode
Router configuration
Usage Guidelines
Entering this command disables dynamic version negotiation.
Our implementation of BGP supports Versions 2, 3, and 4 of BGP. If the neighbor does not accept default version 4, dynamic version negotiation is implemented to negotiate down to version 2.
Our implementation of BGP supports BGP Versions 2, 3, and 4. If the neighbor does not accept default Version 4, dynamic version negotiation is implemented to negotiate down to Version 2.
If you specify a BGP peer group by using the peer-group-name argument, all of the members of the peer group will inherit the characteristic configured with this command.
Example
The following example locks down to Version 4 of the BGP protocol:
router bgp 109
neighbor 172.18.27.2 version 4
neighbor weight
Use the neighbor weight router configuration command to specify a weight to assign to a specific neighbor connection. Use the no form of this command to remove the assignment.
neighbor {ip-address | peer-group-name} weight weight
no neighbor {ip-address | peer-group-name} weight weight
Syntax Description
ip-address
|
Neighbor's IP address.
|
peer-group-name
|
Name of a BGP peer group.
|
weight
|
Weight to assign. Acceptable values are 0 to 65535.
|
Default
Routes learned through another BGP peer have a default weight of 0 and routes sourced by the local access server have a default weight of 32768.
Command Mode
Router configuration
Usage Guidelines
All routes learned from this neighbor will have the assigned weight initially. The route with the highest weight will be chosen as the preferred route when multiple routes are available to a particular network.
The weights assigned with the match as-path and set weight route-map commands override the weights assigned using the neighbor weight and neighbor filter-list commands.
Note
For weight changes to take effect, it may be necessary to use clear ip bgp *.
If you specify a BGP peer group by using the peer-group-name argument, all of the members of the peer group will inherit the characteristic configured with this command.
Example
The following example sets the weight of all routes learned via 172.23.12.1 to 50:
router bgp 109
neighbor 172.23.12.1 weight 50
Related Commands
neighbor distribute-list
neighbor filter-list
network (BGP)
Use this form of the network router configuration command to specify the list of networks for the BGP routing process. Use the no form of this command to remove the entry.
network network-number mask network-mask
no network network-number mask network-mask
Syntax Description
network-number
|
IP address of a peer access server with which routing information will be exchanged.
|
mask
|
Network or subnetwork mask.
|
network-mask
|
Network mask address.
|
Default
No networks are specified.
Command Mode
Router configuration
Usage Guidelines
These types of networks can be learned from connected routes, dynamic routing, and from static route sources.
A maximum of 200 network commands may be specified for a single BGP process.
Example
The following example sets up network 172.16.1.27 to be included in the access server's BGP updates:
network 172.16.1.27 mask 255.255.255.0
Related Commands
network backdoor
network mask
network weight
router bgp
network (EGP)
Use this form of the network router configuration command to specify the list of networks for the EGP routing process. Use the no form of this command to remove a network from the list.
network network-number
no network network-number
Syntax Description
network-number
|
IP address of a peer access server with which routing information will be exchanged.
|
Default
No networks are specified.
Command Mode
Router configuration
Usage Guidelines
The networks to be advertised to the EGP peers of an EGP routing process are advertised with a distance of zero. The restrictions on the network you specify are that it must appear in the routing table, and the network number must not contain any subnet information. The network can be connected, statically configured, or redistributed into EGP from other routing protocols. Multiple commands can be used to specify additional networks.
Example
The following example illustrates a typical configuration for an EGP access server process. The access server is in autonomous system 109 and is peering with access servers in autonomous system 164. It will advertise the networks 172.16.0.0 and 192.168.7.0 to the access server in autonomous system 164, 10.2.0.2. The information sent and received from peer access servers can be filtered in various ways, including blocking information from certain access servers and suppressing the advertisement of specific routes.