-
Cisco IOS IP Command Reference, Volume 2 of 4: Routing Protocols, Release 12.3
-
Introduction
-
IP Routing Protocol Commands: A through B
-
IP Routing Protocols Commands: C through H
-
IP Routing Protocols Commands: I
-
IP Routing Protocols Commands: K through M
-
IP Routing Protocols Commands: N
-
IP Routing Protocols Commands: O through R
-
IP Routing Protocols Commands: send-lifetime through set-overload-bit
-
IP Routing Protocols Commands: show bgp nsap through show ip local policy
-
IP Routing Protocols Commands: show ip ospf through version
-
Table Of Contents
Cisco IOS IP Routing Protocol Commands
bgp bestpath med missing-as-worst
bgp client-to-client reflection
Cisco IOS IP Routing Protocol Commands
accept-lifetime
To set the time period during which the authentication key on a key chain is received as valid, use the accept-lifetime command in key chain key configuration mode. To revert to the default value, use the no form of this command.
accept-lifetime start-time {infinite | end-time | duration seconds}
no accept-lifetime [start-time {infinite | end-time | duration seconds}]
Syntax Description
Defaults
Forever (the starting time is January 1, 1993, and ending time is infinite)
Command Modes
Key chain key configuration
Command History
Usage Guidelines
Only DRP Agent, Enhanced Interior Gateway Routing Protocol (EIGRP), and Routing Information Protocol (RIP) Version 2 use key chains.
Specify a start-time value and one of the following values: infinite, end-time, or duration seconds.
We recommend running Network Time Protocol (NTP) or some other time synchronization method if you assign a lifetime to a key.
If the last key expires, authentication will continue and an error message will be generated. To disable authentication, you must manually delete the last valid key.
Examples
The following example configures a key chain called trees. The key named chestnut will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The key named birch will be accepted from 2:30 p.m. to 4:30 p.m. and be sent from 3:00 p.m. to 4:00 p.m. The overlap allows for migration of keys or discrepancies in the set time of the router. There is a 30-minute leeway on each side to handle time differences.
interface ethernet 0ip rip authentication key-chain treesip rip authentication mode md5!router ripnetwork 172.19.0.0version 2!key chain treeskey 1key-string chestnutaccept-lifetime 13:30:00 Jan 25 1996 duration 7200send-lifetime 14:00:00 Jan 25 1996 duration 3600key 2key-string birchaccept-lifetime 14:30:00 Jan 25 1996 duration 7200send-lifetime 15:00:00 Jan 25 1996 duration 3600Related Commands
address-family ipv4 (BGP)
To enter address family configuration mode for configuring routing sessions such as BGP that use standard IP Version 4 address prefixes, use the address-family ipv4 command in router configuration mode. To disable address family configuration mode, use the no form of this command.
address-family ipv4 [multicast | unicast | vrf vrf-name]
no address-family ipv4 [multicast | unicast | vrf vrf-name]
Syntax Description
Defaults
IP Version 4 address prefixes are not enabled. Unicast address prefixes are the default when IP Version 4 address prefixes are configured.
Command Modes
Router configuration
Command History
Usage Guidelines
The address-family ipv4 command places the router in address family configuration mode (prompt: (config-router-af)#, from which you can configure routing sessions that use standard IP Version 4 address prefixes. To leave address family configuration mode and return to router configuration mode, type exit.
Routing information for address family IP Version 4 is advertised by default when you configure a BGP routing session using the neighbor remote-as command unless you enter the no bgp default ipv4-unicast command.
The address-family ipv4 command replaces the match nlri and set nlri commands.
Examples
The following example places the router in address family configuration mode for the IP Version 4 address family:
Router(config)# router bgp 100Router(config-router)# address-family ipv4Router(config-router-af)#The following example places the router in address family configuration mode and specifies multicast address prefixes for the IP Version 4 address family:
Router(config)# router bgp 100Router(config-router)# address-family ipv4 multicastRouter(config-router-af)#The following example places the router in address family configuration mode and specifies unicast address prefixes for the IP Version 4 address family:
Router(config)# router bgp 100Router(config-router)# address-family ipv4 unicastRouter(config-router-af)#The following example places the router in address family configuration mode and specifies cisco as the name of the VRF instance to associate with subsequent IP Version 4 address family configuration mode commands:
Router(config)# router bgp 100Router(config-router)# address-family ipv4 vrf ciscoRouter(config-router-af)#Use this form of the command, which specifies a VRF, only to configure routing exchanges between provider edge (PE) and customer edge (CE) devices.
Related Commands
address-family ipv4 (EIGRP)
To enter IPv4 address family configuration mode to configure an Enhanced Interior Gateway Routing Protocol (EIGRP) Virtual Private Network (VPN), use the address-family ipv4 command in address family configuration mode. To remove the address family from the EIGRP configuration, use the no form of this command.
address-family ipv4 [unicast] [vrf vrf-name]
no address-family ipv4 [unicast] [vrf vrf-name]
Syntax Description
unicast
(Optional) Specifies the unicast subaddress family.
vrf vrf-name
(Optional) Specifies the name of the VRF.
Defaults
A default VRF is automatically created when this command is entered without the vrf keyword.
Command Modes
Address family configuration
Command History
12.0(22)S
This command was introduced.
12.2(15)T
This command was integrated into 12.2(15)T.
Usage Guidelines
The address-family ipv4 command is used to configure IPv4 address family sessions under EIGRP. To leave address family configuration mode without removing the address family configuration, use the exit-address-family command.
EIGRP VPNs can be configured only under IPv4 address family configuration mode. A virtual routing and forwarding instance (VRF) and route distinguisher must be defined before the address family session can be created.
A single EIGRP routing process can support multiple VRFs. The number of VRFs that can be configured is limited by only available system resources on the router, which is determined by the number of VRFs, running processes, and available memory. However, only a single VRF can be supported by each VPN, and redistribution between different VRFs is not supported.
MPLS VPN support between PE and CE routers is configured only on PE routers that provide VPN services over the service provider backbone. The customer site does not require any changes to equipment or configurations to support the EIGRP VPN. A metric must be configured for routes to be advertised to the CE router. The metric can be configured using the redistribute (IP) command or configured with the default-metric (EIGRP) command.
Examples
The following example, starting in Global configuration mode, configures an IPv4 address family session for the VRF named RED:
Router(config)# ip vrf REDRouter(config-vrf)# rd 1:1Router(config-vrf)# exitRouter(config)# router eigrp 1Router(config-router)# address-family ipv4 vrf REDRouter(config-router-af)# autonomous-system 101Router(config-router-af)# network 172.16.0.0Router(config-router-af)# default-metric 10000 100 255 1 1500Router(config-router-af)# exit-address-familyRelated Commands
address-family nsap
To enter address family configuration mode and configure Connectionless Network Service (CLNS)-specific parameters for Border Gateway Protocol (BGP) routing sessions, use the address-family nsap command in router configuration mode. To disable address family configuration mode, use the no form of this command.
address-family nsap [unicast]
no address-family nsap [unicast]
Syntax Description
Defaults
NSAP address prefixes are not enabled. Unicast address prefixes are the default when NSAP address prefixes are configured.
Note
Routing information for address family IPv4 is advertised by default for each BGP routing session configured with the neighbor remote-as command unless you configure the no bgp default ipv4-unicast command before configuring the neighbor remote-as command.
Command Modes
Router configuration
Command History
Usage Guidelines
The address-family nsap command enters address family configuration mode (prompt: config-router-af)#, from which you can configure routing sessions that use standard NSAP address prefixes. To leave address family configuration mode and return to router configuration mode, enter the exit-address-family command.
To configure BGP commands and functionality for NSAP prefixes, you must enter NSAP address family configuration mode for those address prefixes, using the address-family nsap command.
Examples
The following example enters NSAP address family configuration mode under BGP:
Router(config)# router bgp 64500Router(config-router)# address-family nsapRouter(config-router-af)#Related Commands
address-family vpnv4
To enter address family configuration mode for configuring routing sessions, such as BGP, that use standard Virtual Private Network (VPN) Version 4 address prefixes, use the address-family vpnv4 command in router configuration mode. To disable address family configuration mode, use the no form of this command.
address-family vpnv4 [unicast]
no address-family vpnv4 [unicast]
Syntax Description
Defaults
VPN Version 4 address prefixes are not enabled. Unicast address prefixes are the default when VPN Version 4 address prefixes are configured.
Command Modes
Router configuration
Command History
Usage Guidelines
The address-family vpnv4 command places the router in address family configuration mode (prompt: config-router-af), from which you can configure routing sessions that use VPN Version 4 address prefixes. To leave address family configuration mode and return to router configuration mode, type exit.
The address-family vpnv4 command replaces the match nlri and set nlri commands.
Examples
The following example places the router in address family configuration mode for the VPN Version 4 address family:
Router(config)# router bgp 100(config-router)# address-family vpnv4(config-router-af)#The following example places the router in address family configuration mode for the unicast VPN Version 4 address family:
Router(config)# router bgp 100(config-router)# address-family vpnv4 unicast(config-router-af)#Related Commands
aggregate-address
To create an aggregate entry in a Border Gateway Protocol (BGP) or multiprotocol BGP database, use the aggregate-address command in address family or router configuration mode. To disable this function, use the no form of this command.
aggregate-address address mask [as-set] [summary-only] [suppress-map map-name] [advertise-map map-name] [attribute-map map-name]
no aggregate-address address mask [as-set] [summary-only] [suppress-map map-name] [advertise-map map-name] [attribute-map map-name]
Syntax Description
Defaults
This command is disabled by default.
Command Modes
Address family configuration
Router configurationCommand History
Usage Guidelines
You can implement aggregate routing in BGP and multiprotocol BGP either by redistributing an aggregate route into BGP or multiprotocol BGP, or by using this conditional aggregate routing feature.
Using the aggregate-address command with no keywords will create an aggregate entry in the BGP or multiprotocol BGP routing table if any more-specific BGP or multiprotocol BGP routes are available that fall in the specified range. The aggregate route will be advertised as coming from your autonomous system and will have the atomic aggregate attribute set to show that information might be missing. (By default, the atomic aggregate attribute is set unless you specify the as-set keyword.)
Using the as-set keyword creates an aggregate entry using the same rules that the command follows without this keyword, but the path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized. Do not use this form of the aggregate-address command when aggregating many paths, because this route must be continually withdrawn and updated as autonomous system path reachability information for the summarized routes changes.
Using the summary-only keyword not only creates the aggregate route (for example, 193.*.*.*) but also suppresses advertisements of more-specific routes to all neighbors. If you want to suppress only advertisements to certain neighbors, you may use the neighbor distribute-list command, with caution. If a more-specific route leaks out, all BGP or multiprotocol BGP routers will prefer that route over the less-specific aggregate you are generating (using longest-match routing).
Using the suppress-map keyword creates the aggregate route but suppresses advertisement of specified routes. You can use the match clauses of route maps to selectively suppress some more-specific routes of the aggregate and leave others unsuppressed. IP access lists and autonomous system path access lists match clauses are supported.
Using the advertise-map keyword selects specific routes that will be used to build different components of the aggregate route, such as AS_SET or community. This form of the aggregate-address command is useful when the components of an aggregate are in separate autonomous systems and you want to create an aggregate with AS_SET, and advertise it back to some of the same autonomous systems. You must remember to omit the specific autonomous system numbers from the AS_SET to prevent the aggregate from being dropped by the BGP loop detection mechanism at the receiving router. IP access lists and autonomous system path access lists match clauses are supported.
Using the attribute-map keyword allows attributes of the aggregate route to be changed. This form of the aggregate-address command is useful when one of the routes forming the AS_SET is configured with an attribute such as the community no-export attribute, which would prevent the aggregate route from being exported. An attribute map route map can be created to change the aggregate attributes.
Examples
In the following example, a BGP aggregate address is created in router configuration mode. The path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized.
router bgp 65000aggregate-address 10.0.0.0 255.0.0.0 as-setIn the following example, a multiprotocol BGP aggregate address is created in address family configuration mode and applied to the multicast database only using an IP Version 4 address family. More-specific routes are filtered from updates.
router bgp 65000address-family ipv4 multicastaggregate-address 10.0.0.0 255.0.0.0 summary-onlyIn the following example, a route map called map-one is created matching on an as-path access list. The path advertised for this route will be an AS_SET consisting of elements contained in paths that are matched in the route map.
ip as-path access-list 1 deny ^1234_ip as-path access-list 1 permit .*!route-map map-onematch ip as-path 1!router bgp 65000aggregate-address 10.0.0.0 255.0.0.0 as-set advertise-map map-oneRelated Commands
area authentication
To enable authentication for an OSPF area, use the area authentication command in router configuration mode. To remove an authentication specification of an area or a specified area from the configuration, use the no form of this command.
area area-id authentication [message-digest]
no area area-id authentication [message-digest]
Syntax Description
Defaults
Type 0 authentication (no authentication)
Command Modes
Router configuration
Command History
Usage Guidelines
Specifying authentication for an area sets the authentication to Type 1 (simple password) as specified in RFC 1247. If this command is not included in the configuration file, authentication of Type 0 (no authentication) is assumed.
The authentication type must be the same for all routers and access servers in an area. The authentication password for all OSPF routers on a network must be the same if they are to communicate with each other via OSPF. Use the ip ospf authentication-key interface command to specify this password.
If you enable MD5 authentication with the message-digest keyword, you must configure a password with the ip ospf message-digest-key interface command.
To remove the authentication specification for an area, use the no form of this command with the authentication keyword.
Note
Examples
The following example mandates authentication for areas 0 and 10.0.0.0 of OSPF routing process 201. Authentication keys are also provided.
interface ethernet 0ip address 192.168.251.201 255.255.255.0ip ospf authentication-key adcdefgh!interface ethernet 1ip address 10.56.0.201 255.255.0.0ip ospf authentication-key ijklmnop!router ospf 201network 10.0.0.0 0.255.255.255 area 10.0.0.0network 192.168.0.0 0.0.255.255 area 0area 10.0.0.0 authenticationarea 0 authenticationRelated Commands
area default-cost
To specify a cost for the default summary route sent into a stub or not so stubby area (NSSA), use the area default-cost command in router configuration mode. To remove the assigned default route cost, use the no form of this command.
area area-id default-cost cost
no area area-id default-cost cost
Syntax Description
Defaults
cost: 1
Command Modes
Router configuration
Command History
Usage Guidelines
The command is used only on an Area Border Router (ABR) attached to a stub or NSSA.
There are two stub area router configuration commands: the stub and default-cost options of the area command. In all routers and access servers attached to the stub area, the area should be configured as a stub area using the stub option of the area command. Use the default-cost option only on an ABR attached to the stub area. The default-cost option provides the metric for the summary default route generated by the ABR into the stub area.
Note
Examples
The following example assigns a default cost of 20 to stub network 10.0.0.0:
interface ethernet 0ip address 10.56.0.201 255.255.0.0!router ospf 201network 10.0.0.0 0.255.255.255 area 10.0.0.0area 10.0.0.0 stubarea 10.0.0.0 default-cost 20Related Commands
area authentication
Enables authentication for an OSPF area.
area stub
Defines an area as a stub area.
area filter-list
To filter prefixes advertised in type 3 link-state advertisements (LSAs) between Open Shortest Path First (OSPF) areas of an Area Border Router (ABR), use the area filter-list command in router configuration mode. To change or cancel the filter, use the no form of this command.
area {area-id} filter-list prefix {prefix-list-name in | out}
no area {area-id} filter-list prefix {prefix-list-name in | out}
Syntax Description
Defaults
This command has no default behavior.
Command Modes
Router configuration
Command History
12.0(15)S
This command was introduced.
12.2(4)T
This command was integrated into Cisco IOS Release 12.2(4)T.
Usage Guidelines
With this feature enabled in the "in" direction, all type 3 LSAs originated by the ABR to this area, based on information from all other areas, are filtered by the prefix list. Type 3 LSAs that were originated as a result of the area range command in another area are treated like any other type 3 LSA that was originated individually. Any prefix that does not match an entry in the prefix list is implicitly denied.
With this feature enabled in the "out" direction, all type 3 LSAs advertised by the ABR, based on information from this area to all other areas, are filtered by the prefix list. If the area range command has been configured for this area, type 3 LSAs that correspond to the area range are sent to all other areas, only if at least one prefix in the area range matches an entry in the prefix list.
If all specific prefixes are denied by the prefix list, type 3 LSAs that correspond to the area range command will not be sent to any other area. Prefixes that are not permitted by the prefix list are implicitly denied.
Examples
The following example filters prefixes that are sent from all other areas to area 1:
area 1 filter-list prefix AREA_1 inRelated Commands
area nssa
To configure an area as a not-so-stubby area (NSSA), use the area nssa command in router configuration mode. To remove the NSSA distinction from the area, use the no form of this command.
area area-id nssa [no-redistribution] [default-information-originate [metric] [metric-type]] [no-summary]
no area area-id nssa [no-redistribution] [default-information-originate [metric] [metric-type]] [no-summary]
Syntax Description
Defaults
No NSSA area is defined.
Command Modes
Router configuration
Command History
Usage Guidelines
To remove the specified area from the software configuration, use the no area area-id command (with no other keywords). That is, the no area area-id command removes all area options, such as area authentication, area default-cost, area nssa, area range, area stub, and area virtual-link.
Examples
The following example makes area 1 an NSSA area:
router ospf 1redistribute rip subnetsnetwork 172.19.92.0 0.0.0.255 area 1area 1 nssaarea nssa translate
To configure an area as a not-so-stubby area (NSSA) and configure the OSPF Forwarding Address Suppression in Translated Type-5 LSAs feature, use the area nssa translate command in router configuration mode. To remove the NSSA distinction from the area, use the no form of this command.
area area-id nssa translate type7 suppress-fa
no area area-id nssa translate type7 suppress-fa
Syntax Description
Defaults
No translation occurs.
Command Modes
Router configuration
Command History
Usage Guidelines
To configure the OSPF Forwarding Address Suppression in Translated Type-5 LSAs feature, configure the translate type7 suppress-fa keywords. Consider the following caution.
Caution
If the translate keyword is used in addition to the no-redistribution or default-information originate keywords, two separate lines for the area nssa command appear in the configuration file for ease of readability. For example, if area 6 nssa no-redistribution translate type7 suppress-fa is configured, the following lines would appear in the configuration file:
router ospf 1area 6 nssa no-redistributionarea 6 nssa translate type7 suppress-faTo remove the specified area from the software configuration, use the no area area-id command (with no other keywords). That is, the no area area-id command removes all area options, such as area authentication, area default-cost, area nssa, area range, area stub, and area virtual-link.
Examples
The following example causes OSPF to translate Type-7 LSAs from area 1 to Type-5 LSAs, but not place the Type-7 forwarding address into the Type-5 LSAs. OSPF places 0.0.0.0 as the forwarding address in the Type-5 LSAs.
router ospf 2network 172.19.92.0 0.0.0.255 area 1area 1 nssa translate type7 suppress-faarea range
To consolidate and summarize routes at an area boundary, use the area range command in router configuration mode. To disable this function, use the no form of this command.
area area-id range ip-address mask [advertise | not-advertise] [cost cost]
no area area-id range ip-address mask [advertise | not-advertise] [cost cost]
Syntax Description
Defaults
This command is disabled by default.
Command Modes
Router configuration
Command History
10.0
This command was introduced.
12.2
The cost cost keyword and argument were added.
Usage Guidelines
The area range command is used only with Area Border Routers (ABRs). It is used to consolidate or summarize routes for an area. The result is that a single summary route is advertised to other areas by the ABR. Routing information is condensed at area boundaries. External to the area, a single route is advertised for each address range. This behavior is called route summarization.
Multiple area router configuration commands specifying the range option can be configured. Thus, OSPF can summarize addresses for many different sets of address ranges.
Note
Examples
The following example specifies one summary route to be advertised by the ABR to other areas for all subnets on network 10.0.0.0 and for all hosts on network 192.168.110.0:
interface ethernet 0ip address 192.168.110.201 255.255.255.0!interface ethernet 1ip address 192.168.120.201 255.255.255.0!router ospf 201network 192.168.110.0 0.0.0.255 area 0area 10.0.0.0 range 10.0.0.0 255.0.0.0area 0 range 192.168.110.0 255.255.0.0 cost 60Related Commands
area sham-link cost
To configure a sham-link interface on a provider edge (PE) router in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) backbone, use the area sham-link cost command in global configuration mode. To remove the sham-link, use the no form of this command.
area area-id sham-link source-address destination-address cost number
no area area-id sham-link source-address destination-address cost number
Syntax Description
Defaults
No default behavior or values.
Command Modes
Global configuration
Command History
Usage Guidelines
In the MPLS VPN environment, several VPN client sites can be connected in the same OSPF area. If these sites are connected over a backdoor link in addition to the VPN backbone, all traffic passes over the backdoor link instead of over the VPN backbone. OSPF always selects intra-area routes over interarea (external) routes.
To correct this default OSPF behavior in an MPLS VPN, use the area sham-link cost command to configure a sham-link between two PEs to connect the sites through the MPLS VPN backbone. A sham-link represents an intra-area (unnumbered point-to-point) connection between PEs. All other routers in the area use the sham-link to calculate intra-area shortest path first (SPF) routes to the remote site.
Configure the source and destination addresses of the sham-link as a host route mask (255.255.255.255) on the PE routers that serve as the endpoints of the sham-link. The source and destination IP addresses must belong to the VRF and be advertised by Border Gateway Protocol (BGP) to remote PE routers. The sham-link endpoint addresses should not be advertised by OSPF.
Examples
The following example shows how to configure a sham-link between two PE routers in an MPLS VPN backbone by using the area sham-link cost command on each router:
Router1(config)# interface loopback 55Router1(config-if)# ip vrf forwarding v1Router1(config-if)# ip address 10.0.0.1 255.255.255.255!Router1(config)# router ospf 2 vrf v1Router1(config-if)# log-adjacency-changesRouter1(config-if)# area 120 sham-link 10.0.0.1 10.44.0.1 cost 1Router1(config-if)# redistribute bgp 1 subnetsRouter1(config-if)# network 10.2.0.1 255.255.255.255 area 1Router1(config-if)# network 10.120.0.0 0.255.255.255 area 120Router1(config-if)# network 10.140.0.0 0.255.255.255 area 120!Router2(config)# interface loopback 44Router2(config-if)# ip vrf forwarding v1Router2(config-if)# ip address 172.16.0.1 255.255.255.255!Router2(config)# router ospf 2 vrf v1Router2(config-if)# log-adjacency-changesRouter2(config-if)# area 120 sham-link 10.44.0.1 10.0.0.1 cost 1Router2(config-if)# redistribute bgp 1 subnetsRouter2(config-if)# netw
