Table Of Contents
Cisco IOS IP Routing Protocol Commands
accept-lifetime
address-family ipv4 (BGP)
address-family ipv4 (EIGRP)
address-family nsap
address-family vpnv4
aggregate-address
area authentication
area default-cost
area filter-list
area nssa
area nssa translate
area range
area sham-link cost
area stub
area virtual-link
area-password
authentication key-chain
authentication mode
authentication send-only
auto-cost
auto-summary (BGP)
auto-summary (EIGRP)
auto-summary (RIP)
bgp always-compare-med
bgp bestpath as-path ignore
bgp bestpath compare-routerid
bgp bestpath med confed
bgp bestpath med missing-as-worst
bgp client-to-client reflection
bgp cluster-id
bgp confederation identifier
bgp confederation peers
bgp dampening
bgp default ipv4-unicast
bgp default local-preference
bgp deterministic-med
bgp fast-external-fallover
bgp graceful-restart
bgp inject-map exist-map
bgp log-neighbor-changes
bgp maxas-limit
bgp next-hop
bgp redistribute-internal
bgp router-id
bgp rr-group
bgp suppress-inactive
bgp update-delay
bgp upgrade-cli
bgp-policy
Cisco IOS IP Routing Protocol Commands
accept-lifetime
To set the time period during which the authentication key on a key chain is received as valid, use the accept-lifetime command in key chain key configuration mode. To revert to the default value, use the no form of this command.
accept-lifetime start-time {infinite | end-time | duration seconds}
no accept-lifetime [start-time {infinite | end-time | duration seconds}]
Syntax Description
start-time
|
Beginning time that the key specified by the key command is valid to be received. The syntax can be either of the following:
hh:mm:ss Month date year
hh:mm:ss date Month year
hh—hours
mm—minutes
ss—seconds
Month—first three letters of the month
date—date (1-31)
year—year (four digits)
The default start time and the earliest acceptable date is January 1, 1993.
|
infinite
|
Key is valid to be received from the start-time value on.
|
end-time
|
Key is valid to be received from the start-time value until the end-time value. The syntax is the same as that for the start-time value. The end-time value must be after the start-time value. The default end time is an infinite time period.
|
duration seconds
|
Length of time (in seconds) that the key is valid to be received. The range is from 1 to 2147483646.
|
Defaults
Forever (the starting time is January 1, 1993, and ending time is infinite)
Command Modes
Key chain key configuration
Command History
Release
|
Modification
|
11.1
|
This command was introduced.
|
Usage Guidelines
Only DRP Agent, Enhanced Interior Gateway Routing Protocol (EIGRP), and Routing Information Protocol (RIP) Version 2 use key chains.
Specify a start-time value and one of the following values: infinite, end-time, or duration seconds.
We recommend running Network Time Protocol (NTP) or some other time synchronization method if you assign a lifetime to a key.
If the last key expires, authentication will continue and an error message will be generated. To disable authentication, you must manually delete the last valid key.
Examples
The following example configures a key chain called trees. The key named chestnut will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The key named birch will be accepted from 2:30 p.m. to 4:30 p.m. and be sent from 3:00 p.m. to 4:00 p.m. The overlap allows for migration of keys or discrepancies in the set time of the router. There is a 30-minute leeway on each side to handle time differences.
ip rip authentication key-chain trees
ip rip authentication mode md5
accept-lifetime 13:30:00 Jan 25 1996 duration 7200
send-lifetime 14:00:00 Jan 25 1996 duration 3600
accept-lifetime 14:30:00 Jan 25 1996 duration 7200
send-lifetime 15:00:00 Jan 25 1996 duration 3600
Related Commands
Command
|
Description
|
key
|
Identifies an authentication key on a key chain.
|
key chain
|
Enables authentication for routing protocols.
|
key-string (authentication)
|
Specifies the authentication string for a key.
|
send-lifetime
|
Sets the time period during which an authentication key on a key chain is valid to be sent.
|
show key chain
|
Displays authentication key information.
|
address-family ipv4 (BGP)
To enter address family configuration mode for configuring routing sessions such as BGP that use standard IP Version 4 address prefixes, use the address-family ipv4 command in router configuration mode. To disable address family configuration mode, use the no form of this command.
address-family ipv4 [multicast | unicast | vrf vrf-name]
no address-family ipv4 [multicast | unicast | vrf vrf-name]
Syntax Description
multicast
|
(Optional) Specifies IP Version 4 multicast address prefixes.
|
unicast
|
(Optional) Specifies IP Version 4 unicast address prefixes.
|
vrf vrf-name
|
(Optional) Specifies the name of the virtual routing and forwarding (VRF) instance to associate with subsequent IP Version 4 address family configuration mode commands.
|
Defaults
IP Version 4 address prefixes are not enabled. Unicast address prefixes are the default when IP Version 4 address prefixes are configured.
Command Modes
Router configuration
Command History
Release
|
Modification
|
12.0(5)T
|
This command was introduced.
|
Usage Guidelines
The address-family ipv4 command places the router in address family configuration mode (prompt: (config-router-af)#, from which you can configure routing sessions that use standard IP Version 4 address prefixes. To leave address family configuration mode and return to router configuration mode, type exit.
Routing information for address family IP Version 4 is advertised by default when you configure a BGP routing session using the neighbor remote-as command unless you enter the no bgp default ipv4-unicast command.
The address-family ipv4 command replaces the match nlri and set nlri commands.
Examples
The following example places the router in address family configuration mode for the IP Version 4 address family:
Router(config)# router bgp 100
Router(config-router)# address-family ipv4
Router(config-router-af)#
The following example places the router in address family configuration mode and specifies multicast address prefixes for the IP Version 4 address family:
Router(config)# router bgp 100
Router(config-router)# address-family ipv4 multicast
Router(config-router-af)#
The following example places the router in address family configuration mode and specifies unicast address prefixes for the IP Version 4 address family:
Router(config)# router bgp 100
Router(config-router)# address-family ipv4 unicast
Router(config-router-af)#
The following example places the router in address family configuration mode and specifies cisco as the name of the VRF instance to associate with subsequent IP Version 4 address family configuration mode commands:
Router(config)# router bgp 100
Router(config-router)# address-family ipv4 vrf cisco
Router(config-router-af)#
Use this form of the command, which specifies a VRF, only to configure routing exchanges between provider edge (PE) and customer edge (CE) devices.
Related Commands
Command
|
Description
|
address-family vpnv4
|
Places the router in address family configuration mode for configuring routing sessions such as BGP, RIP, or static routing sessions that use standard VPN Version 4 address prefixes.
|
neighbor activate
|
Enables the exchange of information with a BGP neighboring router.
|
address-family ipv4 (EIGRP)
To enter IPv4 address family configuration mode to configure an Enhanced Interior Gateway Routing Protocol (EIGRP) Virtual Private Network (VPN), use the address-family ipv4 command in address family configuration mode. To remove the address family from the EIGRP configuration, use the no form of this command.
address-family ipv4 [unicast] [vrf vrf-name]
no address-family ipv4 [unicast] [vrf vrf-name]
Syntax Description
unicast
|
(Optional) Specifies the unicast subaddress family.
|
vrf vrf-name
|
(Optional) Specifies the name of the VRF.
|
Defaults
A default VRF is automatically created when this command is entered without the vrf keyword.
Command Modes
Address family configuration
Command History
Release
|
Modification
|
12.0(22)S
|
This command was introduced.
|
12.2(15)T
|
This command was integrated into 12.2(15)T.
|
Usage Guidelines
The address-family ipv4 command is used to configure IPv4 address family sessions under EIGRP. To leave address family configuration mode without removing the address family configuration, use the exit-address-family command.
EIGRP VPNs can be configured only under IPv4 address family configuration mode. A virtual routing and forwarding instance (VRF) and route distinguisher must be defined before the address family session can be created.
A single EIGRP routing process can support multiple VRFs. The number of VRFs that can be configured is limited by only available system resources on the router, which is determined by the number of VRFs, running processes, and available memory. However, only a single VRF can be supported by each VPN, and redistribution between different VRFs is not supported.
MPLS VPN support between PE and CE routers is configured only on PE routers that provide VPN services over the service provider backbone. The customer site does not require any changes to equipment or configurations to support the EIGRP VPN. A metric must be configured for routes to be advertised to the CE router. The metric can be configured using the redistribute (IP) command or configured with the default-metric (EIGRP) command.
Examples
The following example, starting in Global configuration mode, configures an IPv4 address family session for the VRF named RED:
Router(config)# ip vrf RED
Router(config-vrf)# rd 1:1
Router(config)# router eigrp 1
Router(config-router)# address-family ipv4 vrf RED
Router(config-router-af)# autonomous-system 101
Router(config-router-af)# network 172.16.0.0
Router(config-router-af)# default-metric 10000 100 255 1 1500
Router(config-router-af)# exit-address-family
Related Commands
Command
|
Description
|
default-metric (EIGRP)
|
Sets metric for EIGRP.
|
exit-address-family
|
Exits from address family configuration mode.
|
network (EIGRP)
|
Specifies a list of networks for the EIGRP routing process.
|
redistribute (IP)
|
Redistributes routes from one routing domain into another routing domain.
|
address-family nsap
To enter address family configuration mode and configure Connectionless Network Service (CLNS)-specific parameters for Border Gateway Protocol (BGP) routing sessions, use the address-family nsap command in router configuration mode. To disable address family configuration mode, use the no form of this command.
address-family nsap [unicast]
no address-family nsap [unicast]
Syntax Description
unicast
|
(Optional) Specifies network service access point (NSAP) unicast address prefixes.
|
Defaults
NSAP address prefixes are not enabled. Unicast address prefixes are the default when NSAP address prefixes are configured.
Note
Routing information for address family IPv4 is advertised by default for each BGP routing session configured with the neighbor remote-as command unless you configure the no bgp default ipv4-unicast command before configuring the neighbor remote-as command.
Command Modes
Router configuration
Command History
Release
|
Modification
|
12.2(8)T
|
This command was introduced.
|
Usage Guidelines
The address-family nsap command enters address family configuration mode (prompt: config-router-af)#, from which you can configure routing sessions that use standard NSAP address prefixes. To leave address family configuration mode and return to router configuration mode, enter the exit-address-family command.
To configure BGP commands and functionality for NSAP prefixes, you must enter NSAP address family configuration mode for those address prefixes, using the address-family nsap command.
Examples
The following example enters NSAP address family configuration mode under BGP:
Router(config)# router bgp 64500
Router(config-router)# address-family nsap
Router(config-router-af)#
Related Commands
Command
|
Description
|
address-family ipv4 (BGP)
|
Enters address family configuration mode for configuring routing sessions, such as BGP, that use standard IPv4 address prefixes.
|
bgp default ipv4-unicast
|
Enables the IPv4 unicast address family on all neighbors.
|
neighbor activate
|
Enables the exchange of information with a BGP neighboring router.
|
address-family vpnv4
To enter address family configuration mode for configuring routing sessions, such as BGP, that use standard Virtual Private Network (VPN) Version 4 address prefixes, use the address-family vpnv4 command in router configuration mode. To disable address family configuration mode, use the no form of this command.
address-family vpnv4 [unicast]
no address-family vpnv4 [unicast]
Syntax Description
unicast
|
(Optional) Specifies VPN Version 4 unicast address prefixes.
|
Defaults
VPN Version 4 address prefixes are not enabled. Unicast address prefixes are the default when VPN Version 4 address prefixes are configured.
Command Modes
Router configuration
Command History
Release
|
Modification
|
12.0(5)T
|
This command was introduced.
|
Usage Guidelines
The address-family vpnv4 command places the router in address family configuration mode (prompt: config-router-af), from which you can configure routing sessions that use VPN Version 4 address prefixes. To leave address family configuration mode and return to router configuration mode, type exit.
The address-family vpnv4 command replaces the match nlri and set nlri commands.
Examples
The following example places the router in address family configuration mode for the VPN Version 4 address family:
Router(config)# router bgp 100
(config-router)# address-family vpnv4
The following example places the router in address family configuration mode for the unicast VPN Version 4 address family:
Router(config)# router bgp 100
(config-router)# address-family vpnv4 unicast
Related Commands
Command
|
Description
|
address-family ipv4 (BGP)
|
Places the router in address family configuration mode for configuring routing sessions such as BGP, RIP, or static routing sessions that use standard IP Version 4 address prefixes.
|
neighbor activate
|
Enables the exchange of information with a BGP neighboring router.
|
aggregate-address
To create an aggregate entry in a Border Gateway Protocol (BGP) or multiprotocol BGP database, use the aggregate-address command in address family or router configuration mode. To disable this function, use the no form of this command.
aggregate-address address mask [as-set] [summary-only] [suppress-map map-name]
[advertise-map map-name] [attribute-map map-name]
no aggregate-address address mask [as-set] [summary-only] [suppress-map map-name]
[advertise-map map-name] [attribute-map map-name]
Syntax Description
address
|
Aggregate address.
|
mask
|
Aggregate mask.
|
as-set
|
(Optional) Generates autonomous system set path information.
|
summary-only
|
(Optional) Filters all more-specific routes from updates.
|
suppress-map map-name
|
(Optional) Name of the route map used to select the routes to be suppressed.
|
advertise-map map-name
|
(Optional) Name of the route map used to select the routes to create AS_SET origin communities.
|
attribute-map map-name
|
(Optional) Name of the route map used to set the attribute of the aggregate route.
|
Defaults
This command is disabled by default.
Command Modes
Address family configuration
Router configuration
Command History
Release
|
Modification
|
10.0
|
This command was introduced.
|
11.1(20)CC
|
The nlri unicast, nlri multicast, and nlri unicast multicast keywords were added.
|
12.0(2)S
|
The nlri unicast, nlri multicast, and nlri unicast multicast keywords were added.
|
12.0(7)T
|
The nlri unicast, nlri multicast, and nlri unicast multicast keywords were removed.
Address family configuration mode was added.
|
Usage Guidelines
You can implement aggregate routing in BGP and multiprotocol BGP either by redistributing an aggregate route into BGP or multiprotocol BGP, or by using this conditional aggregate routing feature.
Using the aggregate-address command with no keywords will create an aggregate entry in the BGP or multiprotocol BGP routing table if any more-specific BGP or multiprotocol BGP routes are available that fall in the specified range. The aggregate route will be advertised as coming from your autonomous system and will have the atomic aggregate attribute set to show that information might be missing. (By default, the atomic aggregate attribute is set unless you specify the as-set keyword.)
Using the as-set keyword creates an aggregate entry using the same rules that the command follows without this keyword, but the path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized. Do not use this form of the aggregate-address command when aggregating many paths, because this route must be continually withdrawn and updated as autonomous system path reachability information for the summarized routes changes.
Using the summary-only keyword not only creates the aggregate route (for example, 193.*.*.*) but also suppresses advertisements of more-specific routes to all neighbors. If you want to suppress only advertisements to certain neighbors, you may use the neighbor distribute-list command, with caution. If a more-specific route leaks out, all BGP or multiprotocol BGP routers will prefer that route over the less-specific aggregate you are generating (using longest-match routing).
Using the suppress-map keyword creates the aggregate route but suppresses advertisement of specified routes. You can use the match clauses of route maps to selectively suppress some more-specific routes of the aggregate and leave others unsuppressed. IP access lists and autonomous system path access lists match clauses are supported.
Using the advertise-map keyword selects specific routes that will be used to build different components of the aggregate route, such as AS_SET or community. This form of the aggregate-address command is useful when the components of an aggregate are in separate autonomous systems and you want to create an aggregate with AS_SET, and advertise it back to some of the same autonomous systems. You must remember to omit the specific autonomous system numbers from the AS_SET to prevent the aggregate from being dropped by the BGP loop detection mechanism at the receiving router. IP access lists and autonomous system path access lists match clauses are supported.
Using the attribute-map keyword allows attributes of the aggregate route to be changed. This form of the aggregate-address command is useful when one of the routes forming the AS_SET is configured with an attribute such as the community no-export attribute, which would prevent the aggregate route from being exported. An attribute map route map can be created to change the aggregate attributes.
Examples
In the following example, a BGP aggregate address is created in router configuration mode. The path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized.
aggregate-address 10.0.0.0 255.0.0.0 as-set
In the following example, a multiprotocol BGP aggregate address is created in address family configuration mode and applied to the multicast database only using an IP Version 4 address family. More-specific routes are filtered from updates.
address-family ipv4 multicast
aggregate-address 10.0.0.0 255.0.0.0 summary-only
In the following example, a route map called map-one is created matching on an as-path access list. The path advertised for this route will be an AS_SET consisting of elements contained in paths that are matched in the route map.
ip as-path access-list 1 deny ^1234_
ip as-path access-list 1 permit .*
aggregate-address 10.0.0.0 255.0.0.0 as-set advertise-map map-one
Related Commands
Command
|
Description
|
address-family ipv4 (BGP)
|
Places the router in address family configuration mode for configuring routing sessions such as BGP, RIP, or static routing sessions that use standard IPv4 address prefixes.
|
match ip address
|
Distributes any routes that have a destination network number address that is permitted by a standard or extended access list, and performs policy routing on packets.
|
neighbor distribute-list
|
Distribute BGP neighbor information in an access list.
|
route-map (IP)
|
Defines the conditions for redistributing routes from one routing protocol into another, or enables policy routing.
|
area authentication
To enable authentication for an OSPF area, use the area authentication command in router configuration mode. To remove an authentication specification of an area or a specified area from the configuration, use the no form of this command.
area area-id authentication [message-digest]
no area area-id authentication [message-digest]
Syntax Description
area-id
|
Identifier of the area for which authentication is to be enabled. The identifier can be specified as either a decimal value or an IP address.
|
message-digest
|
(Optional) Enables Message Digest 5 (MD5) authentication on the area specified by the area-id argument.
|
Defaults
Type 0 authentication (no authentication)
Command Modes
Router configuration
Command History
Release
|
Modification
|
10.0
|
This command was introduced.
|
11.0
|
The message-digest keyword was added.
|
Usage Guidelines
Specifying authentication for an area sets the authentication to Type 1 (simple password) as specified in RFC 1247. If this command is not included in the configuration file, authentication of Type 0 (no authentication) is assumed.
The authentication type must be the same for all routers and access servers in an area. The authentication password for all OSPF routers on a network must be the same if they are to communicate with each other via OSPF. Use the ip ospf authentication-key interface command to specify this password.
If you enable MD5 authentication with the message-digest keyword, you must configure a password with the ip ospf message-digest-key interface command.
To remove the authentication specification for an area, use the no form of this command with the authentication keyword.
Note
To remove the specified area from the software configuration, use the no area area-id command (with no other keywords). That is, the no area area-id command removes all area options, such as area authentication, area default-cost, area nssa, area range, area stub, and area virtual-link.
Examples
The following example mandates authentication for areas 0 and 10.0.0.0 of OSPF routing process 201. Authentication keys are also provided.
ip address 192.168.251.201 255.255.255.0
ip ospf authentication-key adcdefgh
ip address 10.56.0.201 255.255.0.0
ip ospf authentication-key ijklmnop
network 10.0.0.0 0.255.255.255 area 10.0.0.0
network 192.168.0.0 0.0.255.255 area 0
area 10.0.0.0 authentication
Related Commands
Command
|
Description
|
area default-cost
|
Specifies a cost for the default summary route sent into a stub area.
|
area stub
|
Defines an area as a stub area.
|
ip ospf authentication-key
|
Assigns a password to be used by neighboring routers that are using the simple password authentication of OSPF.
|
ip ospf message-digest-key
|
Enables OSPF MD5 authentication.
|
area default-cost
To specify a cost for the default summary route sent into a stub or not so stubby area (NSSA), use the area default-cost command in router configuration mode. To remove the assigned default route cost, use the no form of this command.
area area-id default-cost cost
no area area-id default-cost cost
Syntax Description
area-id
|
Identifier for the stub or NSSA. The identifier can be specified as either a decimal value or as an IP address.
|
cost
|
Cost for the default summary route used for a stub or NSSA. The acceptable value is a 24-bit number.
|
Defaults
cost: 1
Command Modes
Router configuration
Command History
Release
|
Modification
|
10.0
|
This command was introduced.
|
Usage Guidelines
The command is used only on an Area Border Router (ABR) attached to a stub or NSSA.
There are two stub area router configuration commands: the stub and default-cost options of the area command. In all routers and access servers attached to the stub area, the area should be configured as a stub area using the stub option of the area command. Use the default-cost option only on an ABR attached to the stub area. The default-cost option provides the metric for the summary default route generated by the ABR into the stub area.
Note
To remove the specified area from the software configuration, use the no area area-id command (with no other keywords). That is, the no area area-id command removes all area options, such as area authentication, area default-cost, area nssa, area range, area stub, and area virtual-link.
Examples
The following example assigns a default cost of 20 to stub network 10.0.0.0:
ip address 10.56.0.201 255.255.0.0
network 10.0.0.0 0.255.255.255 area 10.0.0.0
area 10.0.0.0 default-cost 20
Related Commands
Command
|
Description
|
area authentication
|
Enables authentication for an OSPF area.
|
area stub
|
Defines an area as a stub area.
|
area filter-list
To filter prefixes advertised in type 3 link-state advertisements (LSAs) between Open Shortest Path First (OSPF) areas of an Area Border Router (ABR), use the area filter-list command in router configuration mode. To change or cancel the filter, use the no form of this command.
area {area-id} filter-list prefix {prefix-list-name in | out}
no area {area-id} filter-list prefix {prefix-list-name in | out}
Syntax Description
area-id
|
Identifier of the area for which filtering is configured. The identifier can be specified as either a decimal value or an IP address.
|
prefix
|
Indicates that a prefix list is used.
|
prefix-list-name
|
Name of a prefix list.
|
in
|
Prefix list applied to prefixes advertised to the specified area from other areas.
|
out
|
Prefix list applied to prefixes advertised out of the specified area to other areas.
|
Defaults
This command has no default behavior.
Command Modes
Router configuration
Command History
Release
|
Modification
|
12.0(15)S
|
This command was introduced.
|
12.2(4)T
|
This command was integrated into Cisco IOS Release 12.2(4)T.
|
Usage Guidelines
With this feature enabled in the "in" direction, all type 3 LSAs originated by the ABR to this area, based on information from all other areas, are filtered by the prefix list. Type 3 LSAs that were originated as a result of the area range command in another area are treated like any other type 3 LSA that was originated individually. Any prefix that does not match an entry in the prefix list is implicitly denied.
With this feature enabled in the "out" direction, all type 3 LSAs advertised by the ABR, based on information from this area to all other areas, are filtered by the prefix list. If the area range command has been configured for this area, type 3 LSAs that correspond to the area range are sent to all other areas, only if at least one prefix in the area range matches an entry in the prefix list.
If all specific prefixes are denied by the prefix list, type 3 LSAs that correspond to the area range command will not be sent to any other area. Prefixes that are not permitted by the prefix list are implicitly denied.
Examples
The following example filters prefixes that are sent from all other areas to area 1:
area 1 filter-list prefix AREA_1 in
Related Commands
Command
|
Description
|
area range
|
Consolidates and summarizes routes at an area boundary.
|
area nssa
To configure an area as a not-so-stubby area (NSSA), use the area nssa command in router configuration mode. To remove the NSSA distinction from the area, use the no form of this command.
area area-id nssa [no-redistribution] [default-information-originate [metric] [metric-type]]
[no-summary]
no area area-id nssa [no-redistribution] [default-information-originate [metric] [metric-type]]
[no-summary]
Syntax Description
area-id
|
Identifier of the area for which authentication is to be enabled. The identifier can be specified as either a decimal value or an IP address.
|
no-redistribution
|
(Optional) Used when the router is an NSSA Area Border Router (ABR) and you want the redistribute command to import routes only into the normal areas, but not into the NSSA area.
|
default-information- originate
|
(Optional) Used to generate a Type 7 default into the NSSA area. This keyword takes effect only on NSSA ABR or NSSA Autonomous System Boundary Router (ASBR).
|
metric
|
(Optional) OSPF default metric.
|
metric-type
|
(Optional) OSPF metric type for default routes.
|
no-summary
|
(Optional) Allows an area to be a not-so-stubby area but not have summary routes injected into it.
|
Defaults
No NSSA area is defined.
Command Modes
Router configuration
Command History
Release
|
Modification
|
10.0
|
This command was introduced.
|
Usage Guidelines
To remove the specified area from the software configuration, use the no area area-id command (with no other keywords). That is, the no area area-id command removes all area options, such as area authentication, area default-cost, area nssa, area range, area stub, and area virtual-link.
Examples
The following example makes area 1 an NSSA area:
network 172.19.92.0 0.0.0.255 area 1
area nssa translate
To configure an area as a not-so-stubby area (NSSA) and configure the OSPF Forwarding Address Suppression in Translated Type-5 LSAs feature, use the area nssa translate command in router configuration mode. To remove the NSSA distinction from the area, use the no form of this command.
area area-id nssa translate type7 suppress-fa
no area area-id nssa translate type7 suppress-fa
Syntax Description
area-id
|
Identifier of the area for which authentication is to be enabled. The identifier can be specified as either a decimal value or an IP address.
|
translate
|
Translates one type of LSA to another type of LSA. This keyword takes effect only on an NSSA ABR or NSSA Autonomous System Boundary Router (ASBR).
|
type7
|
Translates a Type-7 LSA to a Type-5 LSA. This keyword takes effect only on an NSSA ABR or an NSSA ASBR.
|
suppress-fa
|
Suppresses the forwarding address of the Type-7 LSAs from being placed in the Type-5 LSAs. This keyword takes effect only on an NSSA ABR or an NSSA ASBR.
|
Defaults
No translation occurs.
Command Modes
Router configuration
Command History
Release
|
Modification
|
12.2(15)T
|
This command was introduced.
|
Usage Guidelines
To configure the OSPF Forwarding Address Suppression in Translated Type-5 LSAs feature, configure the translate type7 suppress-fa keywords. Consider the following caution.
Caution 
Configuring the OSPF Forwarding Address Suppression in Translated Type-5 LSAs feature causes the router to be noncompliant with RFC 1587. Also, suboptimal routing might result because there might be better paths to reach the destination's forwarding address. This feature should not be configured without careful consideration and not until the network topology is understood.
If the translate keyword is used in addition to the no-redistribution or default-information originate keywords, two separate lines for the area nssa command appear in the configuration file for ease of readability. For example, if area 6 nssa no-redistribution translate type7 suppress-fa is configured, the following lines would appear in the configuration file:
area 6 nssa no-redistribution
area 6 nssa translate type7 suppress-fa
To remove the specified area from the software configuration, use the no area area-id command (with no other keywords). That is, the no area area-id command removes all area options, such as area authentication, area default-cost, area nssa, area range, area stub, and area virtual-link.
Examples
The following example causes OSPF to translate Type-7 LSAs from area 1 to Type-5 LSAs, but not place the Type-7 forwarding address into the Type-5 LSAs. OSPF places 0.0.0.0 as the forwarding address in the Type-5 LSAs.
network 172.19.92.0 0.0.0.255 area 1
area 1 nssa translate type7 suppress-fa
area range
To consolidate and summarize routes at an area boundary, use the area range command in router configuration mode. To disable this function, use the no form of this command.
area area-id range ip-address mask [advertise | not-advertise] [cost cost]
no area area-id range ip-address mask [advertise | not-advertise] [cost cost]
Syntax Description
area-id
|
Identifier of the area about which routes are to be summarized. It can be specified as either a decimal value or as an IP address.
|
ip-address
|
IP address.
|
mask
|
IP address mask.
|
advertise
|
(Optional) Sets the address range status to advertise and generates a Type 3 summary link-state advertisement (LSA).
|
not-advertise
|
(Optional) Sets the address range status to DoNotAdvertise. The Type 3 summary LSA is suppressed, and the component networks remain hidden from other networks.
|
cost cost
|
(Optional) Metric or cost for this summary route, which is used during OSPF SPF calculation to determine the shortest paths to the destination. The range of this value is from 0 to 16777215.
|
Defaults
This command is disabled by default.
Command Modes
Router configuration
Command History
Release
|
Modification
|
10.0
|
This command was introduced.
|
12.2
|
The cost cost keyword and argument were added.
|
Usage Guidelines
The area range command is used only with Area Border Routers (ABRs). It is used to consolidate or summarize routes for an area. The result is that a single summary route is advertised to other areas by the ABR. Routing information is condensed at area boundaries. External to the area, a single route is advertised for each address range. This behavior is called route summarization.
Multiple area router configuration commands specifying the range option can be configured. Thus, OSPF can summarize addresses for many different sets of address ranges.
Note
To remove the specified area from the software configuration, use the no area area-id command (with no other keywords). That is, the no area area-id command removes all area options, such as area authentication, area default-cost, area nssa, area range, area stub, and area virtual-link.
Examples
The following example specifies one summary route to be advertised by the ABR to other areas for all subnets on network 10.0.0.0 and for all hosts on network 192.168.110.0:
ip address 192.168.110.201 255.255.255.0
ip address 192.168.120.201 255.255.255.0
network 192.168.110.0 0.0.0.255 area 0
area 10.0.0.0 range 10.0.0.0 255.0.0.0
area 0 range 192.168.110.0 255.255.0.0 cost 60
Related Commands
Command
|
Description
|
area authentication
|
Enables authentication for an OSPF area.
|
area default-cost
|
Specifies a cost for the default summary route sent into a stub area.
|
area nssa
|
Configures an area as an NSSA.
|
area stub
|
Defines an area as a stub area.
|
area virtual-link
|
Defines an OSPF virtual link.
|
area sham-link cost
To configure a sham-link interface on a provider edge (PE) router in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) backbone, use the area sham-link cost command in global configuration mode. To remove the sham-link, use the no form of this command.
area area-id sham-link source-address destination-address cost number
no area area-id sham-link source-address destination-address cost number
Syntax Description
area-id
|
ID number of the Open Shortest Path First (OSPF) area assigned to the sham-link. Valid values: numeric value or valid IP address. There is no default.
|
source-address
|
IP address of the source PE router in the format: ip-address [mask].
|
destination-address
|
IP address of the destination PE route in the format: ip-address [mask].
|
number
|
OSPF cost to send IP packets over the sham-link interface. The range of this value is from 1 to 65535.
|
Defaults
No default behavior or values.
Command Modes
Global configuration
Command History
Release
|
Modification
|
12.2(8)T
|
This command was introduced.
|
Usage Guidelines
In the MPLS VPN environment, several VPN client sites can be connected in the same OSPF area. If these sites are connected over a backdoor link in addition to the VPN backbone, all traffic passes over the backdoor link instead of over the VPN backbone. OSPF always selects intra-area routes over interarea (external) routes.
To correct this default OSPF behavior in an MPLS VPN, use the area sham-link cost command to configure a sham-link between two PEs to connect the sites through the MPLS VPN backbone. A sham-link represents an intra-area (unnumbered point-to-point) connection between PEs. All other routers in the area use the sham-link to calculate intra-area shortest path first (SPF) routes to the remote site.
Configure the source and destination addresses of the sham-link as a host route mask (255.255.255.255) on the PE routers that serve as the endpoints of the sham-link. The source and destination IP addresses must belong to the VRF and be advertised by Border Gateway Protocol (BGP) to remote PE routers. The sham-link endpoint addresses should not be advertised by OSPF.
Examples
The following example shows how to configure a sham-link between two PE routers in an MPLS VPN backbone by using the area sham-link cost command on each router:
Router1(config)# interface loopback 55
Router1(config-if)# ip vrf forwarding v1
Router1(config-if)# ip address 10.0.0.1 255.255.255.255
Router1(config)# router ospf 2 vrf v1
Router1(config-if)# log-adjacency-changes
Router1(config-if)# area 120 sham-link 10.0.0.1 10.44.0.1 cost 1
Router1(config-if)# redistribute bgp 1 subnets
Router1(config-if)# network 10.2.0.1 255.255.255.255 area 1
Router1(config-if)# network 10.120.0.0 0.255.255.255 area 120
Router1(config-if)# network 10.140.0.0 0.255.255.255 area 120
Router2(config)# interface loopback 44
Router2(config-if)# ip vrf forwarding v1
Router2(config-if)# ip address 172.16.0.1 255.255.255.255
Router2(config)# router ospf 2 vrf v1
Router2(config-if)# log-adjacency-changes
Router2(config-if)# area 120 sham-link 10.44.0.1 10.0.0.1 cost 1
Router2(config-if)# redistribute bgp 1 subnets
Router2(config-if)# network 10.2.0.1 255.255.255.255 area 1
Router2(config-if)# network 10.120.0.0 0.255.255.255 area 120
Router2(config-if)# network 10.140.0.0 0.255.255.255 area 120
area stub
To define an area as a stub area, use the area stub command in router configuration mode. To disable this function, use the no form of this command.
area area-id stub [no-summary]
no area area-id stub [no-summary]
Syntax Description
area-id
|
Identifier for the stub area; either a decimal value or an IP address.
|
no-summary
|
(Optional) Prevents an Area Border Router (ABR) from sending summary link advertisements into the stub area.
|
Defaults
No stub area is defined.
Command Modes
Router configuration
Command History
Release
|
Modification
|
10.0
|
This command was introduced.
|
Usage Guidelines
You must configure the area stub command on all routers and access servers in the stub area. Use the area router configuration command with the default-cost keyword to specify the cost of a default internal router sent into a stub area by an ABR.
There are two stub area router configuration commands: the stub and default-cost options of the area router configuration command. In all routers attached to the stub area, the area should be configured as a stub area using the stub keyword of the area command. Use the default-cost keyword only on an ABR attached to the stub area. The default-cost keyword provides the metric for the summary default route generated by the ABR into the stub area.
To further reduce the number of link-state advertisements (LSAs) sent into a stub area, you can configure the no-summary keyword on the ABR to prevent it from sending summary LSAs (LSA type 3) into the stub area.
Note
To remove the specified area from the software configuration, use the no area area-id command (with no other keywords). That is, the no area area-id command removes all area options, such as area authentication, area default-cost, area nssa, area range, area stub, and area virtual-link.
Examples
The following example assigns a default cost of 20 to stub network 10.0.0.0:
ip address 10.56.0.201 255.255.0.0
network 10.0.0.0 0.255.255.255 area 10.0.0.0
area 10.0.0.0 default-cost 20
Related Commands
Command
|
Description
|
area authentication
|
Enables authentication for an OSPF area.
|
area default-cost
|
Specifies a cost for the default summary route sent into a stub area.
|
area virtual-link
To define an OSPF virtual link, use the area virtual-link command in router configuration mode with the optional parameters. To remove a virtual link, use the no form of this command.
area area-id virtual-link router-id [authentication [message-digest | null]] [hello-interval
seconds] [retransmit-interval seconds] [transmit-delay seconds] [dead-interval seconds]
[[authentication-key key] | [message-digest-key key-id md5 key]]
no area area-id virtual-link router-id [authentication [message-digest | null]] [hello-interval
seconds] [retransmit-interval seconds] [transmit-delay seconds] [dead-interval seconds]
[[authentication-key key] | [message-digest-key key-id md5 key]]
no area area-id
Syntax Description
area-id
|
Area ID assigned to the transit area for the virtual link. This can be either a decimal value or a valid IP address. There is no default.
|
router-id
|
Router ID associated with the virtual link neighbor. The router ID appears in the show ip ospf display. The router ID is internally derived by each router from the interface IP addresses. This value must be entered in the format of an IP address. There is no default.
|
authentication
|
(Optional) Specifies authentication type.
|
message-digest
|
(Optional) Specifies that message-digest authentication is used.
|
null
|
(Optional) No authentication is used. Overrides password or message-digest authentication if configured for the area.
|
hello-interval seconds
|
(Optional) Time (in seconds) between the hello packets that the Cisco IOS software sends on an interface. Unsigned integer value to be advertised in the hello packets. The value must be the same for all routers and access servers attached to a common network. The default is 10 seconds. The range is from 1 to 8192.
|
retransmit-interval seconds
|
(Optional) Time (in seconds) between link-state advertisement (LSA) retransmissions for adjacencies belonging to the interface. Expected round-trip delay between any two routers on the attached network. The value must be greater than the expected round-trip delay. The default is 5 seconds. The range is from 1 to 8192.
|
transmit-delay seconds
|
(Optional) Estimated time (in seconds) required to send a link-state update packet on the interface. Integer value that must be greater than zero. LSAs in the update packet have their age incremented by this amount before transmission. The default value is 1 second. The range is from 1 to 8192.
|
dead-interval seconds
|
(Optional) Time (in seconds) that hello packets are not seen before a neighbor declares the router down. Unsigned integer value. The default is four times the hello interval, or 40 seconds. As with the hello interval, this value must be the same for all routers and access servers attached to a common network. The range is from 1 to 8192.
|
authentication-key key
|
(Optional) Password to be used by neighboring routers. It is any continuous string of characters that you can enter from the keyboard up to 8 bytes long. This string acts as a key that will allow the authentication procedure to generate or verify the authentication field in the OSPF header. This key is inserted directly into the OSPF header when originating routing protocol packets. A separate password can be assigned to each network on a per-interface basis. All neighboring routers on the same network must have the same password to be able to route OSPF traffic. The password is encrypted in the configuration file if the service password-encryption command is enabled. There is no default value.
|
message-digest-key key-id md5 key
|
(Optional) Key identifier and password to be used by neighboring routers and this router for Message Digest 5 (MD5) authentication. The key-id argument is a number in the range from 1 to 255. The key is an alphanumeric string of up to 16 characters. All neighboring routers on the same network must have the same key identifier and key to be able to route OSPF traffic. There is no default value.
|
Defaults
area-id: No area ID is predefined.
router-id: No router ID is predefined.
hello-interval seconds: 10 seconds
retransmit-interval seconds: 5 seconds
transmit-delay seconds: 1 second
dead-interval seconds: 40 seconds
authentication-key key: No key is predefined.
message-digest-key key-id md5 key: No key is predefined.
Command Modes
Router configuration
Command History
Release
|
Modification
|
10.0
|
This command was introduced.
|
11.0
|
The message-digest-key key-id md5 key keywords and arguments were added.
|
12.0
|
The authentication, message-digest, and null keywords were added.
|
Usage Guidelines
In OSPF, all areas must be connected to a backbone area. If the connection to the backbone is lost, it can be repaired by establishing a virtual link.
The smaller the hello interval, the faster topological changes will be detected, but more routing traffic will ensue.
The setting of the retransmit interval should be conservative, or needless retransmissions will result. The value should be larger for serial lines and virtual links.
The transmit delay value should take into account the transmission and propagation delays for the interface.
The Cisco IOS software will use the specified authentication key only when authentication is enabled for the backbone with the area area-id authentication router configuration command.
The two authentication schemes, simple text and MD5 authentication, are mutually exclusive. You can specify one or the other or neither. Any keywords and arguments you specify after authentication-key key or message-digest-key key-id md5 key are ignored. Therefore, specify any optional arguments before such a keyword-argument combination.
For Cisco IOS Release 12.2 and later releases, authentication type now is specified on a per-interface basis, rather than on a per-area basis, per RFC 2178. For backward compatibility, authentication type for an area is still supported. If the authentication type is not specified for an interface, the interface will use the authentication type that was specified for the area. If no authentication type has been specified for the area, the area default is null authentication.
Note
Each virtual link neighbor must include the transit area ID and the corresponding virtual link neighbor router ID in order for a virtual link to be properly configured. Use the show ip ospf EXEC command to see the router ID.
Note
To remove the specified area from the software configuration, use the no area area-id command (with no other keywords). That is, the no area area-id command removes all area options, such as area authentication, area default-cost, area nssa, area range, area stub, and area virtual-link.
Examples
The following example establishes a virtual link with default values for all optional parameters:
network 10.0.0.0 0.255.255.255 area 10.0.0.0
area 10.0.0.0 virtual-link 10.3.4.5
The following example establishes a virtual link with MD5 authentication:
network 10.0.0.0 0.255.255.255 area 10.0.0.0
area 10.0.0.0 virtual-link 10.3.4.5 message-digest-key 3 md5 sa5721bk47
Related Commands
Command
|
Description
|
area authentication
|
Enables authentication for an OSPF area.
|
service password-encryption
|
Encrypts passwords.
|
show ip ospf
|
Displays general information about OSPF routing processes.
|
area-password
To configure the IS-IS area authentication password, use the area-password command in router configuration mode. To disable the password, use the no form of this command.
area-password password [authenticate snp {validate | send-only}]
no area-password [password]
Syntax Description
password
|
Password you assign.
|
authenticate snp
|
(Optional) Causes the system to insert the password into sequence number PDUs (SNPs).
|
validate
|
(Optional) Causes the system to insert the password into the SNPs and check the password in SNPs that it receives.
|
send-only
|
(Optional) Causes the system only to insert the password into the SNPs, but not check the password in SNPs that it receives. Use this keyword during a software upgrade to ease the transition.
|
Defaults
No area password is defined, and area password authentication is disabled.
Command Modes
Router configuration
Command History
Release
|
Modification
|
10.0
|
This command was introduced.
|
12.0(21)ST
|
The authenticate snp, validate, and send-only keywords were added.
|
Usage Guidelines
Using the area-password command on all routers in an area will prevent unauthorized routers from injecting false routing information into the link-state database.
This password is exchanged as plain text and thus this feature provides only limited security.
This password is inserted in Level 1 (station router level) PDU link-state packets (LSPs), complete sequence number PDUs (CSNPs), and partial sequence number PDUs (PSNP).
If you do not specify the authenticate snp keyword along with either the validate or send-only keyword, then the IS-IS routing protocol does not insert the password into SNPs.
Examples
The following example assigns an area authentication password and specifies that the password be inserted in SNPs and checked in SNPs that the system receives:
area-password track authenticate snp validate
Related Commands
Command
|
Description
|
domain-password
|
Configures the IS-IS routing domain authentication password.
|
isis password
|
Configures the authentication password for an interface.
|
authentication key-chain
To enable authentication for IS-IS, use the authentication key-chain command in router configuration mode. To disable such authentication, use the no form of this command.
authentication key-chain name-of-chain [level-1 | level-2]
no authentication key-chain name-of-chain [level-1 | level-2]
Syntax Description
name-of-chain
|
Enables authentication and specifies the group of keys that are valid.
|
level-1
|
(Optional) Enables authentication for Level 1 packets only.
|
level-2
|
(Optional) Enables authentication for Level 2 packets only.
|
Defaults
No key chain authentication is provided for IS-IS packets at the router level.
Command Modes
Router configuration
Command History
Release
|
Modification
|
12.0(21)ST
|
This command was introduced.
|
Usage Guidelines
If no key chain is configured with the key chain command, no key chain authentication is performed.
Key chain authentication could apply to clear text authentication or MD5 authentication. The mode is determined by the authentication mode command.
Only one authentication key chain is applied to IS-IS at one time. That is, if you configure a second authentication key-chain command, the first is overridden.
If neither the level-1 nor level-2 keyword is configured, the chain applies to both levels.
You can specify authentication for an individual IS-IS interface by using the isis authentication key-chain command.
Examples
The following example configures IS-IS to accept and send any key belonging to the key chain named cities:
router isis real_secure_network
net 49.0000.0101.0101.0101.00
authentication mode md5 level-1
authentication key-chain cities level-1
Related Commands
Command
|
Description
|
authentication mode
|
Specifies the type of authentication used in IS-IS packets for the IS-IS instance.
|
isis authentication key-chain
|
Enables authentication for an IS-IS interface.
|
key chain
|
Enables authentication for routing protocols.
|
authentication mode
To specify the type of authentication used in IS-IS packets for the IS-IS instance, use the authentication mode command in router configuration mode. To restore clear text authentication, use the no form of this command.
authentication mode {md5 | text} [level-1 | level-2]
no authentication mode
Syntax Description
md5
|
Message Digest 5 (MD5) authentication.
|
text
|
Clear text authentication.
|
level-1
|
(Optional) Enables the specified authentication for Level 1 packets only.
|
level-2
|
(Optional) Enables the specified authentication for Level 2 packets only.
|
Defaults
No authentication is provided for IS-IS packets at the router level by use of this command, although clear text (plain text) authentication could be configured by other means, such as the area-password command or the domain-password command.
Command Modes
Router configuration
Command History
Release
|
Modification
|
12.0(21)ST
|
This command was introduced.
|
Usage Guidelines
If neither the level-1 nor level-2 keyword is configured, the mode applies to both levels.
You can specify the type of authentication and the level to which it applies for a single IS-IS interface, rather than per IS-IS instance, by using the isis authentication mode command.
If you had clear text authentication configured by using the area-password or domain-password command, the authentication mode command overrides both of those commands.
If you configure the authentication mode command and subsequently try to configure the area-password or domain-password command, you will not be allowed to do so. If you truly want to configure clear text authentication using the area-password or domain-password command, you must use the no authentication mode command first.
Examples
The following example configures for the IS-IS instance that MD5 authentication is performed on Level 1 packets:
router isis real_secure_network
net 49.0000.0101.0101.0101.00
authentication mode md5 level-1
authentication key-chain cities level-1
Related Commands
Command
|
Description
|
area-password
|
Configures the IS-IS area authentication password.
|
authentication key-chain
|
Enables authentication for IS-IS packets and specifies the set of keys that can be used on an interface.
|
domain-password
|
Configures the IS-IS routing domain authentication password.
|
isis authentication mode
|
Specifies the type of authentication used for an ISIS interface.
|
key chain
|
Enables authentication for routing protocols.
|
authentication send-only
To specify for the IS-IS instance that authentication is performed only on IS-IS packets being sent (not received), use the authentication send-only command in router configuration mode. To configure for the IS-IS instance that if authentication is configured at the router level, such authentication be performed on packets being sent and received, use the no form of this command.
authentication send-only [level-1 | level-2]
no authentication send-only
Syntax Description
level-1
|
(Optional) Authentication is performed only on Level 1 packets that are being sent (not received).
|
level-2
|
(Optional) Authentication is performed only on Level 2 packets that are being sent (not received).
|
Defaults
If authentication is configured at the router level, it applies to IS-IS packets being sent and received.
Command Modes
Router configuration
Command History
Release
|
Modification
|
12.0(21)ST
|
This command was introduced.
|
Usage Guidelines
Use this command before configuring the authentication mode and authentication key chain so that the implementation of authentication goes smoothly. That is, the routers will have more time for the keys to be configured on each router if authentication is inserted only on the packets being sent, not checked on packets being received. After all of the routers that must communicate are configured with this command, enable the authentication mode and key chain on each router. Then specify the no authentication send-only command to disable the send-only feature.
If neither the level-1 nor level-2 keyword is configured, the send-only feature applies to both levels.
This command could apply to clear text authentication or MD5 authentication. The mode is determined by the authentication mode command.
Examples
The following example configures IS-IS Level 1 packets to use clear text authentication on packets being sent (not received):
router isis real_secure_network
net 49.0000.0101.0101.0101.00
authentication send-only level-1
authentication mode text level-1
authentication key-chain cities level-1
Related Commands
Command
|
Description
|
authentication key-chain
|
Enables authentication for IS-IS packets and specifies the set of keys that can be used on an interface.
|
authentication mode
|
Specifies the type of authentication used in IS-IS packets for the IS-IS instance.
|
key chain
|
Enables authentication for routing protocols.
|
auto-cost
To control how OSPF calculates default metrics for the interface, use the auto-cost command in router configuration mode. To assign cost based only on the interface type, use the no form of this command.
auto-cost reference-bandwidth ref-bw
no auto-cost reference-bandwidth
Syntax Description
reference-bandwidth ref-bw
|
Rate in Mbps (bandwidth). The range is from 1 to 4294967; the default is 100.
|
Defaults
100 Mbps
Command Modes
Router configuration
Command History
Release
|
Modification
|
11.2
|
This command was introduced.
|
Usage Guidelines
In Cisco IOS Release 10.3 and later releases, by default OSPF will calculate the OSPF metric for an interface according to the bandwidth of the interface. For example, a 64K link will get a metric of 1562, and a T1 link will have a metric of 64.
The OSPF metric is calculated as the ref-bw value divided by the bandwidth, with ref-bw equal to 108 by default, and bandwidth determined by the bandwidth (interface) command. The calculation gives FDDI a metric of 1.
If you have multiple links with high bandwidth (such as FDDI or ATM), you might want to use a larger number to differentiate the cost on those links.
The value set by the ip ospf cost command overrides the cost resulting from the auto-cost command.
Examples
The following example changes the cost of the FDDI link to 10, while the gigabit Ethernet link remains at a cost of 1. Thus, the link costs are differentiated.
auto-cost reference-bandwidth 1000
Related Commands
Command
|
Description
|
ip ospf cost
|
Explicitly specifies the cost of sending a packet on an interface.
|
auto-summary (BGP)
To allow automatic summarization of subnet routes into network-level routes, use the auto-summary command in address family or router configuration mode. To disable this feature and send subprefix routing information across classful network boundaries, use the no form of this command.
auto-summary
no auto-summary
Syntax Description
This command has no arguments or keywords.
Defaults
The behavior of this command is disabled by default (the software sends subprefix routing information across classful network boundaries).
Command Modes
Address family configuration
Router configuration
Command History
Release
|
Modification
|
10.0
|
This command was introduced.
|
12.0(7)T
|
Address family configuration mode was added.
|
12.2(8)T
|
Command default behavior changed to disabled.
|
Usage Guidelines
Route summarization reduces the amount of routing information in the routing tables.
By default, BGP does not accept subnets redistributed from Interior Gateway Protocol (IGP). To allow the software to create summary subprefixes to the classful network boundary when crossing classful network boundaries, use the auto-summary command.
To advertise and carry subnet routes in BGP, use an explicit network command because automatic summarization is disabled by default. If you have not entered a network command, you will not advertise network routes for networks with subnet routes unless they contain a summary route.
Examples
In the following router configuration mode example, network numbers are summarized automatically:
In the following address family configuration mode example, network numbers are summarized automatically:
address-family ipv4 unicast
Related Commands
Command
|
Description
|
address-family ipv4 (BGP)
|
Places the router in address family configuration mode for configuring routing sessions such as BGP, RIP, or static routing sessions that use standard IPv4 address prefixes.
|
address-family vpnv4
|
Places the router in address family configuration mode for configuring routing sessions such as BGP, RIP, or static routing sessions that use standard VPNv4 address prefixes.
|
auto-summary (EIGRP)
To allow automatic summarization of subnet routes into network-level routes, use the auto-summary command in router configuration mode. To disable this function and send subprefix routing information across classful network boundaries, use the no form of this command.
auto-summary
no auto-summary
Syntax Description
This command has no arguments or keywords.
Defaults
The behavior of this command is disabled by default (the software sends subprefix routing information across classful network boundaries).
Command Modes
Router configuration
Command History
Release
|
Modification
|
10.0
|
This command was introduced.
|
12.2(8)T
|
Command default behavior changed to disabled.
|
Usage Guidelines
Route summarization reduces the amount of routing information in the routing tables.
By default, Border Gateway Protocol (BGP) does not accept subnets redistributed from an Interior Gateway Protocol (IGP). To allow the software to create summary subprefixes to the classful network boundary when crossing classful network boundaries, use the auto-summary command.
To advertise and carry subnet routes in BGP, use an explicit network command because automatic summarization is disabled by default. If you have not entered a network command, you will not advertise network routes for networks with subnet routes unless they contain a summary route.
Enhanced Interior Gateway Routing Protocol (EIGRP) summary routes are given an administrative distance value of 5. You cannot configure this value.
Routing Information Protocol (RIP) Version 1 always uses automatic summarization. If you are using RIP Version 2, you can turn off automatic summarization by specifying the no auto-summary command. Disable automatic summarization if you must perform routing between disconnected subnets. When automatic summarization is off, subnets are advertised.
Examples
The following example enables automatic summarization for EIGRP process 109:
Related Commands
Command
|
Description
|
ip summary-address eigrp
|
Configures a summary aggregate address for a specified interface.
|
auto-summary (RIP)
To restore the default behavior of automatic summarization of subnet routes into network-level routes, use the auto-summary command in router configuration mode. To disable this function and send subprefix routing information across classful network boundaries, use the no form of this command.
auto-summary
no auto-summary
Syntax Description
This command has no arguments or keywords.
Defaults
Enabled (the software summarizes subprefixes to the classful network boundary when crossing classful network boundaries).
Command Modes
Router configuration
Command History
Release
|
Modification
|
10.0
|
This command was introduced.
|
Usage Guidelines
Route summarization reduces the amount of routing information in the routing tables.
RIP Version 1 always uses automatic summarization. If you are using RIP Version 2, you can turn off automatic summarization by specifying the no auto-summary command. Disable automatic summarization if you must perform routing between disconnected subnets. When automatic summarization is off, subnets are advertised.
Examples
In the following example, network numbers are not summarized automatically:
bgp always-compare-med
To allow the comparison of the Multi Exit Discriminator (MED) for paths from neighbors in different autonomous systems, use the bgp always-compare-med command in router configuration mode. To disallow the comparison, use the no form of this command.
bgp always-compare-med
no bgp always-compare-med
Syntax Description
This command has no arguments or keywords.
Defaults
The Cisco IOS software does not compare MEDs for paths from neighbors in different autonomous systems.
Command Modes
Router configuration
Command History
Release
|
Modification
|
11.0
|
This command was introduced.
|
Usage Guidelines
The MED is one of the parameters that is considered when selecting the best path among many alternative paths. The path with a lower MED is preferred over a path with a higher MED.
By default, during the best-path selection process, MED comparison is done only among paths from the same autonomous system. This command changes the default behavior by allowing comparison of MEDs among paths regardless of the autonomous system from which the paths are received.
Examples
The following example configures the BGP speaker in autonomous system 109 to compare MEDs among alternative paths, regardless of the autonomous system from which the paths are received:
bgp bestpath as-path ignore
To configure Border Gateway Protocol (BGP) to not consider the autonomous system (AS) path during best path route selection, use the bgp bestpath as-path ignore command in router configuration mode. To restore default behavior and configure BGP to consider the AS path during route selection, use the no form of this command.
bgp bestpath as-path ignore
no bgp bestpath as-path ignore
Syntax Description
This command has no arguments or keywords.
Defaults
The AS path is considered during BGP best path selection.
Command Modes
Router configuration
Command History
Release
|
Modification
|
12.0
|
This command was introduced.
|
Examples
In the following example, the BGP routing process is configured to not consider the AS path during best path selection:
Router(config)# router bgp 40000
Router(config-router)# bgp bestpath as-path ignore
Related Commands
Command
|
Description
|
show ip bgp ipv4
|
Displays information about the TCP and BGP connections to neighbors.
|
bgp bestpath compare-routerid
To compare similar routes received from external BGP (eBGP) peers during the best path selection process and switch the best path to the route with the lowest router ID, use the bgp bestpath compare-routerid command in router configuration mode. To return the router to the default setting, use the no form of this command.
bgp bestpath compare-routerid
no bgp bestpath compare-routerid
Syntax Description
This command has no arguments or keywords.
Defaults
BGP does not compare similar paths received from eBGP peers during the best path selection process and switch the best path to the route with the lowest router ID.
Command Modes
Router configuration
Command History
Release
|
Modification
|
12.0
|
This command was introduced.
|
12.0 S
|
This command was introduced.
|
12.0 ST
|
This command was introduced.
|
Usage Guidelines
By default, during the best path selection process, when BGP receives similar routes from eBGP peers (all the attributes are the same except for the router ID), the best path is not switched to the route with the lowest router ID if that route was not the first route received. If the bgp bestpath compare-routerid command is enabled, then similar routes are compared and the best path is switched to the route with the lowest router ID.
Examples
The following example shows the BGP speaker in autonomous system 500 configured to compare the router IDs of similar paths, regardless of the autonomous system from which the paths are received:
bgp bestpath compare-routerid
Related Commands
Command
|
Description
|
show ip bgp
|
Displays entries in the BGP routing table.
|
bgp bestpath med confed
To enable Multi Exit Discriminator (MED) comparison among paths learned from confederation peers, use the bgp bestpath med confed command in router configuration mode. To prevent the software from considering the MED attribute in comparing paths, use the no form of this command.
bgp bestpath med confed
no bgp bestpath med confed
Syntax Description
This command has no arguments or keywords.
Defaults
The software does not consider the MED attribute when choosing among paths learned from confederation peers.
Command Modes
Router configuration
Command History
Release
|
Modification
|
12.0
|
This command was introduced.
|
Usage Guidelines
The comparison between MEDs is made only if no external autonomous systems are in the path (an external autonomous system is an autonomous system that is not within the confederation). If an external autonomous system in the path, then the external MED is passed transparently through the confederation, and the comparison is not made.
For example, assume that autonomous system 65000, 65001, 65002, and 65004 are part of the confederation; autonomous system 1 is not; and we are comparing route A with four paths. If the bgp bestpath med confed command is enabled, path 1 would be chosen. The fourth path has a lower MED, but it is not involved in the MED comparison because there is an external autonomous system in this path. The following list displays the MED for each autonomous system.
path = 65000 65004, med = 2
path = 65001 65004, med = 3
path = 65002 65004, med = 4
path = 65003 1, med = 1
Examples
The following command enables the BGP router to compare MED values for paths learned from confederation peers:
Related Commands
Command
|
Description
|
show ip bgp
|
Displays entries in the BGP routing table.
|
show ip bgp ipv4
|
Displays information about the TCP and BGP connections to neighbors.
|
bgp bestpath med missing-as-worst
To have Cisco IOS software consider a missing Multi Exit Discriminator (MED) attribute in a path as having a value of infinity, making the path without a MED value the least desirable path, use the bgp bestpath med missing-as-worst command in router configuration mode. To return the router to the default (assign a value of 0 to the missing MED), use the no form of this command.
bgp bestpath med missing-as-worst
no bgp bestpath med missing-as-worst
Syntax Description
This command has no arguments or keywords.
Defaults
The software assigns a value of 0 to the missing MED, causing the path with the missing MED attribute to be considered the best path.
Command Modes
Router configuration
Command History
Release
|
Modification
|
12.0
|
This command was introduced.
|
Examples
The following example specifies the BGP router to consider a missing MED attribute in a path as having a value of infinity, making this path the least desirable path:
bgp bestpath med missing-as-worst
Related Commands
Command
|
Description
|
show ip bgp
|
Displays entries in the BGP routing table.
|
show ip bgp ipv4
|
Displays information about the TCP and BGP connections to neighbors.
|
bgp client-to-client reflection
To restore route reflection from a BGP route reflector to clients, use the bgp client-to-client reflection command in address family or router configuration mode. To disable client-to-client reflection, use the no form of this command.
bgp client-to-client reflection
no bgp client-to-client reflection
Syntax Description
This command has no arguments or keywords.
Defaults
When a route reflector is configured, the route reflector reflects routes from a client to other clients.
Command Modes
Address family configuration
Router configuration
Command History
Release
|
Modification
|
11.1
|
This command was introduced.
|
12.0(7)T
|
Address family configuration mode was added.
|
Usage Guidelines
By default, the clients of a route reflector are not required to be fully meshed and the routes from a client are reflected to other clients. However, if the clients are fully meshed, route reflection is not required. Use the no bgp client-to-client reflection command to disable client-to-client reflection.
Examples
In the following router configuration mode example, the local router is a route reflector. The three neighbors are fully meshed, so client-to-client reflection is disabled.
neighbor 10.24.95.22 route-reflector-client
neighbor 10.24.95.23 route-reflector-client
neighbor 10.24.95.24 route-reflector-client
no bgp client-to-client reflection
In the following address family configuration mode example, the local router is a route reflector. The three neighbors are fully meshed, so client-to-client reflection is disabled.
address-family ipv4 unicast
neighbor 10.24.95.22 route-reflector-client
neighbor 10.24.95.23 route-reflector-client
neighbor 10.24.95.24 route-reflector-client
no bgp client-to-client reflection
Related Commands
Command
|
Description
|
address-family ipv4 (BGP)
|
Places the router in address family configuration mode for configuring routing sessions such as BGP, RIP, or static routing sessions that use standard IPv4 address prefixes.
|
address-family vpnv4
|
Places the router in address family configuration mode for configuring routing sessions such as BGP, RIP, or static routing sessions that use standard VPNv4 address prefixes.
|
bgp cluster-id
|
Configures the cluster ID if the BGP cluster has more than one route reflector.
|
neighbor route-reflector-client
|
Configures the router as a BGP route reflector and configures the specified neighbor as its client.
|
show ip bgp
|
Displays entries in the BGP routing table.
|
bgp cluster-id
To configure the cluster ID if the BGP cluster has more than one route reflector, use the bgp cluster-id command in router configuration mode. To remove the cluster ID, use the no form of this command.
bgp cluster-id cluster-id
no bgp cluster-id cluster-id
Syntax Description
cluster-id
|
Cluster ID of this router acting as a route reflector; maximum of 4 bytes.
|
Defaults
The router ID of the single route reflector in a cluster.
Command Modes
Router configuration
Command History
Release
|
Modification
|
11.0
|
This command was introduced.
|
Usage Guidelines
Together, a route reflector and its clients form a cluster.
Usually a cluster of clients will have a single route reflector. In that case, the cluster is identified by the router ID of the route reflector. In order to increase redundancy and avoid a single point of failure, a cluster might have more than one route reflector. In this case, all route reflectors in the cluster must be configured with the 4-byte cluster ID so that a route reflector can recognize updates from route reflectors in the same cluster.
If the cluster has more than one route reflector, use this command to configure the cluster ID.
Examples
In the following example, the local router is one of the route reflectors serving the cluster. It is configured with the cluster ID to identify the cluster.
neighbor 198.92.70.24 route-reflector-client
Related Commands
Command
|
Description
|
bgp client-to-client reflection
|
Restores route reflection from a BGP route reflector to clients.
|
neighbor route-reflector-client
|
Configures the router as a BGP route reflector and configures the specified neighbor as its client.
|
show ip bgp
|
Displays entries in the BGP routing table.
|
bgp confederation identifier
To specify a BGP confederation identifier, use the bgp confederation identifier command in router configuration mode. To remove the confederation identifier, use the no form of this command.
bgp confederation identifier as-number
no bgp confederation identifier as-number
Syntax Description
as-number
|
Autonomous system number that internally includes multiple autonomous systems.
|
Defaults
No confederation identifier is configured.
Command Modes
Router configuration
Command History
Release
|
Modification
|
10.3
|
This command was introduced.
|
Usage Guidelines
One way to reduce the internal BGP (iBGP) mesh is to divide an autonomous system into multiple autonomous systems and group them into a single confederation. Each autonomous system is fully meshed within itself and has a few connections to another autonomous system in the same confederation. Even though the peers in different autonomous systems have external BGP (eBGP) sessions, they exchange routing information as if they are iBGP peers. Specifically, the next hop, Multi Exit Discriminator (MED), and local preference information is preserved. The preservation of this information enables to you to retain a single Interior Gateway Protocol (IGP) for all the autonomous systems. To the outside world, the confederation looks like a single autonomous system.
Examples
In the following example, the autonomous system is divided into autonomous systems 4001, 4002, 4003, 4004, 4005, 4006, and 4007 and identified by the confederation identifier 5. Neighbor 10.2.3.4 is someone inside your routing domain confederation. Neighbor 10.4.5.6 is someone outside your routing domain confederation. To the outside world, there appears to be a single autonomous system with the number 5.
bgp confederation identifier 5
bgp confederation peers 4002 4003 4004 4005 4006 4007
neighbor 10.2.3.4 remote-as 4002
neighbor 10.4.5.6 remote-as 510
Related Commands
Command
|
Description
|
bgp confederation peers
|
Configures the autonomous systems that belong to the confederation.
|
bgp confederation peers
To configure the autonomous systems that belong to the confederation, use the bgp confederation peers command in router configuration mode. To remove an autonomous system from the confederation, use the no form of this command.
bgp confederation peers as-number [... as-number]
no bgp confederation peers as-number [... as-number]
Syntax Description
as-number
|
Autonomous system numbers for BGP peers that will belong to the confederation.
|
Defaults
No BGP peers are identified as belonging to the confederation.
Command Modes
Router configuration
Command History
Release
|
Modification
|
10.3
|
This command was introduced.
|
Usage Guidelines
An ellipsis (...) in the command syntax indicates that your command input can include multiple values for the as-number argument.
The autonomous systems specified in this command are visible internally to a confederation. Each autonomous system is fully meshed within itself. The bgp confederation identifier command specifies the confederation to which the autonomous systems belong.
Examples
The following example specifies that autonomous systems 1090, 1091, 1092, and 1093 belong to a single confederation:
bgp confederation peers 1091 1092 1093
Related Commands
Command
|
Description
|
bgp confederation identifier
|
Specifies a BGP confederation identifier.
|
bgp dampening
To enable BGP route dampening or change various BGP route dampening factors, use the bgp dampening command in address family or router configuration mode. To disable the function or restore the default values, use the no form of this command.
bgp dampening [half-life reuse suppress max-suppress-time] [route-map map-name]
no bgp dampening [half-life reuse suppress max-suppress-time] [route-map map-name]
Syntax Description
half-life
|
(Optional) Time (in minutes) after which a penalty is decreased. Once the route has been assigned a penalty, the penalty is decreased by half after the half-life period (which is 15 minutes by default). The process of reducing the penalty happens every 5 seconds. The range of the half-life period is 1 to 45 minutes. The default is 15 minutes.
|
reuse
|
(Optional) Reuse values based on accumulated penalties. If the penalty for a flapping route decreases enough to fall below this value, the route is unsuppressed. The process of unsuppressing routes occurs at 10-second increments. The range of the reuse value is from 1 to 20000; the default is 750.
|
suppress
|
(Optional) A route is suppressed when its penalty exceeds this limit. The range is from 1 to 20000; the default is 2000.
|
max-suppress-time
|
(Optional) Maximum time (in minutes) a route can be suppressed. The range is from 1 to 20000; the default is 4 times the half-life. If the half-life value is allowed to default, the maximum suppress time defaults to 60 minutes. When the max-suppress-time is configured, the maximum penalty will never be exceeded, regardless of the number of times that the prefix dampens. The maximum penalty is computed with the following formula:
Max penalty = reuse-limit *2^(maximum suppress time/half time)
|
route-map map-name
|
(Optional) Name of route map that controls where BGP route dampening is enabled.
|
Defaults
This command is disabled by default
half-life: 15 minutes
reuse: 750
suppress: 2000
max-suppress-time: 4 times half-life
Command Modes
Address family configuration
Router configuration
Command History
Release
|
Modification
|
11.0
|
This command was introduced.
|
12.0(7)T
|
Address family configuration mode was added.
|
Usage Guidelines
If this command is used with no arguments, it enables BGP route dampening. The half-life, reuse, suppress, and max-suppress-time arguments are position-dependent. Therefore, if any of these arguments are issued, they must all be specified.
When BGP dampening is configured and a prefix is withdrawn, BGP considers the withdrawn prefix as a flap and increases the penalty by a 1000. If BGP receives an attribute change, BGP increases the penalty by 500. If then the prefix has been withdrawn, BGP keeps the prefix in the BGP table as a history entry. If the prefix has not been withdrawn by the neighbor and BGP is not using this prefix, the prefix is marked as dampened. Dampened prefixes are not used in the BGP decision process and not installed to the routing table.
Examples
The following router configuration mode example sets the half life to 30 minutes, the reuse value to 1500, the suppress value to 10000, and the maximum suppress time to 120 minutes:
bgp dampening 30 1500 10000 120
The following address family configuration mode example sets the half life to 30 minutes, the reuse value to 1500, the suppress value to 10000, and the maximum suppress time to 120 minutes:
address-family ipv4 multicast
bgp dampening 30 1500 10000 120
Related Commands
Command
|
Description
|
address-family ipv4 (BGP)
|
Places the router in address family configuration mode for configuring routing sessions such as BGP, RIP, or static routing sessions that use standard IPv4 address prefixes.
|
address-family vpnv4
|
Places the router in address family configuration mode for configuring routing sessions such as BGP, RIP, or static routing sessions that use standard VPNv4 address prefixes.
|
clear ip bgp dampening
|
Clears BGP route dampening information and unsuppresses the suppressed routes.
|
clear bgp nsap flap-statistics
|
Clears BGP flap statistics.
|
show ip bgp dampened-paths
|
Displays BGP dampened routes.
|
show ip bgp flap-statistics
|
Displays BGP flap statistics.
|
bgp default ipv4-unicast
To enable the IP version 4 (IPv4) unicast address family on all neighbors, use the bgp default ipv4-unicast command in address family or router configuration mode. To disable the IPv4 unicast address family on all neighbors, use the no form of this command.
bgp default ipv4-unicast
no bgp default ipv4-unicast
Syntax Description
This command has no arguments or keywords.
Defaults
This command is disabled by default.
Command Modes
Address family
Router configuration
Command History
Release
|
Modification
|
12.0(5)T
|
This command was introduced.
|
Usage Guidelines
Use the neighbor activate address family configuration command for each neighbor you want to run the bgp default ipv4-unicast command for under the IPv4 unicast address family.
Examples
The following example enables IP version 4 unicast address family on all neighbors:
Related Commands
Command
|
Description
|
neighbor activate
|
Enables the exchange of information with a neighboring router.
|
bgp default local-preference
To change the default local preference value, use the bgp default local-preference command in router configuration mode. To return to the default setting, use the no form of this command.
bgp default local-preference number
no bgp default local-preference number
Syntax Description
number
|
Local preference value from 0 to 4294967295. Higher is more preferred.
|
Defaults
Local preference value of 100
Command Modes
Router configuration
Command History
Release
|
Modification
|
10.0
|
This command was introduced.
|
Usage Guidelines
Generally, the default value of 100 allows you to easily define a particular path as less preferable than paths with no local preference attribute. The preference is sent to all routers and access servers in the local autonomous system.
Examples
The following example raises the default local preference value from the default of 100 to 200:
bgp default local-preference 200
Related Commands
Command
|
Description
|
set local-preference
|
Specifies a preference value for the autonomous system path.
|
bgp deterministic-med
To have Cisco IOS software enforce the deterministic comparison of the Multi Exit Discriminator (MED) variable between all paths received from the same autonomous system, use the bgp deterministic-med command in router configuration mode. To disable the comparison, use the no form of this command.
bgp deterministic-med
no bgp deterministic-med
Syntax Description
This command has no arguments or keywords.
Defaults
The software does not enforce the deterministic comparison of the MED variable between all paths received from the same autonomous system.
Command Modes
Router configuration
Address-family configuration
Command History
Release
|
Modification
|
11.1
|
This command was introduced.
|
Usage Guidelines
After the bgp always-compare-med command is configured, all paths for the same prefix that are received from different neighbors, which are in the same autonomous system, will be grouped together and sorted by the ascending MED value (received-only paths are ignored and not grouped or sorted). The best path selection algorithm will then pick the best paths using the existing rules; the comparison is made on a per neighbor autonomous system basis and then global basis. The grouping and sorting of paths occurs immediately after this command is entered. For correct results, all routers in the local autonomous system must have this command enabled (or disabled).
Examples
The following example specifies that the BGP router compare MED variables when choosing among routes advertised by the same subautonomous system within a confederation:
Router(config)# router bgp 204
Router(config-router)# bgp deterministic-med
The following example show ip bgp command output illustrates how route selection is affected by the configuration of the bgp deterministic-med command. The order in which routes are received affects how routes are selected for best path selection when the bgp deterministic-med command is not enabled.
The following sample output from the show ip bgp command shows three paths that are received for the same prefix (10.100.0.0), and the bgp deterministic-med command is not enabled:
Router# show ip bgp 10.100.0.0
BGP routing table entry for 10.100.0.0/16, version 40
Paths: (3 available, best #3, advertised over IBGP, EBGP)
192.168.43.10 from 192.168.43.10 (192.168.43.1)
Origin IGP, metric 0, localpref 100, valid, internal
192.168.43.22 from 192.168.43.22 (192.168.43.2)
Origin IGP, metric 20, localpref 100, valid, internal
192.168.43.3 from 192.168.43.3 (10.4.1.1)
Origin IGP, metric 30, valid, external, best
If the bgp deterministic-med feature is not enabled on the router, the route selection can be affected by the order in which the routes are received. Consider the following scenario in which a router received three paths for the same prefix:
The clear ip bgp * command is entered to clear all routes in the local routing table.
The show ip bgp command is issued again after the routing table has been repopulated. Note that the order of the paths changed after clearing the BGP session. The results of the selection algorithm also changed because the order in which the paths were received was different for the second session.
Router# show ip bgp 10.100.0.0
BGP routing table entry for 10.100.0.0/16, version 2
Paths: (3 available, best #3, advertised over EBGP)
109 192.168.43.10 from 192.168.43.10 (192.168.43.1)
Origin IGP, metric 0, localpref 100, valid, internal
192.168.43.3 from 192.168.43.3 (10.4.1.1)
Origin IGP, metric 30, valid, external
192.168.43.22 from 192.168.43.22 (192.168.43.2)
Origin IGP, metric 20, localpref 100, valid, internal, best
If the bgp deterministic-med command is enabled, then the result of the selection algorithm will always be the same, regardless of the order in which the paths are received by the local router. The following output is always generated when the bgp deterministic-med command is entered on the local router in this scenario:
Router# show ip bgp 10.100.0.0
BGP routing table entry for 10.100.0.0/16, version 15
Paths: (3 available, best #1, advertised over EBGP)
192.168.43.10 from 192.168.43.10 (192.168.43.1)
Origin IGP, metric 0, localpref 100, valid, internal, best 3
192.168.43.22 from 192.168.43.22 (192.168.43.2)
Origin IGP, metric 20, localpref 100, valid, internal 3
192.168.43.3 from 192.168.43.3 (10.4.1.1)
Origin IGP, metric 30, valid, external
Related Commands
Command
|
Description
|
clear ip bgp
|
Resets a BGP connection or session.
|
show ip bgp
|
Displays entries in the BGP routing table.
|
show ip bgp neighbors
|
Displays information about the TCP and BGP connections to neighbors.
|
bgp fast-external-fallover
To immediately reset the BGP sessions of any directly adjacent external peers if the link used to reach them goes down, use the bgp fast-external-fallover command in address family or router configuration mode. To disable this function, use the no form of this command.
bgp fast-external-fallover
no bgp fast-external-fallover
Syntax Description
This command has no arguments or keywords.
Defaults
The behavior of this command is enabled by default.
Command Modes
Address family configuration
Router configuration
Command History
Release
|
Modification
|
10.0
|
This command was introduced.
|
12.0(7)T
|
Address family configuration mode was added.
|
Examples
The following example disables the automatic resetting of BGP sessions in router configuration mode:
no bgp fast-external-fallover
The following example disables the automatic resetting of BGP sessions in address family configuration mode:
address-family ipv4 unicast
no bgp fast-external-fallover
Related Commands
Command
|
Description
|
address-family ipv4 (BGP)
|
Places the router in address family configuration mode for configuring routing sessions such as BGP, RIP, or static routing sessions that use standard IPv4 address prefixes.
|
bgp graceful-restart
To enable the Border Gateway Protocol (BGP) graceful restart capability, use the bgp graceful-restart command in router configuration mode. To remove this command from the configuration file and restore the system to its default condition with respect to this command, use the no form of this command.
bgp graceful-restart [restart-time seconds | stalepath-time seconds]
no bgp graceful-restart [restart-time seconds | stalepath-time seconds]
Syntax Description
restart-time
|
(Optional) Used to set the maximum time to wait for a graceful-restart-capable neighbor to come back up after a restart. The default is 120 seconds.
|
stalepath-time
|
(Optional) Used to set the maximum time to hold on to the stale paths of a gracefully restarted peer. All stale paths are deleted after the expiration of this timer. The default is 360 seconds.
|
seconds
|
(Optional) The restart-time or stalepath-time value in number of seconds. The valid range is from 1 to 3600 seconds.
|
Defaults
BGP Cisco Nonstop Forwarding (NSF) capabilities are disabled.
Command Modes
Router configuration
Command History
Release
|
Modification
|
12.0(22)S
|
This command was introduced.
|
12.2(15)T
|
This command was integrated into Cisco IOS Release 12.2(15)T.
|
Usage Guidelines
The bgp graceful-restart command is used to enable the graceful restart mechanism on a router in a BGP network. The graceful restart mechanism supports both NSF awareness and NSF capabilities. A router that is NSF-aware functions like a router that is NSF-capable with one exception: an NSF-aware router is incapable of performing a Stateful Switchover (SSO) operation.
The BGP graceful restart capability is negotiated in the OPEN message. If the user enters the bgp graceful-restart command after the BGP session is established, the session will need to be restarted.
When you enter the bgp graceful-restart command, the bgp graceful-restart restart-time and
bgp graceful-restart stalepath-time commands are enabled by default. After the bgp graceful-restart command is used to configure the graceful restart capability, you may tune the configuration using the restart-time and stalepath-time keywords. If you do not first configure the graceful restart capability using the bgp graceful-restart command, the tuning values will not appear in the configuration file.
We recommend that the bgp graceful-restart restart-time and bgp graceful-restart stalepath-time commands remain set to their default values.
The restart time should not be set to a time greater than the holdtime that is carried in the OPEN message. To deal with possible consecutive restarts, a route (from a restarting router) that was previously marked as stale shall be deleted.
Note
The configuration of the restart and stalepath timers is not required to enable the BGP graceful restart capability. The default values are optimal for most network deployments, and these values should be adjusted only by an experienced network operator.
Examples
The following example shows how to configure the BGP graceful restart capability. Enter one command per line:
Router# configure terminal
Router(config)# router bgp 101
Router(config-router)# bgp graceful-restart
The following example configures BGP NSF awareness on a router that is running BGP and sets the restart time to 240 seconds.
router# configure terminal
router(config)# router bgp 101
router(config-router)# bgp graceful-restart restart-time 130
The following example configures BGP NSF awareness on a router that is running BGP and sets the stale path time to 240 seconds.
router# configure terminal
router(config)# router bgp 101
router(config-router)# bgp graceful-restart stalepath-time 350
Related Commands
Command
|
Description
|
show ip bgp
|
Displays entries in the BGP routing table.
|
show ip bgp neighbors
|
Displays information about the TCP and BGP connections to neighbors.
|
bgp inject-map exist-map
To inject a more specific route into a Border Gateway Protocol (BGP) routing table, use the bgp inject-map exist-map command in address family or router configuration mode. To disable the conditional injection of a selected route, use the no form of this command.
bgp inject-map {inject-map-name} exist-map {exist-map-name}[copy-attributes]
no bgp inject-map {inject-map-name} exist-map {exist-map-name}[copy-attributes]
Syntax Description
inject-map-name
|
Defines the prefixes that will be created and installed to the local BGP table.
|
exist-map-name
|
Specifies the prefix that the BGP speaker will track.
|
copy-attributes
|
(Optional) Configures the injected route to inherit the attributes of the aggregate route.
|
Defaults
The BGP Conditional Route Injection feature is not enabled by default.
Command Modes
Address family configuration
Router configuration
Command History
Release
|
Modification
|
12.0(14)ST
|
This command was introduced.
|
12.2(4)T
|
This command was integrated into Cisco IOS Release 12.2(4)T.
|
Usage Guidelines
If the copy-attributes keyword is not specified when the bgp inject-map command is used, the components will use the default attributes for locally originated routes. If the copy-attribute keyword is used, the components will inherit the same attributes as the aggregate route.
To enable conditional route injection, the exist map must contain both the match ip address prefix-list and match ip route-source prefix-list match clauses in the route map paragraph.
Examples
The following example configures the router for conditional route injection:
(config-router)# bgp inject-map map1 exist-map map2 copy-attributes
Related Commands
Command
|
Description
|
ip prefix-list
|
Displays information about a prefix list or prefix list entries.
|
neighbor remote-as
|
Adds an entry to the BGP or multiprotocol BGP neighbor table.
|
route-map (IP)
|
Defines the conditions for redistributing routes from one routing protocol into another, or enables policy routing.
|
show ip bgp
|
Displays entries in the BGP routing table.
|
show ip bgp injected-paths
|
Displays injected paths in the BGP routing table.
|
bgp log-neighbor-changes
To enable logging of BGP neighbor resets, use the bgp log-neighbor-changes command in address family or router configuration mode. To disable the logging of changes in BGP neighbor adjacencies, use the no form of this command.
bgp log-neighbor-changes
no bgp log-neighbor-changes
Syntax Description
This command has no arguments or keywords.
Defaults
BGP neighbor changes are logged.
Command Modes
Address family configuration
Router configuration
Command History
Release
|
Modification
|
11.1 CC
|
This command was introduced.
|
12.0
|
This command was introduced.
|
12.0(7)T
|
Address family configuration mode was added.
|
12.0(1)
|
BGP neighbor changes are logged by default.
|
Usage Guidelines
The bgp log-neighbor-changes command enables logging of BGP neighbor status changes (up or down) and resets for troubleshooting network connectivity problems and measuring network stability. Unexpected neighbor resets might indicate high error rates or high packet loss in the network and should be investigated.
Using the bgp log-neighbor-changes command to enable status change message logging does not cause a substantial performance impact, unlike, for example, enabling per BGP update debugging. If the UNIX syslog facility is enabled, messages are sent to the UNIX host running the syslog daemon so that the messages can be stored and archived. If the UNIX syslog facility is not enabled, the status change messages are retained in the internal buffer of the router, and are not stored to disk. You can set the size of this buffer, which is dependent upon the available RAM, using the logging buffered command.
The neighbor status change messages are not tracked if the bgp log-neighbor-changes command is not enabled, except for the reset reason, which is always available as output of the show ip bgp neighbors command.
The eigrp log-neighbor-changes command enables logging of Enhanced INTERIOR gateway Routing Protocol (EIGRP) neighbor adjacencies, but messages for BGP neighbors are logged only if they are specifically enabled with the bgp log-neighbor-changes command.
Use the show logging command to display the log for the BGP neighbor changes.
Examples
The following example logs neighbor changes for BGP in router configuration mode:
The following example logs neighbor changes for BGP in address family configuration mode:
address-family ipv4 unicast
Related Commands
Command
|
Description
|
address-family ipv4 (BGP)
|
Places the router in address family configuration mode for configuring routing sessions such as BGP, RIP, or static routing sessions that use standard IPv4 address prefixes.
|
eigrp log-neighbor-changes
|
Enables the logging of neighbor adjacency changes to monitor the stability of the routing system and to help detect problems.
|
logging buffered
|
Logs messages to an internal buffer.
|
show ip bgp ipv4
|
Displays information about the TCP and BGP connections to neighbors.
|
show ip bgp neighbors
|
Displays information about BGP neighbors.
|
show logging
|
Displays the state of logging (syslog).
|
bgp maxas-limit
To configure Border Gateway Protocol (BGP) to discard routes that have a number of as-path segments that exceed the specified value, use the bgp maxas-limit command in router configuration mode. To return the router to default operation, use the no form of this command.
bgp maxas-limit number
no bgp maxas-limit
Syntax Description
number
|
Specifies the number of autonomous system segments. The value that can be entered for this argument is a number from 1 to 2000.
|
Defaults
The default value in Cisco IOS software for the number argument is 75.
Command Modes
Router configuration
Command History
Release
|
Modification
|
12.2
|
This command was introduced.
|
12.0(17)S
|
This command was integrated into Cisco IOS Release 12.0(17)S.
|
Usage Guidelines
The bgp maxas-limit command is used to limit the number of as-path segments that are permitted in inbound routes. If a route is received with an as-path segment that exceeds the configured limit, the BGP routing process will discard the route.
Examples
In the following example, the maximum as-path segment length is set to 30:
Router(config)# router bgp 40000
Router(config-router-af)# bgp maxas-limit 30
Related Commands
Command
|
Description
|
clear ip bgp
|
Resets a BGP connection or session.
|
bgp next-hop
To configure a loopback interface as the next hop for routes associated with a virtual routing and forwarding instance (VRF), use the bgp next-hop command in VRF configuration mode. To return the router to default operation, use the no form of this command.
bgp next-hop loopback number
no bgp next-hop
Syntax Description
loopback number
|
Specifies the number of the loopback interface. The value that can be entered for this argument is a number from 1 to 2147483647.
|
Defaults
The IP address of the source interface, from which the route was advertised is set as the next hop when this command is not enabled.
Command Modes
VRF configuration
Command History
Release
|
Modification
|
12.2(13)T
|
This command was introduced in Cisco IOS release 12.2(13)T.
|
Usage Guidelines
The bgp next-hop command is used in Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) and Tunnel Engineering (TE) configurations. This command allows you to configure a loopback interface as the next hop for routes that are associated with the specified VRF. This command can be used, for example, to configure VPN traffic to use a specific Label Switched Path (LSP) through an MPLS core network.
Examples
In the following example, loopback interface 0 is configured as the next hop for VPN traffic associated with VRF RED:
Router(config)# ip vrf RED
Router(config-vrf)# rd 40000:1
Router(config-vrf)# route-target import 40000:2
Router(config-vrf)# route-target export 40000:2
Router(config-vrf)# bgp next-hop loopback 0
Related Commands
Command
|
Description
|
ip vrf
|
Configures a VRF routing table.
|
show ip vrf
|
Displays the set of defined VRFs and associated interfaces.
|
bgp redistribute-internal
To allow the redistribution of iBGP routes into an interior gateway protocol such as IS-IS or OSPF, use the bgp redistribute-internal command in router configuration mode. To remove the bgp redistribute-internal command from the configuration file and restore the system to its default condition where the software does not allow the redistribution of iBGP routes into Interior Gateway Protocols (IGPs), use the no form of this command.
bgp redistribute-internal
no bgp redistribute-internal
Syntax Description
This command has no arguments or keywords.
Defaults
By default iBGP routes are not redistributed into IGPs.
Command Modes
Router configuration
Command History
Release
|
Modification
|
12.1
|
This command was introduced.
|
Usage Guidelines
Use of the bgp redistribute-internal command requires the clear ip bgp command to be issued to reset BGP connections.
Caution 
Redistributing iBGP routes into IGPs may cause routing loops to form within an autonomous system. Use this command with caution.
Examples
The following example shows iBGP routes being redistributed into OSPF:
bgp redistribute-internal
Related Commands
Command
|
Description
|
clear ip bgp
|
Resets a BGP connection or session.
|
bgp router-id
To configure a fixed router ID for a BGP-speaking router, use the bgp router-id command in router configuration mode. To remove the bgp router-id command from the configuration file and restore the default value of the router ID, use the no form of this command.
bgp router-id ip-address
no bgp router-id ip-address
Syntax Description
ip-address
|
IP address of the router.
|
Defaults
The router ID is set to the IP address of a loopback interface if one is configured. If no virtual interfaces are configured, the highest IP address is configured for a physical interface on that router. Peering sessions will be reset if the router ID is changed.
Command Modes
Router configuration
Command History
Release
|
Modification
|
10.0
|
This command was introduced.
|
Usage Guidelines
Use this command to configure a fixed router ID as an identifier of the router running BGP. A loopback interface, if one is configured, is more effective than a fixed interface as an identifier because there is no physical link to go down.
Examples
The following example shows the local router configured with the router ID of 192.168.70.24:
bgp router-id 192.168.70.24
Related Commands
Command
|
Description
|
show ip bgp
|
Displays entries in the BGP routing table.
|
bgp rr-group
To create a route-reflector group and enable automatic inbound filtering for VPN version 4 (VPNv4) updates based on the allowed route target (RT) extended communities, use the bgp rr-group command in address-family configuration mode. To disable a route-reflector group or route reflector, use the no form of this command.
bgp rr-group {extcom-list-number}
no bgp rr-group
Syntax Description
extcom-list-number
|
Number of a specific extended community-list that will be supported by the route-reflector group. The range of extended community-list numbers that can be specified is from 1 to 500. However, only one extended community-list is specified with the extcom-list-number argument.
|
Defaults
This command is disabled by default.
Command Modes
This command is configured in the VPNv4 address-family configuration submode.
Command History
Release
|
Modification
|
12.1
|
This command was introduced.
|
12.0(22)S
|
This command was integrated into Cisco IOS Release 12.0(22)S.
|
12.0(22)S
|
The maximum number of extended community-lists that can supported by a route-reflector group was changed from 199 to 500 in Cisco IOS Release 12.0(22)S.
|
12.2(15)T
|
The maximum number of extended community-lists that can supported by a route-reflector group was changed from 199 to 500 in Cisco IOS Release 12.2(15)T.
|
Usage Guidelines
The bgp rr-group command can be used with the ip extcommunity-list command. The ip extcommunity-list command is used to create an extended community-list and specify a list of extended community RTs. Only extended community-lists are supported.
Examples
The following example configures a route-reflector group that will accept community-list number 500:
Related Commands
Command
|
Description
|
ip extcommunity-list
|
Creates an extended community access list.
|
bgp suppress-inactive
To keep routes that are not installed in the routing information base (RIB) from being advertised to peers, use the bgp suppress-inactive command in address family or router configuration mode.
bgp suppress-inactive
no bgp suppress inactive
Syntax Description
This command has no keywords or arguments.
Defaults
This command is disabled by default.
Command Modes
Address family
Router configuration
Command History
Release
|
Modification
|
12.2T
|
This command was introduced.
|
12.0(26)S
|
This command was incorporated into Cisco IOS Release 12.0(26)S.
|
Usage Guidelines
This command is a toggle. Use the bgp suppress-inactive command to prevent routes that are not installed in the RIB from being advertised to peers. Use the no bgp suppress-inactive command to make BGP ignore RIB failures when advertising routes to peers.
Examples
In the following example, the bgp suppress-inactive command is configured:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# router bgp 1
Router(config-router)# bgp suppress-inactive
Related Commands
Command
|
Description
|
clear ip bgp
|
Resets a BGP connection using BGP soft reconfiguration.
|
show ip bgp rib-failure
|
Display BGP routes that failed to install in the RIB table.
|
bgp update-delay
To set the maximum initial delay period before a Border Gateway Protocol (BGP)-speaking networking device sends its first updates, use the bgp update-delay command in router configuration mode. To remove the bgp update-delay command from the configuration file and restore the initial delay to its default value, use the no form of this command.
bgp update-delay seconds
no bgp update-delay
Syntax Description
seconds
|
The maximum delay, in seconds, before a BGP-speaking networking device sends its updates. The range is from 0 to 3600. The default is 120 seconds.
|
Defaults
If this command is not configured, the default initial delay value is 120 seconds.
Command Modes
Router configuration
Command History
Release
|
Modification
|
12.2
|
This command was introduced.
|
Usage Guidelines
When BGP is started, it waits a specified period of time for its neighbors to be established themselves and to begin sending their initial updates. Once that period is complete, or when the time expires, the best path is calculated for each route, and the software starts sending advertisements out to its peers. This behavior improves convergence time because, if the software were to start sending advertisements out immediately, it would have to send extra advertisements if it later received a better path for the prefix from another peer.
The bgp update-delay command is used to tune the maximum time the software will wait after the first neighbor is established until it starts calculating best paths and sending out advertisements. This command can be used when configuring the bgp graceful-restart command as part of the Nonstop Forwarding (NSF) capability.
Examples
The following example sets the maximum initial delay to 240 seconds:
Related Commands
Command
|
Description
|
bgp graceful-restart
|
Enables the BGP graceful restart capability.
|
bgp upgrade-cli
To upgrade an existing router configuration file in the NLRI format to the AFI format and set the router CLI to use only address-family identifier (AFI) commands, use the bgp upgrade-cli command in router configuration mode:
bgp upgrade-cli
Syntax Description
This command has no keywords or arguments.
Defaults
Address family commands are enabled. NLRI commands are no longer valid.
Command Modes
Router configuration
Command History
Release
|
Modification
|
12.0(14)ST
|
This command was introduced.
|
12.2(15)T
|
This command was integrated into Cisco IOS Release 12.0(22)S.
|
12.0(22)S
|
This command was integrated into Cisco IOS Release 12.0(22)S.
|
Usage Guidelines
The bgp upgrade-cli command is used to upgrade a router that is running in the NLRI format to the AFI format. The bgp upgrade-cli command upgrades all existing NLRI formatted configurations to the AFI format. The upgrade is automatic and does not require any further configuration by the network operator, and no configuration information will be lost. Several NLRI-based commands do not exist under the AFI format but have equivalent commands under the AFI format. See Table 1 for NLRI to AFI command mapping.
Table 1 Mapping NLRI Commands with Address Family Commands
NLRI Commands
|
Address Family Command
|
distance mbgp
|
distance bgp
|
match nlri
|
address-family ipv4
|
set nlri
|
address-family ipv4
|
show ip mbgp
|
show ip bgp ipv4 multicast
|
show ip mbgp summary
|
show ip bgp ipv4 multicast summary
|
Examples
The following example upgrades an existing router configuration file in the NLRI format to the AFI format and set the router CLI to use only commands in the AFI format:
Router(config)# router bgp 5
Router(config-router)# bgp upgrade-cli
bgp-policy
To enable Border Gateway Protocol (BGP) policy accounting or policy propagation on an interface, use the bgp-policy command in interface configuration mode. To disable BGP policy propagation or policy accounting, use the no form of this command.
bgp-policy {accounting | ip-prec-map}
no bgp-policy {accounting | ip-prec-map}
Syntax Description
accounting
|
Accounting policy based on community lists, autonomous system numbers, or autonomous system paths.
|
ip-prec-map
|
Quality of service (QoS) policy based on the IP precedence.
|
Defaults
BGP policy accounting and policy propagation are disabled.
Command Modes
Interface configuration
Command History
Release
|
Modification
|
11.1 CC
|
This command was introduced.
|
12.0(9) S
|
This command was integrated into Cisco IOS Release 12.0(9)S and the accounting keyword was added.
|
12.0(17)ST
|
This command was integrated into Cisco IOS Release 12.0(17)ST.
|
12.2(13)T
|
This command was integrated into Cisco IOS Release 12.2(13)T.
|
Usage Guidelines
For BGP policy propagation to function, you must enable BGP and either Cisco Express Forwarding (CEF) or distributed CEF (dCEF).
To specify the QoS policy based on the IP precedence, the proper route-map configuration must be in place (for example, the set ip precedence route-map configuration command). To display QoS policy information for the interface, use the show ip interface command.
Note
If you specify both the source and destination addresses when configuring policy propagation based on an access control list (ACL), the software looks up the source address in the routing table and classifies the packet based on the source address first; then the software looks up the destination address in the routing table and reclassifies the packet based on the destination address.
To specify the accounting policy, the proper route-map configuration must be in place matching specific BGP attributes using the set traffic-index command. In BGP router configuration mode use the table-map command to modify the accounting buckets when the IP routing table is updated with routes learned from BGP. To display accounting policy information, use the show cef interface policy-statistics, the show ip bgp, and the show ip cef detail EXEC commands.
Examples
The following example enables the BGP policy propagation feature on an interface based on the source address and the IP precedence setting:
The following example enables the BGP policy accounting feature on GE-WAN interface 9/1. The policy is classified by autonomous system paths.
ip as-path access-list 1 permit _10_
ip as-path access-list 2 permit _11_
route-map buckets permit 10
route-map buckets permit 20
route-map buckets permit 80
ip address 10.0.2.2 255.255.255.0
Related Commands
Command
|
Description
|
set ip precedence
|
Sets the precedence values in the IP header.
|
set traffic-index
|
Defines where to output packets that pass a match clause of a route map for BGP policy accounting.
|
show cef interface policy-statistics
|
Displays detailed CEF policy statistical information for all interfaces.
|
show ip bgp
|
Displays entries in the BGP routing table.
|
show ip cef
|
Displays entries in the FIB or FIB summary information.
|
show ip interface
|
Displays the usability status of interfaces.
|
table-map
|
Classifies routes according to a route map.
|