Cisco IOS IP Command Reference, Volume 2 of 4: Routing Protocols, Release 12.3
IP Routing Protocol Commands: A through B

Table Of Contents

Cisco IOS IP Routing Protocol Commands

accept-lifetime

address-family ipv4 (BGP)

address-family ipv4 (EIGRP)

address-family nsap

address-family vpnv4

aggregate-address

area authentication

area default-cost

area filter-list

area nssa

area nssa translate

area range

area sham-link cost

area stub

area virtual-link

area-password

authentication key-chain

authentication mode

authentication send-only

auto-cost

auto-summary (BGP)

auto-summary (EIGRP)

auto-summary (RIP)

bgp always-compare-med

bgp bestpath as-path ignore

bgp bestpath compare-routerid

bgp bestpath med confed

bgp bestpath med missing-as-worst

bgp client-to-client reflection

bgp cluster-id

bgp confederation identifier

bgp confederation peers

bgp dampening

bgp default ipv4-unicast

bgp default local-preference

bgp deterministic-med

bgp fast-external-fallover

bgp graceful-restart

bgp inject-map exist-map

bgp log-neighbor-changes

bgp maxas-limit

bgp next-hop

bgp redistribute-internal

bgp router-id

bgp rr-group

bgp suppress-inactive

bgp update-delay

bgp upgrade-cli

bgp-policy


Cisco IOS IP Routing Protocol Commands


accept-lifetime

To set the time period during which the authentication key on a key chain is received as valid, use the accept-lifetime command in key chain key configuration mode. To revert to the default value, use the no form of this command.

accept-lifetime start-time {infinite | end-time | duration seconds}

no accept-lifetime [start-time {infinite | end-time | duration seconds}]

Syntax Description

start-time

Beginning time that the key specified by the key command is valid to be received. The syntax can be either of the following:

        hh:mm:ss Month date year

        hh:mm:ss date Month year

hh—hours

mm—minutes

ss—seconds

Month—first three letters of the month

date—date (1-31)

year—year (four digits)

The default start time and the earliest acceptable date is January 1, 1993.

infinite

Key is valid to be received from the start-time value on.

end-time

Key is valid to be received from the start-time value until the end-time value. The syntax is the same as that for the start-time value. The end-time value must be after the start-time value. The default end time is an infinite time period.

duration seconds

Length of time (in seconds) that the key is valid to be received. The range is from 1 to 2147483646.


Defaults

Forever (the starting time is January 1, 1993, and ending time is infinite)

Command Modes

Key chain key configuration

Command History

Release
Modification

11.1

This command was introduced.


Usage Guidelines

Only DRP Agent, Enhanced Interior Gateway Routing Protocol (EIGRP), and Routing Information Protocol (RIP) Version 2 use key chains.

Specify a start-time value and one of the following values: infinite, end-time, or duration seconds.

We recommend running Network Time Protocol (NTP) or some other time synchronization method if you assign a lifetime to a key.

If the last key expires, authentication will continue and an error message will be generated. To disable authentication, you must manually delete the last valid key.

Examples

The following example configures a key chain called trees. The key named chestnut will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The key named birch will be accepted from 2:30 p.m. to 4:30 p.m. and be sent from 3:00 p.m. to 4:00 p.m. The overlap allows for migration of keys or discrepancies in the set time of the router. There is a 30-minute leeway on each side to handle time differences.

interface ethernet 0
 ip rip authentication key-chain trees
 ip rip authentication mode md5
!
router rip
 network 172.19.0.0
 version 2
!
key chain trees
 key 1
 key-string chestnut
 accept-lifetime 13:30:00 Jan 25 1996 duration 7200
 send-lifetime 14:00:00 Jan 25 1996 duration 3600
 key 2
 key-string birch
 accept-lifetime 14:30:00 Jan 25 1996 duration 7200
 send-lifetime 15:00:00 Jan 25 1996 duration 3600

Related Commands

Command
Description

key

Identifies an authentication key on a key chain.

key chain

Enables authentication for routing protocols.

key-string (authentication)

Specifies the authentication string for a key.

send-lifetime

Sets the time period during which an authentication key on a key chain is valid to be sent.

show key chain

Displays authentication key information.


address-family ipv4 (BGP)

To enter address family configuration mode for configuring routing sessions such as BGP that use standard IP Version 4 address prefixes, use the address-family ipv4 command in router configuration mode. To disable address family configuration mode, use the no form of this command.

address-family ipv4 [multicast | unicast | vrf vrf-name]

no address-family ipv4 [multicast | unicast | vrf vrf-name]

Syntax Description

multicast

(Optional) Specifies IP Version 4 multicast address prefixes.

unicast

(Optional) Specifies IP Version 4 unicast address prefixes.

vrf vrf-name

(Optional) Specifies the name of the virtual routing and forwarding (VRF) instance to associate with subsequent IP Version 4 address family configuration mode commands.


Defaults

IP Version 4 address prefixes are not enabled. Unicast address prefixes are the default when IP Version 4 address prefixes are configured.

Command Modes

Router configuration

Command History

Release
Modification

12.0(5)T

This command was introduced.


Usage Guidelines

The address-family ipv4 command places the router in address family configuration mode (prompt: (config-router-af)#, from which you can configure routing sessions that use standard IP Version 4 address prefixes. To leave address family configuration mode and return to router configuration mode, type exit.

Routing information for address family IP Version 4 is advertised by default when you configure a BGP routing session using the neighbor remote-as command unless you enter the no bgp default ipv4-unicast command.

The address-family ipv4 command replaces the match nlri and set nlri commands.

Examples

The following example places the router in address family configuration mode for the IP Version 4 address family:

Router(config)# router bgp 100
Router(config-router)# address-family ipv4
Router(config-router-af)#

The following example places the router in address family configuration mode and specifies multicast address prefixes for the IP Version 4 address family:

Router(config)# router bgp 100
Router(config-router)# address-family ipv4 multicast
Router(config-router-af)#

The following example places the router in address family configuration mode and specifies unicast address prefixes for the IP Version 4 address family:

Router(config)# router bgp 100
Router(config-router)# address-family ipv4 unicast
Router(config-router-af)#

The following example places the router in address family configuration mode and specifies cisco as the name of the VRF instance to associate with subsequent IP Version 4 address family configuration mode commands:

Router(config)# router bgp 100
Router(config-router)# address-family ipv4 vrf cisco
Router(config-router-af)#

Use this form of the command, which specifies a VRF, only to configure routing exchanges between provider edge (PE) and customer edge (CE) devices.

Related Commands

Command
Description

address-family vpnv4

Places the router in address family configuration mode for configuring routing sessions such as BGP, RIP, or static routing sessions that use standard VPN Version 4 address prefixes.

neighbor activate

Enables the exchange of information with a BGP neighboring router.


address-family ipv4 (EIGRP)

To enter IPv4 address family configuration mode to configure an Enhanced Interior Gateway Routing Protocol (EIGRP) Virtual Private Network (VPN), use the address-family ipv4 command in address family configuration mode. To remove the address family from the EIGRP configuration, use the no form of this command.

address-family ipv4 [unicast] [vrf vrf-name]

no address-family ipv4 [unicast] [vrf vrf-name]

Syntax Description

unicast

(Optional) Specifies the unicast subaddress family.

vrf vrf-name

(Optional) Specifies the name of the VRF.


Defaults

A default VRF is automatically created when this command is entered without the vrf keyword.

Command Modes

Address family configuration

Command History

Release
Modification

12.0(22)S

This command was introduced.

12.2(15)T

This command was integrated into 12.2(15)T.


Usage Guidelines

The address-family ipv4 command is used to configure IPv4 address family sessions under EIGRP. To leave address family configuration mode without removing the address family configuration, use the exit-address-family command.

EIGRP VPNs can be configured only under IPv4 address family configuration mode. A virtual routing and forwarding instance (VRF) and route distinguisher must be defined before the address family session can be created.

A single EIGRP routing process can support multiple VRFs. The number of VRFs that can be configured is limited by only available system resources on the router, which is determined by the number of VRFs, running processes, and available memory. However, only a single VRF can be supported by each VPN, and redistribution between different VRFs is not supported.

MPLS VPN support between PE and CE routers is configured only on PE routers that provide VPN services over the service provider backbone. The customer site does not require any changes to equipment or configurations to support the EIGRP VPN. A metric must be configured for routes to be advertised to the CE router. The metric can be configured using the redistribute (IP) command or configured with the default-metric (EIGRP) command.

Examples

The following example, starting in Global configuration mode, configures an IPv4 address family session for the VRF named RED:

Router(config)# ip vrf RED 
Router(config-vrf)# rd 1:1 
Router(config-vrf)# exit 
Router(config)# router eigrp 1 
Router(config-router)#  address-family ipv4 vrf RED
Router(config-router-af)# autonomous-system 101 
Router(config-router-af)# network 172.16.0.0 
Router(config-router-af)# default-metric 10000 100 255 1 1500 
Router(config-router-af)# exit-address-family 

Related Commands

Command
Description

default-metric (EIGRP)

Sets metric for EIGRP.

exit-address-family

Exits from address family configuration mode.

network (EIGRP)

Specifies a list of networks for the EIGRP routing process.

redistribute (IP)

Redistributes routes from one routing domain into another routing domain.


address-family nsap

To enter address family configuration mode and configure Connectionless Network Service (CLNS)-specific parameters for Border Gateway Protocol (BGP) routing sessions, use the address-family nsap command in router configuration mode. To disable address family configuration mode, use the no form of this command.

address-family nsap [unicast]

no address-family nsap [unicast]

Syntax Description

unicast

(Optional) Specifies network service access point (NSAP) unicast address prefixes.


Defaults

NSAP address prefixes are not enabled. Unicast address prefixes are the default when NSAP address prefixes are configured.


Note Routing information for address family IPv4 is advertised by default for each BGP routing session configured with the neighbor remote-as command unless you configure the no bgp default ipv4-unicast command before configuring the neighbor remote-as command.


Command Modes

Router configuration

Command History

Release
Modification

12.2(8)T

This command was introduced.


Usage Guidelines

The address-family nsap command enters address family configuration mode (prompt: config-router-af)#, from which you can configure routing sessions that use standard NSAP address prefixes. To leave address family configuration mode and return to router configuration mode, enter the exit-address-family command.

To configure BGP commands and functionality for NSAP prefixes, you must enter NSAP address family configuration mode for those address prefixes, using the address-family nsap command.

Examples

The following example enters NSAP address family configuration mode under BGP:

Router(config)# router bgp 64500
Router(config-router)# address-family nsap
Router(config-router-af)#

Related Commands

Command
Description

address-family ipv4 (BGP)

Enters address family configuration mode for configuring routing sessions, such as BGP, that use standard IPv4 address prefixes.

bgp default ipv4-unicast

Enables the IPv4 unicast address family on all neighbors.

neighbor activate

Enables the exchange of information with a BGP neighboring router.


address-family vpnv4

To enter address family configuration mode for configuring routing sessions, such as BGP, that use standard Virtual Private Network (VPN) Version 4 address prefixes, use the address-family vpnv4 command in router configuration mode. To disable address family configuration mode, use the no form of this command.

address-family vpnv4 [unicast]

no address-family vpnv4 [unicast]

Syntax Description

unicast

(Optional) Specifies VPN Version 4 unicast address prefixes.


Defaults

VPN Version 4 address prefixes are not enabled. Unicast address prefixes are the default when VPN Version 4 address prefixes are configured.

Command Modes

Router configuration

Command History

Release
Modification

12.0(5)T

This command was introduced.


Usage Guidelines

The address-family vpnv4 command places the router in address family configuration mode (prompt: config-router-af), from which you can configure routing sessions that use VPN Version 4 address prefixes. To leave address family configuration mode and return to router configuration mode, type exit.

The address-family vpnv4 command replaces the match nlri and set nlri commands.

Examples

The following example places the router in address family configuration mode for the VPN Version 4 address family:

Router(config)# router bgp 100
(config-router)# address-family vpnv4
(config-router-af)#

The following example places the router in address family configuration mode for the unicast VPN Version 4 address family:

Router(config)# router bgp 100
(config-router)# address-family vpnv4 unicast
(config-router-af)#

Related Commands

Command
Description

address-family ipv4 (BGP)

Places the router in address family configuration mode for configuring routing sessions such as BGP, RIP, or static routing sessions that use standard IP Version 4 address prefixes.

neighbor activate

Enables the exchange of information with a BGP neighboring router.


aggregate-address

To create an aggregate entry in a Border Gateway Protocol (BGP) or multiprotocol BGP database, use the aggregate-address command in address family or router configuration mode. To disable this function, use the no form of this command.

aggregate-address address mask [as-set] [summary-only] [suppress-map map-name] [advertise-map map-name] [attribute-map map-name]

no aggregate-address address mask [as-set] [summary-only] [suppress-map map-name] [advertise-map map-name] [attribute-map map-name]

Syntax Description

address

Aggregate address.

mask

Aggregate mask.

as-set

(Optional) Generates autonomous system set path information.

summary-only

(Optional) Filters all more-specific routes from updates.

suppress-map map-name

(Optional) Name of the route map used to select the routes to be suppressed.

advertise-map map-name

(Optional) Name of the route map used to select the routes to create AS_SET origin communities.

attribute-map map-name

(Optional) Name of the route map used to set the attribute of the aggregate route.


Defaults

This command is disabled by default.

Command Modes

Address family configuration
Router configuration

Command History

Release
Modification

10.0

This command was introduced.

11.1(20)CC

The nlri unicast, nlri multicast, and nlri unicast multicast keywords were added.

12.0(2)S

The nlri unicast, nlri multicast, and nlri unicast multicast keywords were added.

12.0(7)T

The nlri unicast, nlri multicast, and nlri unicast multicast keywords were removed.

Address family configuration mode was added.


Usage Guidelines

You can implement aggregate routing in BGP and multiprotocol BGP either by redistributing an aggregate route into BGP or multiprotocol BGP, or by using this conditional aggregate routing feature.

Using the aggregate-address command with no keywords will create an aggregate entry in the BGP or multiprotocol BGP routing table if any more-specific BGP or multiprotocol BGP routes are available that fall in the specified range. The aggregate route will be advertised as coming from your autonomous system and will have the atomic aggregate attribute set to show that information might be missing. (By default, the atomic aggregate attribute is set unless you specify the as-set keyword.)

Using the as-set keyword creates an aggregate entry using the same rules that the command follows without this keyword, but the path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized. Do not use this form of the aggregate-address command when aggregating many paths, because this route must be continually withdrawn and updated as autonomous system path reachability information for the summarized routes changes.

Using the summary-only keyword not only creates the aggregate route (for example, 193.*.*.*) but also suppresses advertisements of more-specific routes to all neighbors. If you want to suppress only advertisements to certain neighbors, you may use the neighbor distribute-list command, with caution. If a more-specific route leaks out, all BGP or multiprotocol BGP routers will prefer that route over the less-specific aggregate you are generating (using longest-match routing).

Using the suppress-map keyword creates the aggregate route but suppresses advertisement of specified routes. You can use the match clauses of route maps to selectively suppress some more-specific routes of the aggregate and leave others unsuppressed. IP access lists and autonomous system path access lists match clauses are supported.

Using the advertise-map keyword selects specific routes that will be used to build different components of the aggregate route, such as AS_SET or community. This form of the aggregate-address command is useful when the components of an aggregate are in separate autonomous systems and you want to create an aggregate with AS_SET, and advertise it back to some of the same autonomous systems. You must remember to omit the specific autonomous system numbers from the AS_SET to prevent the aggregate from being dropped by the BGP loop detection mechanism at the receiving router. IP access lists and autonomous system path access lists match clauses are supported.

Using the attribute-map keyword allows attributes of the aggregate route to be changed. This form of the aggregate-address command is useful when one of the routes forming the AS_SET is configured with an attribute such as the community no-export attribute, which would prevent the aggregate route from being exported. An attribute map route map can be created to change the aggregate attributes.

Examples

In the following example, a BGP aggregate address is created in router configuration mode. The path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized.

router bgp 65000
aggregate-address 10.0.0.0 255.0.0.0 as-set

In the following example, a multiprotocol BGP aggregate address is created in address family configuration mode and applied to the multicast database only using an IP Version 4 address family. More-specific routes are filtered from updates.

router bgp 65000
address-family ipv4 multicast
aggregate-address 10.0.0.0 255.0.0.0 summary-only

In the following example, a route map called map-one is created matching on an as-path access list. The path advertised for this route will be an AS_SET consisting of elements contained in paths that are matched in the route map.

ip as-path access-list 1 deny ^1234_
ip as-path access-list 1 permit .*
!
route-map map-one
match ip as-path 1
!
router bgp 65000
aggregate-address 10.0.0.0 255.0.0.0 as-set advertise-map map-one

Related Commands

Command
Description

address-family ipv4 (BGP)

Places the router in address family configuration mode for configuring routing sessions such as BGP, RIP, or static routing sessions that use standard IPv4 address prefixes.

match ip address

Distributes any routes that have a destination network number address that is permitted by a standard or extended access list, and performs policy routing on packets.

neighbor distribute-list

Distribute BGP neighbor information in an access list.

route-map (IP)

Defines the conditions for redistributing routes from one routing protocol into another, or enables policy routing.


area authentication

To enable authentication for an OSPF area, use the area authentication command in router configuration mode. To remove an authentication specification of an area or a specified area from the configuration, use the no form of this command.

area area-id authentication [message-digest]

no area area-id authentication [message-digest]

Syntax Description

area-id

Identifier of the area for which authentication is to be enabled. The identifier can be specified as either a decimal value or an IP address.

message-digest

(Optional) Enables Message Digest 5 (MD5) authentication on the area specified by the area-id argument.


Defaults

Type 0 authentication (no authentication)

Command Modes

Router configuration

Command History

Release
Modification

10.0

This command was introduced.

11.0

The message-digest keyword was added.


Usage Guidelines

Specifying authentication for an area sets the authentication to Type 1 (simple password) as specified in RFC 1247. If this command is not included in the configuration file, authentication of Type 0 (no authentication) is assumed.

The authentication type must be the same for all routers and access servers in an area. The authentication password for all OSPF routers on a network must be the same if they are to communicate with each other via OSPF. Use the ip ospf authentication-key interface command to specify this password.

If you enable MD5 authentication with the message-digest keyword, you must configure a password with the ip ospf message-digest-key interface command.

To remove the authentication specification for an area, use the no form of this command with the authentication keyword.


Note To remove the specified area from the software configuration, use the no area area-id command (with no other keywords). That is, the no area area-id command removes all area options, such as area authentication, area default-cost, area nssa, area range, area stub, and area virtual-link.


Examples

The following example mandates authentication for areas 0 and 10.0.0.0 of OSPF routing process 201. Authentication keys are also provided.

interface ethernet 0
 ip address 192.168.251.201 255.255.255.0
 ip ospf authentication-key adcdefgh
!
interface ethernet 1
 ip address 10.56.0.201 255.255.0.0
 ip ospf authentication-key ijklmnop
!
router ospf 201
 network 10.0.0.0 0.255.255.255 area 10.0.0.0
 network 192.168.0.0 0.0.255.255 area 0
 area 10.0.0.0 authentication
 area 0 authentication

Related Commands

Command
Description

area default-cost

Specifies a cost for the default summary route sent into a stub area.

area stub

Defines an area as a stub area.

ip ospf authentication-key

Assigns a password to be used by neighboring routers that are using the simple password authentication of OSPF.

ip ospf message-digest-key

Enables OSPF MD5 authentication.


area default-cost

To specify a cost for the default summary route sent into a stub or not so stubby area (NSSA), use the area default-cost command in router configuration mode. To remove the assigned default route cost, use the no form of this command.

area area-id default-cost cost

no area area-id default-cost cost

Syntax Description

area-id

Identifier for the stub or NSSA. The identifier can be specified as either a decimal value or as an IP address.

cost

Cost for the default summary route used for a stub or NSSA. The acceptable value is a 24-bit number.


Defaults

cost: 1

Command Modes

Router configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

The command is used only on an Area Border Router (ABR) attached to a stub or NSSA.

There are two stub area router configuration commands: the stub and default-cost options of the area command. In all routers and access servers attached to the stub area, the area should be configured as a stub area using the stub option of the area command. Use the default-cost option only on an ABR attached to the stub area. The default-cost option provides the metric for the summary default route generated by the ABR into the stub area.


Note To remove the specified area from the software configuration, use the no area area-id command (with no other keywords). That is, the no area area-id command removes all area options, such as area authentication, area default-cost, area nssa, area range, area stub, and area virtual-link.


Examples

The following example assigns a default cost of 20 to stub network 10.0.0.0:

interface ethernet 0
 ip address 10.56.0.201 255.255.0.0
!
router ospf 201
 network 10.0.0.0 0.255.255.255 area 10.0.0.0
 area 10.0.0.0 stub
 area 10.0.0.0 default-cost 20

Related Commands

Command
Description

area authentication

Enables authentication for an OSPF area.

area stub

Defines an area as a stub area.


area filter-list

To filter prefixes advertised in type 3 link-state advertisements (LSAs) between Open Shortest Path First (OSPF) areas of an Area Border Router (ABR), use the area filter-list command in router configuration mode. To change or cancel the filter, use the no form of this command.

area {area-id} filter-list prefix {prefix-list-name in | out}

no area {area-id} filter-list prefix {prefix-list-name in | out}

Syntax Description

area-id

Identifier of the area for which filtering is configured. The identifier can be specified as either a decimal value or an IP address.

prefix

Indicates that a prefix list is used.

prefix-list-name

Name of a prefix list.

in

Prefix list applied to prefixes advertised to the specified area from other areas.

out

Prefix list applied to prefixes advertised out of the specified area to other areas.


Defaults

This command has no default behavior.

Command Modes

Router configuration

Command History

Release
Modification

12.0(15)S

This command was introduced.

12.2(4)T

This command was integrated into Cisco IOS Release 12.2(4)T.


Usage Guidelines

With this feature enabled in the "in" direction, all type 3 LSAs originated by the ABR to this area, based on information from all other areas, are filtered by the prefix list. Type 3 LSAs that were originated as a result of the area range command in another area are treated like any other type 3 LSA that was originated individually. Any prefix that does not match an entry in the prefix list is implicitly denied.

With this feature enabled in the "out" direction, all type 3 LSAs advertised by the ABR, based on information from this area to all other areas, are filtered by the prefix list. If the area range command has been configured for this area, type 3 LSAs that correspond to the area range are sent to all other areas, only if at least one prefix in the area range matches an entry in the prefix list.

If all specific prefixes are denied by the prefix list, type 3 LSAs that correspond to the area range command will not be sent to any other area. Prefixes that are not permitted by the prefix list are implicitly denied.

Examples

The following example filters prefixes that are sent from all other areas to area 1:

area 1 filter-list prefix AREA_1 in 

Related Commands

Command
Description

area range

Consolidates and summarizes routes at an area boundary.


area nssa

To configure an area as a not-so-stubby area (NSSA), use the area nssa command in router configuration mode. To remove the NSSA distinction from the area, use the no form of this command.

area area-id nssa [no-redistribution] [default-information-originate [metric] [metric-type]] [no-summary]

no area area-id nssa [no-redistribution] [default-information-originate [metric] [metric-type]] [no-summary]

Syntax Description

area-id

Identifier of the area for which authentication is to be enabled. The identifier can be specified as either a decimal value or an IP address.

no-redistribution

(Optional) Used when the router is an NSSA Area Border Router (ABR) and you want the redistribute command to import routes only into the normal areas, but not into the NSSA area.

default-information-
originate

(Optional) Used to generate a Type 7 default into the NSSA area. This keyword takes effect only on NSSA ABR or NSSA Autonomous System Boundary Router (ASBR).

metric

(Optional) OSPF default metric.

metric-type

(Optional) OSPF metric type for default routes.

no-summary

(Optional) Allows an area to be a not-so-stubby area but not have summary routes injected into it.


Defaults

No NSSA area is defined.

Command Modes

Router configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

To remove the specified area from the software configuration, use the no area area-id command (with no other keywords). That is, the no area area-id command removes all area options, such as area authentication, area default-cost, area nssa, area range, area stub, and area virtual-link.

Examples

The following example makes area 1 an NSSA area:

router ospf 1
 redistribute rip subnets
 network 172.19.92.0 0.0.0.255 area 1
 area 1 nssa

area nssa translate

To configure an area as a not-so-stubby area (NSSA) and configure the OSPF Forwarding Address Suppression in Translated Type-5 LSAs feature, use the area nssa translate command in router configuration mode. To remove the NSSA distinction from the area, use the no form of this command.

area area-id nssa translate type7 suppress-fa

no area area-id nssa translate type7 suppress-fa

Syntax Description

area-id

Identifier of the area for which authentication is to be enabled. The identifier can be specified as either a decimal value or an IP address.

translate

Translates one type of LSA to another type of LSA. This keyword takes effect only on an NSSA ABR or NSSA Autonomous System Boundary Router (ASBR).

type7

Translates a Type-7 LSA to a Type-5 LSA. This keyword takes effect only on an NSSA ABR or an NSSA ASBR.

suppress-fa

Suppresses the forwarding address of the Type-7 LSAs from being placed in the Type-5 LSAs. This keyword takes effect only on an NSSA ABR or an NSSA ASBR.


Defaults

No translation occurs.

Command Modes

Router configuration

Command History

Release
Modification

12.2(15)T

This command was introduced.


Usage Guidelines

To configure the OSPF Forwarding Address Suppression in Translated Type-5 LSAs feature, configure the translate type7 suppress-fa keywords. Consider the following caution.


Caution Configuring the OSPF Forwarding Address Suppression in Translated Type-5 LSAs feature causes the router to be noncompliant with RFC 1587. Also, suboptimal routing might result because there might be better paths to reach the destination's forwarding address. This feature should not be configured without careful consideration and not until the network topology is understood.

If the translate keyword is used in addition to the no-redistribution or default-information originate keywords, two separate lines for the area nssa command appear in the configuration file for ease of readability. For example, if area 6 nssa no-redistribution translate type7 suppress-fa is configured, the following lines would appear in the configuration file:

router ospf 1
 area 6 nssa no-redistribution
 area 6 nssa translate type7 suppress-fa

To remove the specified area from the software configuration, use the no area area-id command (with no other keywords). That is, the no area area-id command removes all area options, such as area authentication, area default-cost, area nssa, area range, area stub, and area virtual-link.

Examples

The following example causes OSPF to translate Type-7 LSAs from area 1 to Type-5 LSAs, but not place the Type-7 forwarding address into the Type-5 LSAs. OSPF places 0.0.0.0 as the forwarding address in the Type-5 LSAs.

router ospf 2
 network 172.19.92.0 0.0.0.255 area 1
 area 1 nssa translate type7 suppress-fa

area range

To consolidate and summarize routes at an area boundary, use the area range command in router configuration mode. To disable this function, use the no form of this command.

area area-id range ip-address mask [advertise | not-advertise] [cost cost]

no area area-id range ip-address mask [advertise | not-advertise] [cost cost]

Syntax Description

area-id

Identifier of the area about which routes are to be summarized. It can be specified as either a decimal value or as an IP address.

ip-address

IP address.

mask

IP address mask.

advertise

(Optional) Sets the address range status to advertise and generates a Type 3 summary link-state advertisement (LSA).

not-advertise

(Optional) Sets the address range status to DoNotAdvertise. The Type 3 summary LSA is suppressed, and the component networks remain hidden from other networks.

cost cost

(Optional) Metric or cost for this summary route, which is used during OSPF SPF calculation to determine the shortest paths to the destination. The range of this value is from 0 to 16777215.


Defaults

This command is disabled by default.

Command Modes

Router configuration

Command History

Release
Modification

10.0

This command was introduced.

12.2

The cost cost keyword and argument were added.


Usage Guidelines

The area range command is used only with Area Border Routers (ABRs). It is used to consolidate or summarize routes for an area. The result is that a single summary route is advertised to other areas by the ABR. Routing information is condensed at area boundaries. External to the area, a single route is advertised for each address range. This behavior is called route summarization.

Multiple area router configuration commands specifying the range option can be configured. Thus, OSPF can summarize addresses for many different sets of address ranges.


Note To remove the specified area from the software configuration, use the no area area-id command (with no other keywords). That is, the no area area-id command removes all area options, such as area authentication, area default-cost, area nssa, area range, area stub, and area virtual-link.


Examples

The following example specifies one summary route to be advertised by the ABR to other areas for all subnets on network 10.0.0.0 and for all hosts on network 192.168.110.0:

interface ethernet 0
 ip address 192.168.110.201 255.255.255.0
!
interface ethernet 1
 ip address 192.168.120.201 255.255.255.0
!
router ospf 201
 network 192.168.110.0 0.0.0.255 area 0
 area 10.0.0.0 range 10.0.0.0 255.0.0.0
 area 0 range 192.168.110.0 255.255.0.0 cost 60

Related Commands

Command
Description

area authentication

Enables authentication for an OSPF area.

area default-cost

Specifies a cost for the default summary route sent into a stub area.

area nssa

Configures an area as an NSSA.

area stub

Defines an area as a stub area.

area virtual-link

Defines an OSPF virtual link.


area sham-link cost

To configure a sham-link interface on a provider edge (PE) router in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) backbone, use the area sham-link cost command in global configuration mode. To remove the sham-link, use the no form of this command.

area area-id sham-link source-address destination-address cost number

no area area-id sham-link source-address destination-address cost number

Syntax Description

area-id

ID number of the Open Shortest Path First (OSPF) area assigned to the sham-link. Valid values: numeric value or valid IP address. There is no default.

source-address

IP address of the source PE router in the format: ip-address [mask].

destination-address

IP address of the destination PE route in the format: ip-address [mask].

number

OSPF cost to send IP packets over the sham-link interface. The range of this value is from 1 to 65535.


Defaults

No default behavior or values.

Command Modes

Global configuration

Command History

Release
Modification

12.2(8)T

This command was introduced.


Usage Guidelines

In the MPLS VPN environment, several VPN client sites can be connected in the same OSPF area. If these sites are connected over a backdoor link in addition to the VPN backbone, all traffic passes over the backdoor link instead of over the VPN backbone. OSPF always selects intra-area routes over interarea (external) routes.

To correct this default OSPF behavior in an MPLS VPN, use the area sham-link cost command to configure a sham-link between two PEs to connect the sites through the MPLS VPN backbone. A sham-link represents an intra-area (unnumbered point-to-point) connection between PEs. All other routers in the area use the sham-link to calculate intra-area shortest path first (SPF) routes to the remote site.

Configure the source and destination addresses of the sham-link as a host route mask (255.255.255.255) on the PE routers that serve as the endpoints of the sham-link. The source and destination IP addresses must belong to the VRF and be advertised by Border Gateway Protocol (BGP) to remote PE routers. The sham-link endpoint addresses should not be advertised by OSPF.

Examples

The following example shows how to configure a sham-link between two PE routers in an MPLS VPN backbone by using the area sham-link cost command on each router:

Router1(config)# interface loopback 55
Router1(config-if)# ip vrf forwarding v1
Router1(config-if)# ip address 10.0.0.1 255.255.255.255
!
Router1(config)# router ospf 2 vrf v1
Router1(config-if)# log-adjacency-changes
Router1(config-if)# area 120 sham-link 10.0.0.1 10.44.0.1 cost 1
Router1(config-if)# redistribute bgp 1 subnets
Router1(config-if)# network 10.2.0.1 255.255.255.255 area 1
Router1(config-if)# network 10.120.0.0 0.255.255.255 area 120
Router1(config-if)# network 10.140.0.0 0.255.255.255 area 120
!
Router2(config)# interface loopback 44
Router2(config-if)# ip vrf forwarding v1
Router2(config-if)# ip address 172.16.0.1 255.255.255.255
!
Router2(config)# router ospf 2 vrf v1
Router2(config-if)# log-adjacency-changes
Router2(config-if)# area 120 sham-link 10.44.0.1 10.0.0.1 cost 1
Router2(config-if)# redistribute bgp 1 subnets
Router2(config-if)# netw