-
Cisco IOS IP Command Reference, Volume 2 of 4: Routing Protocols, Release 12.3
-
Introduction
-
IP Routing Protocol Commands: A through B
-
IP Routing Protocols Commands: C through H
-
IP Routing Protocols Commands: I
-
IP Routing Protocols Commands: K through M
-
IP Routing Protocols Commands: N
-
IP Routing Protocols Commands: O through R
-
IP Routing Protocols Commands: send-lifetime through set-overload-bit
-
IP Routing Protocols Commands: show bgp nsap through show ip local policy
-
IP Routing Protocols Commands: show ip ospf through version
-
Table Of Contents
Cisco IOS IP Routing Protocol Commands
bgp bestpath med missing-as-worst
bgp client-to-client reflection
Cisco IOS IP Routing Protocol Commands
accept-lifetime
To set the time period during which the authentication key on a key chain is received as valid, use the accept-lifetime command in key chain key configuration mode. To revert to the default value, use the no form of this command.
accept-lifetime start-time {infinite | end-time | duration seconds}
no accept-lifetime [start-time {infinite | end-time | duration seconds}]
Syntax Description
Defaults
Forever (the starting time is January 1, 1993, and ending time is infinite)
Command Modes
Key chain key configuration
Command History
Usage Guidelines
Only DRP Agent, Enhanced Interior Gateway Routing Protocol (EIGRP), and Routing Information Protocol (RIP) Version 2 use key chains.
Specify a start-time value and one of the following values: infinite, end-time, or duration seconds.
We recommend running Network Time Protocol (NTP) or some other time synchronization method if you assign a lifetime to a key.
If the last key expires, authentication will continue and an error message will be generated. To disable authentication, you must manually delete the last valid key.
Examples
The following example configures a key chain called trees. The key named chestnut will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The key named birch will be accepted from 2:30 p.m. to 4:30 p.m. and be sent from 3:00 p.m. to 4:00 p.m. The overlap allows for migration of keys or discrepancies in the set time of the router. There is a 30-minute leeway on each side to handle time differences.
interface ethernet 0ip rip authentication key-chain treesip rip authentication mode md5!router ripnetwork 172.19.0.0version 2!key chain treeskey 1key-string chestnutaccept-lifetime 13:30:00 Jan 25 1996 duration 7200send-lifetime 14:00:00 Jan 25 1996 duration 3600key 2key-string birchaccept-lifetime 14:30:00 Jan 25 1996 duration 7200send-lifetime 15:00:00 Jan 25 1996 duration 3600Related Commands
address-family ipv4 (BGP)
To enter address family configuration mode for configuring routing sessions such as BGP that use standard IP Version 4 address prefixes, use the address-family ipv4 command in router configuration mode. To disable address family configuration mode, use the no form of this command.
address-family ipv4 [multicast | unicast | vrf vrf-name]
no address-family ipv4 [multicast | unicast | vrf vrf-name]
Syntax Description
Defaults
IP Version 4 address prefixes are not enabled. Unicast address prefixes are the default when IP Version 4 address prefixes are configured.
Command Modes
Router configuration
Command History
Usage Guidelines
The address-family ipv4 command places the router in address family configuration mode (prompt: (config-router-af)#, from which you can configure routing sessions that use standard IP Version 4 address prefixes. To leave address family configuration mode and return to router configuration mode, type exit.
Routing information for address family IP Version 4 is advertised by default when you configure a BGP routing session using the neighbor remote-as command unless you enter the no bgp default ipv4-unicast command.
The address-family ipv4 command replaces the match nlri and set nlri commands.
Examples
The following example places the router in address family configuration mode for the IP Version 4 address family:
Router(config)# router bgp 100Router(config-router)# address-family ipv4Router(config-router-af)#The following example places the router in address family configuration mode and specifies multicast address prefixes for the IP Version 4 address family:
Router(config)# router bgp 100Router(config-router)# address-family ipv4 multicastRouter(config-router-af)#The following example places the router in address family configuration mode and specifies unicast address prefixes for the IP Version 4 address family:
Router(config)# router bgp 100Router(config-router)# address-family ipv4 unicastRouter(config-router-af)#The following example places the router in address family configuration mode and specifies cisco as the name of the VRF instance to associate with subsequent IP Version 4 address family configuration mode commands:
Router(config)# router bgp 100Router(config-router)# address-family ipv4 vrf ciscoRouter(config-router-af)#Use this form of the command, which specifies a VRF, only to configure routing exchanges between provider edge (PE) and customer edge (CE) devices.
Related Commands
address-family ipv4 (EIGRP)
To enter IPv4 address family configuration mode to configure an Enhanced Interior Gateway Routing Protocol (EIGRP) Virtual Private Network (VPN), use the address-family ipv4 command in address family configuration mode. To remove the address family from the EIGRP configuration, use the no form of this command.
address-family ipv4 [unicast] [vrf vrf-name]
no address-family ipv4 [unicast] [vrf vrf-name]
Syntax Description
unicast
(Optional) Specifies the unicast subaddress family.
vrf vrf-name
(Optional) Specifies the name of the VRF.
Defaults
A default VRF is automatically created when this command is entered without the vrf keyword.
Command Modes
Address family configuration
Command History
12.0(22)S
This command was introduced.
12.2(15)T
This command was integrated into 12.2(15)T.
Usage Guidelines
The address-family ipv4 command is used to configure IPv4 address family sessions under EIGRP. To leave address family configuration mode without removing the address family configuration, use the exit-address-family command.
EIGRP VPNs can be configured only under IPv4 address family configuration mode. A virtual routing and forwarding instance (VRF) and route distinguisher must be defined before the address family session can be created.
A single EIGRP routing process can support multiple VRFs. The number of VRFs that can be configured is limited by only available system resources on the router, which is determined by the number of VRFs, running processes, and available memory. However, only a single VRF can be supported by each VPN, and redistribution between different VRFs is not supported.
MPLS VPN support between PE and CE routers is configured only on PE routers that provide VPN services over the service provider backbone. The customer site does not require any changes to equipment or configurations to support the EIGRP VPN. A metric must be configured for routes to be advertised to the CE router. The metric can be configured using the redistribute (IP) command or configured with the default-metric (EIGRP) command.
Examples
The following example, starting in Global configuration mode, configures an IPv4 address family session for the VRF named RED:
Router(config)# ip vrf REDRouter(config-vrf)# rd 1:1Router(config-vrf)# exitRouter(config)# router eigrp 1Router(config-router)# address-family ipv4 vrf REDRouter(config-router-af)# autonomous-system 101Router(config-router-af)# network 172.16.0.0Router(config-router-af)# default-metric 10000 100 255 1 1500Router(config-router-af)# exit-address-familyRelated Commands
address-family nsap
To enter address family configuration mode and configure Connectionless Network Service (CLNS)-specific parameters for Border Gateway Protocol (BGP) routing sessions, use the address-family nsap command in router configuration mode. To disable address family configuration mode, use the no form of this command.
address-family nsap [unicast]
no address-family nsap [unicast]
Syntax Description
Defaults
NSAP address prefixes are not enabled. Unicast address prefixes are the default when NSAP address prefixes are configured.
Note
Routing information for address family IPv4 is advertised by default for each BGP routing session configured with the neighbor remote-as command unless you configure the no bgp default ipv4-unicast command before configuring the neighbor remote-as command.
Command Modes
Router configuration
Command History
Usage Guidelines
The address-family nsap command enters address family configuration mode (prompt: config-router-af)#, from which you can configure routing sessions that use standard NSAP address prefixes. To leave address family configuration mode and return to router configuration mode, enter the exit-address-family command.
To configure BGP commands and functionality for NSAP prefixes, you must enter NSAP address family configuration mode for those address prefixes, using the address-family nsap command.
Examples
The following example enters NSAP address family configuration mode under BGP:
Router(config)# router bgp 64500Router(config-router)# address-family nsapRouter(config-router-af)#Related Commands
address-family vpnv4
To enter address family configuration mode for configuring routing sessions, such as BGP, that use standard Virtual Private Network (VPN) Version 4 address prefixes, use the address-family vpnv4 command in router configuration mode. To disable address family configuration mode, use the no form of this command.
address-family vpnv4 [unicast]
no address-family vpnv4 [unicast]
Syntax Description
Defaults
VPN Version 4 address prefixes are not enabled. Unicast address prefixes are the default when VPN Version 4 address prefixes are configured.
Command Modes
Router configuration
Command History
Usage Guidelines
The address-family vpnv4 command places the router in address family configuration mode (prompt: config-router-af), from which you can configure routing sessions that use VPN Version 4 address prefixes. To leave address family configuration mode and return to router configuration mode, type exit.
The address-family vpnv4 command replaces the match nlri and set nlri commands.
Examples
The following example places the router in address family configuration mode for the VPN Version 4 address family:
Router(config)# router bgp 100(config-router)# address-family vpnv4(config-router-af)#The following example places the router in address family configuration mode for the unicast VPN Version 4 address family:
Router(config)# router bgp 100(config-router)# address-family vpnv4 unicast(config-router-af)#Related Commands
aggregate-address
To create an aggregate entry in a Border Gateway Protocol (BGP) or multiprotocol BGP database, use the aggregate-address command in address family or router configuration mode. To disable this function, use the no form of this command.
aggregate-address address mask [as-set] [summary-only] [suppress-map map-name] [advertise-map map-name] [attribute-map map-name]
no aggregate-address address mask [as-set] [summary-only] [suppress-map map-name] [advertise-map map-name] [attribute-map map-name]
Syntax Description
Defaults
This command is disabled by default.
Command Modes
Address family configuration
Router configurationCommand History
Usage Guidelines
You can implement aggregate routing in BGP and multiprotocol BGP either by redistributing an aggregate route into BGP or multiprotocol BGP, or by using this conditional aggregate routing feature.
Using the aggregate-address command with no keywords will create an aggregate entry in the BGP or multiprotocol BGP routing table if any more-specific BGP or multiprotocol BGP routes are available that fall in the specified range. The aggregate route will be advertised as coming from your autonomous system and will have the atomic aggregate attribute set to show that information might be missing. (By default, the atomic aggregate attribute is set unless you specify the as-set keyword.)
Using the as-set keyword creates an aggregate entry using the same rules that the command follows without this keyword, but the path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized. Do not use this form of the aggregate-address command when aggregating many paths, because this route must be continually withdrawn and updated as autonomous system path reachability information for the summarized routes changes.
Using the summary-only keyword not only creates the aggregate route (for example, 193.*.*.*) but also suppresses advertisements of more-specific routes to all neighbors. If you want to suppress only advertisements to certain neighbors, you may use the neighbor distribute-list command, with caution. If a more-specific route leaks out, all BGP or multiprotocol BGP routers will prefer that route over the less-specific aggregate you are generating (using longest-match routing).
Using the suppress-map keyword creates the aggregate route but suppresses advertisement of specified routes. You can use the match clauses of route maps to selectively suppress some more-specific routes of the aggregate and leave others unsuppressed. IP access lists and autonomous system path access lists match clauses are supported.
Using the advertise-map keyword selects specific routes that will be used to build different components of the aggregate route, such as AS_SET or community. This form of the aggregate-address command is useful when the components of an aggregate are in separate autonomous systems and you want to create an aggregate with AS_SET, and advertise it back to some of the same autonomous systems. You must remember to omit the specific autonomous system numbers from the AS_SET to prevent the aggregate from being dropped by the BGP loop detection mechanism at the receiving router. IP access lists and autonomous system path access lists match clauses are supported.
Using the attribute-map keyword allows attributes of the aggregate route to be changed. This form of the aggregate-address command is useful when one of the routes forming the AS_SET is configured with an attribute such as the community no-export attribute, which would prevent the aggregate route from being exported. An attribute map route map can be created to change the aggregate attributes.
Examples
In the following example, a BGP aggregate address is created in router configuration mode. The path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized.
router bgp 65000aggregate-address 10.0.0.0 255.0.0.0 as-setIn the following example, a multiprotocol BGP aggregate address is created in address family configuration mode and applied to the multicast database only using an IP Version 4 address family. More-specific routes are filtered from updates.
router bgp 65000address-family ipv4 multicastaggregate-address 10.0.0.0 255.0.0.0 summary-onlyIn the following example, a route map called map-one is created matching on an as-path access list. The path advertised for this route will be an AS_SET consisting of elements contained in paths that are matched in the route map.
ip as-path access-list 1 deny ^1234_ip as-path access-list 1 permit .*!route-map map-onematch ip as-path 1!router bgp 65000aggregate-address 10.0.0.0 255.0.0.0 as-set advertise-map map-oneRelated Commands
area authentication
To enable authentication for an OSPF area, use the area authentication command in router configuration mode. To remove an authentication specification of an area or a specified area from the configuration, use the no form of this command.
area area-id authentication [message-digest]
no area area-id authentication [message-digest]
Syntax Description
Defaults
Type 0 authentication (no authentication)
Command Modes
Router configuration
Command History
Usage Guidelines
Specifying authentication for an area sets the authentication to Type 1 (simple password) as specified in RFC 1247. If this command is not included in the configuration file, authentication of Type 0 (no authentication) is assumed.
The authentication type must be the same for all routers and access servers in an area. The authentication password for all OSPF routers on a network must be the same if they are to communicate with each other via OSPF. Use the ip ospf authentication-key interface command to specify this password.
If you enable MD5 authentication with the message-digest keyword, you must configure a password with the ip ospf message-digest-key interface command.
To remove the authentication specification for an area, use the no form of this command with the authentication keyword.
Note
Examples
The following example mandates authentication for areas 0 and 10.0.0.0 of OSPF routing process 201. Authentication keys are also provided.
interface ethernet 0ip address 192.168.251.201 255.255.255.0ip ospf authentication-key adcdefgh!interface ethernet 1ip address 10.56.0.201 255.255.0.0ip ospf authentication-key ijklmnop!router ospf 201network 10.0.0.0 0.255.255.255 area 10.0.0.0network 192.168.0.0 0.0.255.255 area 0area 10.0.0.0 authenticationarea 0 authenticationRelated Commands
area default-cost
To specify a cost for the default summary route sent into a stub or not so stubby area (NSSA), use the area default-cost command in router configuration mode. To remove the assigned default route cost, use the no form of this command.
area area-id default-cost cost
no area area-id default-cost cost
Syntax Description
Defaults
cost: 1
Command Modes
Router configuration
Command History
Usage Guidelines
The command is used only on an Area Border Router (ABR) attached to a stub or NSSA.
There are two stub area router configuration commands: the stub and default-cost options of the area command. In all routers and access servers attached to the stub area, the area should be configured as a stub area using the stub option of the area command. Use the default-cost option only on an ABR attached to the stub area. The default-cost option provides the metric for the summary default route generated by the ABR into the stub area.
Note
Examples
The following example assigns a default cost of 20 to stub network 10.0.0.0:
interface ethernet 0ip address 10.56.0.201 255.255.0.0!router ospf 201network 10.0.0.0 0.255.255.255 area 10.0.0.0area 10.0.0.0 stubarea 10.0.0.0 default-cost 20Related Commands
area authentication
Enables authentication for an OSPF area.
area stub
Defines an area as a stub area.
area filter-list
To filter prefixes advertised in type 3 link-state advertisements (LSAs) between Open Shortest Path First (OSPF) areas of an Area Border Router (ABR), use the area filter-list command in router configuration mode. To change or cancel the filter, use the no form of this command.
area {area-id} filter-list prefix {prefix-list-name in | out}
no area {area-id} filter-list prefix {prefix-list-name in | out}
Syntax Description
Defaults
This command has no default behavior.
Command Modes
Router configuration
Command History
12.0(15)S
This command was introduced.
12.2(4)T
This command was integrated into Cisco IOS Release 12.2(4)T.
Usage Guidelines
With this feature enabled in the "in" direction, all type 3 LSAs originated by the ABR to this area, based on information from all other areas, are filtered by the prefix list. Type 3 LSAs that were originated as a result of the area range command in another area are treated like any other type 3 LSA that was originated individually. Any prefix that does not match an entry in the prefix list is implicitly denied.
With this feature enabled in the "out" direction, all type 3 LSAs advertised by the ABR, based on information from this area to all other areas, are filtered by the prefix list. If the area range command has been configured for this area, type 3 LSAs that correspond to the area range are sent to all other areas, only if at least one prefix in the area range matches an entry in the prefix list.
If all specific prefixes are denied by the prefix list, type 3 LSAs that correspond to the area range command will not be sent to any other area. Prefixes that are not permitted by the prefix list are implicitly denied.
Examples
The following example filters prefixes that are sent from all other areas to area 1:
area 1 filter-list prefix AREA_1 inRelated Commands
area nssa
To configure an area as a not-so-stubby area (NSSA), use the area nssa command in router configuration mode. To remove the NSSA distinction from the area, use the no form of this command.
area area-id nssa [no-redistribution] [default-information-originate [metric] [metric-type]] [no-summary]
no area area-id nssa [no-redistribution] [default-information-originate [metric] [metric-type]] [no-summary]
Syntax Description
Defaults
No NSSA area is defined.
Command Modes
Router configuration
Command History
Usage Guidelines
To remove the specified area from the software configuration, use the no area area-id command (with no other keywords). That is, the no area area-id command removes all area options, such as area authentication, area default-cost, area nssa, area range, area stub, and area virtual-link.
Examples
The following example makes area 1 an NSSA area:
router ospf 1redistribute rip subnetsnetwork 172.19.92.0 0.0.0.255 area 1area 1 nssaarea nssa translate
To configure an area as a not-so-stubby area (NSSA) and configure the OSPF Forwarding Address Suppression in Translated Type-5 LSAs feature, use the area nssa translate command in router configuration mode. To remove the NSSA distinction from the area, use the no form of this command.
area area-id nssa translate type7 suppress-fa
no area area-id nssa translate type7 suppress-fa
Syntax Description
Defaults
No translation occurs.
Command Modes
Router configuration
Command History
Usage Guidelines
To configure the OSPF Forwarding Address Suppression in Translated Type-5 LSAs feature, configure the translate type7 suppress-fa keywords. Consider the following caution.
Caution
If the translate keyword is used in addition to the no-redistribution or default-information originate keywords, two separate lines for the area nssa command appear in the configuration file for ease of readability. For example, if area 6 nssa no-redistribution translate type7 suppress-fa is configured, the following lines would appear in the configuration file:
router ospf 1area 6 nssa no-redistributionarea 6 nssa translate type7 suppress-faTo remove the specified area from the software configuration, use the no area area-id command (with no other keywords). That is, the no area area-id command removes all area options, such as area authentication, area default-cost, area nssa, area range, area stub, and area virtual-link.
Examples
The following example causes OSPF to translate Type-7 LSAs from area 1 to Type-5 LSAs, but not place the Type-7 forwarding address into the Type-5 LSAs. OSPF places 0.0.0.0 as the forwarding address in the Type-5 LSAs.
router ospf 2network 172.19.92.0 0.0.0.255 area 1area 1 nssa translate type7 suppress-faarea range
To consolidate and summarize routes at an area boundary, use the area range command in router configuration mode. To disable this function, use the no form of this command.
area area-id range ip-address mask [advertise | not-advertise] [cost cost]
no area area-id range ip-address mask [advertise | not-advertise] [cost cost]
Syntax Description
Defaults
This command is disabled by default.
Command Modes
Router configuration
Command History
10.0
This command was introduced.
12.2
The cost cost keyword and argument were added.
Usage Guidelines
The area range command is used only with Area Border Routers (ABRs). It is used to consolidate or summarize routes for an area. The result is that a single summary route is advertised to other areas by the ABR. Routing information is condensed at area boundaries. External to the area, a single route is advertised for each address range. This behavior is called route summarization.
Multiple area router configuration commands specifying the range option can be configured. Thus, OSPF can summarize addresses for many different sets of address ranges.
Note
Examples
The following example specifies one summary route to be advertised by the ABR to other areas for all subnets on network 10.0.0.0 and for all hosts on network 192.168.110.0:
interface ethernet 0ip address 192.168.110.201 255.255.255.0!interface ethernet 1ip address 192.168.120.201 255.255.255.0!router ospf 201network 192.168.110.0 0.0.0.255 area 0area 10.0.0.0 range 10.0.0.0 255.0.0.0area 0 range 192.168.110.0 255.255.0.0 cost 60Related Commands
area sham-link cost
To configure a sham-link interface on a provider edge (PE) router in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) backbone, use the area sham-link cost command in global configuration mode. To remove the sham-link, use the no form of this command.
area area-id sham-link source-address destination-address cost number
no area area-id sham-link source-address destination-address cost number
Syntax Description
Defaults
No default behavior or values.
Command Modes
Global configuration
Command History
Usage Guidelines
In the MPLS VPN environment, several VPN client sites can be connected in the same OSPF area. If these sites are connected over a backdoor link in addition to the VPN backbone, all traffic passes over the backdoor link instead of over the VPN backbone. OSPF always selects intra-area routes over interarea (external) routes.
To correct this default OSPF behavior in an MPLS VPN, use the area sham-link cost command to configure a sham-link between two PEs to connect the sites through the MPLS VPN backbone. A sham-link represents an intra-area (unnumbered point-to-point) connection between PEs. All other routers in the area use the sham-link to calculate intra-area shortest path first (SPF) routes to the remote site.
Configure the source and destination addresses of the sham-link as a host route mask (255.255.255.255) on the PE routers that serve as the endpoints of the sham-link. The source and destination IP addresses must belong to the VRF and be advertised by Border Gateway Protocol (BGP) to remote PE routers. The sham-link endpoint addresses should not be advertised by OSPF.
Examples
The following example shows how to configure a sham-link between two PE routers in an MPLS VPN backbone by using the area sham-link cost command on each router:
Router1(config)# interface loopback 55Router1(config-if)# ip vrf forwarding v1Router1(config-if)# ip address 10.0.0.1 255.255.255.255!Router1(config)# router ospf 2 vrf v1Router1(config-if)# log-adjacency-changesRouter1(config-if)# area 120 sham-link 10.0.0.1 10.44.0.1 cost 1Router1(config-if)# redistribute bgp 1 subnetsRouter1(config-if)# network 10.2.0.1 255.255.255.255 area 1Router1(config-if)# network 10.120.0.0 0.255.255.255 area 120Router1(config-if)# network 10.140.0.0 0.255.255.255 area 120!Router2(config)# interface loopback 44Router2(config-if)# ip vrf forwarding v1Router2(config-if)# ip address 172.16.0.1 255.255.255.255!Router2(config)# router ospf 2 vrf v1Router2(config-if)# log-adjacency-changesRouter2(config-if)# area 120 sham-link 10.44.0.1 10.0.0.1 cost 1Router2(config-if)# redistribute bgp 1 subnetsRouter2(config-if)# network 10.2.0.1 255.255.255.255 area 1Router2(config-if)# network 10.120.0.0 0.255.255.255 area 120Router2(config-if)# network 10.140.0.0 0.255.255.255 area 120!area stub
To define an area as a stub area, use the area stub command in router configuration mode. To disable this function, use the no form of this command.
area area-id stub [no-summary]
no area area-id stub [no-summary]
Syntax Description
area-id
Identifier for the stub area; either a decimal value or an IP address.
no-summary
(Optional) Prevents an Area Border Router (ABR) from sending summary link advertisements into the stub area.
Defaults
No stub area is defined.
Command Modes
Router configuration
Command History
Usage Guidelines
You must configure the area stub command on all routers and access servers in the stub area. Use the area router configuration command with the default-cost keyword to specify the cost of a default internal router sent into a stub area by an ABR.
There are two stub area router configuration commands: the stub and default-cost options of the area router configuration command. In all routers attached to the stub area, the area should be configured as a stub area using the stub keyword of the area command. Use the default-cost keyword only on an ABR attached to the stub area. The default-cost keyword provides the metric for the summary default route generated by the ABR into the stub area.
To further reduce the number of link-state advertisements (LSAs) sent into a stub area, you can configure the no-summary keyword on the ABR to prevent it from sending summary LSAs (LSA type 3) into the stub area.
Note
Examples
The following example assigns a default cost of 20 to stub network 10.0.0.0:
interface ethernet 0ip address 10.56.0.201 255.255.0.0!router ospf 201network 10.0.0.0 0.255.255.255 area 10.0.0.0area 10.0.0.0 stubarea 10.0.0.0 default-cost 20Related Commands
area authentication
Enables authentication for an OSPF area.
area default-cost
Specifies a cost for the default summary route sent into a stub area.
area virtual-link
To define an OSPF virtual link, use the area virtual-link command in router configuration mode with the optional parameters. To remove a virtual link, use the no form of this command.
area area-id virtual-link router-id [authentication [message-digest | null]] [hello-interval seconds] [retransmit-interval seconds] [transmit-delay seconds] [dead-interval seconds] [[authentication-key key] | [message-digest-key key-id md5 key]]
no area area-id virtual-link router-id [authentication [message-digest | null]] [hello-interval seconds] [retransmit-interval seconds] [transmit-delay seconds] [dead-interval seconds] [[authentication-key key] | [message-digest-key key-id md5 key]]
no area area-id
Syntax Description
Defaults
area-id: No area ID is predefined.
router-id: No router ID is predefined.
hello-interval seconds: 10 seconds
retransmit-interval seconds: 5 seconds
transmit-delay seconds: 1 second
dead-interval seconds: 40 seconds
authentication-key key: No key is predefined.
message-digest-key key-id md5 key: No key is predefined.Command Modes
Router configuration
Command History
Usage Guidelines
In OSPF, all areas must be connected to a backbone area. If the connection to the backbone is lost, it can be repaired by establishing a virtual link.
The smaller the hello interval, the faster topological changes will be detected, but more routing traffic will ensue.
The setting of the retransmit interval should be conservative, or needless retransmissions will result. The value should be larger for serial lines and virtual links.
The transmit delay value should take into account the transmission and propagation delays for the interface.
The Cisco IOS software will use the specified authentication key only when authentication is enabled for the backbone with the area area-id authentication router configuration command.
The two authentication schemes, simple text and MD5 authentication, are mutually exclusive. You can specify one or the other or neither. Any keywords and arguments you specify after authentication-key key or message-digest-key key-id md5 key are ignored. Therefore, specify any optional arguments before such a keyword-argument combination.
For Cisco IOS Release 12.2 and later releases, authentication type now is specified on a per-interface basis, rather than on a per-area basis, per RFC 2178. For backward compatibility, authentication type for an area is still supported. If the authentication type is not specified for an interface, the interface will use the authentication type that was specified for the area. If no authentication type has been specified for the area, the area default is null authentication.
Note
Note
Examples
The following example establishes a virtual link with default values for all optional parameters:
router ospf 201network 10.0.0.0 0.255.255.255 area 10.0.0.0area 10.0.0.0 virtual-link 10.3.4.5The following example establishes a virtual link with MD5 authentication:
router ospf 201network 10.0.0.0 0.255.255.255 area 10.0.0.0area 10.0.0.0 virtual-link 10.3.4.5 message-digest-key 3 md5 sa5721bk47Related Commands
area-password
To configure the IS-IS area authentication password, use the area-password command in router configuration mode. To disable the password, use the no form of this command.
area-password password [authenticate snp {validate | send-only}]
no area-password [password]
Syntax Description
Defaults
No area password is defined, and area password authentication is disabled.
Command Modes
Router configuration
Command History
10.0
This command was introduced.
12.0(21)ST
The authenticate snp, validate, and send-only keywords were added.
Usage Guidelines
Using the area-password command on all routers in an area will prevent unauthorized routers from injecting false routing information into the link-state database.
This password is exchanged as plain text and thus this feature provides only limited security.
This password is inserted in Level 1 (station router level) PDU link-state packets (LSPs), complete sequence number PDUs (CSNPs), and partial sequence number PDUs (PSNP).
If you do not specify the authenticate snp keyword along with either the validate or send-only keyword, then the IS-IS routing protocol does not insert the password into SNPs.
Examples
The following example assigns an area authentication password and specifies that the password be inserted in SNPs and checked in SNPs that the system receives:
router isisarea-password track authenticate snp validateRelated Commands
domain-password
Configures the IS-IS routing domain authentication password.
isis password
Configures the authentication password for an interface.
authentication key-chain
To enable authentication for IS-IS, use the authentication key-chain command in router configuration mode. To disable such authentication, use the no form of this command.
authentication key-chain name-of-chain [level-1 | level-2]
no authentication key-chain name-of-chain [level-1 | level-2]
Syntax Description
Defaults
No key chain authentication is provided for IS-IS packets at the router level.
Command Modes
Router configuration
Command History
Usage Guidelines
If no key chain is configured with the key chain command, no key chain authentication is performed.
Key chain authentication could apply to clear text authentication or MD5 authentication. The mode is determined by the authentication mode command.
Only one authentication key chain is applied to IS-IS at one time. That is, if you configure a second authentication key-chain command, the first is overridden.
If neither the level-1 nor level-2 keyword is configured, the chain applies to both levels.
You can specify authentication for an individual IS-IS interface by using the isis authentication key-chain command.
Examples
The following example configures IS-IS to accept and send any key belonging to the key chain named cities:
router isis real_secure_networknet 49.0000.0101.0101.0101.00is-type level-1authentication mode md5 level-1authentication key-chain cities level-1Related Commands
authentication mode
To specify the type of authentication used in IS-IS packets for the IS-IS instance, use the authentication mode command in router configuration mode. To restore clear text authentication, use the no form of this command.
authentication mode {md5 | text} [level-1 | level-2]
no authentication mode
Syntax Description
Defaults
No authentication is provided for IS-IS packets at the router level by use of this command, although clear text (plain text) authentication could be configured by other means, such as the area-password command or the domain-password command.
Command Modes
Router configuration
Command History
Usage Guidelines
If neither the level-1 nor level-2 keyword is configured, the mode applies to both levels.
You can specify the type of authentication and the level to which it applies for a single IS-IS interface, rather than per IS-IS instance, by using the isis authentication mode command.
If you had clear text authentication configured by using the area-password or domain-password command, the authentication mode command overrides both of those commands.
If you configure the authentication mode command and subsequently try to configure the area-password or domain-password command, you will not be allowed to do so. If you truly want to configure clear text authentication using the area-password or domain-password command, you must use the no authentication mode command first.
Examples
The following example configures for the IS-IS instance that MD5 authentication is performed on Level 1 packets:
router isis real_secure_networknet 49.0000.0101.0101.0101.00is-type level-1authentication mode md5 level-1authentication key-chain cities level-1Related Commands
authentication send-only
To specify for the IS-IS instance that authentication is performed only on IS-IS packets being sent (not received), use the authentication send-only command in router configuration mode. To configure for the IS-IS instance that if authentication is configured at the router level, such authentication be performed on packets being sent and received, use the no form of this command.
authentication send-only [level-1 | level-2]
no authentication send-only
Syntax Description
Defaults
If authentication is configured at the router level, it applies to IS-IS packets being sent and received.
Command Modes
Router configuration
Command History
Usage Guidelines
Use this command before configuring the authentication mode and authentication key chain so that the implementation of authentication goes smoothly. That is, the routers will have more time for the keys to be configured on each router if authentication is inserted only on the packets being sent, not checked on packets being received. After all of the routers that must communicate are configured with this command, enable the authentication mode and key chain on each router. Then specify the no authentication send-only command to disable the send-only feature.
If neither the level-1 nor level-2 keyword is configured, the send-only feature applies to both levels.
This command could apply to clear text authentication or MD5 authentication. The mode is determined by the authentication mode command.
Examples
The following example configures IS-IS Level 1 packets to use clear text authentication on packets being sent (not received):
router isis real_secure_networknet 49.0000.0101.0101.0101.00is-type level-1authentication send-only level-1authentication mode text level-1authentication key-chain cities level-1Related Commands
auto-cost
To control how OSPF calculates default metrics for the interface, use the auto-cost command in router configuration mode. To assign cost based only on the interface type, use the no form of this command.
auto-cost reference-bandwidth ref-bw
no auto-cost reference-bandwidth
Syntax Description
reference-bandwidth ref-bw
Rate in Mbps (bandwidth). The range is from 1 to 4294967; the default is 100.
Defaults
100 Mbps
Command Modes
Router configuration
Command History
Usage Guidelines
In Cisco IOS Release 10.3 and later releases, by default OSPF will calculate the OSPF metric for an interface according to the bandwidth of the interface. For example, a 64K link will get a metric of 1562, and a T1 link will have a metric of 64.
The OSPF metric is calculated as the ref-bw value divided by the bandwidth, with ref-bw equal to 108 by default, and bandwidth determined by the bandwidth (interface) command. The calculation gives FDDI a metric of 1.
If you have multiple links with high bandwidth (such as FDDI or ATM), you might want to use a larger number to differentiate the cost on those links.
The value set by the ip ospf cost command overrides the cost resulting from the auto-cost command.
Examples
The following example changes the cost of the FDDI link to 10, while the gigabit Ethernet link remains at a cost of 1. Thus, the link costs are differentiated.
router ospf 1auto-cost reference-bandwidth 1000Related Commands
auto-summary (BGP)
To allow automatic summarization of subnet routes into network-level routes, use the auto-summary command in address family or router configuration mode. To disable this feature and send subprefix routing information across classful network boundaries, use the no form of this command.
auto-summary
no auto-summary
Syntax Description
This command has no arguments or keywords.
Defaults
The behavior of this command is disabled by default (the software sends subprefix routing information across classful network boundaries).
Command Modes
Address family configuration
Router configuration
Command History
10.0
This command was introduced.
12.0(7)T
Address family configuration mode was added.
12.2(8)T
Command default behavior changed to disabled.
Usage Guidelines
Route summarization reduces the amount of routing information in the routing tables.
By default, BGP does not accept subnets redistributed from Interior Gateway Protocol (IGP). To allow the software to create summary subprefixes to the classful network boundary when crossing classful network boundaries, use the auto-summary command.
To advertise and carry subnet routes in BGP, use an explicit network command because automatic summarization is disabled by default. If you have not entered a network command, you will not advertise network routes for networks with subnet routes unless they contain a summary route.
Examples
In the following router configuration mode example, network numbers are summarized automatically:
router bgp 65006auto-summaryIn the following address family configuration mode example, network numbers are summarized automatically:
router bgp 65006address-family ipv4 unicastauto-summaryRelated Commands
auto-summary (EIGRP)
To allow automatic summarization of subnet routes into network-level routes, use the auto-summary command in router configuration mode. To disable this function and send subprefix routing information across classful network boundaries, use the no form of this command.
auto-summary
no auto-summary
Syntax Description
This command has no arguments or keywords.
Defaults
The behavior of this command is disabled by default (the software sends subprefix routing information across classful network boundaries).
Command Modes
Router configuration
Command History
10.0
This command was introduced.
12.2(8)T
Command default behavior changed to disabled.
Usage Guidelines
Route summarization reduces the amount of routing information in the routing tables.
By default, Border Gateway Protocol (BGP) does not accept subnets redistributed from an Interior Gateway Protocol (IGP). To allow the software to create summary subprefixes to the classful network boundary when crossing classful network boundaries, use the auto-summary command.
To advertise and carry subnet routes in BGP, use an explicit network command because automatic summarization is disabled by default. If you have not entered a network command, you will not advertise network routes for networks with subnet routes unless they contain a summary route.
Enhanced Interior Gateway Routing Protocol (EIGRP) summary routes are given an administrative distance value of 5. You cannot configure this value.
Routing Information Protocol (RIP) Version 1 always uses automatic summarization. If you are using RIP Version 2, you can turn off automatic summarization by specifying the no auto-summary command. Disable automatic summarization if you must perform routing between disconnected subnets. When automatic summarization is off, subnets are advertised.
Examples
The following example enables automatic summarization for EIGRP process 109:
router eigrp 109auto-summaryRelated Commands
ip summary-address eigrp
Configures a summary aggregate address for a specified interface.
auto-summary (RIP)
To restore the default behavior of automatic summarization of subnet routes into network-level routes, use the auto-summary command in router configuration mode. To disable this function and send subprefix routing information across classful network boundaries, use the no form of this command.
auto-summary
no auto-summary
Syntax Description
This command has no arguments or keywords.
Defaults
Enabled (the software summarizes subprefixes to the classful network boundary when crossing classful network boundaries).
Command Modes
Router configuration
Command History
Usage Guidelines
Route summarization reduces the amount of routing information in the routing tables.
RIP Version 1 always uses automatic summarization. If you are using RIP Version 2, you can turn off automatic summarization by specifying the no auto-summary command. Disable automatic summarization if you must perform routing between disconnected subnets. When automatic summarization is off, subnets are advertised.
Examples
In the following example, network numbers are not summarized automatically:
router ripversion 2no auto-summarybgp always-compare-med
To allow the comparison of the Multi Exit Discriminator (MED) for paths from neighbors in different autonomous systems, use the bgp always-compare-med command in router configuration mode. To disallow the comparison, use the no form of this command.
bgp always-compare-med
no bgp always-compare-med
Syntax Description
This command has no arguments or keywords.
Defaults
The Cisco IOS software does not compare MEDs for paths from neighbors in different autonomous systems.
Command Modes
Router configuration
Command History
Usage Guidelines
The MED is one of the parameters that is considered when selecting the best path among many alternative paths. The path with a lower MED is preferred over a path with a higher MED.
By default, during the best-path selection process, MED comparison is done only among paths from the same autonomous system. This command changes the default behavior by allowing comparison of MEDs among paths regardless of the autonomous system from which the paths are received.
Examples
The following example configures the BGP speaker in autonomous system 109 to compare MEDs among alternative paths, regardless of the autonomous system from which the paths are received:
router bgp 109bgp always-compare-medbgp bestpath as-path ignore
To configure Border Gateway Protocol (BGP) to not consider the autonomous system (AS) path during best path route selection, use the bgp bestpath as-path ignore command in router configuration mode. To restore default behavior and configure BGP to consider the AS path during route selection, use the no form of this command.
bgp bestpath as-path ignore
no bgp bestpath as-path ignore
Syntax Description
This command has no arguments or keywords.
Defaults
The AS path is considered during BGP best path selection.
Command Modes
Router configuration
Command History
Examples
In the following example, the BGP routing process is configured to not consider the AS path during best path selection:
Router(config)# router bgp 40000Router(config-router)# bgp bestpath as-path ignoreRelated Commands
show ip bgp ipv4
Displays information about the TCP and BGP connections to neighbors.
bgp bestpath compare-routerid
To compare similar routes received from external BGP (eBGP) peers during the best path selection process and switch the best path to the route with the lowest router ID, use the bgp bestpath compare-routerid command in router configuration mode. To return the router to the default setting, use the no form of this command.
bgp bestpath compare-routerid
no bgp bestpath compare-routerid
Syntax Description
This command has no arguments or keywords.
Defaults
BGP does not compare similar paths received from eBGP peers during the best path selection process and switch the best path to the route with the lowest router ID.
Command Modes
Router configuration
Command History
12.0
This command was introduced.
12.0 S
This command was introduced.
12.0 ST
This command was introduced.
Usage Guidelines
By default, during the best path selection process, when BGP receives similar routes from eBGP peers (all the attributes are the same except for the router ID), the best path is not switched to the route with the lowest router ID if that route was not the first route received. If the bgp bestpath compare-routerid command is enabled, then similar routes are compared and the best path is switched to the route with the lowest router ID.
Examples
The following example shows the BGP speaker in autonomous system 500 configured to compare the router IDs of similar paths, regardless of the autonomous system from which the paths are received:
router bgp 500bgp bestpath compare-routeridRelated Commands
bgp bestpath med confed
To enable Multi Exit Discriminator (MED) comparison among paths learned from confederation peers, use the bgp bestpath med confed command in router configuration mode. To prevent the software from considering the MED attribute in comparing paths, use the no form of this command.
bgp bestpath med confed
no bgp bestpath med confed
Syntax Description
This command has no arguments or keywords.
Defaults
The software does not consider the MED attribute when choosing among paths learned from confederation peers.
Command Modes
Router configuration
Command History
Usage Guidelines
The comparison between MEDs is made only if no external autonomous systems are in the path (an external autonomous system is an autonomous system that is not within the confederation). If an external autonomous system in the path, then the external MED is passed transparently through the confederation, and the comparison is not made.
For example, assume that autonomous system 65000, 65001, 65002, and 65004 are part of the confederation; autonomous system 1 is not; and we are comparing route A with four paths. If the bgp bestpath med confed command is enabled, path 1 would be chosen. The fourth path has a lower MED, but it is not involved in the MED comparison because there is an external autonomous system in this path. The following list displays the MED for each autonomous system.
path = 65000 65004, med = 2
path = 65001 65004, med = 3
path = 65002 65004, med = 4
path = 65003 1, med = 1
Examples
The following command enables the BGP router to compare MED values for paths learned from confederation peers:
router bgp 210bgp bestpath med confedRelated Commands
show ip bgp
Displays entries in the BGP routing table.
show ip bgp ipv4
Displays information about the TCP and BGP connections to neighbors.
bgp bestpath med missing-as-worst
To have Cisco IOS software consider a missing Multi Exit Discriminator (MED) attribute in a path as having a value of infinity, making the path without a MED value the least desirable path, use the bgp bestpath med missing-as-worst command in router configuration mode. To return the router to the default (assign a value of 0 to the missing MED), use the no form of this command.
bgp bestpath med missing-as-worst
no bgp bestpath med missing-as-worst
Syntax Description
This command has no arguments or keywords.
Defaults
The software assigns a value of 0 to the missing MED, causing the path with the missing MED attribute to be considered the best path.
Command Modes
Router configuration
Command History
Examples
The following example specifies the BGP router to consider a missing MED attribute in a path as having a value of infinity, making this path the least desirable path:
router bgp 210bgp bestpath med missing-as-worstRelated Commands
show ip bgp
Displays entries in the BGP routing table.
show ip bgp ipv4
Displays information about the TCP and BGP connections to neighbors.
bgp client-to-client reflection
To restore route reflection from a BGP route reflector to clients, use the bgp client-to-client reflection command in address family or router configuration mode. To disable client-to-client reflection, use the no form of this command.
bgp client-to-client reflection
no bgp client-to-client reflection
Syntax Description
This command has no arguments or keywords.
Defaults
When a route reflector is configured, the route reflector reflects routes from a client to other clients.
Command Modes
Address family configuration
Router configuration
Command History
11.1
This command was introduced.
12.0(7)T
Address family configuration mode was added.
Usage Guidelines
By default, the clients of a route reflector are not required to be fully meshed and the routes from a client are reflected to other clients. However, if the clients are fully meshed, route reflection is not required. Use the no bgp client-to-client reflection command to disable client-to-client reflection.
Examples
In the following router configuration mode example, the local router is a route reflector. The three neighbors are fully meshed, so client-to-client reflection is disabled.
router bgp 5neighbor 10.24.95.22 route-reflector-clientneighbor 10.24.95.23 route-reflector-clientneighbor 10.24.95.24 route-reflector-clientno bgp client-to-client reflectionIn the following address family configuration mode example, the local router is a route reflector. The three neighbors are fully meshed, so client-to-client reflection is disabled.
router bgp 5address-family ipv4 unicastneighbor 10.24.95.22 route-reflector-clientneighbor 10.24.95.23 route-reflector-clientneighbor 10.24.95.24 route-reflector-clientno bgp client-to-client reflectionRelated Commands
bgp cluster-id
To configure the cluster ID if the BGP cluster has more than one route reflector, use the bgp cluster-id command in router configuration mode. To remove the cluster ID, use the no form of this command.
bgp cluster-id cluster-id
no bgp cluster-id cluster-id
Syntax Description
Defaults
The router ID of the single route reflector in a cluster.
Command Modes
Router configuration
Command History
Usage Guidelines
Together, a route reflector and its clients form a cluster.
Usually a cluster of clients will have a single route reflector. In that case, the cluster is identified by the router ID of the route reflector. In order to increase redundancy and avoid a single point of failure, a cluster might have more than one route reflector. In this case, all route reflectors in the cluster must be configured with the 4-byte cluster ID so that a route reflector can recognize updates from route reflectors in the same cluster.
If the cluster has more than one route reflector, use this command to configure the cluster ID.
Examples
In the following example, the local router is one of the route reflectors serving the cluster. It is configured with the cluster ID to identify the cluster.
router bgp 5neighbor 198.92.70.24 route-reflector-clientbgp cluster-id 50000Related Commands
bgp confederation identifier
To specify a BGP confederation identifier, use the bgp confederation identifier command in router configuration mode. To remove the confederation identifier, use the no form of this command.
bgp confederation identifier as-number
no bgp confederation identifier as-number
Syntax Description
Defaults
No confederation identifier is configured.
Command Modes
Router configuration
Command History
Usage Guidelines
One way to reduce the internal BGP (iBGP) mesh is to divide an autonomous system into multiple autonomous systems and group them into a single confederation. Each autonomous system is fully meshed within itself and has a few connections to another autonomous system in the same confederation. Even though the peers in different autonomous systems have external BGP (eBGP) sessions, they exchange routing information as if they are iBGP peers. Specifically, the next hop, Multi Exit Discriminator (MED), and local preference information is preserved. The preservation of this information enables to you to retain a single Interior Gateway Protocol (IGP) for all the autonomous systems. To the outside world, the confederation looks like a single autonomous system.
Examples
In the following example, the autonomous system is divided into autonomous systems 4001, 4002, 4003, 4004, 4005, 4006, and 4007 and identified by the confederation identifier 5. Neighbor 10.2.3.4 is someone inside your routing domain confederation. Neighbor 10.4.5.6 is someone outside your routing domain confederation. To the outside world, there appears to be a single autonomous system with the number 5.
router bgp 4001bgp confederation identifier 5bgp confederation peers 4002 4003 4004 4005 4006 4007neighbor 10.2.3.4 remote-as 4002neighbor 10.4.5.6 remote-as 510Related Commands
bgp confederation peers
Configures the autonomous systems that belong to the confederation.
bgp confederation peers
To configure the autonomous systems that belong to the confederation, use the bgp confederation peers command in router configuration mode. To remove an autonomous system from the confederation, use the no form of this command.
bgp confederation peers as-number [... as-number]
no bgp confederation peers as-number [... as-number]
Syntax Description
Defaults
No BGP peers are identified as belonging to the confederation.
Command Modes
Router configuration
Command History
Usage Guidelines
An ellipsis (...) in the command syntax indicates that your command input can include multiple values for the as-number argument.
The autonomous systems specified in this command are visible internally to a confederation. Each autonomous system is fully meshed within itself. The bgp confederation identifier command specifies the confederation to which the autonomous systems belong.
Examples
The following example specifies that autonomous systems 1090, 1091, 1092, and 1093 belong to a single confederation:
router bgp 1090bgp confederation peers 1091 1092 1093Related Commands
bgp dampening
To enable BGP route dampening or change various BGP route dampening factors, use the bgp dampening command in address family or router configuration mode. To disable the function or restore the default values, use the no form of this command.
bgp dampening [half-life reuse suppress max-suppress-time] [route-map map-name]
no bgp dampening [half-life reuse suppress max-suppress-time] [route-map map-name]
Syntax Description
Defaults
This command is disabled by default
half-life: 15 minutes
reuse: 750
suppress: 2000
max-suppress-time: 4 times half-life
Command Modes
Address family configuration
Router configuration
Command History
11.0
This command was introduced.
12.0(7)T
Address family configuration mode was added.
Usage Guidelines
If this command is used with no arguments, it enables BGP route dampening. The half-life, reuse, suppress, and max-suppress-time arguments are position-dependent. Therefore, if any of these arguments are issued, they must all be specified.
When BGP dampening is configured and a prefix is withdrawn, BGP considers the withdrawn prefix as a flap and increases the penalty by a 1000. If BGP receives an attribute change, BGP increases the penalty by 500. If then the prefix has been withdrawn, BGP keeps the prefix in the BGP table as a history entry. If the prefix has not been withdrawn by the neighbor and BGP is not using this prefix, the prefix is marked as dampened. Dampened prefixes are not used in the BGP decision process and not installed to the routing table.
Examples
The following router configuration mode example sets the half life to 30 minutes, the reuse value to 1500, the suppress value to 10000, and the maximum suppress time to 120 minutes:
router bgp 5bgp dampening 30 1500 10000 120The following address family configuration mode example sets the half life to 30 minutes, the reuse value to 1500, the suppress value to 10000, and the maximum suppress time to 120 minutes:
router bgp 5address-family ipv4 multicastbgp dampening 30 1500 10000 120Related Commands
bgp default ipv4-unicast
To enable the IP version 4 (IPv4) unicast address family on all neighbors, use the bgp default ipv4-unicast command in address family or router configuration mode. To disable the IPv4 unicast address family on all neighbors, use the no form of this command.
bgp default ipv4-unicast
no bgp default ipv4-unicast
Syntax Description
This command has no arguments or keywords.
Defaults
This command is disabled by default.
Command Modes
Address family
Router configuration
Command History
Usage Guidelines
Use the neighbor activate address family configuration command for each neighbor you want to run the bgp default ipv4-unicast command for under the IPv4 unicast address family.
Examples
The following example enables IP version 4 unicast address family on all neighbors:
bgp default ipv4-unicastRelated Commands
neighbor activate
Enables the exchange of information with a neighboring router.
bgp default local-preference
To change the default local preference value, use the bgp default local-preference command in router configuration mode. To return to the default setting, use the no form of this command.
bgp default local-preference number
no bgp default local-preference number
Syntax Description
Defaults
Local preference value of 100
Command Modes
Router configuration
Command History
Usage Guidelines
Generally, the default value of 100 allows you to easily define a particular path as less preferable than paths with no local preference attribute. The preference is sent to all routers and access servers in the local autonomous system.
Examples
The following example raises the default local preference value from the default of 100 to 200:
router bgp 200bgp default local-preference 200Related Commands
set local-preference
Specifies a preference value for the autonomous system path.
bgp deterministic-med
To have Cisco IOS software enforce the deterministic comparison of the Multi Exit Discriminator (MED) variable between all paths received from the same autonomous system, use the bgp deterministic-med command in router configuration mode. To disable the comparison, use the no form of this command.
bgp deterministic-med
no bgp deterministic-med
Syntax Description
This command has no arguments or keywords.
Defaults
The software does not enforce the deterministic comparison of the MED variable between all paths received from the same autonomous system.
Command Modes
Router configuration
Address-family configuration
Command History
Usage Guidelines
After the bgp always-compare-med command is configured, all paths for the same prefix that are received from different neighbors, which are in the same autonomous system, will be grouped together and sorted by the ascending MED value (received-only paths are ignored and not grouped or sorted). The best path selection algorithm will then pick the best paths using the existing rules; the comparison is made on a per neighbor autonomous system basis and then global basis. The grouping and sorting of paths occurs immediately after this command is entered. For correct results, all routers in the local autonomous system must have this command enabled (or disabled).
Examples
The following example specifies that the BGP router compare MED variables when choosing among routes advertised by the same subautonomous system within a confederation:
Router(config)# router bgp 204Router(config-router)# bgp deterministic-medThe following example show ip bgp command output illustrates how route selection is affected by the configuration of the bgp deterministic-med command. The order in which routes are received affects how routes are selected for best path selection when the bgp deterministic-med command is not enabled.
The following sample output from the show ip bgp command shows three paths that are received for the same prefix (10.100.0.0), and the bgp deterministic-med command is not enabled:
Router# show ip bgp 10.100.0.0BGP routing table entry for 10.100.0.0/16, version 40Paths: (3 available, best #3, advertised over IBGP, EBGP)109192.168.43.10 from 192.168.43.10 (192.168.43.1)Origin IGP, metric 0, localpref 100, valid, internal2051192.168.43.22 from 192.168.43.22 (192.168.43.2)Origin IGP, metric 20, localpref 100, valid, internal2051192.168.43.3 from 192.168.43.3 (10.4.1.1)Origin IGP, metric 30, valid, external, bestIf the bgp deterministic-med feature is not enabled on the router, the route selection can be affected by the order in which the routes are received. Consider the following scenario in which a router received three paths for the same prefix:
The clear ip bgp * command is entered to clear all routes in the local routing table.
Router# clear ip bgp *The show ip bgp command is issued again after the routing table has been repopulated. Note that the order of the paths changed after clearing the BGP session. The results of the selection algorithm also changed because the order in which the paths were received was different for the second session.
Router# show ip bgp 10.100.0.0BGP routing table entry for 10.100.0.0/16, version 2Paths: (3 available, best #3, advertised over EBGP)109 192.168.43.10 from 192.168.43.10 (192.168.43.1)Origin IGP, metric 0, localpref 100, valid, internal2051192.168.43.3 from 192.168.43.3 (10.4.1.1)Origin IGP, metric 30, valid, external2051192.168.43.22 from 192.168.43.22 (192.168.43.2)Origin IGP, metric 20, localpref 100, valid, internal, bestIf the bgp deterministic-med command is enabled, then the result of the selection algorithm will always be the same, regardless of the order in which the paths are received by the local router. The following output is always generated when the bgp deterministic-med command is entered on the local router in this scenario:
Router# show ip bgp 10.100.0.0BGP routing table entry for 10.100.0.0/16, version 15Paths: (3 available, best #1, advertised over EBGP)109192.168.43.10 from 192.168.43.10 (192.168.43.1)Origin IGP, metric 0, localpref 100, valid, internal, best 3192.168.43.22 from 192.168.43.22 (192.168.43.2)Origin IGP, metric 20, localpref 100, valid, internal 3192.168.43.3 from 192.168.43.3 (10.4.1.1)Origin IGP, metric 30, valid, externalRelated Commands
bgp fast-external-fallover
To immediately reset the BGP sessions of any directly adjacent external peers if the link used to reach them goes down, use the bgp fast-external-fallover command in address family or router configuration mode. To disable this function, use the no form of this command.
bgp fast-external-fallover
no bgp fast-external-fallover
Syntax Description
This command has no arguments or keywords.
Defaults
The behavior of this command is enabled by default.
Command Modes
Address family configuration
Router configuration
Command History
10.0
This command was introduced.
12.0(7)T
Address family configuration mode was added.
Examples
The following example disables the automatic resetting of BGP sessions in router configuration mode:
router bgp 109no bgp fast-external-falloverThe following example disables the automatic resetting of BGP sessions in address family configuration mode:
router bgp 109address-family ipv4 unicastno bgp fast-external-falloverRelated Commands
bgp graceful-restart
To enable the Border Gateway Protocol (BGP) graceful restart capability, use the bgp graceful-restart command in router configuration mode. To remove this command from the configuration file and restore the system to its default condition with respect to this command, use the no form of this command.
bgp graceful-restart [restart-time seconds | stalepath-time seconds]
no bgp graceful-restart [restart-time seconds | stalepath-time seconds]
Syntax Description
Defaults
BGP Cisco Nonstop Forwarding (NSF) capabilities are disabled.
Command Modes
Router configuration
Command History
12.0(22)S
This command was introduced.
12.2(15)T
This command was integrated into Cisco IOS Release 12.2(15)T.
Usage Guidelines
The bgp graceful-restart command is used to enable the graceful restart mechanism on a router in a BGP network. The graceful restart mechanism supports both NSF awareness and NSF capabilities. A router that is NSF-aware functions like a router that is NSF-capable with one exception: an NSF-aware router is incapable of performing a Stateful Switchover (SSO) operation.
The BGP graceful restart capability is negotiated in the OPEN message. If the user enters the bgp graceful-restart command after the BGP session is established, the session will need to be restarted.
When you enter the bgp graceful-restart command, the bgp graceful-restart restart-time and
bgp graceful-restart stalepath-time commands are enabled by default. After the bgp graceful-restart command is used to configure the graceful restart capability, you may tune the configuration using the restart-time and stalepath-time keywords. If you do not first configure the graceful restart capability using the bgp graceful-restart command, the tuning values will not appear in the configuration file.We recommend that the bgp graceful-restart restart-time and bgp graceful-restart stalepath-time commands remain set to their default values.
The restart time should not be set to a time greater than the holdtime that is carried in the OPEN message. To deal with possible consecutive restarts, a route (from a restarting router) that was previously marked as stale shall be deleted.
Note
Examples
The following example shows how to configure the BGP graceful restart capability. Enter one command per line:
Router# configure terminalRouter(config)# router bgp 101Router(config-router)# bgp graceful-restartThe following example configures BGP NSF awareness on a router that is running BGP and sets the restart time to 240 seconds.
router# configure terminalrouter(config)# router bgp 101router(config-router)# bgp graceful-restart restart-time 130The following example configures BGP NSF awareness on a router that is running BGP and sets the stale path time to 240 seconds.
router# configure terminalrouter(config)# router bgp 101router(config-router)# bgp graceful-restart stalepath-time 350Related Commands
show ip bgp
Displays entries in the BGP routing table.
show ip bgp neighbors
Displays information about the TCP and BGP connections to neighbors.
bgp inject-map exist-map
To inject a more specific route into a Border Gateway Protocol (BGP) routing table, use the bgp inject-map exist-map command in address family or router configuration mode. To disable the conditional injection of a selected route, use the no form of this command.
bgp inject-map {inject-map-name} exist-map {exist-map-name}[copy-attributes]
no bgp inject-map {inject-map-name} exist-map {exist-map-name}[copy-attributes]
Syntax Description
Defaults
The BGP Conditional Route Injection feature is not enabled by default.
Command Modes
Address family configuration
Router configuration
Command History
12.0(14)ST
This command was introduced.
12.2(4)T
This command was integrated into Cisco IOS Release 12.2(4)T.
Usage Guidelines
If the copy-attributes keyword is not specified when the bgp inject-map command is used, the components will use the default attributes for locally originated routes. If the copy-attribute keyword is used, the components will inherit the same attributes as the aggregate route.
To enable conditional route injection, the exist map must contain both the match ip address prefix-list and match ip route-source prefix-list match clauses in the route map paragraph.
Examples
The following example configures the router for conditional route injection:
(config-router)# bgp inject-map map1 exist-map map2 copy-attributesRelated Commands
bgp log-neighbor-changes
To enable logging of BGP neighbor resets, use the bgp log-neighbor-changes command in address family or router configuration mode. To disable the logging of changes in BGP neighbor adjacencies, use the no form of this command.
bgp log-neighbor-changes
no bgp log-neighbor-changes
Syntax Description
This command has no arguments or keywords.
Defaults
BGP neighbor changes are logged.
Command Modes
Address family configuration
Router configuration
Command History
11.1 CC
This command was introduced.
12.0
This command was introduced.
12.0(7)T
Address family configuration mode was added.
12.0(1)
BGP neighbor changes are logged by default.
Usage Guidelines
The bgp log-neighbor-changes command enables logging of BGP neighbor status changes (up or down) and resets for troubleshooting network connectivity problems and measuring network stability. Unexpected neighbor resets might indicate high error rates or high packet loss in the network and should be investigated.
Using the bgp log-neighbor-changes command to enable status change message logging does not cause a substantial performance impact, unlike, for example, enabling per BGP update debugging. If the UNIX syslog facility is enabled, messages are sent to the UNIX host running the syslog daemon so that the messages can be stored and archived. If the UNIX syslog facility is not enabled, the status change messages are retained in the internal buffer of the router, and are not stored to disk. You can set the size of this buffer, which is dependent upon the available RAM, using the logging buffered command.
The neighbor status change messages are not tracked if the bgp log-neighbor-changes command is not enabled, except for the reset reason, which is always available as output of the show ip bgp neighbors command.
The eigrp log-neighbor-changes command enables logging of Enhanced INTERIOR gateway Routing Protocol (EIGRP) neighbor adjacencies, but messages for BGP neighbors are logged only if they are specifically enabled with the bgp log-neighbor-changes command.
Use the show logging command to display the log for the BGP neighbor changes.
Examples
The following example logs neighbor changes for BGP in router configuration mode:
bgp router 100bgp log-neighbor-changesThe following example logs neighbor changes for BGP in address family configuration mode:
bgp router 100address-family ipv4 unicastbgp log-neighbor-changesRelated Commands
bgp maxas-limit
To configure Border Gateway Protocol (BGP) to discard routes that have a number of as-path segments that exceed the specified value, use the bgp maxas-limit command in router configuration mode. To return the router to default operation, use the no form of this command.
bgp maxas-limit number
no bgp maxas-limit
Syntax Description
number
Specifies the number of autonomous system segments. The value that can be entered for this argument is a number from 1 to 2000.
Defaults
The default value in Cisco IOS software for the number argument is 75.
Command Modes
Router configuration
Command History
12.2
This command was introduced.
12.0(17)S
This command was integrated into Cisco IOS Release 12.0(17)S.
Usage Guidelines
The bgp maxas-limit command is used to limit the number of as-path segments that are permitted in inbound routes. If a route is received with an as-path segment that exceeds the configured limit, the BGP routing process will discard the route.
Examples
In the following example, the maximum as-path segment length is set to 30:
Router(config)# router bgp 40000Router(config-router-af)# bgp maxas-limit 30Related Commands
bgp next-hop
To configure a loopback interface as the next hop for routes associated with a virtual routing and forwarding instance (VRF), use the bgp next-hop command in VRF configuration mode. To return the router to default operation, use the no form of this command.
bgp next-hop loopback number
no bgp next-hop
Syntax Description
loopback number
Specifies the number of the loopback interface. The value that can be entered for this argument is a number from 1 to 2147483647.
Defaults
The IP address of the source interface, from which the route was advertised is set as the next hop when this command is not enabled.
Command Modes
VRF configuration
Command History
Usage Guidelines
The bgp next-hop command is used in Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) and Tunnel Engineering (TE) configurations. This command allows you to configure a loopback interface as the next hop for routes that are associated with the specified VRF. This command can be used, for example, to configure VPN traffic to use a specific Label Switched Path (LSP) through an MPLS core network.
Examples
In the following example, loopback interface 0 is configured as the next hop for VPN traffic associated with VRF RED:
Router(config)# ip vrf REDRouter(config-vrf)# rd 40000:1Router(config-vrf)# route-target import 40000:2Router(config-vrf)# route-target export 40000:2Router(config-vrf)# bgp next-hop loopback 0Related Commands
ip vrf
Configures a VRF routing table.
show ip vrf
Displays the set of defined VRFs and associated interfaces.
bgp redistribute-internal
To allow the redistribution of iBGP routes into an interior gateway protocol such as IS-IS or OSPF, use the bgp redistribute-internal command in router configuration mode. To remove the bgp redistribute-internal command from the configuration file and restore the system to its default condition where the software does not allow the redistribution of iBGP routes into Interior Gateway Protocols (IGPs), use the no form of this command.
bgp redistribute-internal
no bgp redistribute-internal
Syntax Description
This command has no arguments or keywords.
Defaults
By default iBGP routes are not redistributed into IGPs.
Command Modes
Router configuration
Command History
Usage Guidelines
Use of the bgp redistribute-internal command requires the clear ip bgp command to be issued to reset BGP connections.
Caution
Examples
The following example shows iBGP routes being redistributed into OSPF:
router ospf 300redistribute bgp 200!router bgp 200bgp redistribute-internal!clear ip bgp *Related Commands
bgp router-id
To configure a fixed router ID for a BGP-speaking router, use the bgp router-id command in router configuration mode. To remove the bgp router-id command from the configuration file and restore the default value of the router ID, use the no form of this command.
bgp router-id ip-address
no bgp router-id ip-address
Syntax Description
Defaults
The router ID is set to the IP address of a loopback interface if one is configured. If no virtual interfaces are configured, the highest IP address is configured for a physical interface on that router. Peering sessions will be reset if the router ID is changed.
Command Modes
Router configuration
Command History
Usage Guidelines
Use this command to configure a fixed router ID as an identifier of the router running BGP. A loopback interface, if one is configured, is more effective than a fixed interface as an identifier because there is no physical link to go down.
Examples
The following example shows the local router configured with the router ID of 192.168.70.24:
router bgp 100no synchronizationbgp router-id 192.168.70.24Related Commands
bgp rr-group
To create a route-reflector group and enable automatic inbound filtering for VPN version 4 (VPNv4) updates based on the allowed route target (RT) extended communities, use the bgp rr-group command in address-family configuration mode. To disable a route-reflector group or route reflector, use the no form of this command.
bgp rr-group {extcom-list-number}
no bgp rr-group
Syntax Description
Defaults
This command is disabled by default.
Command Modes
This command is configured in the VPNv4 address-family configuration submode.
Command History
Usage Guidelines
The bgp rr-group command can be used with the ip extcommunity-list command. The ip extcommunity-list command is used to create an extended community-list and specify a list of extended community RTs. Only extended community-lists are supported.
Examples
The following example configures a route-reflector group that will accept community-list number 500:
router bgp 101address-family vpnv4bgp rr-group 500Related Commands
bgp suppress-inactive
To keep routes that are not installed in the routing information base (RIB) from being advertised to peers, use the bgp suppress-inactive command in address family or router configuration mode.
bgp suppress-inactive
no bgp suppress inactive
Syntax Description
This command has no keywords or arguments.
Defaults
This command is disabled by default.
Command Modes
Address family
Router configuration
Command History
12.2T
This command was introduced.
12.0(26)S
This command was incorporated into Cisco IOS Release 12.0(26)S.
Usage Guidelines
This command is a toggle. Use the bgp suppress-inactive command to prevent routes that are not installed in the RIB from being advertised to peers. Use the no bgp suppress-inactive command to make BGP ignore RIB failures when advertising routes to peers.
Examples
In the following example, the bgp suppress-inactive command is configured:
Router# configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)# router bgp 1Router(config-router)# bgp suppress-inactiveRelated Commands
clear ip bgp
Resets a BGP connection using BGP soft reconfiguration.
show ip bgp rib-failure
Display BGP routes that failed to install in the RIB table.
bgp update-delay
To set the maximum initial delay period before a Border Gateway Protocol (BGP)-speaking networking device sends its first updates, use the bgp update-delay command in router configuration mode. To remove the bgp update-delay command from the configuration file and restore the initial delay to its default value, use the no form of this command.
bgp update-delay seconds
no bgp update-delay
Syntax Description
seconds
The maximum delay, in seconds, before a BGP-speaking networking device sends its updates. The range is from 0 to 3600. The default is 120 seconds.
Defaults
If this command is not configured, the default initial delay value is 120 seconds.
Command Modes
Router configuration
Command History
Usage Guidelines
When BGP is started, it waits a specified period of time for its neighbors to be established themselves and to begin sending their initial updates. Once that period is complete, or when the time expires, the best path is calculated for each route, and the software starts sending advertisements out to its peers. This behavior improves convergence time because, if the software were to start sending advertisements out immediately, it would have to send extra advertisements if it later received a better path for the prefix from another peer.
The bgp update-delay command is used to tune the maximum time the software will wait after the first neighbor is established until it starts calculating best paths and sending out advertisements. This command can be used when configuring the bgp graceful-restart command as part of the Nonstop Forwarding (NSF) capability.
Examples
The following example sets the maximum initial delay to 240 seconds:
router bgp 65000bgp update-delay 240Related Commands
bgp upgrade-cli
To upgrade an existing router configuration file in the NLRI format to the AFI format and set the router CLI to use only address-family identifier (AFI) commands, use the bgp upgrade-cli command in router configuration mode:
bgp upgrade-cli
Syntax Description
This command has no keywords or arguments.
Defaults
Address family commands are enabled. NLRI commands are no longer valid.
Command Modes
Router configuration
Command History
Usage Guidelines
The bgp upgrade-cli command is used to upgrade a router that is running in the NLRI format to the AFI format. The bgp upgrade-cli command upgrades all existing NLRI formatted configurations to the AFI format. The upgrade is automatic and does not require any further configuration by the network operator, and no configuration information will be lost. Several NLRI-based commands do not exist under the AFI format but have equivalent commands under the AFI format. See Table 1 for NLRI to AFI command mapping.
Examples
The following example upgrades an existing router configuration file in the NLRI format to the AFI format and set the router CLI to use only commands in the AFI format:
Router(config)# router bgp 5Router(config-router)# bgp upgrade-clibgp-policy
To enable Border Gateway Protocol (BGP) policy accounting or policy propagation on an interface, use the bgp-policy command in interface configuration mode. To disable BGP policy propagation or policy accounting, use the no form of this command.
bgp-policy {accounting | ip-prec-map}
no bgp-policy {accounting | ip-prec-map}
Syntax Description
accounting
Accounting policy based on community lists, autonomous system numbers, or autonomous system paths.
ip-prec-map
Quality of service (QoS) policy based on the IP precedence.
Defaults
BGP policy accounting and policy propagation are disabled.
Command Modes
Interface configuration
Command History
Usage Guidelines
For BGP policy propagation to function, you must enable BGP and either Cisco Express Forwarding (CEF) or distributed CEF (dCEF).
To specify the QoS policy based on the IP precedence, the proper route-map configuration must be in place (for example, the set ip precedence route-map configuration command). To display QoS policy information for the interface, use the show ip interface command.
Note
To specify the accounting policy, the proper route-map configuration must be in place matching specific BGP attributes using the set traffic-index command. In BGP router configuration mode use the table-map command to modify the accounting buckets when the IP routing table is updated with routes learned from BGP. To display accounting policy information, use the show cef interface policy-statistics, the show ip bgp, and the show ip cef detail EXEC commands.
Examples
The following example enables the BGP policy propagation feature on an interface based on the source address and the IP precedence setting:
configure terminalinterface ethernet 4/0/0bgp-policy ip-prec-mapendThe following example enables the BGP policy accounting feature on GE-WAN interface 9/1. The policy is classified by autonomous system paths.
router bgp 65000no synchronizationtable-map buckets!ip as-path access-list 1 permit _10_ip as-path access-list 2 permit _11_!route-map buckets permit 10match as-path 1set traffic-index 1!route-map buckets permit 20match as-path 2set traffic-index 2!route-map buckets permit 80set traffic-index 7!interface GE-WAN9/1ip address 10.0.2.2 255.255.255.0bgp-policy accountingno negotiation autoRelated Commands
