Cisco IOS IP Command Reference, Volume 2 of 4: Routing Protocols, Release 12.3 T
IP Routing Protocols Commands: K through M

Table Of Contents

key

key chain

key-string (authentication)

limit retransmissions

log-adjacency-changes

lsp-full suppress

lsp-gen-interval (IS-IS)

lsp-refresh-interval (IS-IS)

match as-path

match community

match extcommunity

match interface (IP)

match ip address

match ip next-hop

match ip route-source

match length

match local-preference

match metric (IP)

match policy-list

match route-type (IP)

match source-protocol

match tag

maximum-paths

maximum-paths eibgp

maximum-paths ibgp

maximum-prefix

max-area-addresses

max-lsa

max-metric router-lsa

metric

metric holddown

metric maximum-hops

metric weights (EIGRP)


key

To identify an authentication key on a key chain, use the key command in key-chain configuration mode. To remove the key from the key chain, use the no form of this command.

key key-id

no key key-id

Syntax Description

key-id

Identification number of an authentication key on a key chain. The range of keys is from 0 to 2147483647. The key identification numbers need not be consecutive.


Defaults

No key exists on the key chain.

Command Modes

key-chain configuration

Command History

Release
Modification

11.1

This command was introduced.


Usage Guidelines

Only DRP Agent, Enhanced Interior Gateway Routing Protocol (EIGRP), and Routing Information Protocol (RIP) Version 2 use key chains.

It is useful to have multiple keys on a key chain so that the software can sequence through the keys as they become invalid after time, based on the accept-lifetime and send-lifetime key chain key command settings.

Each key has its own key identifier, which is stored locally. The combination of the key identifier and the interface associated with the message uniquely identifies the authentication algorithm and Message Digest 5 (MD5) authentication key in use. Only one authentication packet is sent, regardless of the number of valid keys. The software starts looking at the lowest key identifier number and uses the first valid key.

If the last key expires, authentication will continue and an error message will be generated. To disable authentication, you must manually delete the last valid key.

To remove all keys, remove the key chain by using the no key chain command.

Examples

The following example configures a key chain named trees. The key named chestnut will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The key named birch will be accepted from 2:30 p.m. to 4:30 p.m. and be sent from 3:00 p.m. to 4:00 p.m. The overlap allows for migration of keys or a discrepancy in the set time of the router. There is a 30-minute leeway on each side to handle time differences.

interface ethernet 0
 ip rip authentication key-chain trees
 ip rip authentication mode md5
!
router rip
 network 172.19.0.0
 version 2
!
key chain trees
 key 1
 key-string chestnut
 accept-lifetime 13:30:00 Jan 25 1996 duration 7200
 send-lifetime 14:00:00 Jan 25 1996 duration 3600
 key 2
 key-string birch
 accept-lifetime 14:30:00 Jan 25 1996 duration 7200
 send-lifetime 15:00:00 Jan 25 1996 duration 3600

Related Commands

Command
Description

accept-lifetime

Sets the time period during which the authentication key on a key chain is received as valid.

key chain

Enables authentication for routing protocols.

key-string (authentication)

Specifies the authentication string for a key.

send-lifetime

Sets the time period during which an authentication key on a key chain is valid to be sent.

show key chain

Displays authentication key information.


key chain

To enable authentication for routing protocols, identify a group of authentication keys by using the key chain command in global configuration mode. To remove the key chain, use the no form of this command.

key chain name-of-chain

no key chain name-of-chain

Syntax Description

name-of-chain

Name of a key chain. A key chain must have at least one key and can have up to 2147483647 keys.


Defaults

No key chain exists.

Command Modes

Global configuration

Command History

Release
Modification

11.1

This command was introduced.


Usage Guidelines

Only DRP Agent, Enhanced Interior Gateway Routing Protocol (EIGRP), and Routing Information Protocol (RIP) Version 2 use key chains.

You must configure a key chain with keys to enable authentication.

Although you can identify multiple key chains, we recommend using one key chain per interface per routing protocol. Upon specifying the key chain command, you enter key-chain configuration mode.

Examples

The following example configures a key chain named trees. The key named chestnut will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The key named birch will be accepted from 2:30 p.m. to 4:30 p.m. and be sent from 3:00 p.m. to 4:00 p.m. The overlap allows for migration of keys or a discrepancy in the set time of the router. There is a 30-minute leeway on each side to handle time differences.

interface ethernet 0
 ip rip authentication key-chain trees
 ip rip authentication mode md5
!
router rip
 network 172.19.0.0
 version 2
!
key chain trees
 key 1
 key-string chestnut
 accept-lifetime 13:30:00 Jan 25 1996 duration 7200
 send-lifetime 14:00:00 Jan 25 1996 duration 3600
  key 2
  key-string birch
  accept-lifetime 14:30:00 Jan 25 1996 duration 7200
  send-lifetime 15:00:00 Jan 25 1996 duration 3600

Related Commands

Command
Description

accept-lifetime

Sets the time period during which the authentication key on a key chain is received as valid.

ip rip authentication key-chain

Enables authentication for RIP Version 2 packets and specifies the set of keys that can be used on an interface.

key

Identifies an authentication key on a key chain.

key-string (authentication)

Specifies the authentication string for a key.

send-lifetime

Sets the time period during which an authentication key on a key chain is valid to be sent.

show key chain

Displays authentication key information.


key-string (authentication)

To specify the authentication string for a key, use the key-string command in key chain key configuration mode. To remove the authentication string, use the no form of this command.

key-string text

no key-string [text]

Syntax Description

text

Authentication string that must be sent and received in the packets using the routing protocol being authenticated. The string can contain from 1 to 80 uppercase and lowercase alphanumeric characters, except that the first character cannot be a number.


Defaults

No key exists.

Command Modes

Key chain key configuration

Command History

Release
Modification

11.1

This command was introduced.


Usage Guidelines

Only DRP Agent, Enhanced Interior Gateway Routing Protocol (EIGRP), and Routing Information Protocol (RIP) Version 2 use key chains. Each key can have only one key string.

If password encryption is configured (with the service password-encryption command), the software saves the key string as encrypted text. When you write to the terminal with the more system:running-config command, the software displays key-string 7 encrypted text.

Examples

The following example configures a key chain named trees. The key named chestnut will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The key named birch will be accepted from 2:30 p.m. to 4:30 p.m. and be sent from 3:00 p.m. to 4:00 p.m. The overlap allows for migration of keys or a discrepancy in the set time of the router. There is a 30-minute leeway on each side to handle time differences.

interface ethernet 0
 ip rip authentication key-chain trees
 ip rip authentication mode md5
!
router rip
 network 172.19.0.0
 version 2
!
key chain trees
 key 1
 key-string chestnut
 accept-lifetime 13:30:00 Jan 25 1996 duration 7200
 send-lifetime 14:00:00 Jan 25 1996 duration 3600
 key 2
 key-string birch
 accept-lifetime 14:30:00 Jan 25 1996 duration 7200
 send-lifetime 15:00:00 Jan 25 1996 duration 3600

Related Commands

Command
Description

accept-lifetime

Sets the time period during which the authentication key on a key chain is received as valid.

key

Identifies an authentication key on a key chain.

key chain

Enables authentication for routing protocols.

send-lifetime

Sets the time period during which an authentication key on a key chain is valid to be sent.

service password-encryption

Encrypts passwords.

show key chain

Displays authentication key information.


limit retransmissions

To change or remove the limit in the number of retransmissions of database exchange and update packets for both demand and non-demand circuits, use the limit retransmissions command in router configuration mode. To reset the maximum number of retransmissions back to the default value of 24, use the no form of this command.

limit retransmissions {[dc {max-number | disable}] [non-dc {max-number | disable}]}

no limit transmissions [dc | non-dc]

Syntax Description

dc

Demand circuit retransmissions.

max-number

Maximum number of retransmissions. Range from 1 to 255.

non-dc

Nondemand circuit retransmissions.

disable

Disables or removes the limit to the number of retransmissions.


Defaults

Maximum number of retransmissions is 24.

Command Modes

Router configuration

Command History

Release
Modification

12.2(11)T

This command was introduced.


Usage Guidelines

Cisco IOS Release 12.2(4)T added a limit to the number of retransmissions of database exchange and update packets for both demand and nondemand circuits. The retransmission of these packets stops once this retry limit is reached, thus preventing unnecessary use of the link in continual retransmission of the packets if, for some reason, a neighbor is not responding during adjacency forming.

The limit for both demand circuit and nondemand circuit retransmissions is 24.

The limit-retransmissions command allows you to either remove (disable) the limit or change the maximum number of retransmissions to be a number from 1 to 255. The configuration of this command provides for backward compatibility for previous or other releases of Cisco IOS Software or other routers that do not have this feature.


Note The limit to the number of retransmissions does not apply for update packets on nonbroadcast multiaccess (NBMA) point-to-multipoint direct circuits. In this situation, the dead timer is used to end communication with nonresponding neighbors and thus stop the retransmissions.


Examples

The following example shows how to set the maximum number of demand circuit retransmissions to 10:

limit retransmissions dc 10

The following example shows how to remove the limit for the number of demand circuit retransmissions:

limit retransmissions dc disable

The following example shows how to set the maximum number of demand circuit retransmissions to 10 and to set the maximum number of nondemand circuit retransmissions to 20:

limit retransmissions dc 10 non-dc 20

The following example shows how to set the maximum number of demand circuit retransmissions to 10, and to remove the limit for the number of nondemand circuit retransmissions:

limit retransmissions dc 10 non-dc disable

The following example shows how to reset both the demand circuit and nondemand circuit maximum number of retransmissions back to the default of 24:

no limit retransmissions

Related Commands

Command
Description

router ospf

Configures an OSPF routing process.


log-adjacency-changes

To configure the router to send a syslog message when an OSPF neighbor goes up or down, use the log-adjacency-changes command in router configuration mode. To turn off this function, use the no form of this command.

log-adjacency-changes [detail]

no log-adjacency-changes [detail]

Syntax Description

detail

(Optional) Sends a syslog message for each state change, not just when a neighbor goes up or down.


Defaults

Enabled

Command Modes

Router configuration

Command History

Release
Modification

11.2

This command was introduced as "ospf log-adjacency-changes".

12.1

The ospf keyword was omitted and the detail keyword was added.


Usage Guidelines

This command allows you to know about OSPF neighbors going up or down without turning on the debug ip ospf adjacency command. The log-adjacency-changes command provides a higher level view of those changes of the peer relationship with less output. This command is on by default but only up/down (full/down) events are reported, unless the detail keyword is also configured.

Examples

The following example configures the router to send a syslog message when an OSPF neighbor state changes:

log-adjacency-changes detail

lsp-full suppress

To control which routes are suppressed when the link-state PDU becomes full, use the lsp-full suppress command in router configuration mode. To stop suppression of redistributed routes, specify none or use the no form of this command.

lsp-full suppress {[external] [interlevel] | none}

no lsp-full suppress

Syntax Description

external

(Optional) Suppresses any redistributed routes on this router.

interlevel

(Optional) Suppresses any routes coming from the other level. For example, if the Level-2 LSP becomes full, routes from Level 1 are suppressed.

none

(Optional) Suppresses no routes.


Defaults

If this command is not specified, or if this command is specified with no keyword, the default value used is external.

Command Modes

Router configuration

Command History

Release
Modification

12.0(25)S

This command was introduced.

12.2(18)S

This command was integrated into Cisco IOS Release 12.2(18)S.

12.3(4)T

This command was integrated into Cisco IOS Release 12.3(4)T.


Usage Guidelines

In networks where there is no limit placed on the number of redistributed routes into IS-IS (that is, the redistribute maximum-prefix command was not configured), it is possible that the link-state PDU (LSP) could become full and routes will be dropped. Use the lsp-full suppress command to define in advance which routes are suppressed in the event that the LSP becomes full.

The external and interlevel keywords can be specified together or separately.

Use the clear isis lsp-full command to clear the LSPFULL state.

Examples

This example specifies that if the LSP becomes full, both redistributed routes and routes from another level will be suppressed from the LSP:

router isis
 lsp-full suppress external interlevel

Related Commands

Command
Description

clear isis lsp-full

Clears the LSPFULL state.

redistribute maximum-prefix

Limits the number of prefixes redistributed into IS-IS or generates a warning when the number of prefixes redistributed into IS-IS reaches a maximum.


lsp-gen-interval (IS-IS)

To customize IS-IS throttling of LSP generation, use the lsp-gen-interval command in router configuration mode. To restore default values, use the no form of this command.

lsp-gen-interval [level-1 | level-2] lsp-max-wait [lsp-initial-wait lsp-second-wait]

no lsp-gen-interval

Syntax Description

level-1

(Optional) Apply intervals to Level-1 areas only.

level-2

(Optional) Apply intervals to Level-2 areas only.

lsp-max-wait

Indicates the maximum interval (in seconds) between two consecutive ocurrences of an LSP being generated. The range is 1 to 120 seconds. The default is 5 seconds.

lsp-initial-wait

(Optional) Indicates the initial LSP generation delay (in milliseconds). The range is 1 to 120,000 milliseconds. The default is 50 milliseconds.

lsp-second-wait

(Optional) Indicates the hold time between the first and second LSP generation (in milliseconds). The range is 1 to 120,000 milliseconds. The default is 5000 milliseconds (5 seconds).


Defaults

lsp-max-wait: 5 seconds
lsp-initial-wait: 50 milliseconds
lsp-second-wait: 5000 milliseconds

Command Modes

Router configuration

Command History

Release
Modification

12.1

This command was introduced.


Usage Guidelines

The following description will help you determine whether to change the default values of this command:

The lsp-initial-wait argument indicates the initial wait time (in milliseconds) before generating the first LSP.

The third argument indicates the amount of time to wait (in milliseconds) between the first and second LSP generation.

Each subsequent wait interval is twice as long as the previous one until the wait interval reaches the lsp-max-wait interval specified, so this value causes the throttling or slowing down of the LSP generation after the initial and second intervals. Once this interval is reached, the wait interval continues at this interval until the network calms down.

After the network calms down and there are no triggers for 2 times the lsp-max-wait interval, fast behavior is restored (the initial wait time).

Notice that the lsp-gen-interval command controls the delay between LSPs being generated, as opposed to the following related commands:

The isis lsp-interval command sets the delay (in milliseconds) between successive LSPs being transmitted (including LSPs generated by another system and forwarded by the local system).

The isis retransmit-interval command sets the amount of time (in seconds) between retransmissions of the same LSP on a point-to-point link.

The isis retransmit-throttle-interval command sets the minimum delay (in milliseconds) between retransmitted LSPs on a point-to-point interface.

These commands can be used in combination to control the rate of LSP packets being generated, transmitted, and retransmitted.

Examples

The following example configures intervals for SPF calculations, PRC, and LSP generation:

router isis
 spf-interval 5 10 20
 prc-interval 5 10 20
 lsp-gen-interval 2 50 100

Related Commands

Command
Description

isis lsp-interval

Sets the time delay between successive IS-IS LSP transmissions.

isis retransmit-interval

Sets the amount of time between retransmission of each IS-IS LSP on a point-to-point link.

isis retransmit-throttle-interval

Sets the minimum delay between retransmissions on each LSP on a point-to-point interface.


lsp-refresh-interval (IS-IS)

To set the link-state packet (LSP) refresh interval, use the lsp-refresh-interval command in router configuration mode. To restore the default refresh interval, use the no form of this command.

lsp-refresh-interval seconds

no lsp-refresh-interval

Syntax Description

seconds

Interval (in seconds) at which LSPs are refreshed.The range is 1 to 65535 seconds. The default value is 900 seconds (15 minutes).


Defaults

900 seconds (15 minutes)

Command Modes

Router configuration

Command History

Release
Modification

10.3

This command was introduced.


Usage Guidelines

The refresh interval determines the rate at which Cisco IOS software periodically transmits in LSPs the route topology information that it originates. This is done to keep the database information from becoming too old.

LSPs must be periodically refreshed before their lifetimes expire. The value set for the lsp-refresh-interval command should be less than the value set for the max-lsp-lifetime command; otherwise, LSPs will time out before they are refreshed. If you misconfigure the LSP lifetime to be too low compared to the LSP refresh interval, the software will reduce the LSP refresh interval to prevent the LSPs from timing out.

Reducing the refresh interval reduces the amount of time that undetected link state database corruption can persist at the cost of increased link utilization. (This is an extremely unlikely event, however, because there are other safeguards against corruption.) Increasing the interval reduces the link utilization caused by the flooding of refreshed packets (although this utilization is very small).

Examples

The following example configures the IS-IS LSP refresh interval to be 1080 seconds (18 minutes):

router isis 
 lsp-refresh-interval 1080

Related Commands

Command
Description

max-lsp-lifetime (IS-IS)

Sets the maximum time that link-state packets (LSPs) can remain in a router's database without being refreshed.


match as-path

To match a BGP autonomous system path access list, use the match as-path command in route-map configuration mode. To remove a path list entry, use the no form of this command.

match as-path path-list-number

no match as-path path-list-number

Syntax Description

path-list-number

Autonomous system path access list. An integer from 1 to 199.


Defaults

No path lists are defined.

Command Modes

Route-map configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

The values set by the match as-path and set weight commands override global values. For example, the weights assigned with the match as-path and set weight route-map configuration commands override the weight assigned using the neighbor weight command.

A route map can have several parts. Any route that does not match at least one match clause relating to a route-map command will be ignored; that is, the route will not be advertised for outbound route maps and will not be accepted for inbound route maps. If you want to modify only some data, you must configure a second route-map section with an explicit match specified.

Examples

The following example sets the autonomous system path to match BGP autonomous system path access list 20:

route-map IGP2BGP
 match as-path 20

Related Commands

Command
Description

match community

Matches a BGP community.

match interface (IP)

Distributes routes that have their next hop out one of the interfaces specified.

match ip address

Distributes any routes that have a destination network number address that is permitted by a standard or extended access list, and performs policy routing on packets.

match ip next-hop

Redistributes any routes that have a next hop router address passed by one of the access lists specified.

Command
Description

match ip route-source

Redistributes routes that have been advertised by routers and access servers at the address specified by the access lists.

match metric (IP)

Redistributes routes with the metric specified.

match route-type (IP)

Redistributes routes of the specified type.

match tag

Redistributes routes in the routing table that match the specified tags.

neighbor weight

Assigns weight to a neighbor connection.

route-map (IP)

Defines the conditions for redistributing routes from one routing protocol into another, or enables policy routing.

set as-path

Modifies an autonomous system path for BGP routes.

set automatic-tag

Automatically computes the tag value in a route map configuration.

set community

Sets the BGP communities attribute.

set level (IP)

Indicates where to import routes.

set local-preference

Specifies a preference value for the autonomous system path.

set metric (BGP, OSPF, RIP)

Sets the metric value for a routing protocol.

set metric-type

Sets the metric type for the destination routing protocol.

set next-hop

Specifies the address of the next hop.

set origin (BGP)

Sets the BGP origin code.

set tag (IP)

Sets the value of the destination routing protocol.

set weight

Specifies the BGP weight for the routing table.


match community

To match a Border Gateway Protocol (BGP) community, use the match community command in route-map configuration mode. To remove the match community command from the configuration file and restore the system to its default condition where the software removes the BGP community list entry, use the no form of this command.

match community {standard-list-number | expanded-list-number | community-list-name [exact]}

no match community {standard-list-number | expanded-list-number | community-list-name [exact]}

Syntax Description

standard-list-number

Specifies a standard community list number from 1 to 99 that identifies one or more permit or deny groups of communities.

expanded-list-number

Specifies an expanded community list number from 100 to 500 that identifies one or more permit or deny groups of communities.

community-list-name

The community list name.

exact

(Optional) Indicates that an exact match is required. All of the communities and only those communities specified must be present.


Defaults

No community list is matched by the route map.

Command Modes

Route-map configuration

Command History

Release
Modification

12.1

This command was introduced.

12.1(9)E

Named community list support was integrated into Cisco IOS Release 12.1(9)E.

12.2(8)T

Named community list support was integrated into Cisco IOS Release 12.2(8)T.

12.0(22)S

The maximum number of expanded extended community list numbers was changed from 199 to 500 in Cisco IOS Release 12.0(22)S.

12.2(15)T

The maximum number of expanded extended community list numbers was changed from 199 to 500 in Cisco IOS Release 12.2(15)T.


Usage Guidelines

A route map can have several parts. Any route that does not match at least one match command relating to a route-map command will be ignored; that is, the route will not be advertised for outbound route maps and will not be accepted for inbound route maps. If you want to modify only some data, you must configure a second route-map section with an explicit match specified.

Matching based on community list number is one of the types of match commands applicable to BGP.

Examples

The following example shows that the routes matching community list 1 will have the weight set to 100. Any route that has community 109 will have the weight set to 100.

Router(config)# ip community-list 1 permit 109
Router(config)# !
Router(config)# route-map set_weight
Router(config-route-map)#  match community 1
Router(config-route-map)# set weight 100

The following example shows that the routes matching community list 1 will have the weight set to 200. Any route that has community 109 alone will have the weight set to 200.

Router(config)# ip community-list 1 permit 109
Router(config)# !
Router(config)# route-map set_weight
Router(config-route-map)# match community 1 exact
Router(config-route-map)# set weight 200

In the following example, the routes that match community list LIST_NAME will have the weight set to 100. Any route that has community 101 alone will have the weight set to 100.

Router(config)# ip community-list 1 permit 101
Router(config)# !
Router(config)# route-map set_weight
Router(config-route-map)# match community LIST_NAME 
Router(config-route-map)# set weight 100

The following example shows that the routes that match expanded community list 500. Any route that has extended community 1 will have the weight set to 150.

Router(config)# ip community-list 500 permit [0-9]*
Router(config)# !
Router(config)# route-map MAP_NAME permit 10
Router(config-route-map)# match extcommunity 500
Router(config-route-map)# set weight 150

Related Commands

Command
Description

ip community-list

Creates a community list for BGP and controls access to it.

route-map (IP)

Defines the conditions for redistributing routes from one routing protocol into another.

set weight

Specifies the BGP weight for the routing table.


match extcommunity

To match Border Gateway Protocol (BGP) extended community list attributes, use the match extcommunity command in route-map configuration mode. To remove the match extcommunity command from the configuration file and remove the BGP extended community list attribute entry, use the no form of this command.

match extcommunity standard-list-number expanded-list-number

no match extcommunity standard-list-number expanded-list-number

Syntax Description

standard-list-number

A standard extended community list number from 1 to 99 that identifies one or more permit or deny groups of extended community attributes.

expanded-list-number

An expanded extended community list number from 100 to 500 that identifies one or more permit or deny groups of extended community attributes.


Defaults

This command is disabled by default.

Command Modes

Route-map configuration

Command History

Release
Modification

12.1

This command was introduced.

12.0(22)S

The maximum number of expanded extended community list numbers was changed from 199 to 500 in Cisco IOS Release 12.0(22)S.

12.2(15)T

The maximum number of expanded extended community list numbers was changed from 199 to 500 in Cisco IOS Release 12.2(15)T.


Usage Guidelines

Extended community attributes are used to configure, filter, and identify routes for virtual routing and forwarding instances (VRFs) and Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs).

The match extcommunity command is used to configure match clauses that use extended community attributes in route maps. The range of numbers that can be configured with the match extcommunity command is from 1 to500. All of the standard rules of match and set clauses apply to the configuration of extended community attributes.

Examples

The following example shows that the routes that match extended community list 500 will have the weight set to 100. Any route that has extended community 1 will have the weight set to 100.

Router(config)# ip extcommunity-list 500 rt 100:2
Router(config)# !
Router(config)# route-map MAP_NAME permit 10
Router(config-route-map)# match extcommunity 1
Router(config-route-map)# set weight 100

Related Commands

Command
Description

ip extcommunity-list

Creates an extended community list for BGP and controls access to it.

route-map (IP)

Defines the conditions for redistributing routes from one routing protocol into another.

set extcommunity

Sets BGP extended community attributes.

set weight

Specifies the BGP weight for the routing table.

show ip extcommunity-list

Displays routes that are permitted by the extended community list.

show route-map

Displays configured route maps.


match interface (IP)

To distribute any routes that have their next hop out one of the interfaces specified, use the match interface command in route-map configuration mode. To remove the match interface entry, use the no form of this command.

match interface interface-type interface-number [... interface-type interface-number]

no match interface interface-type interface-number [... interface-type interface-number]

Syntax Description

interface-type

Interface type.

interface-number

Interface number.


Defaults

No match interfaces are defined.

Command Modes

Route-map configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

An ellipsis (...) in the command syntax indicates that your command input can include multiple values for the interface-type interface-number arguments.

Use the route-map global configuration command, and the match and set route-map configuration commands, to define the conditions for redistributing routes from one routing protocol into another. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which redistribution is allowed for the current route-map command. The set commands specify the set actions—the particular redistribution actions to perform if the criteria enforced by the match commands are met. The no route-map command deletes the route map.

The match route-map configuration command has multiple formats. The match commands may be given in any order, and all match commands must "pass" to cause the route to be redistributed according to the set actions given with the set commands. The no forms of the match commands remove the specified match criteria.

A route map can have several parts. Any route that does not match at least one match clause relating to a route-map command will be ignored; that is, the route will not be advertised for outbound route maps and will not be accepted for inbound route maps. If you want to modify only some data, you must configure a second route map section with an explicit match specified.

Examples

In the following example, routes that have their next hop out Ethernet interface 0 will be distributed:

route-map name
 match interface ethernet 0

Related Commands

Command
Description

match as-path

Matches a BGP autonomous system path access list.

match community

Matches a BGP community.

match ip address

Distributes any routes that have a destination network number address that is permitted by a standard or extended access list, and performs policy routing on packets.

match ip next-hop

Redistributes any routes that have a next hop router address passed by one of the access lists specified.

match ip route-source

Redistributes routes that have been advertised by routers and access servers at the address specified by the access lists.

match metric (IP)

Redistributes routes with the metric specified.

match route-type (IP)

Redistributes routes of the specified type.

match tag

Redistributes routes in the routing table that match the specified tags.

route-map (IP)

Defines the conditions for redistributing routes from one routing protocol into another, or enables policy routing.

set as-path

Modifies an autonomous system path for BGP routes.

set automatic-tag

Automatically computes the tag value.

set community

Sets the BGP communities attribute.

set level (IP)

Indicates where to import routes.

set local-preference

Specifies a preference value for the autonomous system path.

set metric (BGP, OSPF, RIP)

Sets the metric value for a routing protocol.

set metric-type

Sets the metric type for the destination routing protocol.

set next-hop

Specifies the address of the next hop.

set tag (IP)

Sets a tag value of the destination routing protocol.

set weight

Specifies the BGP weight for the routing table.


match ip address

To distribute any routes that have a destination network number address that is permitted by a standard access list, an extended access list, or a prefix list, or to perform policy routing on packets, use the match ip address command in route-map configuration mode. To remove the match ip address entry, use the no form of this command.

match ip address {access-list-number [access-list-number... | access-list-name...] | access-list-name [access-list-number...| access-list-name] | prefix-list prefix-list-name [prefix-list-name...]}

no match ip address {access-list-number [access-list-number... | access-list-name...] | access-list-name [access-list-number...| access-list-name] | prefix-list prefix-list-name [prefix-list-name...]}

Syntax Description

access-list-number...

Number of a standard or extended access list. It can be an integer from 1 to 199. The ellipsis indicates that multiple values can be entered.

access-list-name...

Name of a standard or extended access list. It can be an integer from 1 to 199. The ellipsis indicates that multiple values can be entered.

prefix-list

Distributes routes based on a prefix list.

prefix-list-name...

Name of a specific prefix list. The ellipsis indicates that multiple values can be entered.


Defaults

No access list numbers or prefix lists are specified.

Command Modes

Route-map configuration

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

An ellipsis (...) in the command syntax indicates that your command input can include multiple values for the access-list-number, access-list-name, or prefix-list-name arguments.

Like matches in the same route map subblock are filtered with "or" semantics. If any one match clause is matched in the entire route map subblock, this match is treated as a successful match. Dissimilar match clauses are filtered with "and" semantics. So dissimilar matches are filtered logically. If the first set of conditions is not met, the second match clause is filtered. This process continues until a match occurs or there are no more match clauses.

Use route maps to redistribute routes or to subject packets to policy routing. Both purposes are described in this section.

Redistribution

Use the route-map global configuration command, and the match and set route-map configuration commands, to define the conditions for redistributing routes from one routing protocol into another. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which redistribution is allowed for the current route-map command. The set commands specify the set actions—the particular redistribution actions to perform if the criteria enforced by the match commands are met. The no route-map command deletes the route map.

The match route-map configuration command has multiple formats. The match commands can be given in any order, and all match commands must "pass" to cause the route to be redistributed according to the set actions given with the set commands. The no forms of the match commands remove the specified match criteria.

When you are passing routes through a route map, a route map can have several sections that contain specific match clauses. Any route that does not match at least one match clause relating to a route-map command will be ignored; that is, the route will not be advertised for outbound route maps and will not be accepted for inbound route maps. If you want to modify only some data, you must configure a second route map section with an explicit match specified.

Policy Routing

Another purpose of route maps is to enable policy routing. The match ip address command allows you to policy route packets based on criteria that can be matched with an extended access list; for example, a protocol, protocol service, and source or destination IP address. To define the conditions for policy routing packets, use the ip policy route-map interface configuration command, in addition to the route-map global configuration command, and the match and set route-map configuration commands. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which policy routing occurs. The set commands specify the set actions—the particular routing actions to perform if the criteria enforced by the match commands are met. You might want to policy route packets based on their source, for example, using an access list.

Examples

In the following example, routes that have addresses specified by access list numbers 5 or 80 will be matched:

route-map name
 match ip address 5 80

Route maps that use prefix lists can be used for route filtering, default origination, and redistribution in other routing protocols. In the following example, a default route 0.0.0.0/0 is conditionally originated when there exists a prefix 10.1.1.0/24 in the routing table:


ip prefix-list cond permit 10.1.1.0/24
!
route-map default-condition permit 10
match ip address prefix-list cond
!
router rip
default-information originate route-map default-condition
!

In the following policy routing example, packets that have addresses specified by access list numbers 6 or 25 will be routed to Ethernet interface 0:

interface serial 0
 ip policy route-map chicago
!
route-map chicago
 match ip address 6 25 
 set interface ethernet 0

Related Commands

Command
Description

ip local policy route-map

Identifies a route map to use for policy routing on an interface.

ip policy route-map

Identifies a route map to use for policy routing on an interface.

match as-path

Matches a BGP autonomous system path access list.

match community

Matches a BGP community.

match interface (IP)

Distributes any routes that have their next hop out one of the interfaces specified.

match ip next-hop

Redistributes any routes that have a next hop router address passed by one of the access lists specified.

match ip route-source

Redistributes routes that have been advertised by routers and access servers at the address specified by the access lists.

match length

Bases policy routing on the Level 3 length of a packet.

match metric (IP)

Redistributes routes with the metric specified.

match route-type (IP)

Redistributes routes of the specified type.

match tag

Redistributes routes in the routing table that match the specified tags.

route-map (IP)

Defines the conditions for redistributing routes from one routing protocol into another, or enables policy routing.

set as-path

Modifies an autonomous system path for BGP routes.

set automatic-tag

Automatically computes the tag value.

set community

Sets the BGP communities attribute.

set default interface

Indicates where to output packets that pass a match clause of a route map for policy routing and have no explicit route to the destination.

set interface

Indicates where to output packets that pass a match clause of a route map for policy routing.

set ip default next-hop

Indicates where to output packets that pass a match clause of a route map for policy routing and for which the Cisco IOS software has no exp