The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
To configure a list of locators that are allowed in a Map-Register message sent by an egress tunnel router (ETR) when registering to the Map Server, use the allowed-locator command. To remove the locators, use the no form of this command.
allowed-locator rloc1 [ rloc2 [ rloc3 [rloc4] ] ]
rloc1 |
IPv4 or IPv6 Routing Locator (RLOC) allowed within the Map-Registration message. |
rloc2,rloc3,rloc14 |
Additional IPv4 or IPv6 RLOCs allowed within the Map-Registration message. |
None
LISP site configuration mode
Release |
Modification |
---|---|
5.0(1.13) |
This command was introduced. |
When a LISP ETR registers with a Map Server, it sends a Map-Register message that contains, one or more EID-prefixes and routing locators that the ETR is configured to use. After verifying the authentication data, the Map Server checks the EID-prefixes against those configured on the Map-Server. If they agree, the Map Register is accepted and the ETR registration is completed.
You can constraint the Map Server default behavior so that the ETR can only register using specific routing locators. To enable this functionality, enter the allowed-locator command in LISP site configuration mode. The Map-Register message from the ETR must contain the same locators that are listed in the Map-Server LISP site configuration. If the list in the Map Register does not match the one configured on the Map Server, the Map-Register message is not accepted and the ETR is not registered. You can configure up to four IPv4 or IPv6 routing locators.
Note | When you configure allowed locators, an exact match for all locators or a subset of all locators listed on the Map Server within the LISP site configuration must also appear in the Map-Register message sent by the ETR for it to be accepted. |
This command does not require a license.
This example shows how to configure the LISP site named Customer-1 and enter the site command mode. This example also shows the IPv4 address 172.16.1.1 and the IPv6 address 2001:db8:bb::1 are configured as allowable locators for the LISP site Customer-1. When Customer-1 registers with this Map Server, at least one or both of the configured locators must be included in the Map Registration for the site to register.
switch# configuration terminal switch(config)# lisp site Customer-1 switch(config-lisp-site)# allowed-locator 172.16.1.1 2001:db8:bb::1
Command |
Description |
---|---|
lisp site |
Configures a LISP site and enters site configuration mode on a Map Server. |
show lisp site |
Displays registered LISP sites on a Map Server. |
To configure the password used to create the SHA-1 HMAC hash for authenticating the Map-Register message sent by an egress tunnel router (ETR) when registering to the Map-Server, use the authentication-key command. To remove the password, use the no form of this command.
authentication-key key-type password
no authentication-key key-type password
key-type |
Key type that the following SHA-1 password is encoded using Type (0) indicates that a cleartext password follows. Type (3) indicates that a 3DES encrypted key follows, and Type (7) indicates that a Cisco Type 7 encrypted password follows. |
password |
Password used to create the SHA-1 HMAC hash when authenticating the Map-Register message sent by the ETR. |
None
LISP site configuration mode
Release |
Modification |
---|---|
5.0(1.13) |
This command was introduced. |
When a Locator/ID Separation Protocol (LISP) ETR registers with a Map-Server, the Map Server must already have been configured with certain LISP site attributes that match the ETR attributes. These attributes include a shared password that is used to create the SHA-1 HMAC hash that the Map Server uses to validate the authentication data in the Map-Register message. On the ETR, this password is configured by using the ip lisp etr map-server and ipv6 lisp etr map-server command.
On the Map Server, the password is configured as part of the lisp site configuration process. To enter the LISP site password, enter the authentication-key command in LISP site configuration mode. You can enter the SHA-1 HMAC password in unencrypted (cleartext) form or encrypted form. To enter an unencrypted password, specify a key-type value of 0. To enter a 3DES-encrypted password, specify a key-type value of 3. To enter a Cisco-encrypted password, specify a key-type value of 7.
Caution | Map-Server authentication keys entered in cleartext form automatically are converted to Type 3 (encrypted) form. |
Note | You must configure the Map Server and ETR with matching passwords for the Map-Registration process to successfully complete. When a LISP site successfully completes the Map-Registration process, its attributes are displayed by using the show lisp site command. If the Map-Registration process is unsuccessful, the site does not be display. |
This command does not require a license.
This example shows how to configure the LISP site named Customer-1, enter the site command mode, and enter the shared password:
switch# configuration terminal switch(config)# lisp site Customer-1 switch(config-lisp-site)# authentication-key 0 s0m3-s3cr3t-k3y
Command |
Description |
---|---|
lisp site |
Configures a LISP site and enters site configuration mode on a Map Server. |
ip lisp etr map-server |
Configures the IPv4 or IPv6 locator address of the LISP Map Server to which an ETR should register for its IPv4 EID prefixes. |
ipv6 lisp etr map-server |
Configures the IPv4 or IPv6 locator address of the LISP Map Server to which an ETR should register for its IPv6 EID prefixes. |
show lisp site |
Displays registered LISP sites on a Map Server. |