A Commands
This chapter describes the Cisco NX-OS unicast routing commands that begin with the letter A.
additional-paths
To configure the capability of sending and receiving additional paths to and from the BGP peers, use the additional-paths command. To disable this feature, use the no form of this command.
additional-paths { receive | selection route-map map-name | send | install backup }
Syntax Description
Command Modesaddress-family configuration mode
Usage GuidelinesThe additional-paths install backup command enables BGP to install the backup path to the routing table. This command is required to support the BGP PIC edge active-backup path scenario.
![]()
Note The additional-paths install backup command is supported only with IPv4 unicast address-families.
ExamplesThis example shows how to enable the additional paths send and receive capability for all neighbors under the specified address family for which this capability has not been disabled:
This example shows how to configure the additional paths selection under the specified address family:
This example shows how to configure the backup path to the routing table:
address (VRRP)
To add a single, primary IP address to a virtual router, use the address command. To remove an IP address from a virtual router, use the no form of this command.
Command Modes
Usage GuidelinesYou can configure one virtual router IP address for a virtual router. If the configured IP address is the same as the interface IP address, this switch automatically owns the IP address. You can configure an IPv4 address only.
The master VRRP router drops the packets addressed to the virtual router's IP address because the virtual router is only intended as a next-hop router to forward packets. In NX-OS devices, some applications require that packets addressed to the virtual router's IP address be accepted and delivered. By using the secondary option to the virtual router IPv4 address, the VRRP router will accept these packets when it is the master.
address-family (BGP)
To enter the address family mode or a virtual routing and forwarding (VRF) address-family mode and configure submode commands for the Border Gateway Protocol (BGP), use the address-family command. To disable the address family submode for configuring routing protocols, use the no form of this command.
address-family { ipv4 | ipv6 } { multicast | unicast }
Command ModesRouter configuration
Neighbor configuration
VRF configuration
Usage GuidelinesUse the address-family command to enter various address family configuration modes while configuring BGP routing. When you enter the address-family command from router configuration mode, you enable the address family and enter global address family configuration mode. The prompt changes to
switch(config-router-af)#.
You must configure the address families if you are using route redistribution, address aggregation, load balancing, and other advanced features. IPv4 neighbor sessions support IPv4 unicast and multicast address families. IPv6 neighbor sessions support IPv6 unicast and multicast address families.
![]()
Note Beginning with Cisco NX-OS Release 6.2(8) you can configure the address-family ipv4 unicast command in an IPv6 session.
From the address family configuration mode, the following parameters are available:
![]()
Note This applies to IPv4 multicast or unicast and IPv6 multicast or unicast.
- aggregate-address —Configures BGP aggregate prefixes. See the aggregate-address command for additional information.
- client-to-client reflection —Enables client-to-client route reflection. Route reflection allows a BGP speaker (route reflector) to advertise IBGP learned routes to certain IBGP peers. Use the no form of this command to disable client-to-client route reflection. Default: Enabled.
- dampening [ half-life | route-map name ] —Configures the route flap dampening. Optionally, you can set the time (in minutes) after which a penalty is decreased. Once the route has been assigned a penalty, the penalty is decreased by half after the half-life period (which is 15 minutes by default). The process of reducing the penalty happens every 5 seconds. The default half-life is 15 minutes. Range: 1 to 45. Default: Disabled.
- default-metric metric —Sets the default flap metric of redistributed routes. The default-metric command is used to set the metric value for routes redistributed into BGP with the redistribute command. A default metric can be configured to solve the problem of redistributing routes with incompatible metrics. Assigning the default metric will allow redistribution to occur. This value is the Multi Exit Discriminator (MED) that is evaluated by BGP during the best path selection process. The MED is a non-transitive value that is processed only within the local autonomous system and adjacent autonomous systems. The default metric is not set if the received route has a MED value. Range: 0 to 4294967295.
![]()
Note When enabled, the default-metric command applies a metric value of 0 to redistributed connected routes. The default-metric command does not override metric values that are applied with the redistribute command.
- default-originate —Originates a default toward this peer.
- distance ebgp-route ibgp-route local-route —Configures a rating of the trustworthiness of a routing information source, such as an individual router or a group of routers. BGP does not use discard routes for next-hop resolution. In general, the higher the value, the lower the trust rating. An administrative distance of 255 means the routing information source cannot be trusted at all and should be ignored. Use this command if another protocol is known to be able to provide a better route to a node than was actually learned via external BGP (eBGP), or if some internal routes should be preferred by BGP. Range: 1 to 255. Default: EBGP — 20, IBGP—200.
![]()
Caution Changing the administrative distance of internal BGP routes is considered dangerous and is not recommended. Improper configuration can introduce routing table inconsistencies and break routing.
- exit —Exits from the current command mode.
- maximum-paths [ ibgp ] parallel-paths —Configures the number of parallel paths to forward packets. The maximum-paths ibgp command is used to configure equal-cost or unequal-cost multipath load sharing for iBGP peering sessions. In order for a route to be installed as a multipath in the BGP routing table, the route cannot have a next hop that is the same as another route that is already installed. The BGP routing process will still advertise a best path to iBGP peers when iBGP multipath load sharing is configured. For equal-cost routes, the path from the neighbor with the lowest router ID is advertised as the best path. To configure equal-cost multipath load sharing, all path attributes must be the same. The path attributes include weight, local preference, autonomous system path (entire attribute and not just the length), origin code, Multi Exit Discriminator (MED), and Interior Gateway Protocol (IGP) distance. The optional ibgp keyword allows you to configure multipath for the IBGP paths. To return to the default, use the no form of this command. The range is from 1 to 16.
- network —Configures an IP prefix to advertise. See the network command for more information.
- nexthop—Enables nexthop tracking. See the nexthop route-map and nexthop trigger-delay command for more information.
- no —Negates a command or sets its defaults.
- redistribute —Enables the redistribution of routes learned by other protocols into BGP. Redistribution is supported for both IPv4 and IPv6 routes. To disable the redistribution of routes learned by other protocols into BGP, use the no form of this command.
–
direct route-map name —Specifies directly connected routes.
–
eigrp AS-num route-map name —Specifies Enhanced Interior Gateway Protocol routes. Range: 1 to 65535.
–
isis src-protocol route-map name —Specifies ISO IS-IS routes.
–
ospf src-protocol route-map name —Specifies Open Shortest Path First (OSPF) routes.
–
rip src-protocol route-map name —Specifies Routing Information Protocol (RIP) routes.
–
static route-map name —Specifies static routes.
- suppress-inactive —Advertises only active routes to peer. See the suppress-inactive command for additional information.
Use the neighbor command to enter neighbor address family configuration mode while configuring BGP routing. From the BGP neighbor configuration mode, you can perform the following actions:
- advertise-map —Specifies route-map for conditional advertisement. See the advertise-map command.
- allowas-in —Accepts as-path with my AS present in it.
- as-override —Overrides matching AS-number while sending update.
- default-originate { route-map }— Originates a default toward this peer.
- disable-peer-as-check —Disables checking of peer AS-number while advertising.
- filter-list —Applies AS-PATH filter list.
- inherit — Inherits a template.
- maximum-prefix —Specifies maximum number of prefixes from this neighbor.
- next-hop-self —Sets our peering address as nexthop.
- next-hop-third-party —Computes a third-party nexthop if possible.
- no —Negates a command or set its defaults.
- prefix-list —Applies a prefix list.
- route-map —Applies a route map to neighbor. See the route map command for more information.
- route-reflector-client —Configures a neighbor as a Route reflector client.
- send-community —Sends community attribute to this neighbor.
- soft-reconfiguration —Soft reconfiguration.
- soo —Specify site-of-origin extcommunity.
ExamplesThis example shows how to place the router in global address family configuration mode for the IPv4 unicast address family:
This example shows how to activate IPv4 multicast for neighbor 192.0.2.1 and place the device in neighbor address family configuration mode for the IPv4 multicast address family:
address-family (EIGRP)
To configure an address family for the Enhanced Interior Gateway Routing Protocol (EIGRP), use the address-family command in router configuration mode.
Command Modesaddress-family (IS-IS)
To enter the address family mode or a virtual routing and forwarding (VRF) address-family mode and configure submode commands for the Intermediate System-to-Intermediate System Intradomain Routing Protocol (IS-IS), use the address-family command. To disable the address family submode for configuring routing protocols, use the no form of this command.
Command ModesRouter configuration
VRF configuration
Usage GuidelinesUse the address-family command to enter various address family configuration modes while configuring IS-IS routing. When you enter the address-family command from configuration mode, you enable the address family and enter global address family configuration mode. The prompt changes to
switch(config-router-af)#.
You must configure the address families if you are using route redistribution, address aggregation, load balancing, and other advanced features. IPv4 neighbor sessions support IPv4 unicast address families.
From the address family configuration mode, the following configuration modes are available:
- adjacency-check —Allows Intermediate System-to-Intermediate System (IS-IS) IPv4 protocol-support consistency checks to be performed on hello packets. To disable consistency checks on hello packets, use the no form of this command. Default: Enabled. IS-IS performs consistency checks on hello packets and will form an adjacency only with a neighboring router that supports the same set of protocols.
Use the no adjacency-check command in address-family configuration mode to suppress the consistency checks for IPv6 IS-IS and allow an IPv4 IS-IS router to form an adjacency with a router running IPv4 IS-IS and IPv6. IS-IS will never form an adjacency between a router running IPv4 IS-IS only and a router running IPv6 only.
Use the no adjacency-check configuration mode command to suppress the IPv4 subnet consistency check and allow IS-IS to form an adjacency with other routers regardless of whether or not they have an IPv4 subnet in common. By default, IS-IS makes checks in hello packets for IPv4 address subnet matching with a neighbor.
![]()
Tip Use the debug isis adjacency packets command in privileged EXEC mode to check for adjacency errors. Error messages in the output may indicate where routers are failing to establish adjacencies.
- default-information originate [ always ] [ route-map name ]—Controls the origination of a default route.
–
always —(Optional) Always advertises the default route.
–
route-map name —(Optional) Specifies the name of the route-map to announce the default routes.
- distance value —Specifies the administrative distance. To return to the default distance, use the no form of this command. An administrative distance of 255 means the routing information source cannot be trusted at all and should be ignored. Range: 1 to 255. Default: 115.
- distribute { level-1 | level-2 } into { level-1 | level-2 } { all | route-map name }—Configures domain-wide prefix distribution between levels.
–
level-1 —Distributes the interarea routes into level-1 of this IS-IS instance.
–
level-2 —Distributes the interarea routes into level-2 of this IS-IS instance.
–
into —Specifies from one level to another level.
–
all —Distributes all route levels.
–
route-map name —Prevents distribution of a specific route-map.
- exit —Exits from the current command mode.
- no —Negates a command or set its defaults.
- redistribute protocol as-num [ . as-num ] [ route-map map-tag ]—Redistributes information from another routing protocol into IS-IS. To remove the redistribute command from the configuration file and return to the default setting, use the no form of this command. Default: Software does not redistribute routes. See the redistribute (IS-IS) command for information.
- summary-address { ip-addr | ip-prefix / length | ipv6-addr | ipv6-prefix / length } level —Creates the IS-IS aggregate addresses. To remove the aggregate address, use the no form of this command. See the summary-address command for information.
ExamplesThis example shows how to place the router in address family configuration mode and specify unicast address prefixes for the IPv4 address family:
This example shows how to redistribute directly connected routes into IS-IS. This example advertises only 10.1.0.0 into the IS-IS level-1 link-state PDU.
This example shows how to introduce IPv6 into an existing IPv4 IS-IS network. To ensure that the checking of hello packet checks from adjacent neighbors is disabled until all the neighbor routers are configured to use IPv6, enter the no adjacency-check command.
address-family (OSPFv3)
To enter address family mode for the Open Shortest Path First version 3(OSPFv3) protocol, use the address-family command.
Command Modesaddress-family (RIP)
To configure an address family for the Routing Information Protocol (RIP), use the address-family command in router configuration mode.
Command Modes
ExamplesThis example shows how to set the IPv4 unicast address family for a RIP instance:
This example shows how to set the IPv6 unicast address family for a RIP instance:
adjacency-check
To enable strict adjacency mode for the IPv4 and IPv6 address, use the adjacency-check command. To disable this feature, use the no form of this command.
Command Modesadvertise-map
To configure Border Gateway Protocol (BGP) conditional advertisement, use the advertise-map command. To remove BGP conditional advertisement, use the no form of this command.
advertise-map adv-map { exist-map exist-rmap | non-exist-map nonexist-rmap }
Syntax Description
Command ModesBGP neighbor address-family command mode
network-admin
network-operator
vdc-admin
vdc-operator
Usage GuidelinesUse the advertise-map command to conditionally advertise selected routes. The routes or prefixes that BGP conditionally advertises are defined in two route maps, the adv-map and an exist-map or nonexist-map . The exist-map or nonexist-map specifies the prefix that the BGP tracks. The adv-map specifies the prefix that BGP advertises to the specified neighbor when the condition is met.
ExamplesThis example shows how to configure BGP conditional advertisement:
switch(config)# router bgp 65536
switch(config-router)# neighbor 192.0.2.2 remote-as 65537
switch(config-router-neighbor)# address-family ipv4 unicast
switch(config-router-neighbor-af)# advertise-map advertise exist-map exist
switch(config-router-neighbor-af)# exit
switch(config-router-neighbor)# exit
switch(config)# route-map advertise
switch(config-route-map)# match as-path pathList
switch(config-route-map)# exit
switch(config)# route-map exit
switch(config-route-map)# match ip address prefix-list plist
switch(config-route-map)# exit
switch(config)# ip prefix-list plist permit 209.165.201.0/27
advertisement-interval (VRRP)
To specify the time interval between the advertisement packets that are being sent to other Virtual Router Redundancy Protocol (VRRP) routers in the same group, use the advertisement-interval command. To return to the default interval value of 1 second, use the no form of this command.
Command Modes
Usage GuidelinesVRRP advertisements communicate the priority and state of the virtual router master. The advertisements are encapsulated in IP packets and are sent to the IPv4 multicast address that is assigned to the VRRP group.
VRRP uses a dedicated Internet Assigned Numbers Authority (IANA) standard multicast address (224.0.0.18) for VRRP advertisements. This addressing scheme minimizes the number of routers that must service the multicasts and allows test equipment to accurately identify VRRP packets on a segment. The IANA-assigned VRRP IP protocol number is 112.
aggregate-address
To create a summary address in a Border Gateway Protocol (BGP) routing table, use the aggregate-address command. To remove the summary address, use the no form of this command.
aggregate-address address/length [ advertise-map map-name ] [ as-set ] [ attribute-map map-name ] [ summary-only ] [ suppress-map map-name ]
no aggregate-address address/mask-length [ advertise-map map-name ] [ as-set ] [ attribute-map map-name ] [ summary-only ] [ suppress-map map-name ]
Syntax Description
Command ModesAddress-family configuration
Neighbor address-family configuration
Router BGP configuration
Usage GuidelinesYou can implement aggregate routing in BGP and mBGP either by redistributing an aggregate route into BGP or mBGP, or by using the conditional aggregate routing feature.
Using the aggregate-address command with no keywords will create an aggregate entry in the BGP or mBGP routing table if any more-specific BGP or mBGP routes are available that fall within the specified range. (A longer prefix which matches the aggregate must exist in the RIB.) The aggregate route will be advertised as coming from your autonomous system and will have the atomic aggregate attribute set to show that information might be missing. (By default, the atomic aggregate attribute is set unless you specify the as-set keyword.)
Using the as-set keyword creates an aggregate entry using the same rules that the command follows without this keyword, but the path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized. Do not use this form of the aggregate-address command when aggregating many paths, because this route must be continually withdrawn and updated as autonomous system path reachability information for the summarized routes changes.
Using the summary-only keyword not only creates the aggregate route (for example, 192.*.*.*) but also suppresses advertisements of more-specific routes to all neighbors. If you want to suppress only advertisements to certain neighbors, you may use the neighbor distribute-list command, with caution. If a more-specific route leaks out, all BGP or mBGP routers will prefer that route over the less-specific aggregate you are generating (using longest-match routing).
Using the suppress-map keyword creates the aggregate route but suppresses advertisement of specified routes. You can use the match clauses of route maps to selectively suppress some more-specific routes of the aggregate and leave others unsuppressed. IP access lists and autonomous system path access lists match clauses are supported.
Using the advertise-map keyword selects specific routes that will be used to build different components of the aggregate route, such as AS_SET or community. This form of the aggregate-address command is useful when the components of an aggregate are in separate autonomous systems and you want to create an aggregate with AS_SET, and advertise it back to some of the same autonomous systems. You must remember to omit the specific autonomous system numbers from the AS_SET to prevent the aggregate from being dropped by the BGP loop detection mechanism at the receiving router. IP access lists and autonomous system path access lists match clauses are supported.
Using the attribute-map keyword allows attributes of the aggregate route to be changed. This form of the aggregate-address command is useful when one of the routes forming the AS_SET is configured with an attribute such as the community no-export attribute, which would prevent the aggregate route from being exported. An attribute map route map can be created to change the aggregate attributes.
ExamplesIn This example, an aggregate BGP address is created in router configuration mode. The path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized.
In This example, an aggregate BGP address is created in address family configuration mode and applied to the multicast database (SAFI) under the IP Version 4 address family. Because the summary-only keyword is configured, more-specific routes are filtered from updates.
Conditional Aggregation Example
In This example, a route map called MAP-ONE is created to match on an as-path access list. The path advertised for this route will be an AS_SET consisting of elements contained in paths that are matched in the route map.
area authentication (OSPF)
To enable authentication for an Open Shortest Path First (OSPF) area, use the area authentication command. To remove authentication for an area, use the no form of this command.
area area-id authentication [ message-digest ]
Command Modes
Usage GuidelinesUse the area authentication command to configure the authentication mode for the entire OSPF area.
The authentication type and authentication password must be the same for all OSPF devices in an area. Use the ip ospf authentication-key command in interface configuration mode to specify this password.
If you enable MD5 authentication with the message-digest keyword, you must configure a password with the ip ospf message-digest-key command in interface configuration mode.
area default-cost (OSPF)
To specify a cost for the default summary route sent into an Open Shortest Path First (OSPF) stub or not-so-stubby area (NSSA), use the area default-cost command. To remove the assigned default route cost, use the no form of this command.
area area-id default-cost cost
Command Modes
Usage GuidelinesUse the area default-cost command on an Area Border Router (ABR) attached to a stub or NSSA to configure the metric for the summary default route generated by the ABR into the stub area.
area default-cost (OSPFv3)
To specify a cost for the default summary route sent into an Open Shortest Path First version 3(OSPFv3) stub or not-so-stubby area (NSSA), use the area default-cost command. To remove the assigned default route cost, use the no form of this command.
area area-id default-cost cost
Command Modes
Usage GuidelinesUse the area default-cost command on an Area Border Router (ABR) attached to a stub or NSSA to configure the metric for the summary default route generated by the ABR into the stub area.
area filter-list (OSPF)
To filter prefixes advertised in type 3 link-state advertisements (LSAs) between Open Shortest Path First (OSPF) areas of an Area Border Router (ABR), use the area filter-list command. To change or cancel the filter, use the no form of this command.
area area-id filter-list route-map map-name { in | out }
Command Modes
Usage GuidelinesUse the area filter-list command to filter Type 3 LSAs. If you apply the route map with the in keyword, the route map filters all Type 3 LSAs originated by the ABR to this area, including Type 3 LSAs that originated as a result of the area range command in another area.
If you apply the route map with the out keyword, the route map filters all Type 3 LSAs that are advertised by the ABR to all other areas including Type 3 LSAs that originate locally as a result of the area range command configured in this area.
Cisco NX-OS implicitly denies any prefix that does not match an entry in the route map.
area filter-list (OSPFv3)
To filter prefixes advertised in type 3 link-state advertisements (LSAs) between Open Shortest Path First version 3 (OSPFv3) areas of an Area Border Router (ABR), use the area filter-list command. To change or cancel the filter, use the no form of this command.
area area-id filter-list route-map map-name { in | out }
Command Modes
Usage GuidelinesUse the area filter-list command to filter Type 3 LSAs. If you apply the route map with the in keyword, the route map filters all Type 3 LSAs originated by the ABR to this area, including Type 3 LSAs that originated as a result of the area range command in another area.
If you apply the route map with the out keyword, the route map filters all Type 3 LSAs that are advertised by the ABR to all other areas including Type 3 LSAs that originate locally as a result of the area range command configured in this area.
Cisco NX-OS implicitly denies any prefix that does not match an entry in the route map.
area nssa (OSPF)
To configure an area as an Open Shortest Path First (OSPF) not-so-stubby area (NSSA), use the area nssa command. To remove the NSSA area, use the no form of this command.
area area-id nssa [ default-information-originate [ route-map map-name ]] [ no-redistribution ] [ no-summary ] [ translate type7 [ always | never ] [ suppress-fa ]]
no area area-id nssa [ default-information-originate [ route-map map-name ]] [ no-redistribution ] [ no-summary ] [ translate type7 [ always | never ] [ suppress-fa ]]
Syntax Description
Command Modes
Usage GuidelinesUse the area nssa command to create an NSSA area in an OSPF autonomous system. We recommend that you understand the network topology before configuring forwarding address suppression for translated LSAs. Suboptimal routing might result because there might be better paths to reach the destination’s forwarding address.
ExamplesThis example shows how to configure area 1 as an NSSA area:
This example shows how to configure area 1 as an NSSA area and translate Type 7 LSAs from area 1 to Type 5 LSAs, but not place the Type 7 forwarding address into the Type 5 LSAs. (OSPF places 0.0.0.0 as the forwarding address in the Type 5 LSAs.)
area nssa (OSPFv3)
To configure an area as an Open Shortest Path First version 3 (osPFv3) not-so-stubby area (NSSA), use the area nssa command. To remove the NSSA area, use the no form of this command.
area area-id nssa [ default-information-originate [ route-map map-name ]] [ no-redistribution ] [ no-summary ] [ translate type7 [ always | never ] [ suppress-fa ]]
no area area-id nssa [ default-information-originate [ route-map map-name ]] [ no-redistribution ] [ no-summary ] [ translate type7 [ always | never ] [ suppress-fa ]]
Syntax Description
Command Modes
Usage GuidelinesUse the area nssa command to create an NSSA area in an OSPFv3 autonomous system. We recommend that you understand the network topology before configuring forwarding address suppression for translated LSAs. Suboptimal routing might result because there might be better paths to reach the destination’s forwarding address.
ExamplesThis example shows how to configure area 1 as an NSSA area:
This example shows how to configure area 1 as an NSSA area and translate Type 7 LSAs from area 1 to Type 5 LSAs, but not place the Type 7 forwarding address into the Type 5 LSAs. (OSPFv3 places 0.0.0.0 as the forwarding address in the Type 5 LSAs.)
area range (OSPF)
To consolidate and summarize routes at an Open Shortest Path First (OSPF) area boundary, use the area range command. To disable this function, use the no form of this command.
area area-id range ip-prefix [ not-advertise ] [ cost cost-value ]
no area area-id range ip-prefix [ not-advertise ] [ cost cost-value ]
Syntax Description
Command Modes
Usage GuidelinesUse the area range command only with Area Border Routers (ABRs) to consolidate or summarize routes for an area. The ABR advertises that a single summary route is advertised to other areas and condenses routing information at area boundaries.
You can configure OSPF to summarize addresses for many different sets of address ranges by configuring multiple area range commands.
area range (OSPFv3)
To consolidate and summarize routes at an Open Shortest Path First version 3 (OSPFv3) area boundary, use the area range command. To disable this function, use the no form of this command.
area area-id range ipv6-prefix/length [ not-advertise ] [ cost cost-value ]
no area area-id range ivp6-prefix [ not-advertise ] [ cost cost-value ]
Syntax Description
Command Modes
Usage GuidelinesUse the area range command only with Area Border Routers (ABRs) to consolidate or summarize routes for an area. The ABR advertises that a single summary route is advertised to other areas and condenses routing information at area boundaries.
You can configure OSPFv3 to summarize addresses for many different sets of address ranges by configuring multiple area range commands.
area stub (OSPF)
To define an area as an Open Shortest Path First (OSPF) stub area, use the area stub command. To remove the area, use the no form of this command.
area area-id stub [ no-summary ]
Command Modes
Usage GuidelinesUse the area stub command to configure all devices attached to the stub area. Use the area default-cost command on an area border router (ABR) attached to the stub area. The area default-cost command provides the metric for the summary default route generated by the ABR into the stub area.
To further reduce the number of link-state advertisements (LSAs) sent into a stub area, you can configure the no-summary keyword on the ABR to prevent it from sending Summary LSAs (Type 3 LSAs3) into the stub area.
area stub (OSPFv3)
To define an area as an Open Shortest Path First version 3 (OSPFv3) stub area, use the area stub command. To remove the area, use the no form of this command.
area area-id stub [ no-summary ]
Command Modes
Usage GuidelinesUse the area stub command to configure all devices attached to the stub area. Use the area default-cost command on an area border router (ABR) attached to the stub area. The area default-cost command provides the metric for the summary default route generated by the ABR into the stub area.
To further reduce the number of link-state advertisements (LSAs) sent into a stub area, you can configure the no-summary keyword on the ABR to prevent it from sending Summary LSAs (Type 3 LSAs3) into the stub area.
area virtual-link (OSPF)
To define an Open Shortest Path First (OSPF) virtual link, use the area virtual-link command. To remove a virtual link, use the no form of this command.
area area-id virtual-link router-id
Command Modes
Usage GuidelinesUse the area virtual-link command to establish a virtual link from a remote area to the backbone area. In OSPF, all areas must be connected to a backbone area. If the connection to the backbone is lost, it can be repaired by establishing a virtual link.
Use the area virtual-link command to enter the virtual link configuration mode where you can use the following commands:
- authentication [key-chain | message-digest | null]
- authentication-key [0 | 3] key
- dead-interval seconds
- hello-interval seconds
- message-digest-key key-id md5 key
- retransmit-interval seconds
- transmit-delay seconds
See each command for syntax and usage details.
You must configure both sides of a virtual link with the same area ID and the corresponding virtual link neighbor router ID. To see the router ID, use the show ip ospf neighbors command in any mode.
ExamplesThis example shows how to establish a virtual link between two devices, A, and B, with default values for all optional parameters:
area virtual-link (OSPFv3)
To define an Open Shortest Path First version 3 (osPFv3) virtual link, use the area virtual-link command. To remove a virtual link, use the no form of this command.
area area-id virtual-link router-id
no area area-id virtual-link router-id
Syntax Description
Command Modes
Usage GuidelinesUse the area virtual-link command to establish a virtual link from a remote area to the backbone area. In OSPFv3, all areas must be connected to a backbone area. If the connection to the backbone is lost, it can be repaired by establishing a virtual link.
Use the area virtual-link command to enter the virtual link configuration mode where you can use the following commands:
See each command for syntax and usage details.
You must configure both sides of a virtual link with the same area ID and the corresponding virtual link neighbor router ID. To see the router ID, use the show ospfv3 neighbors command in any mode.
ExamplesThis example shows how to establish a virtual link between two devices, A, and B, with default values for all optional parameters:
as-format asdot
To configure the autonomous system number (ASN) notation to asdot, use the as-format asdot command. To delete the ASN notation configuration, use the no form of this command.
authentication (GLBP)
To configure an authentication for the Gateway Load Balancing Protocol (GLBP), use the authentication command. To disable authentication, use the no form of this command.
authentication { text string | md5 { key-string [ encrypted ] key | key-chain name-of-chain }}
no authentication { text string | md5 { key-string [ 0 | 7 ] key | key-chain name-of-chain }}
Command Modes
Usage GuidelinesTo ensure interoperation, you must configure the same authentication method on all the gateways that are members of the same GLBP group. A gateway ignores all GLBP messages that contain the wrong authentication information.
authentication (HSRP)
To configure authentication for the Hot Standby Router Protocol (HSRP), use the authentication command. To disable authentication, use the no form of this command.
authentication { text string | md5 { key-chain key-chain | key-string { 0 | 7 } text [ timeout seconds ]}}
no authentication { text string | md5 { key-chain key-chain | key-string { 0 | 7 } text [ timeout seconds ]}}
Syntax Description
Command ModesHSRP configuration or HSRP template mode
Usage GuidelinesUse the authentication text command to prevent misconfigured routers from participating in HSRP groups that they are not intended to participate in. The authentication string is sent unencrypted in all HSRP messages. The same authentication string must be configured on all routers in the same group to ensure interoperation. HSRP protocol packets that do not authenticate are ignored.
![]()
authentication (OSPF virtual link)
To specify the authentication type for an Open Shortest Path First (OSPF) virtual link, use the authentication command. To remove the authentication type for a virtual link, use the no form of this command.
authentication [ key-chain key-name | message-digest | null ]
Command ModesOSPF virtual link configuration
Usage GuidelinesUse the authentication command in virtual link configuration mode to configure the authentication method used on the virtual link. Use the message-diges t keyword to configure MD5 message digest authentication and use the message-digest-key command to complete this authentication configuration. Use the key-chain keyword to configure password authentication using key chains and use the key chain command to complete this authentication configuration. Use the authentication command with no keywords to configure a password for the virtual link, and use the authentication-key command to complete this authentication configuration.
authentication (VRRP)
To configure an authentication for the Virtual Router Redundancy Protocol (VRRP), use the authentication command. To disable authentication, use the no form of this command.
authentication key-chain (EIGRP)
To enable authentication for the Enhanced Interior Gateway Routing Protocol (EIGRP) packets and to specify the set of keys that can be used on an interface, use the authentication key-chain command. To prevent authentication, use the no form of this command.
Command ModesRouter configuration
Address family configuration
Router VRF configuration
Usage GuidelinesSet the authentication mode using the authentication mode command in VRF configuration mode. You must separately configure a key chain using the key-chain command to complete the authentication configuration for an interface.
ExamplesThis example shows how to configure the interface to accept and send any key that belongs to the key-chain trees:
authentication key-chain (IS-IS)
To enable authentication for Intermediate System-to-Intermediate System (IS-IS), use the authentication key-chain configuration mode command. To disable such authentication, use the no form of this command.
authentication key-chain auth-key { level-1 | level-2 }
Command ModesRouter configuration
VRF configuration
Usage GuidelinesIf no key chain is configured with the authentication key-chain command, no key chain authentication is performed.
Key chain authentication could apply to clear text authentication or MD5 authentication. The mode is determined by the authentication mode command.
Only one authentication key chain is applied to IS-IS at one time. For example, if you configure a second authentication key-chain command, the first authentication key chain is overridden.
You can specify authentication for an individual IS-IS interface by using the isis authentication key-chain command.
authentication mode (EIGRP)
To specify the type of authentication used in the Enhanced Interior Gateway Routing Protocol (EIGRP) packets, use the authentication mode command. To remove authentication, use the no form of this command.
Command ModesRouter configuration
Address family configuration
VRF configurationauthentication-check
To specify for the Intermediate System-to-Intermediate System (IS-IS) instance that authentication is performed only on IS-IS packets being sent (not received), use the authentication-check configuration mode command. To configure for the IS-IS instance that if authentication is configured at the router level, such authentication be performed on packets being sent and received, use the no form of this command.
Command ModesRouter configuration
VRF configuration
Usage GuidelinesEnter the authentication-check command before configuring the authentication mode and authentication key chain. Entering the authentication-check command allows the routers to have more time for the keys to be configured on each router if authentication is inserted only on the packets being sent, not checked on packets being received. After you enter the authentication-check command on all communicating routers, enable the authentication mode and key chain on each router. Then enter the no authentication-check command to disable the command.
This command could apply to clear text authentication or Message Digest 5 (MD5) authentication. The mode is determined by the authentication mode command.
You can specify authentication for an individual IS-IS interface by using the isis authentication-check { level-1 | level-2 } interface configuration mode command.
authentication-key (OSPF virtual link)
To assign a password to be used by an Open Shortest Path First (OSPF) virtual link, use the authentication-key command. To remove a previously assigned OSPF password, use the no form of this command.
Command ModesOSPF virtual link configuration
Usage GuidelinesUse the authentication-key command to configure the password for password authentication on an OSPF virtual link. All devices on the same virtual link must have the same password to be able to exchange OSPF information.
authentication-type
To specify the type of authentication used in Intermediate System-to-Intermediate System (IS-IS) packets for the IS-IS instance, use the authentication-type configuration mode command. To restore clear text authentication, use the no form of this command.
authentication-type { cleartex t | md5 } [ level-1 | level-2]
Command ModesRouter configuration
VRF configuration
Usage GuidelinesIf you do not enter the level-1 or level-2 keywords, the mode applies to both levels.
You can specify the type of authentication and the level to which it applies for a single IS-IS interface, rather than per IS-IS instance, by using the authentication-type command.
You can specify authentication type for an individual IS-IS interface by using the isis authentication-type { cleartext | md5 } [ level-1 | level-2 ] interface configuration mode command.
auto-cost (OSPF)
To control how Open Shortest Path First (OSPF) calculates default metrics for an interface, use the auto-cost command. To assign the default reference bandwidth of 40Gb/s, use the no form of this command.
auto-cost reference-bandwidth bandwidth [Gbps | Mbps]
no auto-cost reference-bandwidth
Syntax Description
Command Modes
Usage GuidelinesUse the auto-cost command to set the reference bandwidth used by the OSPF cost-metric calculation.
The value set by the ip ospf cost command overrides the cost that results from the auto-cost command.
auto-cost (OSPFv3)
To control how Open Shortest Path First version 3 (OSPFv3) calculates default metrics for an interface, use the auto-cost command. To assign the default reference bandwidth of 40Gb/s, use the no form of this command.
auto-cost reference-bandwidth bandwidth [Gbps | Mbps]
no auto-cos t reference-bandwidth
Syntax Description
Command Modes
Usage GuidelinesUse the auto-cost command to set the reference bandwidth used by the OSPFv3 cost-metric calculation.
The value set by the ipv6 ospfv3 cost command overrides the cost that results from the auto-cost command.
autonomous-system
To configure the autonomous system number for an Enhanced Interior Gateway Routing Protocol (EIGRP) address family, use the autonomous-system command. To revert to default, use the no form of this command.