ip community-list

To create a community list entry, use the ip community-list command. To remove the entry, use the no form of this command.

ip community-list standard list-name {deny | permit} {aa:nn | internet | local-AS | no-advertise | no-export}

no ip community-list standard list-name

ip community-list expanded list-name {deny | permit} regexp

no ip community-list expanded list-name

Syntax Description

standard list-name

Configures a named standard community list.

permit

Permits access for a matching condition.

deny

Denies access for a matching condition.

aa:nn

(Optional) Autonomous system number and network number entered in the 4-byte new community format. This value is configured with two 2-byte numbers separated by a colon. A number from 1 to 65535 can be entered each 2-byte number. A single community can be entered or multiple communities can be entered, each separated by a space.

You can pick more than one of these optional community keywords.

internet

(Optional) Specifies the Internet community. Routes with this community are advertised to all peers (internal and external).

You can pick more than one of these optional community keywords.

no-export

(Optional) Specifies the no-export community. Routes with this community are advertised to only peers in the same autonomous system or to only other subautonomous systems within a confederation. These routes are not advertised to external peers.

You can pick more than one of these optional community keywords.

local-AS

(Optional) Specifies the local-as community. Routes with community are advertised to only peers that are part of the local autonomous system or to only peers within a subautonomous system of a confederation. These routes are not advertised external peers or to other subautonomous systems within a confederation.

You can pick more than one of these optional community keywords.

no-advertise

(Optional) Specifies the no-advertise community. Routes with this community are not advertised to any peer (internal or external).

You can pick more than one of these optional community keywords.

expanded list-name

Configures a named expanded community list.

regexp

Regular expression that is used to specify a pattern to match against an input string. See the Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide, Release 4.2 at the following URL for details on regular expressions:

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/fundamentals/421_n1_1/Cisco_Nexus_5000_Series_NX-OS_Fundamentals_Configuration_Guide_Release_4_2_1_N1_1_chapter4.html#con_1237003


Note Regular expressions can be used with expanded community lists only.



Command Default

Community exchange is not enabled by default.

Command Modes

Global configuration mode

Command History

Release
Modification

5.0(3)N1(1)

This command was introduced.


Usage Guidelines

The ip community-list command is used to configure BGP community filtering. BGP community values are configured as a 4-byte number. The first two bytes represent the autonomous system number, and the last two bytes represent a user-defined network number. BGP community attribute exchange between BGP peers is enabled when the send-community command is configured for the specified neighbor. The BGP community attribute is defined in RFC 1997 and RFC 1998.

BGP community exchange is not enabled by default. Use the send-community command in BGP neighbor fix-family configuration mode to enable a BGP community attribute exchange between BGP peers.

The Internet community is applied to all routes or prefixes by default until any other community value is configured with this command or the set community command.

Once you configure a permit value to match a given set of communities, the community list defaults to an implicit deny for all other community values. Use the internet community to apply an implicit permit to the community list.

Standard Community Lists

Standard community lists are used to configure well-known communities and specific community numbers. You can pick more than one of the optional community keywords.A maximum of 16 communities can be configured in a standard community list. If you attempt to configure more than 16 communities, the communities that exceed the limit are not processed or saved to the running configuration file.

You can configure up to 32 communities.

Expanded Community Lists

Expanded community lists are used to filter communities using a regular expression. Regular expressions are used to configure patterns to match community attributes. The order for matching using the * or + character is the longest construct is first. Nested constructs are matched from the outside in. Concatenated constructs are matched beginning at the left side. If a regular expression can match two different parts of an input string, it matches the earliest part first.

Community List Processing

When multiple values are configured in the same community list statement, a logical AND condition is created. All community values must match to satisfy an AND condition. When multiple values are configured in separate community list statements, a logical OR condition is created. The first list that matches a condition is processed.

Examples

This example shows how to configure a standard community list where the routes with this community are advertised to all peers (internal and external):

switch(config)# ip community-list standard test1 permit internet 
switch(config)#

This example shows how to configure a logical AND condition; all community values must match in order for the list to be processed:

switch(config)# ip community-list standard test1 permit 65534:40 65412:60 no-export 
switch(config)#

In the above example, a standard community list is configured that permits routes from the following:

•Network 40 in autonomous system 65534 and from network 60 in autonomous system 65412.

•Peers in the same autonomous system or from subautonomous system peers in the same confederation.

This example shows how to configure a standard community list that denies routes that carry communities from network 40 in autonomous system 65534 and from network 60 in autonomous system 65412. This example shows a logical AND condition; all community values must match in order for the list to be processed.

switch(config)# ip community-list standard test2 deny 65534:40 65412:60 

This example shows how to configure a named standard community list that permits all routes within the local autonomous system or permits routes from network 20 in autonomous system 40000. This example shows a logical OR condition; the first match is processed.

switch(config)# ip community-list standard RED permit local-AS 

switch(config)# ip community-list standard RED permit 40000:20 
switch(config)#

This example shows how to configure an expanded community list that denies routes that carry communities from any private autonomous system:

switch(config)# ip community-list expanded 500 deny _64[6-9][0-9][0-9]_|_65[0-9][0-9][0-9]_ 
switch(config)#

This example shows how to configure a named expanded community list that denies routes from network 1 through 99 in autonomous system 50000:

switch(config)# ip community-list list expanded BLUE deny 50000:[0-9][0-9]_ 
switch(config)#

Related Commands

Command
Description

feature bgp

Enables BGP.

match community

Matches an community in a route map.

send-community

Configures BGP to propagate community attributes to BGP peers.

set community

Sets an community in a route map.