IP Routing Commands

accept-lifetime

To set the time period during which the authentication key on a key chain is received as valid, use the accept-lifetime command in key chain key configuration mode. To revert to the default value, use the no form of this command.

accept-lifetime [ local ] start-time { infinite | end-time | duration seconds }

no accept-lifetime

Syntax Description

local

Specifies the time in local timezone.

start-time

Beginning time that the key specified by the key command is valid to be received. The syntax can be either of the following:

hh : mm : ss month date year

hh : mm : ss date month year

  • hh : Hours

  • mm : Minutes

  • ss : Seconds

  • month : First three letters of the month

  • date : Date (1-31)

  • year : Year (four digits)

The default start time and the earliest acceptable date is January 1, 1993.

infinite

Key is valid to be received from the start-time value on.

end-time

Key is valid to be received from the start-time value until the end-time value. The syntax is the same as that for the start-time value. The end-time value must be after the start-time value. The default end time is an infinite time period.

duration seconds

Length of time (in seconds) that the key is valid to be received. The range is from 1 to 864000.

Command Default

The authentication key on a key chain is received as valid forever (the starting time is January 1, 1993, and the ending time is infinite).

Command Modes

Key chain key configuration (config-keychain-key)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Only DRP Agent, Enhanced Interior Gateway Routing Protocol (EIGRP), and Routing Information Protocol ( RIP) Version 2 use key chains.

Specify a start-time value and one of the following values: infinite , end-time , or duration seconds.

We recommend running Network Time Protocol (NTP) or some other time synchronization method if you assign a lifetime to a key.

If the last key expires, authentication will continue and an error message will be generated. To disable authentication, you must manually delete the last valid key.

Examples

The following example configures a key chain named chain1. The key named key1 will be accepted from 1:30 p.m. to 3:30 p.m. and will be sent from 2:00 p.m. to 3:00 p.m. The key named key2 will be accepted from 2:30 p.m. to 4:30 p.m. and will be sent from 3:00 p.m. to 4:00 p.m. The overlap allows for migration of keys or a discrepancy in the set time of the router. There is a 30-minute leeway on each side to handle time differences.

Device(config)# interface GigabitEthernet1/0/1
Device(config-if)# ip rip authentication key-chain chain1
Device(config-if)# ip rip authentication mode md5
Device(config-if)# exit
Device(config)# router rip
Device(config-router)# network 172.19.0.0
Device(config-router)# version 2
Device(config-router)# exit
Device(config)# key chain chain1
Device(config-keychain)# key 1
Device(config-keychain-key)# key-string key1
Device(config-keychain-key)# accept-lifetime 13:30:00 Jan 25 1996 duration 7200
Device(config-keychain-key)# send-lifetime 14:00:00 Jan 25 1996 duration 3600
Device(config-keychain-key)# exit
Device(config-keychain)# key 2
Device(config-keychain)# key-string key2
Device(config-keychain)# accept-lifetime 14:30:00 Jan 25 1996 duration 7200
Device(config-keychain)# send-lifetime 15:00:00 Jan 25 1996 duration 3600

The following example configures a key chain named chain1 for EIGRP address-family. The key named key1 will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The key named key2 will be accepted from 2:30 p.m. to 4:30 p.m. and be sent from 3:00 p.m. to 4:00 p.m. The overlap allows for migration of keys or a discrepancy in the set time of the router. There is a 30-minute leeway on each side to handle time differences.

Device(config)# router eigrp 10
Device(config-router)# address-family ipv4 autonomous-system 4453
Device(config-router-af)# network 10.0.0.0
Device(config-router-af)# af-interface ethernet0/0
Device(config-router-af-interface)# authentication key-chain trees
Device(config-router-af-interface)# authentication mode md5
Device(config-router-af-interface)# exit
Device(config-router-af)# exit
Device(config-router)# exit
Device(config)# key chain chain1
Device(config-keychain)# key 1
Device(config-keychain-key)# key-string key1
Device(config-keychain-key)# accept-lifetime 13:30:00 Jan 25 1996 duration 7200
Device(config-keychain-key)# send-lifetime 14:00:00 Jan 25 1996 duration 3600
Device(config-keychain-key)# exit
Device(config-keychain)# key 2
Device(config-keychain-key)# key-string key2
Device(config-keychain-key)# accept-lifetime 14:30:00 Jan 25 1996 duration 7200
Device(config-keychain-key)# send-lifetime 15:00:00 Jan 25 1996 duration 3600

aggregate-address

To create an aggregate entry in a Border Gateway Protocol (BGP) database, use the aggregate-address command in address family or router configuration mode. To disable this function, use the no form of this command.

aggregate-address address mask [as-set] [as-confed-set] [summary-only] [suppress-map map-name] [advertise-map map-name] [attribute-map map-name]

no aggregate-address address mask [as-set] [as-confed-set] [summary-only] [suppress-map map-name] [advertise-map map-name] [attribute-map map-name]

Syntax Description

address

Aggregate address.

mask

Aggregate mask.

as-set

(Optional) Generates autonomous system set path information.

as-confed-set

(Optional) Generates autonomous confederation set path information.

summary-only

(Optional) Filters all more-specific routes from updates.

suppress-map map-name

(Optional) Specifies the name of the route map used to select the routes to be suppressed.

advertise-map map-name

(Optional) Specifies the name of the route map used to select the routes to create AS_SET origin communities.

attribute-map map-name

(Optional) Specifies the name of the route map used to set the attribute of the aggregate route.

Command Default

The atomic aggregate attribute is set automatically when an aggregate route is created with this command unless the as-set keyword is specified.

Command Modes

Address family configuration (config-router-af)

Router configuration (config-router)

Command History

Table 1.

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

You can implement aggregate routing in BGP and Multiprotocol BGP (mBGP) either by redistributing an aggregate route into BGP or mBGP, or by using the conditional aggregate routing feature.

Using the aggregate-address command with no keywords will create an aggregate entry in the BGP or mBGP routing table if any more-specific BGP or mBGP routes are available that fall within the specified range. (A longer prefix that matches the aggregate must exist in the Routing Information Base (RIB).) The aggregate route will be advertised as coming from your autonomous system and will have the atomic aggregate attribute set to show that information might be missing. (By default, the atomic aggregate attribute is set unless you specify the as-set keyword.)

Using the as-set keyword creates an aggregate entry using the same rules that the command follows without this keyword, but the path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized. Do not use this form of the aggregate-address command when aggregating many paths, because this route must be continually withdrawn and updated as autonomous system path reachability information for the summarized routes changes.

Using the as-confed-set keyword creates an aggregate entry using the same rules that the command follows without this keyword. This keyword performs the same function as the as-set keyword, except that it generates autonomous confed set path information.

Using the summary-only keyword not only creates the aggregate route (for example, 192.*.*.*) but also suppresses advertisements of more-specific routes to all neighbors. If you want to suppress only advertisements to certain neighbors, you may use the neighbor distribute-list command, with caution. If a more-specific route leaks out, all BGP or mBGP routers will prefer that route over the less-specific aggregate you are generating (using longest-match routing).

Using the suppress-map keyword creates the aggregate route but suppresses advertisement of specified routes. You can use the match clauses of route maps to selectively suppress some more-specific routes of the aggregate and leave others unsuppressed. IP access lists and autonomous system path access lists match clauses are supported.

Using the advertise-map keyword selects specific routes that will be used to build different components of the aggregate route, such as AS_SET or community. This form of the aggregate-address command is useful when the components of an aggregate are in separate autonomous systems and you want to create an aggregate with AS_SET, and advertise it back to some of the same autonomous systems. You must remember to omit the specific autonomous system numbers from the AS_SET to prevent the aggregate from being dropped by the BGP loop detection mechanism at the receiving router. IP access lists and autonomous system path access lists match clauses are supported.

Using the attribute-map keyword allows attributes of the aggregate route to be changed. This form of the aggregate-address command is useful when one of the routes forming the AS_SET is configured with an attribute such as the community no-export attribute, which would prevent the aggregate route from being exported. An attribute map route map can be created to change the aggregate attributes.

Examples

In the following example, an aggregate BGP address is created in router configuration mode. The path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized.


Device(config)#router bgp 50000 
Device(config-router)#aggregate-address 10.0.0.0 255.0.0.0 as-set 

Examples

In the following example, an aggregate BGP address is created in address family configuration mode and applied to the multicast database under the IP Version 4 address family. Because the summary-only keyword is configured, more-specific routes are filtered from updates.


Device(config)#router bgp 50000 
Device(config-router)#address-family ipv4 multicast 
Device(config-router-af)#aggregate-address 10.0.0.0 255.0.0.0 summary-only 

Examples

In the following example, a route map called MAP-ONE is created to match on an AS-path access list. The path advertised for this route will be an AS_SET consisting of elements contained in paths that are matched in the route map.


Device(config)#ip as-path access-list 1 deny ^1234_ 
Device(config)#ip as-path access-list 1 permit .* 
Device(config)#! 
Device(config)#route-map MAP-ONE 
Device(config-route-map)#match ip as-path 1 
Device(config-route-map)#exit 
Device(config)#router bgp 50000 
Device(config-router)#address-family ipv4 
Device(config-router-af)#aggregate-address 10.0.0.0 255.0.0.0 as-set advertise-map
MAP-ONE 
Router(config-router-af)#end
 

area nssa

To configure a not-so-stubby area ( NSSA), use the area nssa command in router address family topology or router configuration mode. To remove the NSSA distinction from the area, use the no form of this command.

area nssa commandarea area-id nssa [no-redistribution] [default-information-originate [metric] [metric-type]] [no-summary] [nssa-only]

no area area-id nssa [no-redistribution] [default-information-originate [metric] [metric-type]] [no-summary] [nssa-only]

Syntax Description

area-id

Identifier for the stub area or NSSA. The identifier can be specified as either a decimal value or an IP address.

no-redistribution

(Optional) Used when the router is an NSSA Area Border Router (ABR) and you want the redistribute command to import routes only into the normal areas, but not into the NSSA area.

default-information- originate

(Optional) Used to generate a Type 7 default into the NSSA area. This keyword takes effect only on the NSSA ABR or the NSSA Autonomous System Boundary Router (ASBR).

metric

(Optional) Specifies the OSPF default metric.

metric-type

(Optional) Specifies the OSPF metric type for default routes.

no-summary

(Optional) Allows an area to be an NSSA but not have summary routes injected into it.

nssa-only

(Optional) Limits the default advertisement to this NSSA area by setting the propagate (P) bit in the type-7 LSA to zero.

Command Default

No NSSA area is defined.

Command Modes

Router address family topology configuration (config-router-af-topology) Router configuration (config-router)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

To remove the specified area from the software configuration, use the no area area-id command (with no other keywords). That is, the no area area-id command removes all area options, including area authentication , area default-cost , area nssa , area range , area stub , and area virtual-link .

Release 12.2(33)SRB

If you plan to configure the Multi-Topology Routing (MTR) feature, you need to enter the area nssa command in router address family topology configuration mode in order for this OSPF router configuration command to become topology-aware.

Examples

The following example makes area 1 an NSSA area:


router ospf 1
redistribute rip subnets
network 172.19.92.0 0.0.0.255 area 1
area 1 nssa

area virtual-link

To define an Open Shortest Path First (OSPF) virtual link, use the area virtual-link command in router address family topology, router configuration, or address family configuration mode. To remove a virtual link, use the no form of this command.

area area-id virtual-link router-id authentication key-chain chain-name [hello-interval seconds] [retransmit-interval seconds] [transmit-delay seconds] [dead-interval seconds] [ttl-security hops hop-count]

no area area-id virtual-link router-id authentication key-chain chain-name

Syntax Description

Table 2.

area-id

Area ID assigned to the virtual link. This can be either a decimal value or a valid IPv6 prefix. There is no default.

router-id

Router ID associated with the virtual link neighbor. The router ID appears in the show ip ospf or show ipv6 display command. There is no default.

authentication

Enables virtual link authentication.

key-chain

Configures a key-chain for cryptographic authentication keys.

chain-name

Name of the authentication key that is valid.

hello-interval seconds

(Optional) Specifies the time (in seconds) between the hello packets that the Cisco IOS software sends on an interface. The hello interval is an unsigned integer value to be advertised in the hello packets. The value must be the same for all routers and access servers attached to a common network. The range is from 1 to 8192. The default is 10.

retransmit-interval seconds

(Optional) Specifies the time (in seconds) between link-state advertisement (LSA) retransmissions for adjacencies belonging to the interface. The retransmit interval is the expected round-trip delay between any two routers on the attached network. The value must be greater than the expected round-trip delay. The range is from 1 to 8192. The default is 5.

transmit-delay seconds

(Optional) Specifies the estimated time (in seconds) required to send a link-state update packet on the interface. The integer value that must be greater than zero. LSAs in the update packet have their age incremented by this amount before transmission. The range is from 1 to 8192. The default value is 1.

dead-interval seconds

(Optional) Specifies the time (in seconds) that hello packets are not seen before a neighbor declares the router down. The dead interval is an unsigned integer value. The default is four times the hello interval, or 40 seconds. As with the hello interval, this value must be the same for all routers and access servers attached to a common network.

ttl-security hops hop-count

(Optional) Configures Time-to-Live (TTL) security on a virtual link. The hop-count argument range is from 1 to 254.

Command Default

No OSPF virtual link is defined.

Command Modes

Router address family topology configuration (config-router-af-topology)

Router configuration (config-router)

Address family configuration (config-router-af)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

In OSPF, all areas must be connected to a backbone area. A lost connection to the backbone can be repaired by establishing a virtual link.

The shorter the hello interval, the faster topological changes will be detected, but more routing traffic will ensue. The setting of the retransmit interval should be conservative, or needless retransmissions will result. The value should be larger for serial lines and virtual links.

You should choose a transmit delay value that considers the transmission and propagation delays for the interface.

To configure a virtual link in OSPF for IPv6, you must use a router ID instead of an address. In OSPF for IPv6, the virtual link takes the router ID rather than the IPv6 prefix of the remote router.

Use the ttl-security hops hop-count keywords and argument to enable checking of TTL values on OSPF packets from neighbors or to set TTL values sent to neighbors. This feature adds an extra layer of protection to OSPF.


Note


In order for a virtual link to be properly configured, each virtual link neighbor must include the transit area ID and the corresponding virtual link neighbor router ID. To display the router ID, use the show ip ospf or the show ipv6 ospf command in privileged EXEC mode.



Note


To remove the specified area from the software configuration, use the no area area-id command (with no other keywords). That is, the no area area-id command removes all area options, such as area default-cost , area nssa , area range , area stub , and area virtual-link .


Release 12.2(33)SRB

If you plan to configure the Multitopology Routing (MTR) feature, you need to enter the area virtual-link command in router address family topology configuration mode in order for this OSPF router configuration command to become topology-aware.

Examples

The following example establishes a virtual link with default values for all optional parameters:


Device(config)# ipv6 router ospf 1
Device(config)# log-adjacency-changes
Device(config)# area 1 virtual-link 192.168.255.1

The following example establishes a virtual link in OSPF for IPv6:


Device(config)# ipv6 router ospf 1
Device(config)# log-adjacency-changes
Device(config)# area 1 virtual-link 192.168.255.1 hello-interval 5

The following example shows how to configure TTL security for a virtual link in OSPFv3 for IPv6:


Device(config)# router ospfv3 1
Device(config-router)# address-family ipv6 unicast vrf vrf1
Device(config-router-af)# area 1 virtual-link 10.1.1.1 ttl-security hops 10


The following example shows how to configure the authentication using a key chain for virtual-links:


Device(config)# area 1 virtual-link 192.168.255.1 authentication key-chain ospf-chain-1

auto-summary (BGP)

To configure automatic summarization of subnet routes into network-level routes, use the auto-summary command in address family or router configuration mode. To disable automatic summarization and send subprefix routing information across classful network boundaries, use the no form of this command.

auto-summary

no auto-summary

Syntax Description

This command has no arguments or keywords.

Command Default

Automatic summarization is disabled by default (the software sends subprefix routing information across classful network boundaries).

Command Modes

Address family configuration (config-router-af)

Router configuration (config-router)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

BGP automatically summarizes routes to classful network boundaries when this command is enabled. Route summarization is used to reduce the amount of routing information in routing tables. Automatic summarization applies to connected, static, and redistributed routes.


Note


The MPLS VPN Per VRF Label feature does not support auto-summary.


By default, automatic summarization is disabled and BGP accepts subnets redistributed from an Interior Gateway Protocol (IGP). To block subnets and create summary subprefixes to the classful network boundary when crossing classful network boundaries, use the auto-summary command.

To advertise and carry subnet routes in BGP when automatic summarization is enabled, use an explicit network command to advertise the subnet. The auto-summary command does not apply to routes injected into BGP via the network command or through iBGP or eBGP.

Why auto-summary for BGP Is Disabled By Default

When auto-summary is enabled, routes injected into BGP via redistribution are summarized on a classful boundary. Remember that a 32-bit IP address consists of a network address and a host address. The subnet mask determines the number of bits used for the network address and the number of bits used for the host address. The IP address classes have a natural or standard subnet mask, as shown in the table below.

Table 3. IP Address Classes

Class

Address Range

Standard Mask

A

1.0.0.0 to 126.0.0.0

255.0.0.0 or /8

B

128.1.0.0 to 191.254.0.0

255.255.0.0 or /16

C

192.0.1.0 to 223.255.254.0

255.255.255.0 or /24

Reserved addresses include 128.0.0.0, 191.255.0.0, 192.0.0.0, and 223.255.255.0.

When using the standard subnet mask, Class A addresses have one octet for the network, Class B addresses have two octets for the network, and Class C addresses have three octets for the network.

Consider the Class B address 156.26.32.1 with a 24-bit subnet mask, for example. The 24-bit subnet mask selects three octets, 156.26.32, for the network. The last octet is the host address. If the network 156.26.32.1/24 is learned via an IGP and is then redistributed into BGP, if auto-summary were enabled, the network would be automatically summarized to the natural mask for a Class B network. The network that BGP would advertise is 156.26.0.0/16. BGP would be advertising that it can reach the entire Class B address space from 156.26.0.0 to 156.26.255.255. If the only network that can be reached via the BGP router is 156.26.32.0/24, BGP would be advertising 254 networks that cannot be reached via this router. This is why the auto-summary (BGP) command is disabled by default.

Examples

In the following example, automatic summarization is enabled for IPv4 address family prefixes:


Device(config)#router bgp 50000
 
Device(config-router)#address-family ipv4 unicast
 
Device(config-router-af)#auto-summary
 
Device(config-router-af)#network 7.7.7.7 255.255.255.255

In the example, there are different subnets, such as 7.7.7.6 and 7.7.7.7 on Loopback interface 6 and Loopback interface 7, respectively. Both auto-summary and a network command are configured.


Device#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
Ethernet0/0            100.0.1.7       YES NVRAM  up                    up      
Ethernet0/1            unassigned      YES NVRAM  administratively down down    
Ethernet0/2            unassigned      YES NVRAM  administratively down down    
Ethernet0/3            unassigned      YES NVRAM  administratively down down    
Ethernet1/0            108.7.9.7       YES NVRAM  up                    up      
Ethernet1/1            unassigned      YES NVRAM  administratively down down    
Ethernet1/2            unassigned      YES NVRAM  administratively down down    
Ethernet1/3            unassigned      YES NVRAM  administratively down down    
Loopback6              7.7.7.6         YES NVRAM  up                    up      
Loopback7              7.7.7.7         YES NVRAM  up                    up      

Note that in the output below, because of the auto-summary command, the BGP routing table displays the summarized route 7.0.0.0 instead of 7.7.7.6. The 7.7.7.7/32 network is displayed because it was configured with the network command, which is not affected by the auto-summary command.


Device#show ip bgp
BGP table version is 10, local router ID is 7.7.7.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*> 6.6.6.6/32       100.0.1.6                0             0 6 i
*> 7.0.0.0          0.0.0.0                  0         32768 ?   <-- summarization
*> 7.7.7.7/32       0.0.0.0                  0         32768 i   <-- network command
r>i9.9.9.9/32       108.7.9.9                0    100      0 i
*> 100.0.0.0        0.0.0.0                  0         32768 ?
r> 100.0.1.0/24     100.0.1.6                0             0 6 ?
*> 108.0.0.0        0.0.0.0                  0         32768 ?
r>i108.7.9.0/24     108.7.9.9                0    100      0 ?
*>i200.0.1.0        108.7.9.9 

bgp graceful-restart

To enable the Border Gateway Protocol (BGP) graceful restart capability globally for all BGP neighbors, use the bgp graceful-restart command in address family or in router configuration mode. To disable the BGP graceful restart capability globally for all BGP neighbors, use the no form of this command.

bgp graceful-restart [extended | restart-time seconds | stalepath-time seconds] [all]

no bgp graceful-restart

Syntax Description

extended

(Optional) Enables BGP graceful restart extension.

restart-time seconds

(Optional) Sets the maximum time period that the local router will wait for a graceful-restart-capable neighbor to return to normal operation after a restart event occurs. The default value for this argument is 120 seconds. The configurable range of values is from 1 to 3600 seconds.

stalepath-time seconds

(Optional) Sets the maximum time period that the local router will hold stale paths for a restarting peer. All stale paths are deleted after this timer expires. The default value for this argument is 360 seconds. The configurable range of values is from 1 to 3600 seconds

all

(Optional) Enables BGP graceful restart capability for all address family modes.

Command Default

The following default values are used when this command is entered without any keywords or arguments:

restart-time : 120 seconds stalepath-time : 360 seconds


Note


Changing the restart and stalepath timer values is not required to enable the BGP graceful restart capability. The default values are optimal for most network deployments, and these values should be adjusted only by an experienced network operator.

Command Modes

Address-family configuration (config-router-af)

Router configuration (config-router)

Command History

Table 4.

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The bgp graceful-restart command is used to enable or disable the graceful restart capability globally for all BGP neighbors in a BGP network. The graceful restart capability is negotiated between nonstop forwarding (NSF)-capable and NSF-aware peers in OPEN messages during session establishment. If the graceful restart capability is enabled after a BGP session has been established, the session will need to be restarted with a hard reset.

The graceful restart capability is supported by NSF-capable and NSF-aware routers. A router that is NSF-capable can perform a stateful switchover (SSO) operation (graceful restart) and can assist restarting peers by holding routing table information during the SSO operation. A router that is NSF-aware functions like a router that is NSF-capable but cannot perform an SSO operation.

The BGP graceful restart capability is enabled by default when a supporting version of Cisco IOS software is installed. The default timer values for this feature are optimal for most network deployments. We recommend that they are adjusted only by experienced network operators. When adjusting the timer values, the restart timer should not be set to a value greater than the hold time that is carried in the OPEN message. If consecutive restart operations occur, routes (from a restarting router) that were previously marked as stale will be deleted.


Note


Changing the restart and stalepath timer values is not required to enable the BGP graceful restart capability. The default values are optimal for most network deployments, and these values should be adjusted only by an experienced network operator.

Examples

In the following example, the BGP graceful restart capability is enabled:


Device#configure terminal
Device(config)#router bgp 65000
Device(config-router)#bgp graceful-restart

In the following example, the restart timer is set to 130 seconds:


Device#configure terminal
Device(config)#router bgp 65000
Device(config-router)#bgp graceful-restart restart-time 130 

In the following example, the stalepath timer is set to 350 seconds:


Device#configure terminal
Device(config)#router bgp 65000
Device(config-router)#bgp graceful-restart stalepath-time 350

In the following example, the extended keyword is used:


Device#configure terminal
Device(config)#router bgp 65000
Device(config-router)#bgp graceful-restart extended

clear proximity ip bgp

To reset Border Gateway Protocol (BGP) connections using hard or soft reconfiguration, use the clear proximity ip bgp command in privileged EXEC mode.

clear proximity ip bgp {* | all | autonomous-system-number | neighbor-address | peer-group group-name} [in [prefix-filter] | out | slow | soft [in [prefix-filter] | out | slow]]

Syntax Description

*

Specifies that all current BGP sessions will be reset.

all

(Optional) Specifies the reset of all address family sessions.

autonomous-system-number

Number of the autonomous system in which all BGP peer sessions will be reset. Number in the range from 1 to 65535.

  • In Cisco IOS Release 12.0(32)SY8, 12.0(33)S3, 12.2(33)SRE, 12.2(33)XNE, 12.2(33)SXI1, Cisco IOS XE Release 2.4, and later releases, 4-byte autonomous system numbers are supported in the range from 65536 to 4294967295 in asplain notation and in the range from 1.0 to 65535.65535 in asdot notation.

  • In Cisco IOS Release 12.0(32)S12, 12.4(24)T, and Cisco IOS XE Release 2.3, 4-byte autonomous system numbers are supported in the range from 1.0 to 65535.65535 in asdot notation only.

For more details about autonomous system number formats, see the router bgp command.

neighbor-address

Specifies that only the identified BGP neighbor will be reset. The value for this argument can be an IPv4 or IPv6 address.

peer-group group-name

Specifies that only the identified BGP peer group will be reset.

in

(Optional) Initiates inbound reconfiguration. If neither the in nor out keywords are specified, both inbound and outbound sessions are reset.

prefix-filter

(Optional) Clears the existing outbound route filter (ORF) prefix list to trigger a new route refresh or soft reconfiguration, which updates the ORF prefix list.

out

(Optional) Initiates inbound or outbound reconfiguration. If neither the in nor out keywords are specified, both inbound and outbound sessions are reset.

slow

(Optional) Clears slow-peer status forcefully and moves it to original update group.

soft

(Optional) Initiates a soft reset. Does not tear down the session.

Command Modes


Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Theclearproximity ip bgp command can be used to initiate a hard reset or soft reconfiguration. A hard reset tears down and rebuilds the specified peering sessions and rebuilds the BGP routing tables. A soft reconfiguration uses stored prefix information to reconfigure and activate BGP routing tables without tearing down existing peering sessions. Soft reconfiguration uses stored update information, at the cost of additional memory for storing the updates, to allow you to apply new BGP policy without disrupting the network. Soft reconfiguration can be configured for inbound or outbound sessions.


Note


Due to the complexity of some of the keywords available for the clear proximityip bgp command, some of the keywords are documented as separate commands. All of the complex keywords that are documented separately start with clear ip bgp . For example, for information on resetting BGP connections using hard or soft reconfiguration for all BGP neighbors in IPv4 address family sessions, refer to the clear ip bgp ipv4 command.


Generating Updates from Stored Information

To generate new inbound updates from stored update information (rather than dynamically) without resetting the BGP session, you must preconfigure the local BGP router using the neighbor soft-reconfiguration inbound command. This preconfiguration causes the software to store all received updates without modification regardless of whether an update is accepted by the inbound policy. Storing updates is memory intensive and should be avoided if possible.

Outbound BGP soft configuration has no memory overhead and does not require any preconfiguration. You can trigger an outbound reconfiguration on the other side of the BGP session to make the new inbound policy take effect.

Use this command whenever any of the following changes occur:

  • Additions or changes to the BGP-related access lists

  • Changes to BGP-related weights

  • Changes to BGP-related distribution lists

  • Changes to BGP-related route maps

Dynamic Inbound Soft Reset

The route refresh capability, as defined in RFC 2918, allows the local router to reset inbound routing tables dynamically by exchanging route refresh requests to supporting peers. The route refresh capability does not store update information locally for non-disruptive policy changes. It instead relies on dynamic exchange with supporting peers. Route refresh is advertised through BGP capability negotiation. All BGP routers must support the route refresh capability.

To determine if a BGP router supports this capability, use the show ip bgp neighbors command. The following message is displayed in the output when the router supports the route refresh capability:


Received route refresh capability from peer.

If all BGP routers support the route refresh capability, use the clear proximityip bgp command with the in keyword. You need not use the soft keyword, because soft reset is automatically assumed when the route refresh capability is supported.


Note


After configuring a soft reset (inbound or outbound), it is normal for the BGP routing process to hold memory. The amount of memory that is held depends on the size of routing tables and the percentage of the memory chunks that are utilized. Partially used memory chunks will be used or released before more memory is allocated from the global router pool.


Examples

In the following example, a soft reconfiguration is initiated for the inbound session with the neighbor 10.100.0.1, and the outbound session is unaffected:


Device#clear proximity ip bgp 10.100.0.1 soft in

In the following example, the route refresh capability is enabled on the BGP neighbor routers and a soft reconfiguration is initiated for the inbound session with the neighbor 172.16.10.2, and the outbound session is unaffected:


Device#clear proximity ip bgp 172.16.10.2 in

In the following example, a hard reset is initiated for sessions with all routers in the autonomous system numbered 35700:


Device#clear proximity ip bgp 35700

In the following example, a hard reset is initiated for sessions with all routers in the 4-byte autonomous system numbered 65538 in asplain notation. This example requires Cisco IOS Release 12.0(32)SY8, 12.0(33)S3, 12.2(33)SRE, 12.2(33)XNE, 12.2(33)SXI1, Cisco IOS XE Release 2.4, or a later release.


Device#clear proximity ip bgp 65538

In the following example, a hard reset is initiated for sessions with all routers in the 4-byte autonomous system numbered 1.2 in asdot notation. This example requires Cisco IOS Release 12.0(32)SY8, 12.0(32)S12, 12.2(33)SRE, 12.2(33)XNE, 12.2(33)SXI1, 12.4(24)T, and Cisco IOS XE Release 2.3, or a later release.


Device#clear proximity ip bgp 1.2

default-information originate (OSPF)

To generate a default external route into an Open Shortest Path First (OSPF) routing domain, use the default-information originate command in router configuration or router address family topology configuration mode. To disable this feature, use the no form of this command.

default-information originate [always] [metric metric-value] [metric-type type-value] [route-map map-name]

no default-information originate [always] [metric metric-value] [metric-type type-value] [route-map map-name]

Syntax Description

always

(Optional) Always advertises the default route regardless of whether the software has a default route.

Note

 

The always keyword includes the following exception when the route map is used. When a route map is used, the origination of the default route by OSPF is not bound to the existence of a default route in the routing table and the always keyword is ignored.

metric metric-value

(Optional) Metric used for generating the default route. If you omit a value and do not specify a value using the default-metric router configuration command, the default metric value is 10. The value used is specific to the protocol.

metric-type type-value

(Optional) External link type associated with the default route that is advertised into the OSPF routing domain. It can be one of the following values:

  • Type 1 external route.

  • Type 2 external route.

The default is type 2 external route.

route-map map-name

(Optional) The routing process will generate the default route if the route map is satisfied.

Command Default

This command is disabled by default. No default external route is generated into the OSPF routing domain.

Command Modes

Router configuration (config-router) Router address family topology configuration (config-router-af-topology)

Command History

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Whenever you use the redistribute or the default-information router configuration command to redistribute routes into an OSPF routing domain, the Cisco IOS software automatically becomes an Autonomous System Boundary Router (ASBR). However, an ASBR does not, by default, generate a default route into the OSPF routing domain. The software must still have a default route for itself before it generates one, except when you have specified the always keyword.

When a route map is used, the origination of the default route by OSPF is not bound to the existence of a default route in the routing table.

Release 12.2(33)SRB

If you plan to configure the Multi-Topology Routing (MTR) feature, you need to enter the default-information originate command in router address family topology configuration mode in order for this OSPF router configuration command to become topology-aware.

Examples

The following example specifies a metric of 100 for the default route that is redistributed into the OSPF routing domain and specifies an external metric type of 1:


router ospf 109
redistribute eigrp 108 metric 100 subnets
default-information originate metric 100 metric-type 1

default-metric (BGP)

To set a default metric for routes redistributed into Border Gateway Protocol (BGP), use the default-metric command in address family or router configuration mode. To remove the configured value and return BGP to default operation, use the no form of this command.

default-metric number

no default-metric number

Syntax Description

number

Default metric value applied to the redistributed route. The range of values for this argument is from 1 to 4294967295.

Command Default

The following is default behavior if this command is not configured or if the no form of this command is entered:

  • The metric of redistributed interior gateway protocol (IGP) routes is set to a value that is equal to the interior BGP (iBGP) metric.

  • The metric of redistributed connected and static routes is set to 0.

When this command is enabled, the metric for redistributed connected routes is set to 0.

Command Modes

Address family configuration (config-router-af)

Router configuration (config-router)

Command History

Table 6.

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The default-metric command is used to set the metric value for routes redistributed into BGP and can be applied to any external BGP (eBGP) routes received and subsequently advertised internally to iBGP peers.

This value is the Multi Exit Discriminator (MED) that is evaluated by BGP during the best path selection process. The MED is a non-transitive value that is processed only within the local autonomous system and adjacent autonomous systems. The default metric is not set if the received route has a MED value.


Note


When enabled, the default-metric command applies a metric value of 0 to redistributed connected routes. The default-metric command does not override metric values that are applied with the redistribute command.


Examples

In the following example, a metric of 1024 is set for routes redistributed into BGP from OSPF:


Device(config)#router bgp 50000 
Device(config-router)#address-family ipv4 unicast
 
Device(config-router-af)#default-metric 1024 
Device(config-router-af)#redistribute ospf 10 
Device(config-router-af)#end

In the following configuration and output examples, a metric of 300 is set for eBGP routes received and advertised internally to an iBGP peer.


Device(config)#router bgp 65501
Device(config-router)#no synchronization
Device(config-router)#bgp log-neighbor-changes
Device(config-router)#network 172.16.1.0 mask 255.255.255.0
Device(config-router)#neighbor 172.16.1.1 remote-as 65501
Device(config-router)#neighbor 172.16.1.1 soft-reconfiguration inbound
Device(config-router)#neighbor 192.168.2.2 remote-as 65502
Device(config-router)#neighbor 192.168.2.2 soft-reconfiguration inbound
Device(config-router)#default-metric 300
Device(config-router)#no auto-summary

After the above configuration, some routes are received from the eBGP peer at 192.168.2.2 as shown in the output from the show ip bgp neighbors received-routes command.


Device#show ip bgp neighbors 192.168.2.2 received-routes
 
BGP table version is 7, local router ID is 192.168.2.1 
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*> 172.17.1.0/24    192.168.2.2                            0 65502 i

After the received routes from the eBGP peer at 192.168.2.2 are advertised internally to iBGP peers, the output from the show ip bgp neighbors received-routes command shows that the metric (MED) has been set to 300 for these routes.


Device#show ip bgp neighbors 172.16.1.2 received-routes
BGP table version is 2, local router ID is 172.16.1.1 
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
* i172.16.1.0/24    172.16.1.2               0    100      0 i
* i172.17.1.0/24    192.168.2.2            300    100      0 65502 i
Total number of prefixes 2

distance (OSPF)

To define an administrative distance, use the distance command in router configuration mode or VRF configuration mode. To remove the distance command and restore the system to its default condition, use the no form of this command.

distance weight [ip-address wildcard-mask [access-list name]]

no distance weight ip-address wildcard-mask [access-list-name]

Syntax Description

weight

Administrative distance. Range is 10 to 255. Used alone, the weight argument specifies a default administrative distance that the software uses when no other specification exists for a routing information source. Routes with a distance of 255 are not installed in the routing table. The table in the “Usage Guidelines” section lists the default administrative distances.

ip-address

(Optional) IP address in four-part dotted-decimal notation.

wildcard-mask

(Optional) Wildcard mask in four-part, dotted-decimal format. A bit set to 1 in the wildcard-mask argument instructs the software to ignore the corresponding bit in the address value.

access-list-name

(Optional) Name of an IP access list to be applied to incoming routing updates.

Command Default

If this command is not specified, the administrative distance is the default. The table in the “Usage Guidelines” section lists the default administrative distances.

Command Modes

Router configuration (config-router)

VRF configuration (config-vrf)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the appropriate task IDs. If the user group assignment is preventing you from using a command contact your AAA administrator for assistance.

An administrative distance is an integer from 10 to 255. In general, the higher the value, the lower the trust rating. An administrative distance of 255 means that the routing information source cannot be trusted at all and should be ignored. Weight values are subjective; no quantitative method exists for choosing weight values.

If an access list is used with this command, it is applied when a network is being inserted into the routing table. This behavior allows you to filter networks based on the IP prefix supplying the routing information. For example, you could filter possibly incorrect routing information from networking devices not under your administrative control.

The order in which you enter distance commands can affect the assigned administrative distances, as shown in the “Examples” section. The following table lists default administrative distances.

Table 7. Default Administrative Distances

Rate Source

Default Distance

Connected interface

0

Static route out on interface

0

Static route to next hop

1

EIGRP summary route

5

External BGP

20

Internal EIGRP

90

OSPF

110

IS-IS

115

RIP version 1 and 2

120

External EIGRP

170

Internal BGP

200

Unknown

255

Task ID

Task ID

Operations

ospf

read, write

Examples

In the following example, the router ospf command sets up Open Shortest Path First (OSPF) routing instance 1. The first distance command sets the default administrative distance to 255, which instructs the software to ignore all routing updates from networking devices for which an explicit distance has not been set. The second distance command sets the administrative distance for all devices on the network 192.168.40.0 to 90.


Device#configure terminal
Device(config)#router ospf 1
Device(config-ospf)#distance 255
Device(config-ospf)#distance 90 192.168.40.0 0.0.0.255

eigrp log-neighbor-changes

To enable the logging of changes in Enhanced Interior Gateway Routing Protocol (EIGRP) neighbor adjacencies, use the eigrp log-neighbor-changes command in router configuration mode, address-family configuration mode, or service-family configuration mode. To disable the logging of changes in EIGRP neighbor adjacencies, use the no form of this command.

eigrp log-neighbor-changes

no eigrp log-neighbor-changes

Syntax Description

This command has no arguments or keywords.

Command Default

Adjacency changes are logged.

Command Modes

Router configuration (config-router) Address-family configuration (config-router-af) Service-family configuration (config-router-sf)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

This command enables the logging of neighbor adjacency changes to monitor the stability of the routing system and to help detect problems. Logging is enabled by default. To disable the logging of neighbor adjacency changes, use the no form of this command.

To enable the logging of changes for EIGRP address-family neighbor adjacencies, use the eigrp log-neighbor-changes command in address-family configuration mode.

To enable the logging of changes for EIGRP service-family neighbor adjacencies, use the eigrp log-neighbor-changes command in service-family configuration mode.

Examples

The following configuration disables logging of neighbor changes for EIGRP process 209:


Device(config)# router eigrp 209
Device(config-router)# no eigrp log-neighbor-changes

The following configuration enables logging of neighbor changes for EIGRP process 209:


Device(config)# router eigrp 209
Device(config-router)# eigrp log-neighbor-changes

The following example shows how to disable logging of neighbor changes for EIGRP address-family with autonomous-system 4453:


Device(config)# router eigrp virtual-name
Device(config-router)# address-family ipv4 autonomous-system 4453 
Device(config-router-af)# no eigrp log-neighbor-changes
Device(config-router-af)# exit-address-family

The following configuration enables logging of neighbor changes for EIGRP service-family process 209:


Device(config)# router eigrp 209
Device(config-router)# service-family ipv4 autonomous-system 4453 
Device(config-router-sf)# eigrp log-neighbor-changes
Device(config-router-sf)# exit-service-family

ip authentication key-chain eigrp

To enable authentication of Enhanced Interior Gateway Routing Protocol (EIGRP) packets, use the ip authentication key-chain eigrp command in interface configuration mode. To disable such authentication, use the no form of this command.

ip authentication key-chain eigrp as-number key-chain

no ip authentication key-chain eigrp as-number key-chain

Syntax Description

as-number

Autonomous system number to which the authentication applies.

key-chain

Name of the authentication key chain.

Command Default

No authentication is provided for EIGRP packets.

Command Modes

Interface configuration (config-if) Virtual network interface (config-if-vnet)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Examples

The following example applies authentication to autonomous system 2 and identifies a key chain named SPORTS:


Device(config-if)#ip authentication key-chain eigrp 2 SPORTS

ip authentication mode eigrp

To specify the type of authentication used in Enhanced Interior Gateway Routing Protocol (EIGRP) packets, use the ip authentication mode eigrp command in interface configuration mode. To disable that type of authentication, use the no form of this command.

ip authentication mode eigrp as-number md5

no ip authentication mode eigrp as-number md5

Syntax Description

as-number

Autonomous system number.

md5

Keyed Message Digest 5 ( MD5) authentication.

Command Default

No authentication is provided for EIGRP packets.

Command Modes

Interface configuration (config-if) Virtual network interface (config-if-vnet)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Configure authentication to prevent unapproved sources from introducing unauthorized or false routing messages. When authentication is configured, an MD5 keyed digest is added to each EIGRP packet in the specified autonomous system.

Examples

The following example configures the interface to use MD5 authentication in EIGRP packets in autonomous system 10:


Device(config-if)#ip authentication mode eigrp 10 md5

ip bandwidth-percent eigrp

To configure the percentage of bandwidth that may be used by Enhanced Interior Gateway Routing Protocol (EIGRP) on an interface, use the ip bandwidth-percent eigrp command in interface configuration mode. To restore the default value, use the no form of this command.

ip bandwidth-percent eigrp as-number percent

no ip bandwidth-percent eigrp as-number percent

Syntax Description

as-number

Autonomous system number.

percent

Percent of bandwidth that EIGRP may use.

Command Default

EIGRP may use 50 percent of available bandwidth.

Command Modes

Interface configuration (config-if) Virtual network interface (config-if-vnet)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

EIGRP will use up to 50 percent of the bandwidth of a link, as defined by the bandwidth interface configuration command. This command may be used if some other fraction of the bandwidth is desired. Note that values greater than 100 percent may be configured. The configuration option may be useful if the bandwidth is set artificially low for other reasons.

Examples

The following example allows EIGRP to use up to 75 percent (42 kbps) of a 56-kbps serial link in autonomous system 209:


Device(config)#interface serial 0
Device(config-if)#bandwidth 56
Device(config-if)#ip bandwidth-percent eigrp 209 75

ip cef load-sharing algorithm

To select a Cisco Express Forwarding load-balancing algorithm, use theip cef load-sharing algorithm command in global configuration mode. To return to the default universal load-balancing algorithm, use the no form of this command.

ip cef load-sharing algorithm {original | [universal [id] ]}

no ip cef load-sharing algorithm

Syntax Description

original

Sets the load-balancing algorithm to the original algorithm based on a source and destination hash.

universal

Sets the load-balancing algorithm to the universal algorithm that uses a source and destination and an ID hash.

id

(Optional) Fixed identifier.

Command Default

The universal load-balancing algorithm is selected by default. If you do not configure the fixed identifier for a load-balancing algorithm, the router automatically generates a unique ID.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The original Cisco Express Forwarding load-balancing algorithm produced distortions in load sharing across multiple devices because of the use of the same algorithm on every device. When the load-balancing algorithm is set to universal mode, each device on the network can make a different load sharing decision for each source-destination address pair, and that resolves load-balancing distortions.

Examples

The following example shows how to enable the Cisco Express Forwarding original load-balancing algorithm:

Device> enable
Device# configure terminal
Device(config)# ip cef load-sharing algorithm original
Device(config)# exit

ip community-list

To configure a BGP community list and to control which routes are permitted or denied based on their community values, use the ip community-list command in global configuration mode. To delete the community list, use the no form of this command.

Standard Community Lists

ip community-list {standard | standard list-name} {deny | permit} [community-number] [AA:NN] [internet] [local-as] [no-advertise] [no-export] [gshut]

no ip community-list {standard | standard list-name}

Expanded Community Lists

ip community-list {expanded | expanded list-name} {deny | permit} regexp

no ip community-list {expanded | expanded list-name}

Syntax Description

standard

Standard community list number from 1 to 99 to identify one or more permit or deny groups of communities.

standard list-name

Configures a named standard community list.

deny

Denies routes that match the specified community or communities.

permit

Permits routes that match the specified community or communities.

community-number

(Optional) 32-bit number from 1 to 4294967200. A single community can be entered or multiple communities can be entered, each separated by a space.

AA : NN

(Optional) Autonomous system number and network number entered in the 4-byte new community format. This value is configured with two 2-byte numbers separated by a colon. A number from 1 to 65535 can be entered for each 2-byte number. A single community can be entered or multiple communities can be entered, each separated by a space.

internet

(Optional) Specifies the Internet community. Routes with this community are advertised to all peers (internal and external).

local-as

(Optional) Specifies the local-as community. Routes with community are advertised to only peers that are part of the local autonomous system or to only peers within a subautonomous system of a confederation. These routes are not advertised to external peers or to other subautonomous systems within a confederation.

no-advertise

(Optional) Specifies the no-advertise community. Routes with this community are not advertised to any peer (internal or external).

no-export

(Optional) Specifies the no-export community. Routes with this community are advertised to only peers in the same autonomous system or to only other subautonomous systems within a confederation. These routes are not advertised to external peers.

gshut

(Optional) Specifies the Graceful Shutdown (GSHUT) community.

expanded

Expanded community list number from 100 to 500 to identify one or more permit or deny groups of communities.

expanded list-name

Configures a named expanded community list.

regexp

Regular expression that is used to specify a pattern to match against an input string.

Note

 

Regular expressions can be used only with expanded community lists.

Command Default

BGP community exchange is not enabled by default.

Command Modes


Global configuration (config)

Command History

Table 8.

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The ip community-list command is used to filter BGP routes based on one or more community values. BGP community values are configured as a 32-bit number (old format) or as a 4-byte number (new format). The new community format is enabled when the ip bgp-community new-format command is entered in global configuration mode. The new community format consists of a 4-byte value. The first two bytes represent the autonomous system number, and the trailing two bytes represent a user-defined network number. Named and numbered community lists are supported.

BGP community exchange is not enabled by default. The exchange of BGP community attributes between BGP peers is enabled on a per-neighbor basis with the neighbor send-community command. The BGP community attribute is defined in RFC 1997 and RFC 1998.

The Internet community is applied to all routes or prefixes by default, until any other community value is configured with this command or the set community command.

Use a route map to reference a community list and thereby apply policy routing or set values.

Community List Processing

Once a permit value has been configured to match a given set of communities, the community list defaults to an implicit deny for all other community values. Unlike an access list, it is feasible for a community list to contain only deny statements.

  • When multiple communities are configured in the same ip community-list statement, a logical AND condition is created. All community values for a route must match the communities in the community list statement to satisfy an AND condition.

  • When multiple communities are configured in separate ip community-list statements, a logical OR condition is created. The first list that matches a condition is processed.

Standard Community Lists

Standard community lists are used to configure well-known communities and specific community numbers. A maximum of 16 communities can be configured in a standard community list. If you attempt to configure more than 16 communities, the trailing communities that exceed the limit are not processed or saved to the running configuration file.

Expanded Community Lists

Expanded community lists are used to filter communities using a regular expression. Regular expressions are used to configure patterns to match community attributes. The order for matching using the * or + character is longest construct first. Nested constructs are matched from the outside in. Concatenated constructs are matched beginning at the left side. If a regular expression can match two different parts of an input string, it will match the earliest part first. For more information about configuring regular expressions, see the “Regular Expressions” appendix of the Terminal Services Configuration Guide.

Examples

In the following example, a standard community list is configured that permits routes from network 10 in autonomous system 50000:


Device(config)#ip community-list 1 permit 50000:10 

In the following example, a standard community list is configured that permits only routes from peers in the same autonomous system or from subautonomous system peers in the same confederation:


Device(config)#ip community-list 1 permit no-export

In the following example, a standard community list is configured to deny routes that carry communities from network 40 in autonomous system 65534 and from network 60 in autonomous system 65412. This example shows a logical AND condition; all community values must match in order for the list to be processed.


Device(config)#ip community-list 2 deny 65534:40 65412:60 

In the following example, a named, standard community list is configured that permits all routes within the local autonomous system or permits routes from network 20 in autonomous system 40000. This example shows a logical OR condition; the first match is processed.


Device(config)#ip community-list standard RED permit local-as 
Device(config)#ip community-list standard RED permit 40000:20

In the following example, a standard community list is configured that denies routes with the GSHUT community and permits routes with the local-AS community. This example shows a logical OR condition; the first match is processed.


Device(config)#ip community-list 18 deny gshut 
Device(config)#ip community-list 18 permit local-as

In the following example, an expanded community list is configured that denies routes that carry communities from any private autonomous system:


Device(config)#ip community-list 500 deny _64[6-9][0-9][0-9]_|_65[0-9][0-9][0-9]_ 

In the following example, a named expanded community list is configured that denies routes from network 1 to 99 in autonomous system 50000:


Device(config)#ip community-list expanded BLUE deny 50000:[0-9][0-9]_ 

ip prefix-list

To create a prefix list or to add a prefix-list entry, use the ip prefix-list command in global configuration mode. To delete a prefix-list entry, use the no form of this command.

ip prefix-list {list-name [seq number] {deny | permit} network/length [ge ge-length] [le le-length] | description description | sequence-number}

no ip prefix-list {list-name [seq number] [ {deny | permit} network/length [ge ge-length] [le le-length]] | description description | sequence-number}

Syntax Description

list-name

Configures a name to identify the prefix list. Do not use the word “detail” or “summary” as a list name because they are keywords in the show ip prefix-list command.

seq

(Optional) Applies a sequence number to a prefix-list entry.

number

(Optional) Integer from 1 to 4294967294. If a sequence number is not entered when configuring this command, default sequence numbering is applied to the prefix list. The number 5 is applied to the first prefix entry, and subsequent unnumbered entries are incremented by 5.

deny

Denies access for a matching condition.

permit

Permits access for a matching condition.

network / length

Configures the network address and the length of the network mask in bits. The network number can be any valid IP address or prefix. The bit mask can be a number from 1 to 32.

ge

(Optional) Specifies the lesser value of a range (the “from” portion of the range description) by applying the ge-length argument to the range specified.

Note

 

The ge keyword represents the greater than or equal to operator.

ge-length

(Optional) Represents the minimum prefix length to be matched.

le

(Optional) Specifies the greater value of a range (the “to” portion of the range description) by applying the le-length argument to the range specified.

Note

 

The le keyword represents the less than or equal to operator.

le-length

(Optional) Represents the maximum prefix length to be matched.

description

(Optional) Configures a descriptive name for the prefix list.

description

(Optional) Descriptive name of the prefix list, from 1 to 80 characters in length.

sequence-number

(Optional) Enables or disables the use of sequence numbers for prefix lists.

Command Default

No prefix lists or prefix-list entries are created.

Command Modes

Global configuration (config)

Command History

Table 9.

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Use the ip prefix-list command to configure IP prefix filtering. Prefix lists are configured with permit or deny keywords to either permit or deny a prefix based on a matching condition. An implicit deny is applied to traffic that does not match any prefix-list entry.

A prefix-list entry consists of an IP address and a bit mask. The IP address can be for a classful network, a subnet, or a single host route. The bit mask is a number from 1 to 32.

Prefix lists are configured to filter traffic based on a match of an exact prefix length or a match within a range when the ge and le keywords are used. The ge and le keywords are used to specify a range of prefix lengths and provide more flexible configuration than using only the network/length argument. A prefix list is processed using an exact match when neither the ge nor le keyword is specified. If only the ge value is specified, the range is the value entered for the ge ge-length argument to a full 32-bit length. If only the le value is specified, the range is from the value entered for the network/length argument to the le le-length argument. If both the ge ge-length and le le-length keywords and arguments are entered, the range is between the values used for the ge-length and le-length arguments.

The following formula shows this behavior:

length <ge ge-length <le le-length <= 32

If the seq keyword is configured without a sequence number, the default sequence number is 5. In this scenario, the first prefix-list entry is assigned the number 5 and subsequent prefix list entries increment by 5. For example, the next two entries would have sequence numbers 10 and 15. If a sequence number is entered for the first prefix list entry but not for subsequent entries, the subsequent entry numbers increment by 5. For example, if the first configured sequence number is 3, subsequent entries will be 8, 13, and 18. Default sequence numbers can be suppressed by entering the no ip prefix-list command with the seq keyword.

Evaluation of a prefix list starts with the lowest sequence number and continues down the list until a match is found. When an IP address match is found, the permit or deny statement is applied to that network and the remainder of the list is not evaluated.


Tip


For best performance, the most frequently processed prefix list statements should be configured with the lowest sequence numbers. The seq number keyword and argument can be used for resequencing.


A prefix list is applied to inbound or outbound updates for a specific peer by entering the neighbor prefix-list command. Prefix list information and counters are displayed in the output of the show ip prefix-list command. Prefix-list counters can be reset by entering the clear ip prefix-list command.

Examples

In the following example, a prefix list is configured to deny the default route 0.0.0.0/0:


Device(config)#ip prefix-list RED deny 0.0.0.0/0

In the following example, a prefix list is configured to permit traffic from the 172.16.1.0/24 subnet:


Device(config)#ip prefix-list BLUE permit 172.16.1.0/24

In the following example, a prefix list is configured to permit routes from the 10.0.0.0/8 network that have a mask length that is less than or equal to 24 bits:


Device(config)#ip prefix-list YELLOW permit 10.0.0.0/8 le 24

In the following example, a prefix list is configured to deny routes from the 10.0.0.0/8 network that have a mask length that is greater than or equal to 25 bits:


Device(config)#ip prefix-list PINK deny 10.0.0.0/8 ge 25

In the following example, a prefix list is configured to permit routes from any network that have a mask length from 8 to 24 bits:


Device(config)#ip prefix-list GREEN permit 0.0.0.0/0 ge 8 le 24

In the following example, a prefix list is configured to deny any route with any mask length from the 10.0.0.0/8 network:


Device(config)#ip prefix-list ORANGE deny 10.0.0.0/8 le 32
 

ip hello-interval eigrp

To configure the hello interval for an Enhanced Interior Gateway Routing Protocol (EIGRP) process, use the ip hello-interval eigrp command in interface configuration mode. To restore the default value, use the no form of this command.

ip hello-interval eigrp as-number seconds

no ip hello-interval eigrp as-number [seconds]

Syntax Description

as-number

Autonomous system number.

seconds

Hello interval (in seconds). The range is from 1 to 65535.

Command Default

The hello interval for low-speed, nonbroadcast multiaccess (NBMA) networks is 60 seconds and 5 seconds for all other networks.

Command Modes

Interface configuration (config-if) Virtual network interface (config-if-vnet)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The default of 60 seconds applies only to low-speed, NBMA media. Low speed is considered to be a rate of T1 or slower, as specified with the bandwidth interface configuration command. Note that for the purposes of EIGRP, Frame Relay and Switched Multimegabit Data Service (SMDS) networks may be considered to be NBMA. These networks are considered NBMA if the interface has not been configured to use physical multicasting; otherwise, they are considered not to be NBMA.

Examples

The following example sets the hello interval for Ethernet interface 0 to 10 seconds:


Device(config)#interface ethernet 0
Device(config-if)#ip hello-interval eigrp 109 10

ip hold-time eigrp

To configure the hold time for an Enhanced Interior Gateway Routing Protocol (EIGRP) process, use the ip hold-time eigrp command in interface configuration mode. To restore the default value, use the no form of this command.

ip hold-time eigrp as-number seconds

no ip hold-time eigrp as-number seconds

Syntax Description

as-number

Autonomous system number.

seconds

Hold time (in seconds). The range is from 1 to 65535.

Command Default

The EIGRP hold time is 180 seconds for low-speed, nonbroadcast multiaccess (NBMA) networks and 15 seconds for all other networks.

Command Modes

Interface configuration (config-if) Virtual network interface (config-if-vnet)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

On very congested and large networks, the default hold time might not be sufficient time for all routers and access servers to receive hello packets from their neighbors. In this case, you may want to increase the hold time.

We recommend that the hold time be at least three times the hello interval. If a router does not receive a hello packet within the specified hold time, routes through this router are considered unavailable.

Increasing the hold time delays route convergence across the network.

The default of 180 seconds hold time and 60 seconds hello interval apply only to low-speed, NBMA media. Low speed is considered to be a rate of T1 or slower, as specified with the bandwidth interface configuration command.

Examples

The following example sets the hold time for Ethernet interface 0 to 40 seconds:


Device(config)#interface ethernet 0
Device(config-if)#ip hold-time eigrp 109 40

ip load-sharing

To enable load balancing for Cisco Express Forwarding on an interface, use the ip load-sharing command in interface configuration mode. To disable load balancing for Cisco Express Forwarding on the interface, use the no form of this command.

ip load-sharing { per-destination }

no ip load-sharing

Syntax Description

per-destination

Enables per-destination load balancing for Cisco Express Forwarding on the interface.

Command Default

Per-destination load balancing is enabled by default when you enable Cisco Express Forwarding.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Per-destination load balancing allows the device to use multiple, equal-cost paths to achieve load sharing. Packets for a given source-destination host pair are guaranteed to take the same path, even if multiple, equal-cost paths are available. Traffic for different source-destination host pairs tends to take different paths.

Examples

The following example shows how to enable per-destination load balancing:

Device> enable 
Device# configure terminal
Device(config)# interface gigabitethernet 1/0/1
Device(config-if)# ip load-sharing per-destination

ip ospf database-filter all out

To filter outgoing link-state advertisements (LSAs) to an Open Shortest Path First (OSPF) interface, use the ip ospf database-filter all out command in interface or virtual network interface configuration modes. To restore the forwarding of LSAs to the interface, use the no form of this command.

ip ospf database-filter all out [disable]

no ip ospf database-filter all out

Syntax Description

disable

(Optional) Disables the filtering of outgoing LSAs to an OSPF interface; all outgoing LSAs are flooded to the interface.

Note

 

This keyword is available only in virtual network interface mode.

Command Default

This command is disabled by default. All outgoing LSAs are flooded to the interface.

Command Modes

Interface configuration (config-if)

Virtual network interface (config-if-vnet)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

This command performs the same function that the neighbor database-filter command performs on a neighbor basis.

If the ip ospf database-filter all out command is enabled for a virtual network and you want to disable it, use the disable keyword in virtual network interface configuration mode.

Examples

The following example prevents filtering of OSPF LSAs to broadcast, nonbroadcast, or point-to-point networks reachable through Ethernet interface 0:


Device(config)#interface ethernet 0
Device(config-if)#ip ospf database-filter all out

ip ospf name-lookup

To configure Open Shortest Path First (OSPF) to look up Domain Name System (DNS) names for use in all OSPF show EXEC command displays, use the ip ospf name-lookup command in global configuration mode. To disable this function, use the no form of this command.

ip ospf name-lookup

noipospfname-lookup

Syntax Description

This command has no arguments or keywords.

Command Default

This command is disabled by default.

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

This command makes it easier to identify a router because the router is displayed by name rather than by its router ID or neighbor ID.

Examples

The following example configures OSPF to look up DNS names for use in all OSPF show EXEC command displays:


Device(config)#ip ospf name-lookup

ip split-horizon eigrp

To enable Enhanced Interior Gateway Routing Protocol (EIGRP) split horizon, use the ip split-horizon eigrp command in interface configuration mode. To disable split horizon, use the no form of this command.

ip split-horizon eigrp as-number

no ip split-horizon eigrp as-number

Syntax Description

as-number

Autonomous system number.

Command Default

The behavior of this command is enabled by default.

Command Modes

Interface configuration (config-if)

Virtual network interface (config-if-vnet)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Use the no ip split-horizon eigrp command to disable EIGRP split horizon in your configuration.

Examples

The following is an example of how to enable EIGRP split horizon:


Device(config-if)#ip split-horizon eigrp 101

ip summary-address eigrp

To configure address summarization for the Enhanced Interior Gateway Routing Protocol (EIGRP) on a specified interface, use the ip summary-address eigrp command in interface configuration or virtual network interface configuration mode. To disable the configuration, use the no form of this command.

ip summary-address eigrp as-number ip-address mask [admin-distance] [leak-map name]

no ip summary-address eigrp as-number ip-address mask

Syntax Description

as-number

Autonomous system number.

ip-address

Summary IP address to apply to an interface.

mask

Subnet mask.

admin-distance

(Optional) Administrative distance. Range: 0 to 255.

Note

 

Starting with Cisco IOS XE Release 3.2S, the admin-distance argument was removed. Use the summary-metric command to configure the administrative distance.

leak-map name

(Optional) Specifies the route-map reference that is used to configure the route leaking through the summary.

Command Default

  • An administrative distance of 5 is applied to EIGRP summary routes.

  • EIGRP automatically summarizes to the network level, even for a single host route.

  • No summary addresses are predefined.

  • The default administrative distance metric for EIGRP is 90.

Command Modes

Interface configuration (config-if)

Virtual network interface configuration (config-if-vnet)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The ip summary-address eigrp command is used to configure interface-level address summarization. EIGRP summary routes are given an administrative-distance value of 5. The administrative-distance metric is used to advertise a summary without installing it in the routing table.

By default, EIGRP summarizes subnet routes to the network level. The no auto-summary command can be entered to configure the subnet-level summarization.

The summary address is not advertised to the peer if the administrative distance is configured as 255.

EIGRP Support for Leaking Routes

Configuring the leak-map keyword allows a component route that would otherwise be suppressed by the manual summary to be advertised. Any component subset of the summary can be leaked. A route map and access list must be defined to source the leaked route.

The following is the default behavior if an incomplete configuration is entered:

  • If the leak-map keyword is configured to reference a nonexistent route map, the configuration of this keyword has no effect. The summary address is advertised but all component routes are suppressed.

  • If the leak-map keyword is configured but the access list does not exist or the route map does not reference the access list, the summary address and all component routes are advertised.

If you are configuring a virtual-network trunk interface and you configure the ip summary-address eigrp command, the admin-distance value of the command is not inherited by the virtual networks running on the trunk interface because the administrative distance option is not supported in the ip summary-address eigrp command on virtual network subinterfaces.

Examples

The following example shows how to configure an administrative distance of 95 on Ethernet interface 0/0 for the 192.168.0.0/16 summary address:


Device(config)#router eigrp 1
Device(config-router)#no auto-summary
Device(config-router)#exit
Device(config)#interface Ethernet 0/0
Device(config-if)#ip summary-address eigrp 1 192.168.0.0 255.255.0.0 95

The following example shows how to configure the 10.1.1.0/24 subnet to be leaked through the 10.2.2.0 summary address:


Device(config)#router eigrp 1 
Device(config-router)#exit 
Device(config)#access-list 1 permit 10.1.1.0 0.0.0.255
Device(config)#route-map LEAK-10-1-1 permit 10
Device(config-route-map)#match ip address 1
Device(config-route-map)#exit
Device(config)#interface Serial 0/0
Device(config-if)#ip summary-address eigrp 1 10.2.2.0 255.0.0.0 leak-map LEAK-10-1-1
Device(config-if)#end

The following example configures GigabitEthernet interface 0/0/0 as a virtual network trunk interface:


Device(config)#interface gigabitethernet 0/0/0
Device(config-if)#vnet global
Device(config-if-vnet)#ip summary-address eigrp 1 10.3.3.0 255.0.0.0 33

metric weights (EIGRP)

To tune the Enhanced Interior Gateway Routing Protocol (EIGRP) metric calculations, use the metric weights command in router configuration mode or address family configuration mode. To reset the values to their defaults, use the no form of this command.

Router Configuration

metric weights tos k1 k2 k3 k4 k5

no metric weights

Address Family Configuration

metric weights tos [k1 [k2 [k3 [k4 [k5 [k6] ]]]]]

no metric weights

Syntax Description

tos

Type of service. This value must always be zero.

k1 k2 k3 k4 k5 k6

(Optional) Constants that convert an EIGRP metric vector into a scalar quantity. Valid values are 0 to 255. Given below are the default values:

  • k1: 1

  • k2: 0

  • k3: 1

  • k4: 0

  • k5: 0

  • k6: 0

Note

 

In address family configuration mode, if the values are not specified, default values are configured. The k6 argument is supported only in address family configuration mode.

Command Default

EIGRP metric K values are set to their default values.

Command Modes

Router configuration (config-router)

Address family configuration (config-router-af)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Use this command to alter the default behavior of EIGRP routing and metric computation and to allow the tuning of the EIGRP metric calculation for a particular type of service (ToS).

If k5 equals 0, the composite EIGRP metric is computed according to the following formula:

metric = [k1 * bandwidth + (k2 * bandwidth)/(256 – load) + k3 * delay + K6 * extended metrics]

If k5 does not equal zero, an additional operation is performed:

metric = metric * [k5/(reliability + k4)]

Scaled Bandwidth= 107/minimum interface bandwidth (in kilobits per second) * 256

Delay is in tens of microseconds for classic mode and pico seconds for named mode. In classic mode, a delay of hexadecimal FFFFFFFF (decimal 4294967295) indicates that the network is unreachable. In named mode, a delay of hexadecimal FFFFFFFFFFFF (decimal 281474976710655) indicates that the network is unreachable.

Reliability is given as a fraction of 255. That is, 255 is 100 percent reliability or a perfectly stable link.

Load is given as a fraction of 255. A load of 255 indicates a completely saturated link.

Examples

The following example shows how to set the metric weights to slightly different values than the defaults:


Device(config)#router eigrp 109
Device(config-router)#network 192.168.0.0
Device(config-router)#metric weights 0 2 0 2 0 0

The following example shows how to configure an address-family metric weight to ToS: 0; K1: 2; K2: 0; K3: 2; K4: 0; K5: 0; K6:1:


Device(config)#router eigrp virtual-name
Device(config-router)#address-family ipv4 autonomous-system 4533
Device(config-router-af)#metric weights 0 2 0 2 0 0 1

neighbor advertisement-interval

To set the minimum route advertisement interval (MRAI) between the sending of BGP routing updates, use the neighbor advertisement-interval command in address family or router configuration mode. To restore the default value, use the no form of this command.

neighbor {ip-address | peer-group-name} advertisement-interval seconds

no neighbor {ip-address | peer-group-name} advertisement-interval seconds

Syntax Description

ip-address

IP address of the neighbor.

peer-group-name

Name of a BGP peer group.

seconds

Time (in seconds) is specified by an integer ranging from 0 to 600.

Command Default

eBGP sessions not in a VRF: 30 seconds

eBGP sessions in a VRF: 0 seconds

iBGP sessions: 0 seconds

Command Modes


Router configuration (config-router)

Command History

Table 10.

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

When the MRAI is equal to 0 seconds, BGP routing updates are sent as soon as the BGP routing table changes.

If you specify a BGP peer group by using the peer-group-name argument, all the members of the peer group will inherit the characteristic configured with this command.

Examples

The following router configuration mode example sets the minimum time between sending BGP routing updates to 10 seconds:


router bgp 5
 neighbor 10.4.4.4 advertisement-interval 10

The following address family configuration mode example sets the minimum time between sending BGP routing updates to 10 seconds:


router bgp 5
address-family ipv4 unicast
 neighbor 10.4.4.4 advertisement-interval 10

neighbor default-originate

To allow a BGP speaker (the local router) to send the default route 0.0.0.0 to a neighbor for use as a default route, use the neighbor default-originate command in address family or router configuration mode. To send no route as a default, use the no form of this command.

neighbor {ip-address | peer-group-name} default-originate [route-map map-name]

no neighbor {ip-address | peer-group-name} default-originate [route-map map-name]

Syntax Description

ip-address

IP address of the neighbor.

peer-group-name

Name of a BGP peer group.

route-map map-name

(Optional) Name of the route map. The route map allows route 0.0.0.0 to be injected conditionally.

Command Default

No default route is sent to the neighbor.

Command Modes

Address family configuration (config-router-af)

Router configuration (config-router)

Command History

Table 11.

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

This command does not require the presence of 0.0.0.0 in the local router. When used with a route map, the default route 0.0.0.0 is injected if the route map contains a match ip address clause and there is a route that matches the IP access list exactly. The route map can contain other match clauses also.

You can use standard or extended access lists with the neighbor default-originate command.

Examples

In the following router configuration example, the local router injects route 0.0.0.0 to the neighbor 172.16.2.3 unconditionally:


 router bgp 109
 network 172.16.0.0
 neighbor 172.16.2.3 remote-as 200
 neighbor 172.16.2.3 default-originate

In the following example, the local router injects route 0.0.0.0 to the neighbor 172.16.2.3 only if there is a route to 192.168.68.0 (that is, if a route with any mask exists, such as 255.255.255.0 or 255.255.0.0):


 router bgp 109
 network 172.16.0.0
 neighbor 172.16.2.3 remote-as 200
 neighbor 172.16.2.3 default-originate route-map default-map
!
route-map default-map 10 permit
 match ip address 1
!
access-list 1 permit 192.168.68.0

In the following example, the last line of the configuration has been changed to show the use of an extended access list. The local router injects route 0.0.0.0 to the neighbor 172.16.2.3 only if there is a route to 192.168.68.0 with a mask of 255.255.0.0:


router bgp 109
 network 172.16.0.0
 neighbor 172.16.2.3 remote-as 200
 neighbor 172.16.2.3 default-originate route-map default-map
!
route-map default-map 10 permit
 match ip address 100
!
access-list 100 permit ip host 192.168.68.0 host 255.255.0.0

neighbor description

To associate a description with a neighbor, use the neighbor description command in router configuration mode or address family configuration mode. To remove the description, use the no form of this command.

neighbor {ip-address | peer-group-name} description text

no neighbor {ip-address | peer-group-name} description [text]

Syntax Description

ip-address

IP address of the neighbor.

peer-group-name

Name of an EIGRP peer group. This argument is not available in address-family configuration mode.

text

Text (up to 80 characters in length) that describes the neighbor.

Command Default

There is no description of the neighbor.

Command Modes

Router configuration (config-router) Address family configuration (config-router-af)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Examples

In the following examples, the description of the neighbor is “peer with example.com”:


Device(config)#router bgp 109
Device(config-router)#network 172.16.0.0
Device(config-router)#neighbor 172.16.2.3 description peer with example.com

In the following example, the description of the address family neighbor is “address-family-peer”:


Device(config)#router eigrp virtual-name
Device(config-router)#address-family ipv4 autonomous-system 4453
Device(config-router-af)#network 172.16.0.0
Device(config-router-af)#neighbor 172.16.2.3 description address-family-peer

neighbor ebgp-multihop

To accept and attempt BGP connections to external peers residing on networks that are not directly connected, use the neighbor ebgp-multihop command in router configuration mode. To return to the default, use the no form of this command.

neighbor {ip-address | ipv6-address | peer-group-name} ebgp-multihop [ttl]

no neighbor {ip-address | ipv6-address | peer-group-name} ebgp-multihop

Syntax Description

ip-address

IP address of the BGP-speaking neighbor.

ipv6-address

IPv6 address of the BGP-speaking neighbor.

peer-group-name

Name of a BGP peer group.

ttl

(Optional) Time-to-live in the range from 1 to 255 hops.

Command Default

Only directly connected neighbors are allowed.

Command Modes


Router configuration (config-router)

Command History

Table 12.

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

This feature should be used only under the guidance of Cisco technical support staff.

If you specify a BGP peer group by using the peer-group-name argument, all the members of the peer group will inherit the characteristic configured with this command.

To prevent the creation of loops through oscillating routes, the multihop will not be established if the only route to the multihop peer is the default route (0.0.0.0).

Examples

The following example allows connections to or from neighbor 10.108.1.1, which resides on a network that is not directly connected:


Device(config)#router bgp 109
Device(config-router)#neighbor 10.108.1.1 ebgp-multihop

neighbor maximum-prefix (BGP)

To control how many prefixes can be received from a neighbor, use the neighbor maximum-prefix command in router configuration mode. To disable this function, use the no form of this command.

neighbor {ip-address | peer-group-name} maximum-prefix maximum [threshold] [restart restart-interval] [warning-only]

no neighbor {ip-address | peer-group-name} maximum-prefix maximum

Syntax Description

ip-address

IP address of the neighbor.

peer-group-name

Name of a Border Gateway Protocol (BGP) peer group.

maximum

Maximum number of prefixes allowed from the specified neighbor. The number of prefixes that can be configured is limited only by the available system resources on a router.

threshold

(Optional) Integer specifying at what percentage of the maximum- prefix limit the router starts to generate a warning message. The range is from 1 to 100; the default is 75.

restart

(Optional) Configures the router that is running BGP to automatically reestablish a peering session that has been disabled because the maximum-prefix limit has been exceeded. The restart timer is configured with the restart-interval argument.

restart-interval

(Optional) Time interval (in minutes) that a peering session is reestablished. The range is from 1 to 65535 minutes.

warning-only

(optional) Allows the router to generate a sys-log message when the maximum-prefix limit is exceeded, instead of terminating the peering session.

Command Default

This command is disabled by default. Peering sessions are disabled when the maximum number of prefixes is exceeded. If the restart-interval argument is not configured, a disabled session will stay down after the maximum-prefix limit is exceeded.

threshold : 75 percent

Command Modes


Router configuration (config-router)

Command History

Table 13.

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The neighbor maximum-prefix command allows you to configure a maximum number of prefixes that a Border Gateway Protocol (BGP) routing process will accept from the specified peer. This feature provides a mechanism (in addition to distribute lists, filter lists, and route maps) to control prefixes received from a peer.

When the number of received prefixes exceeds the maximum number configured, BGP disables the peering session (by default). If the restart keyword is configured, BGP will automatically reestablish the peering session at the configured time interval. If the restart keyword is not configured and a peering session is terminated because the maximum prefix limit has been exceed, the peering session will not be be reestablished until the clear ip bgp command is entered. If the warning-only keyword is configured, BGP sends only a log message and continues to peer with the sender.

There is no default limit on the number of prefixes that can be configured with this command. Limitations on the number of prefixes that can be configured are determined by the amount of available system resources.

Examples

In the following example, the maximum prefixes that will be accepted from the 192.168.1.1 neighbor is set to 1000:


Device(config)#router bgp 40000
 
Device(config-router)#network 192.168.0.0
 
Device(config-router)#neighbor 192.168.1.1 maximum-prefix 1000 

In the following example, the maximum number of prefixes that will be accepted from the 192.168.2.2 neighbor is set to 5000. The router is also configured to display warning messages when 50 percent of the maximum-prefix limit (2500 prefixes) has been reached.


Device(config)#router bgp 40000 
Device(config-router)#network 192.168.0.0
 
Device(config-router)#neighbor 192.168.2.2 maximum-prefix 5000 50

In the following example, the maximum number of prefixes that will be accepted from the 192.168.3.3 neighbor is set to 2000. The router is also configured to reestablish a disabled peering session after 30 minutes.


Device(config)#router bgp 40000
 
Device(config-router) network 192.168.0.0
 
Device(config-router)#neighbor 192.168.3.3 maximum-prefix 2000 restart 30

In the following example, warning messages will be displayed when the threshold of the maximum-prefix limit (500 x 0.75 = 375) for the 192.168.4.4 neighbor is exceeded:


Device(config)#router bgp 40000
 
Device(config-router)#network 192.168.0.0
 
Device(config-router)#neighbor 192.168.4.4 maximum-prefix 500 warning-only
 

neighbor peer-group (assigning members)

To configure a BGP neighbor to be a member of a peer group, use the neighbor peer-group command in address family or router configuration mode. To remove the neighbor from the peer group, use the no form of this command.

neighbor {ip-address | ipv6-address} peer-group peer-group-name

no neighbor {ip-address | ipv6-address} peer-group peer-group-name

Syntax Description

ip-address

IP address of the BGP neighbor that belongs to the peer group specified by the peer-group-name argument.

ipv6-address

IPv6 address of the BGP neighbor that belongs to the peer group specified by the peer-group-name argument.

peer-group-name

Name of the BGP peer group to which this neighbor belongs.

Command Default

There are no BGP neighbors in a peer group.

Command Modes

Address family configuration (config-router-af)

Router configuration (config-router)

Command History

Table 14.

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The neighbor at the IP address indicated inherits all the configured options of the peer group.


Note


Using the no form of the neighbor peer-group command removes all of the BGP configuration for that neighbor, not just the peer group association.


Examples

The following router configuration mode example assigns three neighbors to the peer group named internal:


Device(config)#router bgp 100
Device(config-router)#neighbor internal peer-group
Device(config-router)#neighbor internal remote-as 100
Device(config-router)#neighbor internal update-source loopback 0
Device(config-router)#neighbor internal route-map set-med out
Device(config-router)#neighbor internal filter-list 1 out
Device(config-router)#neighbor internal filter-list 2 in
Device(config-router)#neighbor 172.16.232.53 peer-group internal
Device(config-router)#neighbor 172.16.232.54 peer-group internal
Device(config-router)#neighbor 172.16.232.55 peer-group internal
Device(config-router)#neighbor 172.16.232.55 filter-list 3 in

The following address family configuration mode example assigns three neighbors to the peer group named internal:


Device(config)#router bgp 100
Device(config-router)#address-family ipv4 unicast
Device(config-router)#neighbor internal peer-group
Device(config-router)#neighbor internal remote-as 100
Device(config-router)#neighbor internal update-source loopback 0
Device(config-router)#neighbor internal route-map set-med out
Device(config-router)#neighbor internal filter-list 1 out
Device(config-router)#neighbor internal filter-list 2 in
Device(config-router)#neighbor 172.16.232.53 peer-group internal
Device(config-router)#neighbor 172.16.232.54 peer-group internal
Device(config-router)#neighbor 172.16.232.55 peer-group internal
Device(config-router)#neighbor 172.16.232.55 filter-list 3 in

neighbor peer-group (creating)

To create a BGP or multiprotocol BGP peer group, use the neighbor peer-group command in address family or router configuration mode. To remove the peer group and all of its members, use the no form of this command.

neighbor peer-group-name peer-group

no neighbor peer-group-name peer-group

Syntax Description

peer-group-name

Name of the BGP peer group.

Command Default

There is no BGP peer group.

Command Modes

Address family configuration (config-router-af)

Router configuration (config-router)

Command History

Table 15.

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Often in a BGP or multiprotocol BGP speaker, many neighbors are configured with the same update policies (that is, same outbound route maps, distribute lists, filter lists, update source, and so on). Neighbors with the same update policies can be grouped into peer groups to simplify configuration and make update calculation more efficient.


Note


Peer group members can span multiple logical IP subnets, and can transmit, or pass along, routes from one peer group member to another.


Once a peer group is created with the neighbor peer-group command, it can be configured with the neighbor commands. By default, members of the peer group inherit all the configuration options of the peer group. Members also can be configured to override the options that do not affect outbound updates.

All the peer group members will inherit the current configuration as well as changes made to the peer group. Peer group members will always inherit the following configuration options by default:

  • remote-as (if configured)

  • version

  • update-source

  • outbound route-maps

  • outbound filter-lists

  • outbound distribute-lists

  • minimum-advertisement-interval

  • next-hop-self

If a peer group is not configured with a remote-as option, the members can be configured with the neighbor {ip-address | peer-group-name } remote-as command. This command allows you to create peer groups containing external BGP (eBGP) neighbors.

Examples

The following example configurations show how to create these types of neighbor peer group:

  • internal Border Gateway Protocol (iBGP) peer group

  • eBGP peer group

  • Multiprotocol BGP peer group

In the following example, the peer group named internal configures the members of the peer group to be iBGP neighbors. By definition, this is an iBGP peer group because the router bgp command and the neighbor remote-as command indicate the same autonomous system (in this case, autonomous system 100). All the peer group members use loopback 0 as the update source and use set-med as the outbound route map. The neighbor internal filter-list 2 in command shows that, except for 172.16.232.55, all the neighbors have filter list 2 as the inbound filter list.


 router bgp 100
 neighbor internal peer-group
 neighbor internal remote-as 100
 neighbor internal update-source loopback 0
 neighbor internal route-map set-med out
 neighbor internal filter-list 1 out
 neighbor internal filter-list 2 in
 neighbor 172.16.232.53 peer-group internal
 neighbor 172.16.232.54 peer-group internal
 neighbor 172.16.232.55 peer-group internal
 neighbor 172.16.232.55 filter-list 3 in

The following example defines the peer group named external-peers without the neighbor remote-as command. By definition, this is an eBGP peer group because each individual member of the peer group is configured with its respective autonomous system number separately. Thus the peer group consists of members from autonomous systems 200, 300, and 400. All the peer group members have the set-metric route map as an outbound route map and filter list 99 as an outbound filter list. Except for neighbor 172.16.232.110, all of them have 101 as the inbound filter list.


 router bgp 100
 neighbor external-peers peer-group
 neighbor external-peers route-map set-metric out
 neighbor external-peers filter-list 99 out
 neighbor external-peers filter-list 101 in
 neighbor 172.16.232.90 remote-as 200
 neighbor 172.16.232.90 peer-group external-peers
 neighbor 172.16.232.100 remote-as 300
 neighbor 172.16.232.100 peer-group external-peers
 neighbor 172.16.232.110 remote-as 400
 neighbor 172.16.232.110 peer-group external-peers
 neighbor 172.16.232.110 filter-list 400 in

In the following example, all members of the peer group are multicast-capable:


router bgp 100
neighbor 10.1.1.1 remote-as 1
neighbor 172.16.2.2 remote-as 2
address-family ipv4 multicast
 neighbor mygroup peer-group
 neighbor 10.1.1.1 peer-group mygroup
 neighbor 172.16.2.2 peer-group mygroup
 neighbor 10.1.1.1 activate
 neighbor 172.16.2.2 activate

neighbor route-map

To apply a route map to incoming or outgoing routes, use the neighbor route-map command in address family or router configuration mode. To remove a route map, use the no form of this command.

neighbor {ip-address | peer-group-name | ipv6-address [%]}route-map map-name {in | out}

no neighbor {ip-address | peer-group-name | ipv6-address [%]}route-map map-name {in | out}

Syntax Description

ip-address

IP address of the neighbor.

peer-group-name

Name of a BGP or multiprotocol BGP peer group.

ipv6-address

IPv6 address of the neighbor.

%

(Optional) IPv6 link-local address identifier. This keyword needs to be added whenever a link-local IPv6 address is used outside the context of its interface.

map-name

Name of a route map.

in

Applies route map to incoming routes.

out

Applies route map to outgoing routes.

Command Default

No route maps are applied to a peer.

Command Modes

Router configuration (config-router)

Command History

Table 16.

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

When specified in address family configuration mode, this command applies a route map to that particular address family only. When specified in router configuration mode, this command applies a route map to IPv4 or IPv6 unicast routes only.

If an outbound route map is specified, it is proper behavior to only advertise routes that match at least one section of the route map.

If you specify a BGP or multiprotocol BGP peer group by using the peer-group-name argument, all the members of the peer group will inherit the characteristic configured with this command. Specifying the command for a neighbor overrides the inbound policy that is inherited from the peer group.

The % keyword is used whenever link-local IPv6 addresses are used outside the context of their interfaces. This keyword does not need to be used for non-link-local IPv6 addresses.

Examples

The following router configuration mode example applies a route map named internal-map to a BGP incoming route from 172.16.70.24:


router bgp 5
neighbor 172.16.70.24 route-map internal-map in
route-map internal-map
match as-path 1
set local-preference 100

The following address family configuration mode example applies a route map named internal-map to a multiprotocol BGP incoming route from 172.16.70.24:


router bgp 5
address-family ipv4 multicast
neighbor 172.16.70.24 route-map internal-map in
route-map internal-map
match as-path 1
set local-preference 100

neighbor update-source

To have the Cisco software allow Border Gateway Protocol (BGP) sessions to use any operational interface for TCP connections, use the neighbor update-source command in router configuration mode. To restore the interface assignment to the closest interface, which is called the best local address, use the no form of this command.

neighbor {ip-address | ipv6-address [%] | peer-group-name}update-source interface-type interface-number

neighbor {ip-address | ipv6-address [%] | peer-group-name}update-source interface-type interface-number

Syntax Description

ip-address

IPv4 address of the BGP-speaking neighbor.

ipv6-address

IPv6 address of the BGP-speaking neighbor.

%

(Optional) IPv6 link-local address identifier. This keyword needs to be added whenever a link-local IPv6 address is used outside the context of its interface.

peer-group-name

Name of a BGP peer group.

interface-type

Interface type.

interface-number

Interface number.

Command Default

Best local address

Command Modes


Router configuration (config-router)

Command History

Table 17.

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

This command can work in conjunction with the loopback interface feature described in the “Interface Configuration Overview” chapter of the Cisco IOS Interface and Hardware Component Configuration Guide.

If you specify a BGP peer group by using the peer-group-name argument, all the members of the peer group will inherit the characteristic configured with this command.

The neighbor update-source command must be used to enable IPv6 link-local peering for internal or external BGP sessions.

The % keyword is used whenever link-local IPv6 addresses are used outside the context of their interfaces and for these link-local IPv6 addresses you must specify the interface they are on. The syntax becomes <IPv6 local-link address>%<interface name>, for example, FE80::1%Ethernet1/0. Note that the interface type and number must not contain any spaces, and be used in full-length form because name shortening is not supported in this situation. The % keyword and subsequent interface syntax is not used for non-link-local IPv6 addresses.

Examples

The following example sources BGP TCP connections for the specified neighbor with the IP address of the loopback interface rather than the best local address:


Device(config)#router bgp 65000
Device(config-router)#network 172.16.0.0
Device(config-router)#neighbor 172.16.2.3 remote-as 110
Device(config-router)#neighbor 172.16.2.3 update-source Loopback0

The following example sources IPv6 BGP TCP connections for the specified neighbor in autonomous system 65000 with the global IPv6 address of loopback interface 0 and the specified neighbor in autonomous system 65400 with the link-local IPv6 address of Fast Ethernet interface 0/0. Note that the link-local IPv6 address of FE80::2 is on Ethernet interface 1/0.


Device(config)#router bgp 65000
Device(config-router)#neighbor 3ffe::3 remote-as 65000 
Device(config-router)#neighbor 3ffe::3 update-source Loopback0 
Device(config-router)#neighbor fe80::2%Ethernet1/0 remote-as 65400 
Device(config-router)#neighbor fe80::2%Ethernet1/0 update-source FastEthernet 0/0 
Device(config-router)#address-family ipv6 
Device(config-router)#neighbor 3ffe::3 activate 
Device(config-router)#neighbor fe80::2%Ethernet1/0 activate 
Device(config-router)#exit-address-family 

network (BGP and multiprotocol BGP)

To specify the networks to be advertised by the Border Gateway Protocol (BGP) and multiprotocol BGP routing processes, use the network command in address family or router configuration mode. To remove an entry from the routing table, use the no form of this command.

network {network-number [mask network-mask] | nsap-prefix} [route-map map-tag]

no network {network-number [mask network-mask] | nsap-prefix} [route-map map-tag]

Syntax Description

network-number

Network that BGP or multiprotocol BGP will advertise.

mask network-mask

(Optional) Network or subnetwork mask with mask address.

nsap-prefix

Network service access point (NSAP) prefix of the Connectionless Network Service (CLNS) network that BGP or multiprotocol BGP will advertise. This argument is used only under NSAP address family configuration mode.

route-map map-tag

(Optional) Identifier of a configured route map. The route map should be examined to filter the networks to be advertised. If not specified, all networks are advertised. If the keyword is specified, but no route map tags are listed, no networks will be advertised.

Command Default

No networks are specified.

Command Modes

Address family configuration (config-router-af)

Router configuration (config-router)

Command History

Table 18.

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

BGP and multiprotocol BGP networks can be learned from connected routes, from dynamic routing, and from static route sources.

The maximum number of network commands you can use is determined by the resources of the router, such as the configured NVRAM or RAM.

Examples

The following example sets up network 10.108.0.0 to be included in the BGP updates:


Device(config)#router bgp 65100
Device(config-router)#network 10.108.0.0

The following example sets up network 10.108.0.0 to be included in the multiprotocol BGP updates:


Device(config)#router bgp 64800
Device(config-router)#address family ipv4 multicast
Device(config-router)#network 10.108.0.0

The following example advertises NSAP prefix 49.6001 in the multiprotocol BGP updates:


Device(config)#router bgp 64500
Device(config-router)#address-family nsap
Device(config-router)#network 49.6001

network (EIGRP)

To specify the network for an Enhanced Interior Gateway Routing Protocol (EIGRP) routing process, use the network command in router configuration mode or address-family configuration mode. To remove an entry, use the no form of this command.

network ip-address [wildcard-mask]

no network ip-address [wildcard-mask]

Syntax Description

ip-address

IP address of the directly connected network.

wildcard-mask

(Optional) EIGRP wildcard bits. Wildcard mask indicates a subnetwork, bitwise complement of the subnet mask.

Command Default

No networks are specified.

Command Modes

Router configuration (config-router) Address-family configuration (config-router-af)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

When the network command is configured for an EIGRP routing process, the router matches one or more local interfaces. The network command matches only local interfaces that are configured with addresses that are within the same subnet as the address that has been configured with the network command. The router then establishes neighbors through the matched interfaces. There is no limit to the number of network statements (network commands) that can be configured on a router.

Use a wildcard mask as a shortcut to group networks together. A wildcard mask matches everything in the network part of an IP address with a zero. Wildcard masks target a specific host/IP address, entire network, subnet, or even a range of IP addresses.

When entered in address-family configuration mode, this command applies only to named EIGRP IPv4 configurations. Named IPv6 and Service Advertisement Framework (SAF) configurations do not support this command in address-family configuration mode.

Examples

The following example configures EIGRP autonomous system 1 and establishes neighbors through network 172.16.0.0 and 192.168.0.0:


Device(config)#router eigrp 1
Device(config-router)#network 172.16.0.0
Device(config-router)#network 192.168.0.0
Device(config-router)#network 192.168.0.0 0.0.255.255

The following example configures EIGRP address-family autonomous system 4453 and establishes neighbors through network 172.16.0.0 and 192.168.0.0:


Device(config)#router eigrp virtual-name
Device(config-router)#address-family ipv4 autonomous-system 4453
Device(config-router-af)#network 172.16.0.0
Device(config-router-af)#network 192.168.0.0

nsf (EIGRP)

To enable Cisco nonstop forwarding (NSF) operations for the Enhanced Interior Gateway Routing Protocol (EIGRP), use the nsf command in router configuration or address family configuration mode. To disable EIGRP NSF and to remove the EIGRP NSF configuration from the running-configuration file, use the no form of this command.

nsf

no nsf

Syntax Description

This command has no arguments or keywords.

Command Default

EIGRP NSF is disabled.

Command Modes

Router configuration (config-router)

Address family configuration (config-router-af)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The nsf command is used to enable or disable EIGRP NSF support on an NSF-capable router. NSF is supported only on platforms that support High Availability.

Examples

The following example shows how to disable NSF:


Device#configure terminal
Device(config)#router eigrp 101 
Device(config-router)#no nsf
Device(config-router)#end  

The following example shows how to enable EIGRP IPv6 NSF:


Device#configure terminal
Device(config)#router eigrp virtual-name-1
Device(config-router)#address-family ipv6 autonomous-system 10 
Device(config-router-af)#nsf 
Device(config-router-af)#end 

offset-list (EIGRP)

To add an offset to incoming and outgoing metrics to routes learned via Enhanced Interior Gateway Routing Protocol (EIGRP), use the offset-list command in router configuration mode or address family topology configuration mode. To remove an offset list, use the no form of this command.

offset-list {access-list-number | access-list-name} {in | out} offset [interface-type interface-number]

no offset-list {access-list-number | access-list-name} {in | out} offset [interface-type interface-number]

Syntax Description

access-list-number | access-list-name

Standard access list number or name to be applied. Access list number 0 indicates all networks (networks, prefixes, or routes). If the offset value is 0, no action is taken.

in

Applies the access list to incoming metrics.

out

Applies the access list to outgoing metrics.

offset

Positive offset to be applied to metrics for networks matching the access list. If the offset is 0, no action is taken.

interface-type

(Optional) Interface type to which the offset list is applied.

interface-number

(Optional) Interface number to which the offset list is applied.

Command Default

No offset values are added to incoming or outgoing metrics to routes learned via EIGRP.

Command Modes

Router configuration (config-router) Address family topology configuration (config-router-af-topology)

Command History

Table 19.

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The offset value is added to the routing metric. An offset list with an interface type and interface number is considered extended and takes precedence over an offset list that is not extended. Therefore, if an entry passes the extended offset list and the normal offset list, the offset of the extended offset list is added to the metric.

Examples

In the following example, the router applies an offset of 10 to the delay component of the router only to access list 21:


Device(config-router)#offset-list 21 out 10

In the following example, the router applies an offset of 10 to routes learned from Ethernet interface 0:


Device(config-router)#offset-list 21 in 10 ethernet 0

In the following example, the router applies an offset of 10 to routes learned from Ethernet interface 0 in an EIGRP named configuration:


Device(config)#router eigrp virtual-name
Device(config-router)#address-family ipv4 autonomous-system 1
Device(config-router-af)#topology base
Device(config-router-af-topology)#offset-list 21 in 10 ethernet0

redistribute (IP)

To redistribute routes from one routing domain into another routing domain, use the redistribute command in the appropriate configuration mode. To disable all or some part of the redistribution (depending on the protocol), use the no form of this command. See the “Usage Guidelines” section for detailed, protocol-specific behaviors.

redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [autonomous-system-number] [metric {metric-value | transparent}] [metric-type type-value] [match {internal | external 1 | external 2}] [tag tag-value] [route-map map-tag] [subnets] [nssa-only]

no redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [autonomous-system-number] [metric {metric-value | transparent}] [metric-type type-value] [match {internal | external 1 | external 2}] [tag tag-value] [route-map map-tag] [subnets] [nssa-only]

Syntax Description

protocol

Source protocol from which routes are being redistributed. It can be one of the following keywords: application , bgp , connected , eigrp , isis , mobile , ospf , rip, or static [ip ].

The static [ip ] keyword is used to redistribute IP static routes. The optional ip keyword is used when redistributing into the Intermediate System-to-Intermediate System (IS-IS) protocol.

The application keyword is used to redistribute an application from one routing domain to another. You can redistribute more than one application to different routing protocols such as IS-IS, OSPF, Border Gateway Protocol (BGP), Enhanced Interior Gateway Routing Protocol (EIGRP) and Routing Information Protocol (RIP).

The connected keyword refers to routes that are established automatically by virtue of having enabled IP on an interface. For routing protocols such as Open Shortest Path First (OSPF) and IS-IS, these routes will be redistributed as external to the autonomous system.

process-id

(Optional) For the application keyword, this is the name of an application.

For the bgp or eigrp keyword, this is an autonomous system number, which is a 16-bit decimal number.

For the isis keyword, this is an optional tag value that defines a meaningful name for a routing process. Creating a name for a routing process means that you use names when configuring routing. You can configure a router in two routing domains and redistribute routing information between these two domains.

For the ospf keyword, this is an appropriate OSPF process ID from which routes are to be redistributed. This identifies the routing process. This value takes the form of a nonzero decimal number.

For the rip keyword, no process-id value is needed.

For the application keyword, this is the name of an application.

By default, no process ID is defined.

level-1

Specifies that, for IS-IS, Level 1 routes are redistributed into other IP routing protocols independently.

level-1-2

Specifies that, for IS-IS, both Level 1 and Level 2 routes are redistributed into other IP routing protocols.

level-2

Specifies that, for IS-IS, Level 2 routes are redistributed into other IP routing protocols independently.

autonomous-system-number

(Optional) Autonomous system number for the redistributed route. The range is from 1 to 65535.

  • 4-byte autonomous system numbers are supported in the range from 1.0 to 65535.65535 in asdot notation only.

For more details about autonomous system number formats, see the router bgp command.

metric metric-value

(Optional) When redistributing from one OSPF process to another OSPF process on the same router, the metric will be carried through from one process to the other if no metric value is specified. When redistributing other processes to an OSPF process, the default metric is 20 when no metric value is specified. The default value is 0.

metric transparent

(Optional) Causes RIP to use the routing table metric for redistributed routes as the RIP metric.

metric-type type value

(Optional) For OSPF, specifies the external link type associated with the default route advertised into the OSPF routing domain. It can be one of two values:

  • 1 —Type 1 external route

  • 2 —Type 2 external route

If a metric-type is not specified, the Cisco IOS software adopts a Type 2 external route.

For IS-IS, it can be one of two values:

  • internal —IS-IS metric that is < 63.

  • external —IS-IS metric that is > 64 < 128.

The default is internal .

match {internal | external1 | external2 }

(Optional) Specifies the criteria by which OSPF routes are redistributed into other routing domains. It can be one of the following:

  • internal —Routes that are internal to a specific autonomous system.

  • external 1 —Routes that are external to the autonomous system, but are imported into OSPF as Type 1 external routes.

  • external 2 —Routes that are external to the autonomous system, but are imported into OSPF as Type 2 external routes.

The default is internal .

tag tag-value

(Optional) Specifies the 32-bit decimal value attached to each external route. This is not used by OSPF itself. It may be used to communicate information between Autonomous System Boundary Routers (ASBRs). If none is specified, the remote autonomous system number is used for routes from BGP and Exterior Gateway Protocol (EGP); for other protocols, zero (0) is used.

route-map

(Optional) Specifies the route map that should be interrogated to filter the importation of routes from this source routing protocol to the current routing protocol. If not specified, all routes are redistributed. If this keyword is specified, but no route map tags are listed, no routes will be imported.

map-tag

(Optional) Identifier of a configured route map.

subnets

(Optional) For redistributing routes into OSPF.

Note

 

Irrespective of whether the subnets keyword is configured or not, the subnets functionality is enabled by default. This automatic addition results in the redistribution of classless OSPF routes.

nssa-only

(Optional) Sets the nssa-only attribute for all routes redistributed into OSPF.

Command Default

Route redistribution is disabled.

Command Modes

Router configuration (config-router)

Address family configuration (config-af)

Address family topology configuration (config-router-af-topology)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Using the no Form of the redistribute Command


Caution


Removing options that you have configured for the redistribute command requires careful use of the no form of the redistribute command to ensure that you obtain the result that you are expecting. Changing or disabling any keyword may or may not affect the state of other keywords, depending on the protocol.


It is important to understand that different protocols implement the no form of the redistribute command differently:

  • In BGP, OSPF, and RIP configurations, the no redistribute command removes only the specified keywords from the redistribute commands in the running configuration. They use the subtractive keyword method when redistributing from other protocols. For example, in the case of BGP, if you configure no redistribute static route-map interior , only the route map is removed from the redistribution, leaving redistribute static in place with no filter.

  • The no redistribute isis command removes the IS-IS redistribution from the running configuration. IS-IS removes the entire command, regardless of whether IS-IS is the redistributed or redistributing protocol.

  • EIGRP used the subtractive keyword method prior to EIGRP component version rel5. Starting with EIGRP component version rel5, the no redistribute command removes the entire redistribute command when redistributing from any other protocol.

  • An EIGRP routing process is configured when you issue the router eigrp command and then specify a network for the process using the network sub-command. Suppose that you have not configured an EIGRP routing process, and that you have configured redistribution of routes from such an EIGRP process into BGP, OSPF, or RIP. If you use the no redistribute eigrp command to change or disable a parameter in the redistribute eigrp command, the no redistribute eigrp command removes the entire redistribute eigrp command instead of changing or disabling a specific parameter.

Additional Usage Guidelines for the redistribute Command

A router receiving a link-state protocol with an internal metric will consider the cost of the route from itself to the redistributing router plus the advertised cost to reach the destination. An external metric only considers the advertised metric to reach the destination.

Routes learned from IP routing protocols can be redistributed at Level 1 into an attached area or at Level 2. The level-1-2 keyword allows both Level 1 and Level 2 routes in a single command.

Redistributed routing information must be filtered by the distribute-list out router configuration command. This guideline ensures that only those routes intended by the administrator are passed along to the receiving routing protocol.

Whenever you use the redistribute or the default-information router configuration commands to redistribute routes into an OSPF routing domain, the router automatically becomes an ASBR. However, an ASBR does not, by default, generate a default route into the OSPF routing domain.

When routes are redistributed into OSPF from protocols other than OSPF or BGP, and no metric has been specified with the metric-type keyword and type-value argument, OSPF will use 20 as the default metric. When routes are redistributed into OSPF from BGP, OSPF will use 1 as the default metric. When routes are redistributed from one OSPF process to another OSPF process, autonomous system external and not-so-stubby-area (NSSA) routes will use 20 as the default metric. When intra-area and inter-area routes are redistributed between OSPF processes, the internal OSPF metric from the redistribution source process is advertised as the external metric in the redistribution destination process. (This is the only case in which the routing table metric will be preserved when routes are redistributed into OSPF.)


Note


The show ip ospf [topology-info ] command will display subnets keyword irrespective of whether the subnets keyword is configured or not. This is because the subnets functionality is enabled by default for OSPF.

On a router internal to an NSSA area, the nssa-only keyword causes the originated type-7 NSSA LSAs to have their propagate (P) bit set to zero, which prevents area border routers from translating these LSAs into type-5 external LSAs. On an area border router that is connected to an NSSA and normal areas, the nssa-only keyword causes the routes to be redistributed only into the NSSA areas.

Routes configured with the connected keyword affected by this redistribute command are the routes not specified by the network router configuration command.

You cannot use the default-metric command to affect the metric used to advertise connected routes.


Note


The metric value specified in the redistribute command supersedes the metric value specified in the default-metric command.


The default redistribution of Interior Gateway Protocol (IGP) or Exterior Gateway Protocol (EGP) into BGP is not allowed unless the default-information originate router configuration command is specified.

4-Byte Autonomous System Number Support

The Cisco implementation of 4-byte autonomous system numbers uses asplain—65538 for example—as the default regular expression match and output display format for autonomous system numbers, but you can configure 4-byte autonomous system numbers in both the asplain format and the asdot format as described in RFC 5396. To change the default regular expression match and output display of 4-byte autonomous system numbers to asdot format, use the bgp asnotation dot command.

Examples

The following example shows how OSPF routes are redistributed into a BGP domain:


Device(config)# router bgp 109
Device(config-router)# redistribute ospf

The following example shows how to redistribute EIGRP routes into an OSPF domain:


Device(config)# router ospf 110
Device(config-router)# redistribute eigrp

The following example shows how to redistribute the specified EIGRP process routes into an OSPF domain. The EIGRP-derived metric will be remapped to 100 and RIP routes to 200.


Device(config)# router ospf 109
Device(config-router)# redistribute eigrp 108 metric 100 subnets
Device(config-router)# redistribute rip metric 200 subnets

The following example shows how to configure BGP routes to be redistributed into IS-IS. The link-state cost is specified as 5, and the metric type is set to external, indicating that it has lower priority than internal metrics.


Device(config)# router isis
Device(config-router)# redistribute bgp 120 metric 5 metric-type external

The following example shows how to redistribute an application into an OSPF domain and specify a metric value of 5:


Device(config)# router ospf 4
Device(config-router)# redistribute application am metric 5

In the following example, network 172.16.0.0 will appear as an external LSA in OSPF 1 with a cost of 100 (the cost is preserved):


Device(config)# interface ethernet 0
Device(config-if)# ip address 172.16.0.1 255.0.0.0
Device(config-if)# exit
Device(config)# ip ospf cost 100
Device(config)# interface ethernet 1
Device(config-if)# ip address 10.0.0.1 255.0.0.0
!
Device(config)# router ospf 1
Device(config-router)# network 10.0.0.0 0.255.255.255 area 0
Device(config-if)# exit
Device(config-router)# redistribute ospf 2 subnet
Device(config)# router ospf 2
Device(config-router)# network 172.16.0.0 0.255.255.255 area 0

The following example shows how BGP routes are redistributed into OSPF and assigned the local 4-byte autonomous system number in asplain format.


Device(config)# router ospf 2
Device(config-router)# redistribute bgp 65538

The following example shows how to remove the connected metric 1000 subnets options from the redistribute connected metric 1000 subnets command and leave the redistribute connected command in the configuration:


Device(config-router)# no redistribute connected metric 1000 subnets

The following example shows how to remove the metric 1000 options from the redistribute connected metric 1000 subnets command and leave the redistribute connected subnets command in the configuration:


Device(config-router)# no redistribute connected metric 1000

The following example shows how to remove the subnets option from the redistribute connected metric 1000 subnets command and leave the redistribute connected metric 1000 command in the configuration:


Device(config-router)# no redistribute connected subnets

The following example shows how to remove the redistribute connected command, and any of the options that were configured for the redistribute connected command, from the configuration:


Device(config-router)# no redistribute connected

The following example shows how EIGRP routes are redistributed into an EIGRP process in a named EIGRP configuration:


Device(config)# router eigrp virtual-name
Device(config-router)# address-family ipv4 autonomous-system 1
Device(config-router-af)# topology base
Device(config-router-af-topology)# redistribute eigrp 6473 metric 1 1 1 1 1

The following example shows how to set and disable the redistributions in EIGRP configuration. Note that, in the case of EIGRP, the no form of the commands removes the entire set of redistribute commands from the running configuration.


Device(config)# router eigrp 1
Device(config-router)# network 0.0.0.0
Device(config-router)# redistribute eigrp 2 route-map x
Device(config-router)# redistribute ospf 1 route-map x
Device(config-router)# redistribute bgp 1 route-map x
Device(config-router)# redistribute isis level-2 route-map x
Device(config-router)# redistribute rip route-map x

Device(config)# router eigrp 1
Device(config-router)# no redistribute eigrp 2 route-map x
Device(config-router)# no redistribute ospf 1 route-map x
Device(config-router)# no redistribute bgp 1 route-map x
Device(config-router)# no redistribute isis level-2 route-map x
Device(config-router)# no redistribute rip route-map x
Device(config-router)# end

Device# show running-config | section router eigrp 1

router eigrp 1
 network 0.0.0.0

The following example shows how to set and disable the redistributions in OSPF configuration. Note that the no form of the commands removes only the specified keywords from the redistribute command in the running configuration.

Device(config)# router ospf 1
Device(config-router)# network 0.0.0.0
Device(config-router)# redistribute eigrp 2 route-map x
Device(config-router)# redistribute ospf 1 route-map x
Device(config-router)# redistribute bgp 1 route-map x
Device(config-router)# redistribute isis level-2 route-map x
Device(config-router)# redistribute rip route-map x

Device(config)# router ospf 1
Device(config-router)# no redistribute eigrp 2 route-map x
Device(config-router)# no redistribute ospf 1 route-map x
Device(config-router)# no redistribute bgp 1 route-map x
Device(config-router)# no redistribute isis level-2 route-map x
Device(config-router)# no redistribute rip route-map x
Device(config-router)# end

Device# show running-config | section router ospf 1

router ospf 1
 redistribute eigrp 2
 redistribute ospf 1
 redistribute bgp 1
 redistribute rip 
 network 0.0.0.0 

The following example shows how to remove only the route map filter from the redistribution in BGP; redistribution itself remains in force without a filter:

Device(config)# router bgp 65000
Device(config-router)# no redistribute eigrp 2 route-map x

The following example shows how to remove the EIGRP redistribution to BGP:

Device(config)# router bgp 65000
Device(config-router)# no redistribute eigrp 2 

route-map

To define conditions for redistributing routes from one routing protocol to another routing protocol, or to enable policy routing, use the route-map command in global configuration mode. To delete an entry, use the no form of this command.

route-map map-tag [permit | deny] [sequence-number] ordering-seq sequence-name

no route-map map-tag [permit | deny] [sequence-number] ordering-seq sequence-name

Syntax Description

map-tag

Name for the route map.

permit

(Optional) Permits only the routes matching the route map to be forwarded or redistributed.

deny

(Optional) Blocks routes matching the route map from being forwarded or redistributed.

sequence-number

(Optional) Number that indicates the position a new route map will have in the list of route maps already configured with the same name.

ordering-seq sequence-name

(Optional) Orders the route maps based on the string provided.

Command Default

Policy routing is not enabled, and conditions for redistributing routes from one routing protocol to another routing protocol are not configured.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Use the route-map command to enter route-map configuration mode.

Use route maps to redistribute routes, or to subject packets to policy routing. Both these purposes are described here.

Redistribution

Use the route-map global configuration command and the match and set route-map configuration commands to define the conditions for redistributing routes from one routing protocol to another. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria , that is, the conditions under which redistribution is allowed for the current route-map command. The set commands specify the set actions , that is, the redistribution actions to be performed if the criteria enforced by the match commands are met. If the route-map command is enabled and the user does not specify any action, then the permit action is applied by default. The no route-map command deletes the route map.

The match route-map configuration command has multiple formats. The match commands can be run in any order, and all the match commands must match to cause the route to be redistributed according to the set actions specified with the set commands. The no forms of the match commands remove the specified match criteria.

Use route maps when you want detailed control over how routes are redistributed between routing processes. The destination routing protocol is the one you specify with the router global configuration command. The source routing protocol is the one you specify with the redistribute router configuration command. See the examples section for an illustration of how route maps are configured.

When passing routes through a route map, the route map can have several parts. Any route that does not match at least one match clause relating to a route-map command is ignored, that is, the route is not advertised for outbound route maps, and is not accepted for inbound route maps. If you want to modify only some data, configure a second route map section with an explicit match specified.

The redistribute router configuration command uses the name specified by the map-tag argument to reference a route map. Multiple route maps can share the same map tag name.

If the match criteria are met for this route map, and the permit keyword is specified, the route is redistributed as controlled by the set actions. In the case of policy routing, the packet is policy routed. If the match criteria are not met, and the permit keyword is specified, the next route map with the same map tag is tested. If a route passes none of the match criteria for the set of route maps sharing the same name, it is not redistributed by that set.

If the match criteria are met for the route map, and the deny keyword is specified, the route is not redistributed. In the case of policy routing, the packet is not policy routed, and no other route maps sharing the same map tag name are examined. If the packet is not policy routed, the normal forwarding algorithm is used.

Policy Routing

Another purpose of route maps is to enable policy routing. Use the ip policy route-map or ipv6 policy route-map command in addition to the route-map command, and the match and set commands to define the conditions for policy-routing packets. The match commands specify the conditions under which policy routing occurs. The set commands specify the routing actions to be performed if the criteria enforced by the match commands are met. We recommend that you policy route packets some way other than the obvious shortest path.

The sequence-number argument works as follows:

  • If no entry is defined with the supplied tag, an entry is created with the sequence-number argument set to 10.

  • If only one entry is defined with the supplied tag, that entry becomes the default entry for the route-map command. The sequence-number argument of this entry is unchanged.

  • If more than one entry is defined with the supplied tag, an error message is displayed to indicate that the sequence-number argument is required.

If the no route-map map-tag command is specified (without the sequence-number argument), the entire route map is deleted.

Examples

The following example shows how to redistribute Routing Information Protocol (RIP) routes with a hop count equal to 1 to the Open Shortest Path First (OSPF). These routes will be redistributed to the OSPF as external link-state advertisements (LSAs) with a metric of 5, metric type of type1, and a tag equal to 1.

Device> enable
Device# configure terminal
Device(config)# router ospf 109
Device(config-router)# redistribute rip route-map rip-to-ospf
Device(config-router)# exit
Device(config)# route-map rip-to-ospf permit
Device(config-route-map)# match metric 1
Device(config-route-map)# set metric 5
Device(config-route-map)# set metric-type type1
Device(config-route-map)# set tag 1

The following example for IPv6 shows how to redistribute RIP routes with a hop count equal to 1 to the OSPF. These routes will be redistributed to the OSPF as external LSAs, with a tag equal to 42, and a metric type equal to type1.

Device> enable
Device# configure terminal
Device(config)# ipv6 router ospf 1
Device(config-router)# redistribute rip one route-map rip-to-ospfv3
Device(config-router)# exit
Device(config)# route-map rip-to-ospfv3
Device(config-route-map)# match tag 42
Device(config-route-map)# set metric-type type1

The following named configuration example shows how to redistribute Enhanced Interior Gateway Routing Protocol (EIGRP) addresses with a hop count equal to 1. These addresses are redistributed to the EIGRP as external, with a metric of 5, and a tag equal to 1:

Device> enable
Device# configure terminal
Device(config)# router eigrp virtual-name1
Device(config-router)# address-family ipv4 autonomous-system 4453
Device(config-router-af)# topology base
Device(config-router-af-topology)# redistribute eigrp 6473 route-map virtual-name1-to-virtual-name2
Device(config-router-af-topology)# exit-address-topology
Device(config-router-af)# exit-address-family
Device(config-router)# router eigrp virtual-name2
Device(config-router)# address-family ipv4 autonomous-system 6473
Device(config-router-af)# topology base
Device(config-router-af-topology)# exit-af-topology
Device(config-router-af)# exit-address-family
Device(config)# route-map virtual-name1-to-virtual-name2
Device(config-route-map)# match tag 42
Device(config-route-map)# set metric 5
Device(config-route-map)# set tag 1

router-id

To use a fixed router ID, use the router-id command in router configuration mode. To force Open Shortest Path First (OSPF) to use the previous OSPF router ID behavior, use the no form of this command.

router-id ip-address

no router-id ip-address

Syntax Description

ip-address

Router ID in IP address format.

Command Default

No OSPF routing process is defined.

Command Modes

Router configuration

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

You can configure an arbitrary value in the IP address format for each router. However, each router ID must be unique.

If this command is used on an OSPF router process which is already active (has neighbors), the new router-ID is used at the next reload or at a manual OSPF process restart. To manually restart the OSPF process, use the clear ip ospf command.

Examples

The following example specifies a fixed router-id:


router-id 10.1.1.1

router bgp

To configure the Border Gateway Protocol (BGP) routing process, use the router bgp command in global configuration mode. To remove a BGP routing process, use the no form of this command.

router bgp autonomous-system-number

no router bgp autonomous-system-number

Syntax Description

autonomous-system-number

Number of an autonomous system that identifies the router to other BGP routers and tags the routing information that is passed along. Number in the range from 1 to 65535.

Command Default

No BGP routing process is enabled by default.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.12.1

This command was introduced.

Usage Guidelines

This command allows you to set up a distributed routing core that automatically guarantees the loop-free exchange of routing information between autonomous systems.

Cisco has implemented the following two methods of representing autonomous system numbers:

  • Asplain—Decimal value notation where both 2-byte and 4-byte autonomous system numbers are represented by their decimal value. For example, 65526 is a 2-byte autonomous system number and 234567 is a 4-byte autonomous system number.

  • Asdot—Autonomous system dot notation where 2-byte autonomous system numbers are represented by their decimal value and 4-byte autonomous system numbers are represented by a dot notation. For example, 65526 is a 2-byte autonomous system number and 1.169031 is a 4-byte autonomous system number (this is dot notation for the 234567 decimal number).

For details about the third method of representing autonomous system numbers, see RFC 5396.


Note


In Cisco IOS releases that include 4-byte ASN support, command accounting and command authorization that include a 4-byte ASN number are sent in the asplain notation irrespective of the format that is used on the command-line interface.


Asplain as Default Autonomous System Number Formatting

In Cisco IOS Release 12.0(32)SY8, 12.0(33)S3, 12.2(33)SRE, 12.2(33)XNE, 12.2(33)SXI1, Cisco IOS XE Release 2.4, and later releases, the Cisco implementation of 4-byte autonomous system numbers uses asplain as the default display format for autonomous system numbers, but you can configure 4-byte autonomous system numbers in both the asplain and asdot format. In addition, the default format for matching 4-byte autonomous system numbers in regular expressions is asplain, so you must ensure that any regular expressions to match 4-byte autonomous system numbers are written in the asplain format. If you want to change the default show command output to display 4-byte autonomous system numbers in the asdot format, use the bgp asnotation dot command under router configuration mode. When the asdot format is enabled as the default, any regular expressions to match 4-byte autonomous system numbers must be written using the asdot format, or the regular expression match will fail. The tables below show that although you can configure 4-byte autonomous system numbers in either asplain or asdot format, only one format is used to display show command output and control 4-byte autonomous system number matching for regular expressions, and the default is asplain format. To display 4-byte autonomous system numbers in show command output and to control matching for regular expressions in the asdot format, you must configure the bgp asnotation dot command. After enabling the bgp asnotation dot command, a hard reset must be initiated for all BGP sessions by entering the clear ip bgp * command.


Note


If you are upgrading to an image that supports 4-byte autonomous system numbers, you can still use 2-byte autonomous system numbers. The show command output and regular expression match are not changed and remain in asplain (decimal value) format for 2-byte autonomous system numbers regardless of the format configured for 4-byte autonomous system numbers.


Table 21. Default Asplain 4-Byte Autonomous System Number Format

Format

Configuration Format

Show Command Output and Regular Expression Match Format

asplain

2-byte: 1 to 65535 4-byte: 65536 to 4294967295

2-byte: 1 to 65535 4-byte: 65536 to 4294967295

asdot

2-byte: 1 to 65535 4-byte: 1.0 to 65535.65535

2-byte: 1 to 65535 4-byte: 65536 to 4294967295

Table 22. Asdot 4-Byte Autonomous System Number Format

Format

Configuration Format

Show Command Output and Regular Expression Match Format

asplain

2-byte: 1 to 65535 4-byte: 65536 to 4294967295

2-byte: 1 to 65535 4-byte: 1.0 to 65535.65535

asdot

2-byte: 1 to 65535 4-byte: 1.0 to 65535.65535

2-byte: 1 to 65535 4-byte: 1.0 to 65535.65535

Reserved and Private Autonomous System Numbers

In Cisco IOS Release 12.0(32)S12, 12.0(32)SY8, 12.2(33)SRE, 12.2(33)XNE, 12.2(33)SXI1, 12.4(24)T, Cisco IOS XE Release 2.3 and later releases, the Cisco implementation of BGP supports RFC 4893. RFC 4893 was developed to allow BGP to support a gradual transition from 2-byte autonomous system numbers to 4-byte autonomous system numbers. A new reserved (private) autonomous system number, 23456, was created by RFC 4893 and this number cannot be configured as an autonomous system number in the Cisco IOS CLI.

RFC 5398, Autonomous System (AS) Number Reservation for Documentation Use , describes new reserved autonomous system numbers for documentation purposes. Use of the reserved numbers allow configuration examples to be accurately documented and avoids conflict with production networks if these configurations are literally copied. The reserved numbers are documented in the IANA autonomous system number registry. Reserved 2-byte autonomous system numbers are in the contiguous block, 64496 to 64511 and reserved 4-byte autonomous system numbers are from 65536 to 65551 inclusive.

Private 2-byte autonomous system numbers are still valid in the range from 64512 to 65534 with 65535 being reserved for special use. Private autonomous system numbers can be used for internal routing domains but must be translated for traffic that is routed out to the Internet. BGP should not be configured to advertise private autonomous system numbers to external networks. Cisco IOS software does not remove private autonomous system numbers from routing updates by default. Cisco recommends that ISPs filter private autonomous system numbers.


Note


Autonomous system number assignment for public and private networks is governed by the IANA. For information about autonomous system numbers, including reserved number assignment, or to apply to register an autonomous system number, see the following URL: http://www.iana.org/.


Examples

The following example shows how to configure a BGP process for autonomous system 45000 and configures two external BGP neighbors in different autonomous systems using 2-byte autonomous system numbers:

Device> enable
Device# configure terminal
Device(config)# router bgp 45000
Device(config-router)# neighbor 192.168.1.2 remote-as 40000
Device(config-router)# neighbor 192.168.3.2 remote-as 50000
Device(config-router)# neighbor 192.168.3.2 description finance
Device(config-router)# address-family ipv4
Device(config-router-af)# neighbor 192.168.1.2 activate
Device(config-router-af)# neighbor 192.168.3.2 activate
Device(config-router-af)# no auto-summary
Device(config-router-af)# no synchronization
Device(config-router-af)# network 172.17.1.0 mask 255.255.255.0
Device(config-router-af)# exit-address-family

The following example shows how to configure a BGP process for autonomous system 65538 and configures two external BGP neighbors in different autonomous systems using 4-byte autonomous system numbers in asplain notation. This example is supported i n Cisco IOS Release 12.0(32)SY8, 12.0(33)S3, 12.2(33)SRE, 12.2(33)XNE, 12.2(33)SXI1, Cisco IOS XE Release 2.4, and later releases.

Device> enable
Device# configure terminal
Device(config)# router bgp 65538
Device(config-router)# neighbor 192.168.1.2 remote-as 65536
Device(config-router)# neighbor 192.168.3.2 remote-as 65550
Device(config-router)# neighbor 192.168.3.2 description finance
Device(config-router)# address-family ipv4
Device(config-router-af)# neighbor 192.168.1.2 activate
Device(config-router-af)# neighbor 192.168.3.2 activate
Device(config-router-af)# no auto-summary
Device(config-router-af)# no synchronization
Device(config-router-af)# network 172.17.1.0 mask 255.255.255.0
Device(config-router-af)# exit-address-family