IP Routing Commands

accept-lifetime

To set the time period during which the authentication key on a key chain is received as valid, use the accept-lifetime command in key chain key configuration mode. To revert to the default value, use the no form of this command.

accept-lifetime [ local ] start-time { infinite | end-time | duration seconds }

no accept-lifetime

Syntax Description

local

Specifies the time in local timezone.

start-time

Beginning time that the key specified by the key command is valid to be received. The syntax can be either of the following:

hh : mm : ss month date year

hh : mm : ss date month year

  • hh : Hours

  • mm : Minutes

  • ss : Seconds

  • month : First three letters of the month

  • date : Date (1-31)

  • year : Year (four digits)

The default start time and the earliest acceptable date is January 1, 1993.

infinite

Key is valid to be received from the start-time value on.

end-time

Key is valid to be received from the start-time value until the end-time value. The syntax is the same as that for the start-time value. The end-time value must be after the start-time value. The default end time is an infinite time period.

duration seconds

Length of time (in seconds) that the key is valid to be received. The range is from 1 to 2147483646.

Command Default

The authentication key on a key chain is received as valid forever (the starting time is January 1, 1993, and the ending time is infinite).

Command Modes

Key chain key configuration (config-keychain-key)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Cisco IOS XE Bengaluru 17.5.1

The new range of the duration keyword is from 1 to 2147483646.

Usage Guidelines

Only DRP Agent, Enhanced Interior Gateway Routing Protocol (EIGRP), and Routing Information Protocol ( RIP) Version 2 use key chains.

Specify a start-time value and one of the following values: infinite , end-time , or duration seconds.

We recommend running Network Time Protocol (NTP) or some other time synchronization method if you assign a lifetime to a key.

If the last key expires, authentication will continue and an error message will be generated. To disable authentication, you must manually delete the last valid key.

Examples

The following example configures a key chain named chain1. The key named key1 will be accepted from 1:30 p.m. to 3:30 p.m. and will be sent from 2:00 p.m. to 3:00 p.m. The key named key2 will be accepted from 2:30 p.m. to 4:30 p.m. and will be sent from 3:00 p.m. to 4:00 p.m. The overlap allows for migration of keys or a discrepancy in the set time of the router. There is a 30-minute leeway on each side to handle time differences.

Device(config)# interface GigabitEthernet1/0/1
Device(config-if)# ip rip authentication key-chain chain1
Device(config-if)# ip rip authentication mode md5
Device(config-if)# exit
Device(config)# router rip
Device(config-router)# network 172.19.0.0
Device(config-router)# version 2
Device(config-router)# exit
Device(config)# key chain chain1
Device(config-keychain)# key 1
Device(config-keychain-key)# key-string key1
Device(config-keychain-key)# accept-lifetime 13:30:00 Jan 25 1996 duration 7200
Device(config-keychain-key)# send-lifetime 14:00:00 Jan 25 1996 duration 3600
Device(config-keychain-key)# exit
Device(config-keychain)# key 2
Device(config-keychain)# key-string key2
Device(config-keychain)# accept-lifetime 14:30:00 Jan 25 1996 duration 7200
Device(config-keychain)# send-lifetime 15:00:00 Jan 25 1996 duration 3600

The following example configures a key chain named chain1 for EIGRP address-family. The key named key1 will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The key named key2 will be accepted from 2:30 p.m. to 4:30 p.m. and be sent from 3:00 p.m. to 4:00 p.m. The overlap allows for migration of keys or a discrepancy in the set time of the router. There is a 30-minute leeway on each side to handle time differences.

Device(config)# router eigrp 10
Device(config-router)# address-family ipv4 autonomous-system 4453
Device(config-router-af)# network 10.0.0.0
Device(config-router-af)# af-interface ethernet0/0
Device(config-router-af-interface)# authentication key-chain trees
Device(config-router-af-interface)# authentication mode md5
Device(config-router-af-interface)# exit
Device(config-router-af)# exit
Device(config-router)# exit
Device(config)# key chain chain1
Device(config-keychain)# key 1
Device(config-keychain-key)# key-string key1
Device(config-keychain-key)# accept-lifetime 13:30:00 Jan 25 1996 duration 7200
Device(config-keychain-key)# send-lifetime 14:00:00 Jan 25 1996 duration 3600
Device(config-keychain-key)# exit
Device(config-keychain)# key 2
Device(config-keychain-key)# key-string key2
Device(config-keychain-key)# accept-lifetime 14:30:00 Jan 25 1996 duration 7200
Device(config-keychain-key)# send-lifetime 15:00:00 Jan 25 1996 duration 3600

address-family ipv4 (EIGRP MTR)

To configure the Enhanced Interior Gateway Routing Protocol (EIGRP) for Multitopology Routing (MTR), use the address-family ipv4 command in router configuration mode. To remove the address family from the EIGRP configuration, use the no form of this command.

address-family ipv4 [unicast | multicast | vrf vrf-name] autonomous-system as-number

no address-family ipv4 [unicast | multicast | vrf vrf-name] autonomous-system as-number

Syntax Description

unicast

(Optional) Specifies the unicast subaddress family.

multicast

(Optional) Specifies the multicast subaddress family.

vrf vrf-name

(Optional) Specifies the name of the virtual routing and forwarding (VRF).

autonomous-system as-number

Specifies the autonomous system number.

Command Default

This command is disabled by default.

Command Modes

Router configuration (config-router)

Command History

Release

Modification

Cisco IOS XE Amsterdam 17.3.1

This command was introduced.

Usage Guidelines

The address-family ipv4 command is used to enter router address family or subaddress family configuration mode to configure the exchange of address-family and subaddress-family prefixes.


Note


If Enhanced Routing and Forwarding is not available, the multicast keyword is also not available.


Examples

The following example shows how to configure an IPv4 address family to associate with an MTR topology named VIDEO:


Device> enable
Device# configure terminal
Device(config)# router eigrp mtr
Device(config-router)# address-family ipv4 autonomous-system 5
Device(config-router-af)# topology VIDEO tid 100

address-family ipv6 (OSPF)

To enter the address family configuration mode for configuring routing sessions, such as Open Shortest Path First (OSPF), that uses the standard IPv6 address prefixes, use the address-family ipv6 command in the router configuration mode. To disable the address family configuration mode, use the no form of this command.

address-family ipv6 [unicast ] [vrf vrf-name ]

no address-family ipv6 [unicast ] [vrf vrf-name ]

Syntax Description

unicast

(Optional) Specifies the IPv6 unicast address prefixes.

vrf

(Optional) Specifies all the VPN routing and forwarding (VRF) instance tables or a specific VRF table for an IPv6 address.

vrf-name

(Optional) A specific VRF table for an IPv6 address.

Command Default

IPv6 address prefixes are not enabled. Unicast address prefixes are the default when the IPv6 address prefixes are configured.

Command Modes

Router configuration (config-router)

Command History

Release Modification
Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The address-family ipv6 command places the router in address family configuration mode (prompt: config-router-af), from which you can configure routing sessions that use the standard IPv6 address prefixes.

Examples

The following example shows how to place the router in address family configuration mode:

Device> enable
Device# configure terminal 
Device(config)# router ospfv3 1
Device(config-router)# address-family ipv6 unicast
Device(config-router-af)#

address-family l2vpn

To enter address family configuration mode to configure a routing session using Layer 2 Virtual Private Network (VPN) endpoint provisioning address information, use the address-family l2vpn command in router configuration mode. To remove the Layer 2 VPN address family configuration from the running configuration, use the no form of this command.

address-family l2vpn [evpn | vpls]

no address-family l2vpn [evpn | vpls]

Syntax Description

evpn

(Optional) Specifies L2VPN Ethernet Virtual Private Network (EVPN) endpoint provisioning address information.

vpls

(Optional) Specifies L2VPN Virtual Private LAN Service (VPLS) endpoint provisioning address information.

Command Default

No Layer 2 VPN endpoint provisioning support is enabled.

Command Modes


Router configuration (config-router)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The address-family l2vpn command places the device in address family configuration mode (prompt: config-router-af), from which you can configure routing sessions that support Layer 2 VPN endpoint provisioning.

BGP support for the Layer 2 VPN address family introduces a BGP-based autodiscovery mechanism to distribute Layer 2 VPN endpoint provisioning information. BGP uses a separate Layer 2 VPN routing information base (RIB) to store endpoint provisioning information, which is updated each time any Layer 2 virtual forwarding instance (VFI) is configured. Prefix and path information is stored in the Layer 2 VPN database, allowing BGP to make best-path decisions. When BGP distributes the endpoint provisioning information in an update message to all its BGP neighbors, the endpoint information is used to set up a pseudowire mesh to support Layer 2 VPN-based services.

The BGP autodiscovery mechanism facilitates the setting up of Layer 2 VPN services, which are an integral part of the Cisco IOS Virtual Private LAN Service (VPLS) feature. VPLS enables flexibility in deploying services by connecting geographically dispersed sites as a large LAN over high-speed Ethernet in a robust and scalable IP MPLS network.

The multiprotocol capability for address family Layer 2 VPN EVPN is advertised when the Address Family Identifier (AFI) is enabled under the internal BGP (iBGP) and external BGP (eBGP) neighbors for both IPv4 and IPv6 neighbors.


Note


Routing information for address family IPv4 is advertised by default for each BGP routing session configured with the neighbor remote-as command unless you configure the no bgp default ipv4-unicast command before configuring the neighbor remote-as command.


Examples

In this example, two provider edge (PE) devices are configured with VPLS endpoint provisioning information that includes Layer 2 VFI, VPN, and VPLS IDs. BGP neighbors are configured and activated under Layer 2 VPN address family to ensure that the VPLS endpoint provisioning information is saved to a separate Layer 2 VPN RIB and then distributed to other BGP peers in BGP update messages. When the endpoint information is received by the BGP peers, a pseudowire mesh is set up to support Layer 2 VPN-based services.

Examples

Device> enable
Device# configure terminal
Device(config)# l2 vfi customerA autodiscovery
Device(config-vfi)# vpn id 100
Device(config-vfi)# vpls-id 45000:100
Device(config-vfi)# exit
Device(config)# l2 vfi customerB autodiscovery
Device(config-vfi)# vpn id 200
Device(config-vfi)# vpls-id 45000:200
Device(config-vfi)# exit
Device(config)# router bgp 45000
Device(config-router)# no bgp default ipv4-unicast
Device(config-router)# bgp log-neighbor-changes
Device(config-router)# neighbor 172.16.1.2 remote-as 45000
Device(config-router)# neighbor 172.21.1.2 remote-as 45000
Device(config-router)# address-family l2vpn vpls
Device(config-router-af)# neighbor 172.16.1.2 activate
Device(config-router-af)# neighbor 172.16.1.2 send-community extended
Device(config-router-af)# neighbor 172.21.1.2 activate
Device(config-router-af)# neighbor 172.21.1.2 send-community extended
Device(config-router-af)# end

Examples


Device> enable
Device# configure terminal
Device(config)# l2 vfi customerA autodiscovery
Device(config-vfi)# vpn id 100
Device(config-vfi)# vpls-id 45000:100
Device(config-vfi)# exit
Device(config)# l2 vfi customerB autodiscovery
Device(config-vfi)# vpn id 200
Device(config-vfi)# vpls-id 45000:200
Device(config-vfi)# exit
Device(config)# router bgp 45000
Device(config-router)# no bgp default ipv4-unicast
Device(config-router)# bgp log-neighbor-changes
Device(config-router)# neighbor 172.16.1.1 remote-as 45000
Device(config-router)# neighbor 172.22.1.1 remote-as 45000 
Device(config-router)# address-family l2vpn vpls
Device(config-router-af)# neighbor 172.16.1.1 activate               
Device(config-router-af)# neighbor 172.16.1.1 send-community extended
Device(config-router-af)# neighbor 172.22.1.1 activate               
Device(config-router-af)# neighbor 172.22.1.1 send-community extended
Device(config-router-af)# end

aggregate-address

To create an aggregate entry in a Border Gateway Protocol (BGP) database, use the aggregate-address command in address family or router configuration mode. To disable this function, use the no form of this command.

aggregate-address address mask [as-set] [as-confed-set] [summary-only] [suppress-map map-name] [advertise-map map-name] [attribute-map map-name]

no aggregate-address address mask [as-set] [as-confed-set] [summary-only] [suppress-map map-name] [advertise-map map-name] [attribute-map map-name]

Syntax Description

address

Aggregate address.

mask

Aggregate mask.

as-set

(Optional) Generates autonomous system set path information.

as-confed-set

(Optional) Generates autonomous confederation set path information.

summary-only

(Optional) Filters all more-specific routes from updates.

suppress-map map-name

(Optional) Specifies the name of the route map used to select the routes to be suppressed.

advertise-map map-name

(Optional) Specifies the name of the route map used to select the routes to create AS_SET origin communities.

attribute-map map-name

(Optional) Specifies the name of the route map used to set the attribute of the aggregate route.

Command Default

The atomic aggregate attribute is set automatically when an aggregate route is created with this command unless the as-set keyword is specified.

Command Modes

Address family configuration (config-router-af)

Router configuration (config-router)

Command History

Table 1.

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

You can implement aggregate routing in BGP and Multiprotocol BGP (mBGP) either by redistributing an aggregate route into BGP or mBGP, or by using the conditional aggregate routing feature.

Using the aggregate-address command with no keywords will create an aggregate entry in the BGP or mBGP routing table if any more-specific BGP or mBGP routes are available that fall within the specified range. (A longer prefix that matches the aggregate must exist in the Routing Information Base (RIB).) The aggregate route will be advertised as coming from your autonomous system and will have the atomic aggregate attribute set to show that information might be missing. (By default, the atomic aggregate attribute is set unless you specify the as-set keyword.)

Using the as-set keyword creates an aggregate entry using the same rules that the command follows without this keyword, but the path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized. Do not use this form of the aggregate-address command when aggregating many paths, because this route must be continually withdrawn and updated as autonomous system path reachability information for the summarized routes changes.

Using the as-confed-set keyword creates an aggregate entry using the same rules that the command follows without this keyword. This keyword performs the same function as the as-set keyword, except that it generates autonomous confed set path information.

Using the summary-only keyword not only creates the aggregate route (for example, 192.*.*.*) but also suppresses advertisements of more-specific routes to all neighbors. If you want to suppress only advertisements to certain neighbors, you may use the neighbor distribute-list command, with caution. If a more-specific route leaks out, all BGP or mBGP routers will prefer that route over the less-specific aggregate you are generating (using longest-match routing).

Using the suppress-map keyword creates the aggregate route but suppresses advertisement of specified routes. You can use the match clauses of route maps to selectively suppress some more-specific routes of the aggregate and leave others unsuppressed. IP access lists and autonomous system path access lists match clauses are supported.

Using the advertise-map keyword selects specific routes that will be used to build different components of the aggregate route, such as AS_SET or community. This form of the aggregate-address command is useful when the components of an aggregate are in separate autonomous systems and you want to create an aggregate with AS_SET, and advertise it back to some of the same autonomous systems. You must remember to omit the specific autonomous system numbers from the AS_SET to prevent the aggregate from being dropped by the BGP loop detection mechanism at the receiving router. IP access lists and autonomous system path access lists match clauses are supported.

Using the attribute-map keyword allows attributes of the aggregate route to be changed. This form of the aggregate-address command is useful when one of the routes forming the AS_SET is configured with an attribute such as the community no-export attribute, which would prevent the aggregate route from being exported. An attribute map route map can be created to change the aggregate attributes.

Examples

In the following example, an aggregate BGP address is created in router configuration mode. The path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized.


Device(config)#router bgp 50000 
Device(config-router)#aggregate-address 10.0.0.0 255.0.0.0 as-set 

Examples

In the following example, an aggregate BGP address is created in address family configuration mode and applied to the multicast database under the IP Version 4 address family. Because the summary-only keyword is configured, more-specific routes are filtered from updates.


Device(config)#router bgp 50000 
Device(config-router)#address-family ipv4 multicast 
Device(config-router-af)#aggregate-address 10.0.0.0 255.0.0.0 summary-only 

Examples

In the following example, a route map called MAP-ONE is created to match on an AS-path access list. The path advertised for this route will be an AS_SET consisting of elements contained in paths that are matched in the route map.


Device(config)#ip as-path access-list 1 deny ^1234_ 
Device(config)#ip as-path access-list 1 permit .* 
Device(config)#! 
Device(config)#route-map MAP-ONE 
Device(config-route-map)#match ip as-path 1 
Device(config-route-map)#exit 
Device(config)#router bgp 50000 
Device(config-router)#address-family ipv4 
Device(config-router-af)#aggregate-address 10.0.0.0 255.0.0.0 as-set advertise-map
MAP-ONE 
Router(config-router-af)#end
 

area nssa

To configure a not-so-stubby area ( NSSA), use the area nssa command in router address family topology or router configuration mode. To remove the NSSA distinction from the area, use the no form of this command.

area nssa commandarea area-id nssa [no-redistribution] [default-information-originate [metric] [metric-type]] [no-summary] [nssa-only]

no area area-id nssa [no-redistribution] [default-information-originate [metric] [metric-type]] [no-summary] [nssa-only]

Syntax Description

area-id

Identifier for the stub area or NSSA. The identifier can be specified as either a decimal value or an IP address.

no-redistribution

(Optional) Used when the router is an NSSA Area Border Router (ABR) and you want the redistribute command to import routes only into the normal areas, but not into the NSSA area.

default-information- originate

(Optional) Used to generate a Type 7 default into the NSSA area. This keyword takes effect only on the NSSA ABR or the NSSA Autonomous System Boundary Router (ASBR).

metric

(Optional) Specifies the OSPF default metric.

metric-type

(Optional) Specifies the OSPF metric type for default routes.

no-summary

(Optional) Allows an area to be an NSSA but not have summary routes injected into it.

nssa-only

(Optional) Limits the default advertisement to this NSSA area by setting the propagate (P) bit in the type-7 LSA to zero.

Command Default

No NSSA area is defined.

Command Modes

Router address family topology configuration (config-router-af-topology) Router configuration (config-router)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

To remove the specified area from the software configuration, use the no area area-id command (with no other keywords). That is, the no area area-id command removes all area options, including area authentication , area default-cost , area nssa , area range , area stub , and area virtual-link .

Release 12.2(33)SRB

If you plan to configure the Multi-Topology Routing (MTR) feature, you need to enter the area nssa command in router address family topology configuration mode in order for this OSPF router configuration command to become topology-aware.

Examples

The following example makes area 1 an NSSA area:


router ospf 1
redistribute rip subnets
network 172.19.92.0 0.0.0.255 area 1
area 1 nssa

area virtual-link

To define an Open Shortest Path First (OSPF) virtual link, use the area virtual-link command in router address family topology, router configuration, or address family configuration mode. To remove a virtual link, use the no form of this command.

area area-id virtual-link router-id authentication key-chain chain-name [hello-interval seconds] [retransmit-interval seconds] [transmit-delay seconds] [dead-interval seconds] [ttl-security hops hop-count]

no area area-id virtual-link router-id authentication key-chain chain-name

Syntax Description

Table 2.

area-id

Area ID assigned to the virtual link. This can be either a decimal value or a valid IPv6 prefix. There is no default.

router-id

Router ID associated with the virtual link neighbor. The router ID appears in the show ip ospf or show ipv6 display command. There is no default.

authentication

Enables virtual link authentication.

key-chain

Configures a key-chain for cryptographic authentication keys.

chain-name

Name of the authentication key that is valid.

hello-interval seconds

(Optional) Specifies the time (in seconds) between the hello packets that the Cisco IOS software sends on an interface. The hello interval is an unsigned integer value to be advertised in the hello packets. The value must be the same for all routers and access servers attached to a common network. The range is from 1 to 8192. The default is 10.

retransmit-interval seconds

(Optional) Specifies the time (in seconds) between link-state advertisement (LSA) retransmissions for adjacencies belonging to the interface. The retransmit interval is the expected round-trip delay between any two routers on the attached network. The value must be greater than the expected round-trip delay. The range is from 1 to 8192. The default is 5.

transmit-delay seconds

(Optional) Specifies the estimated time (in seconds) required to send a link-state update packet on the interface. The integer value that must be greater than zero. LSAs in the update packet have their age incremented by this amount before transmission. The range is from 1 to 8192. The default value is 1.

dead-interval seconds

(Optional) Specifies the time (in seconds) that hello packets are not seen before a neighbor declares the router down. The dead interval is an unsigned integer value. The default is four times the hello interval, or 40 seconds. As with the hello interval, this value must be the same for all routers and access servers attached to a common network.

ttl-security hops hop-count

(Optional) Configures Time-to-Live (TTL) security on a virtual link. The hop-count argument range is from 1 to 254.

Command Default

No OSPF virtual link is defined.

Command Modes

Router address family topology configuration (config-router-af-topology)

Router configuration (config-router)

Address family configuration (config-router-af)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

In OSPF, all areas must be connected to a backbone area. A lost connection to the backbone can be repaired by establishing a virtual link.

The shorter the hello interval, the faster topological changes will be detected, but more routing traffic will ensue. The setting of the retransmit interval should be conservative, or needless retransmissions will result. The value should be larger for serial lines and virtual links.

You should choose a transmit delay value that considers the transmission and propagation delays for the interface.

To configure a virtual link in OSPF for IPv6, you must use a router ID instead of an address. In OSPF for IPv6, the virtual link takes the router ID rather than the IPv6 prefix of the remote router.

Use the ttl-security hops hop-count keywords and argument to enable checking of TTL values on OSPF packets from neighbors or to set TTL values sent to neighbors. This feature adds an extra layer of protection to OSPF.


Note


In order for a virtual link to be properly configured, each virtual link neighbor must include the transit area ID and the corresponding virtual link neighbor router ID. To display the router ID, use the show ip ospf or the show ipv6 ospf command in privileged EXEC mode.



Note


To remove the specified area from the software configuration, use the no area area-id command (with no other keywords). That is, the no area area-id command removes all area options, such as area default-cost , area nssa , area range , area stub , and area virtual-link .


Release 12.2(33)SRB

If you plan to configure the Multitopology Routing (MTR) feature, you need to enter the area virtual-link command in router address family topology configuration mode in order for this OSPF router configuration command to become topology-aware.

Examples

The following example establishes a virtual link with default values for all optional parameters:


Device(config)# ipv6 router ospf 1
Device(config)# log-adjacency-changes
Device(config)# area 1 virtual-link 192.168.255.1

The following example establishes a virtual link in OSPF for IPv6:


Device(config)# ipv6 router ospf 1
Device(config)# log-adjacency-changes
Device(config)# area 1 virtual-link 192.168.255.1 hello-interval 5

The following example shows how to configure TTL security for a virtual link in OSPFv3 for IPv6:


Device(config)# router ospfv3 1
Device(config-router)# address-family ipv6 unicast vrf vrf1
Device(config-router-af)# area 1 virtual-link 10.1.1.1 ttl-security hops 10


The following example shows how to configure the authentication using a key chain for virtual-links:


Device(config)# area 1 virtual-link 192.168.255.1 authentication key-chain ospf-chain-1

auto-summary (BGP)

To configure automatic summarization of subnet routes into network-level routes, use the auto-summary command in address family or router configuration mode. To disable automatic summarization and send subprefix routing information across classful network boundaries, use the no form of this command.

auto-summary

no auto-summary

Syntax Description

This command has no arguments or keywords.

Command Default

Automatic summarization is disabled by default (the software sends subprefix routing information across classful network boundaries).

Command Modes

Address family configuration (config-router-af)

Router configuration (config-router)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

BGP automatically summarizes routes to classful network boundaries when this command is enabled. Route summarization is used to reduce the amount of routing information in routing tables. Automatic summarization applies to connected, static, and redistributed routes.


Note


The MPLS VPN Per VRF Label feature does not support auto-summary.


By default, automatic summarization is disabled and BGP accepts subnets redistributed from an Interior Gateway Protocol (IGP). To block subnets and create summary subprefixes to the classful network boundary when crossing classful network boundaries, use the auto-summary command.

To advertise and carry subnet routes in BGP when automatic summarization is enabled, use an explicit network command to advertise the subnet. The auto-summary command does not apply to routes injected into BGP via the network command or through iBGP or eBGP.

Why auto-summary for BGP Is Disabled By Default

When auto-summary is enabled, routes injected into BGP via redistribution are summarized on a classful boundary. Remember that a 32-bit IP address consists of a network address and a host address. The subnet mask determines the number of bits used for the network address and the number of bits used for the host address. The IP address classes have a natural or standard subnet mask, as shown in the table below.

Table 3. IP Address Classes

Class

Address Range

Standard Mask

A

1.0.0.0 to 126.0.0.0

255.0.0.0 or /8

B

128.1.0.0 to 191.254.0.0

255.255.0.0 or /16

C

192.0.1.0 to 223.255.254.0

255.255.255.0 or /24

Reserved addresses include 128.0.0.0, 191.255.0.0, 192.0.0.0, and 223.255.255.0.

When using the standard subnet mask, Class A addresses have one octet for the network, Class B addresses have two octets for the network, and Class C addresses have three octets for the network.

Consider the Class B address 156.26.32.1 with a 24-bit subnet mask, for example. The 24-bit subnet mask selects three octets, 156.26.32, for the network. The last octet is the host address. If the network 156.26.32.1/24 is learned via an IGP and is then redistributed into BGP, if auto-summary were enabled, the network would be automatically summarized to the natural mask for a Class B network. The network that BGP would advertise is 156.26.0.0/16. BGP would be advertising that it can reach the entire Class B address space from 156.26.0.0 to 156.26.255.255. If the only network that can be reached via the BGP router is 156.26.32.0/24, BGP would be advertising 254 networks that cannot be reached via this router. This is why the auto-summary (BGP) command is disabled by default.

Examples

In the following example, automatic summarization is enabled for IPv4 address family prefixes:


Device(config)#router bgp 50000
 
Device(config-router)#address-family ipv4 unicast
 
Device(config-router-af)#auto-summary
 
Device(config-router-af)#network 7.7.7.7 255.255.255.255

In the example, there are different subnets, such as 7.7.7.6 and 7.7.7.7 on Loopback interface 6 and Loopback interface 7, respectively. Both auto-summary and a network command are configured.


Device#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
Ethernet0/0            100.0.1.7       YES NVRAM  up                    up      
Ethernet0/1            unassigned      YES NVRAM  administratively down down    
Ethernet0/2            unassigned      YES NVRAM  administratively down down    
Ethernet0/3            unassigned      YES NVRAM  administratively down down    
Ethernet1/0            108.7.9.7       YES NVRAM  up                    up      
Ethernet1/1            unassigned      YES NVRAM  administratively down down    
Ethernet1/2            unassigned      YES NVRAM  administratively down down    
Ethernet1/3            unassigned      YES NVRAM  administratively down down    
Loopback6              7.7.7.6         YES NVRAM  up                    up      
Loopback7              7.7.7.7         YES NVRAM  up                    up      

Note that in the output below, because of the auto-summary command, the BGP routing table displays the summarized route 7.0.0.0 instead of 7.7.7.6. The 7.7.7.7/32 network is displayed because it was configured with the network command, which is not affected by the auto-summary command.


Device#show ip bgp
BGP table version is 10, local router ID is 7.7.7.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*> 6.6.6.6/32       100.0.1.6                0             0 6 i
*> 7.0.0.0          0.0.0.0                  0         32768 ?   <-- summarization
*> 7.7.7.7/32       0.0.0.0                  0         32768 i   <-- network command
r>i9.9.9.9/32       108.7.9.9                0    100      0 i
*> 100.0.0.0        0.0.0.0                  0         32768 ?
r> 100.0.1.0/24     100.0.1.6                0             0 6 ?
*> 108.0.0.0        0.0.0.0                  0         32768 ?
r>i108.7.9.0/24     108.7.9.9                0    100      0 ?
*>i200.0.1.0        108.7.9.9 

authentication (BFD)

To configure authentication in a Bidirectional Forwarding Detection (BFD) template for single hop sessions, use the authentication command in BFD configuration mode. To disable authentication in BFD template for single-hop sessions, use the no form of this command

authentication authentication-type keychain keychain-name

no authentication authentication-type keychain keychain-name

Syntax Description

authentication-type

Authentication type. Valid values are md5, meticulous-md5, meticulous-sha1, and sha-1.

keychain keychain-name

Configures an authentication key chain with the specified name. The maximum number of characters allowed in the name is 32.

Command Default

Authentication in BFD template for single hop sessions is not enabled.

Command Modes

BFD configuration (config-bfd)

Command History

Release Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

You can configure authentication in single hop templates. We recommend that you configure authentication to enhance security. Authentication must be configured on each BFD source-destination pair, and authentication parameters must match on both devices.

Examples

The following example shows how to configure authentication for the template1 BFD single-hop template:


Device>enable
Device#configuration terminal
Device(config)#bfd-template single-hop template1
Device(config-bfd)#authentication sha-1 keychain bfd-singlehop

bfd

To set the baseline Bidirectional Forwarding Detection (BFD) session parameters on an interface, use the bfd interface configuration mode. To remove the baseline BFD session parameters, use the no form of this command

bfd interval milliseconds min_rx milliseconds multiplier multiplier-value

no bfd interval milliseconds min_rx milliseconds multiplier multiplier-value

Syntax Description

interval milliseconds

Specifies the rate, in milliseconds, at which BFD control packets will be sent to BFD peers. The valid range for the milliseconds argument is from 50 to 9999.

min_rx milliseconds

Specifies the rate, in milliseconds, at which BFD control packets will be expected to be received from BFD peers. The valid range for the milliseconds argument is from 50 to 9999.

multiplier multiplier-value

Specifies the number of consecutive BFD control packets that must be missed from a BFD peer before BFD declares that the peer is unavailable and the Layer 3 BFD peer is informed of the failure. The valid range for the multiplier-valueargument is from 3 to 50.

Command Default

No baseline BFD session parameters are set.

Command Modes

Interface configuration (config-if)

Command History

Release Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The bfd command can be configured on SVI, Ethernet and port-channel interfaces.

If BFD runs on a port channel interface, BFD has a timer value restriction of 750 * 3 milliseconds.

The bfd interval configuration is not removed when:

  • an IPv4 address is removed from an interface

  • an IPv6 address is removed from an interface

  • IPv6 is disabled from an interface

  • an interface is shutdown

  • IPv4 CEF is disabled globally or locally on an interface

  • IPv6 CEF is disabled globally or locally on an interface

The bfd interval configuration is removed when the subinterface on which its is configured is removed.


Note


If we configure bfd interval command in interface config mode, then bfd echo mode is enabled by default. We need to enable either no ip redirect (if BFD echo is needed) or no bfd echo in interface config mode.

Before using BFD echo mode, you must disable sending Internet Control Message Protocol (ICMP) redirect messages by entering the no ip redirect command, in order to avoid high CPU utilization.


Examples

The following example shows the BFD session parameters set for Gigabit Ethernet 1/0/3:

Device>enable
Device#configuration terminal
Device(config)#interface gigabitethernet 1/0/3
Device(config-if)#bfd interval 100 min_rx 100 multiplier 3

bfd all-interfaces

To enable Bidirectional Forwarding Detection (BFD) for all interfaces participating in the routing process, use the bfd all-interfaces command in router configuration or address family interface configuration mode. To disable BFD for all neighbors on a single interface, use the no form of this command

bfd all-interfaces

no bfd all-interfaces

Syntax Description

This command has no arguments or keywords.

Command Default

BFD is disabled on the interfaces participating in the routing process.

Command Modes

Router configuration (config-router)

Command History

Release Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

To enable BFD for all interfaces, enter the bfd all-interfaces command in router configuration mode

Examples

The following example shows how to enable BFD for all Enhanced Interior Gateway Routing Protocol (EIGRP) neighbors:

Device>enable
Device#configuration terminal
Device(config)#router eigrp 123
Device(config-router)#bfd all-interfaces
Device(config-router)#end

The following example shows how to enable BFD for all Intermediate System-to-Intermediate System (IS-IS) neighbors:

Device> enable
Device#configuration terminal
Device(config)#router isis tag1
Device(config-router)#bfd all-interfaces
Device(config-router)#end

bfd check-ctrl-plane-failure

To enable Bidirectional Forwarding Detection (BFD) control plane failure checking for the Intermediate System-to-Intermediate System (IS-IS) routing protocol, use the bfd check-control-plane-failure command in router configuration mode. To disable control plane failure detection, use the no form of this command

bfd check-ctrl-plane-failure

no bfd check-ctrl-plane-failure

Syntax Description

This command has no arguments or keywords.

Command Default

BFD control plane failure checking is disabled.

Command Modes

Router configuration (config-router)

Command History

Release Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The bfd check-ctrl-plane-failure command can be configured for an IS-IS routing process only. The command is not supported on other protocols.

When a switch restarts, a false BFD session failure can occur, where neighboring routers behave as if a true forwarding failure has occurred. However, if the bfd check-ctrl-plane-failure command is enabled on a switch, the router can ignore control plane related BFD session failures. We recommend that you add this command to the configuration of all neighboring routers just prior to a planned router restart, and that you remove the command from all neighboring routers when the restart is complete.

Examples

The following example enables BFD control plane failure checking for the IS-IS routing protocol:

Device>enable
Device#configuration terminal
Device(config)#router isis
Device(config-router)#bfd check-ctrl-plane-failure
Device(config-router)#end

bfd echo

To enable Bidirectional Forwarding Detection (BFD) echo mode, use the bfd echo command in interface configuration mode. To disable BFD echo mode, use the no form of this command

bfd echo

no bfd echo

Syntax Description

This command has no arguments or keywords.

Command Default

BFD echo mode is enabled by default if BFD is configured using bfd interval command in interface configuration mode.

Command Modes

Interface configuration (config-if)

Command History

Release Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Echo mode is enabled by default. Entering the no bfd echo command without any keywords turns off the sending of echo packets and signifies that the switch is unwilling to forward echo packets received from BFD neighbor switches.

When echo mode is enabled, the desired minimum echo transmit interval and required minimum transmit interval values are taken from the bfd interval milliseconds min_rx milliseconds parameters, respectively.


Note


Before using BFD echo mode, you must disable sending Internet Control Message Protocol (ICMP) redirect messages by entering the no ip redirects command, in order to avoid high CPU utilization.


Examples

The following example configures echo mode between BFD neighbors:

Device>enable
Device#configuration terminal
Device(config)#interface GigabitEthernet 1/0/3
Device(config-if)#bfd echo

The following output from the show bfd neighbors details command shows that the BFD session neighbor is up and using BFD echo mode. The relevant command output is shown in bold in the output.

Device#show bfd neighbors details
OurAddr      NeighAddr   LD/RD  RH/RS  Holdown(mult) State Int
172.16.1.2   172.16.1.1  1/6    Up     0 (3 )        Up    Fa0/1
Session state is UP and using echo function with 100 ms interval.
Local Diag: 0, Demand mode: 0, Poll bit: 0
MinTxInt: 1000000, MinRxInt: 1000000, Multiplier: 3
Received MinRxInt: 1000000, Received Multiplier: 3
Holdown (hits): 3000(0), Hello (hits): 1000(337)
Rx Count: 341, Rx Interval (ms) min/max/avg: 1/1008/882 last: 364 ms ago
Tx Count: 339, Tx Interval (ms) min/max/avg: 1/1016/886 last: 632 ms ago
Registered protocols: EIGRP
Uptime: 00:05:00
Last packet: Version: 1            - Diagnostic: 0
             State bit: Up         - Demand bit: 0
             Poll bit: 0           - Final bit: 0
             Multiplier: 3         - Length: 24
             My Discr.: 6          - Your Discr.: 1
             Min tx interval: 1000000   - Min rx interval: 1000000
             Min Echo interval: 50000

bfd slow-timers

To configure the Bidirectional Forwarding Detection (BFD) slow timers value, use the bfd slow-timers command in interface configuration mode. To change the slow timers used by BFD, use the no form of this command

bfd slow-timers [ milliseconds]

no bfd slow-timers

Command Default

The BFD slow timer value is 1000 milliseconds

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Examples

The following example shows how to configure the BFD slow timers value to 14,000 milliseconds:

Device(config)#bfd slow-timers 14000

The following output from the show bfd neighbors details command shows that the BFD slow timers value of 14,000 milliseconds has been implemented. The values for the MinTxInt and MinRxInt will correspond to the configured value for the BFD slow timers. The relevant command output is shown in bold.

Device#show bfd neighbors details
OurAddr      NeighAddr   LD/RD  RH/RS  Holdown(mult) State Int
172.16.1.2   172.16.1.1  1/6    Up     0 (3 )        Up    Fa0/1
Session state is UP and using echo function with 100 ms interval.
Local Diag: 0, Demand mode: 0, Poll bit: 0
MinTxInt: 14000, MinRxInt: 14000, Multiplier: 3
Received MinRxInt: 1000000, Received Multiplier: 3
Holdown (hits): 3600(0), Hello (hits): 1200(337)
Rx Count: 341, Rx Interval (ms) min/max/avg: 1/1008/882 last: 364 ms ago
Tx Count: 339, Tx Interval (ms) min/max/avg: 1/1016/886 last: 632 ms ago
Registered protocols: EIGRP
Uptime: 00:05:00
Last packet: Version: 1            - Diagnostic: 0
             State bit: Up         - Demand bit: 0
             Poll bit: 0           - Final bit: 0
             Multiplier: 3         - Length: 24
             My Discr.: 6          - Your Discr.: 1
             Min tx interval: 1000000   - Min rx interval: 1000000
             Min Echo interval: 50000


Note


  • If the BFD session is down, then the BFD control packets will be sent with the slow timer interval.

  • If the BFD session is up, then if echo is enabled, then BFD control packets will be sent in negotiated slow timer interval and echo packets will be sent in negotiated configured BFD interval. If echo is not enabled, then BFD control packets will be sent in negotiated configured interval.


bfd template

To create a Bidirectional Forwarding Detection (BFD) template and to enter BFD configuration mode, use the bfd-template command in global configuration mode. To remove a BFD template, use the no form of this command

bfd template template-name

no bfd template template-name

Command Default

A BFD template is not bound to an interface.

Command Modes

Interface configuration (config-if)

Command History

Release Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Even if you have not created the template by using the bfd-template command, you can configure the name of the template under an interface, but the template is considered invalid until you define the template. You do not have to reconfigure the template name again. It becomes valid automatically.

Examples

Device> enable
Device#configuration terminal
Device(config)#interface Gigabitethernet 1/3/0
Device(config-if)#bfd template template1

bfd-template single-hop

To bind a single hop Bidirectional Forwarding Detection (BFD) template to an interface, use the bfd template command in interface configuration mode. To unbind single-hop BFD template from an interface, use the no form of this command

bfd-template single-hop template-name

no bfd-template single-hop template-name

Syntax Description

single-hop

Creates the single-hop BFD template.

template-name

Template name.

Command Default

A BFD template does not exist.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The bfd-template command allows you to create a BFD template and places the device in BFD configuration mode. The template can be used to specify a set of BFD interval values. BFD interval values specified as part of the BFD template are not specific to a single interface.

Examples

The following example shows how to create a BFD template and specify BFD interval values:


Device>enable
Device#configuration terminal
Device(config)#bfd-template single-hop node1
Device(bfd-config)#interval min-tx 100 min-rx 100 multiplier 3
Device(bfd-config)#echo

The following example shows how to create a BFD single-hop template and configure BFD interval values and an authentication key chain:

Device> enable
Device#configuration terminal
Device(config)#bfd-template single-hop template1
Device(bfd-config)#interval min-tx 200 min-rx 200 multiplier 3
Device(bfd-config)#authentication keyed-sha-1 keychain bfd_singlehop

Note


BFD echo is not enabled by default in the bfd-template configuration. This needs to configured explicitly.


bgp graceful-restart

To enable the Border Gateway Protocol (BGP) graceful restart capability globally for all BGP neighbors, use the bgp graceful-restart command in address family or in router configuration mode. To disable the BGP graceful restart capability globally for all BGP neighbors, use the no form of this command.

bgp graceful-restart [extended | restart-time seconds | stalepath-time seconds] [all]

no bgp graceful-restart

Syntax Description

extended

(Optional) Enables BGP graceful restart extension.

restart-time seconds

(Optional) Sets the maximum time period that the local router will wait for a graceful-restart-capable neighbor to return to normal operation after a restart event occurs. The default value for this argument is 120 seconds. The configurable range of values is from 1 to 3600 seconds.

stalepath-time seconds

(Optional) Sets the maximum time period that the local router will hold stale paths for a restarting peer. All stale paths are deleted after this timer expires. The default value for this argument is 360 seconds. The configurable range of values is from 1 to 3600 seconds

all

(Optional) Enables BGP graceful restart capability for all address family modes.

Command Default

The following default values are used when this command is entered without any keywords or arguments:

restart-time : 120 seconds stalepath-time : 360 seconds


Note


Changing the restart and stalepath timer values is not required to enable the BGP graceful restart capability. The default values are optimal for most network deployments, and these values should be adjusted only by an experienced network operator.

Command Modes

Address-family configuration (config-router-af)

Router configuration (config-router)

Command History

Table 4.

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The bgp graceful-restart command is used to enable or disable the graceful restart capability globally for all BGP neighbors in a BGP network. The graceful restart capability is negotiated between nonstop forwarding (NSF)-capable and NSF-aware peers in OPEN messages during session establishment. If the graceful restart capability is enabled after a BGP session has been established, the session will need to be restarted with a hard reset.

The graceful restart capability is supported by NSF-capable and NSF-aware routers. A router that is NSF-capable can perform a stateful switchover (SSO) operation (graceful restart) and can assist restarting peers by holding routing table information during the SSO operation. A router that is NSF-aware functions like a router that is NSF-capable but cannot perform an SSO operation.

The BGP graceful restart capability is enabled by default when a supporting version of Cisco IOS software is installed. The default timer values for this feature are optimal for most network deployments. We recommend that they are adjusted only by experienced network operators. When adjusting the timer values, the restart timer should not be set to a value greater than the hold time that is carried in the OPEN message. If consecutive restart operations occur, routes (from a restarting router) that were previously marked as stale will be deleted.


Note


Changing the restart and stalepath timer values is not required to enable the BGP graceful restart capability. The default values are optimal for most network deployments, and these values should be adjusted only by an experienced network operator.

Examples

In the following example, the BGP graceful restart capability is enabled:


Device#configure terminal
Device(config)#router bgp 65000
Device(config-router)#bgp graceful-restart

In the following example, the restart timer is set to 130 seconds:


Device#configure terminal
Device(config)#router bgp 65000
Device(config-router)#bgp graceful-restart restart-time 130 

In the following example, the stalepath timer is set to 350 seconds:


Device#configure terminal
Device(config)#router bgp 65000
Device(config-router)#bgp graceful-restart stalepath-time 350

In the following example, the extended keyword is used:


Device#configure terminal
Device(config)#router bgp 65000
Device(config-router)#bgp graceful-restart extended

clear proximity ip bgp

To reset Border Gateway Protocol (BGP) connections using hard or soft reconfiguration, use the clear proximity ip bgp command in privileged EXEC mode.

clear proximity ip bgp {* | all | autonomous-system-number | neighbor-address | peer-group group-name} [in [prefix-filter] | out | slow | soft [in [prefix-filter] | out | slow]]

Syntax Description

*

Specifies that all current BGP sessions will be reset.

all

(Optional) Specifies the reset of all address family sessions.

autonomous-system-number

Number of the autonomous system in which all BGP peer sessions will be reset. Number in the range from 1 to 65535.

  • In Cisco IOS Release 12.0(32)SY8, 12.0(33)S3, 12.2(33)SRE, 12.2(33)XNE, 12.2(33)SXI1, Cisco IOS XE Release 2.4, and later releases, 4-byte autonomous system numbers are supported in the range from 65536 to 4294967295 in asplain notation and in the range from 1.0 to 65535.65535 in asdot notation.

  • In Cisco IOS Release 12.0(32)S12, 12.4(24)T, and Cisco IOS XE Release 2.3, 4-byte autonomous system numbers are supported in the range from 1.0 to 65535.65535 in asdot notation only.

For more details about autonomous system number formats, see the router bgp command.

neighbor-address

Specifies that only the identified BGP neighbor will be reset. The value for this argument can be an IPv4 or IPv6 address.

peer-group group-name

Specifies that only the identified BGP peer group will be reset.

in

(Optional) Initiates inbound reconfiguration. If neither the in nor out keywords are specified, both inbound and outbound sessions are reset.

prefix-filter

(Optional) Clears the existing outbound route filter (ORF) prefix list to trigger a new route refresh or soft reconfiguration, which updates the ORF prefix list.

out

(Optional) Initiates inbound or outbound reconfiguration. If neither the in nor out keywords are specified, both inbound and outbound sessions are reset.

slow

(Optional) Clears slow-peer status forcefully and moves it to original update group.

soft

(Optional) Initiates a soft reset. Does not tear down the session.

Command Modes


Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Theclearproximity ip bgp command can be used to initiate a hard reset or soft reconfiguration. A hard reset tears down and rebuilds the specified peering sessions and rebuilds the BGP routing tables. A soft reconfiguration uses stored prefix information to reconfigure and activate BGP routing tables without tearing down existing peering sessions. Soft reconfiguration uses stored update information, at the cost of additional memory for storing the updates, to allow you to apply new BGP policy without disrupting the network. Soft reconfiguration can be configured for inbound or outbound sessions.


Note


Due to the complexity of some of the keywords available for the clear proximityip bgp command, some of the keywords are documented as separate commands. All of the complex keywords that are documented separately start with clear ip bgp . For example, for information on resetting BGP connections using hard or soft reconfiguration for all BGP neighbors in IPv4 address family sessions, refer to the clear ip bgp ipv4 command.


Generating Updates from Stored Information

To generate new inbound updates from stored update information (rather than dynamically) without resetting the BGP session, you must preconfigure the local BGP router using the neighbor soft-reconfiguration inbound command. This preconfiguration causes the software to store all received updates without modification regardless of whether an update is accepted by the inbound policy. Storing updates is memory intensive and should be avoided if possible.

Outbound BGP soft configuration has no memory overhead and does not require any preconfiguration. You can trigger an outbound reconfiguration on the other side of the BGP session to make the new inbound policy take effect.

Use this command whenever any of the following changes occur:

  • Additions or changes to the BGP-related access lists

  • Changes to BGP-related weights

  • Changes to BGP-related distribution lists

  • Changes to BGP-related route maps

Dynamic Inbound Soft Reset

The route refresh capability, as defined in RFC 2918, allows the local router to reset inbound routing tables dynamically by exchanging route refresh requests to supporting peers. The route refresh capability does not store update information locally for non-disruptive policy changes. It instead relies on dynamic exchange with supporting peers. Route refresh is advertised through BGP capability negotiation. All BGP routers must support the route refresh capability.

To determine if a BGP router supports this capability, use the show ip bgp neighbors command. The following message is displayed in the output when the router supports the route refresh capability:


Received route refresh capability from peer.

If all BGP routers support the route refresh capability, use the clear proximityip bgp command with the in keyword. You need not use the soft keyword, because soft reset is automatically assumed when the route refresh capability is supported.


Note


After configuring a soft reset (inbound or outbound), it is normal for the BGP routing process to hold memory. The amount of memory that is held depends on the size of routing tables and the percentage of the memory chunks that are utilized. Partially used memory chunks will be used or released before more memory is allocated from the global router pool.


Examples

In the following example, a soft reconfiguration is initiated for the inbound session with the neighbor 10.100.0.1, and the outbound session is unaffected:


Device#clear proximity ip bgp 10.100.0.1 soft in

In the following example, the route refresh capability is enabled on the BGP neighbor routers and a soft reconfiguration is initiated for the inbound session with the neighbor 172.16.10.2, and the outbound session is unaffected:


Device#clear proximity ip bgp 172.16.10.2 in

In the following example, a hard reset is initiated for sessions with all routers in the autonomous system numbered 35700:


Device#clear proximity ip bgp 35700

In the following example, a hard reset is initiated for sessions with all routers in the 4-byte autonomous system numbered 65538 in asplain notation. This example requires Cisco IOS Release 12.0(32)SY8, 12.0(33)S3, 12.2(33)SRE, 12.2(33)XNE, 12.2(33)SXI1, Cisco IOS XE Release 2.4, or a later release.


Device#clear proximity ip bgp 65538

In the following example, a hard reset is initiated for sessions with all routers in the 4-byte autonomous system numbered 1.2 in asdot notation. This example requires Cisco IOS Release 12.0(32)SY8, 12.0(32)S12, 12.2(33)SRE, 12.2(33)XNE, 12.2(33)SXI1, 12.4(24)T, and Cisco IOS XE Release 2.3, or a later release.


Device#clear proximity ip bgp 1.2

default-information originate (OSPF)

To generate a default external route into an Open Shortest Path First (OSPF) routing domain, use the default-information originate command in router configuration or router address family topology configuration mode. To disable this feature, use the no form of this command.

default-information originate [always] [metric metric-value] [metric-type type-value] [route-map map-name]

no default-information originate [always] [metric metric-value] [metric-type type-value] [route-map map-name]

Syntax Description

always

(Optional) Always advertises the default route regardless of whether the software has a default route.

Note

 

The always keyword includes the following exception when the route map is used. When a route map is used, the origination of the default route by OSPF is not bound to the existence of a default route in the routing table and the always keyword is ignored.

metric metric-value

(Optional) Metric used for generating the default route. If you omit a value and do not specify a value using the default-metric router configuration command, the default metric value is 10. The value used is specific to the protocol.

metric-type type-value

(Optional) External link type associated with the default route that is advertised into the OSPF routing domain. It can be one of the following values:

  • Type 1 external route.

  • Type 2 external route.

The default is type 2 external route.

route-map map-name

(Optional) The routing process will generate the default route if the route map is satisfied.

Command Default

This command is disabled by default. No default external route is generated into the OSPF routing domain.

Command Modes

Router configuration (config-router) Router address family topology configuration (config-router-af-topology)

Command History

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Whenever you use the redistribute or the default-information router configuration command to redistribute routes into an OSPF routing domain, the Cisco IOS software automatically becomes an Autonomous System Boundary Router (ASBR). However, an ASBR does not, by default, generate a default route into the OSPF routing domain. The software must still have a default route for itself before it generates one, except when you have specified the always keyword.

When a route map is used, the origination of the default route by OSPF is not bound to the existence of a default route in the routing table.

Release 12.2(33)SRB

If you plan to configure the Multi-Topology Routing (MTR) feature, you need to enter the default-information originate command in router address family topology configuration mode in order for this OSPF router configuration command to become topology-aware.

Examples

The following example specifies a metric of 100 for the default route that is redistributed into the OSPF routing domain and specifies an external metric type of 1:


router ospf 109
redistribute eigrp 108 metric 100 subnets
default-information originate metric 100 metric-type 1

default-metric (BGP)

To set a default metric for routes redistributed into Border Gateway Protocol (BGP), use the default-metric command in address family or router configuration mode. To remove the configured value and return BGP to default operation, use the no form of this command.

default-metric number

no default-metric number

Syntax Description

number

Default metric value applied to the redistributed route. The range of values for this argument is from 1 to 4294967295.

Command Default

The following is default behavior if this command is not configured or if the no form of this command is entered:

  • The metric of redistributed interior gateway protocol (IGP) routes is set to a value that is equal to the interior BGP (iBGP) metric.

  • The metric of redistributed connected and static routes is set to 0.

When this command is enabled, the metric for redistributed connected routes is set to 0.

Command Modes

Address family configuration (config-router-af)

Router configuration (config-router)

Command History

Table 6.

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The default-metric command is used to set the metric value for routes redistributed into BGP and can be applied to any external BGP (eBGP) routes received and subsequently advertised internally to iBGP peers.

This value is the Multi Exit Discriminator (MED) that is evaluated by BGP during the best path selection process. The MED is a non-transitive value that is processed only within the local autonomous system and adjacent autonomous systems. The default metric is not set if the received route has a MED value.


Note


When enabled, the default-metric command applies a metric value of 0 to redistributed connected routes. The default-metric command does not override metric values that are applied with the redistribute command.


Examples

In the following example, a metric of 1024 is set for routes redistributed into BGP from OSPF:


Device(config)#router bgp 50000 
Device(config-router)#address-family ipv4 unicast
 
Device(config-router-af)#default-metric 1024 
Device(config-router-af)#redistribute ospf 10 
Device(config-router-af)#end

In the following configuration and output examples, a metric of 300 is set for eBGP routes received and advertised internally to an iBGP peer.


Device(config)#router bgp 65501
Device(config-router)#no synchronization
Device(config-router)#bgp log-neighbor-changes
Device(config-router)#network 172.16.1.0 mask 255.255.255.0
Device(config-router)#neighbor 172.16.1.1 remote-as 65501
Device(config-router)#neighbor 172.16.1.1 soft-reconfiguration inbound
Device(config-router)#neighbor 192.168.2.2 remote-as 65502
Device(config-router)#neighbor 192.168.2.2 soft-reconfiguration inbound
Device(config-router)#default-metric 300
Device(config-router)#no auto-summary

After the above configuration, some routes are received from the eBGP peer at 192.168.2.2 as shown in the output from the show ip bgp neighbors received-routes command.


Device#show ip bgp neighbors 192.168.2.2 received-routes
 
BGP table version is 7, local router ID is 192.168.2.1 
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*> 172.17.1.0/24    192.168.2.2                            0 65502 i

After the received routes from the eBGP peer at 192.168.2.2 are advertised internally to iBGP peers, the output from the show ip bgp neighbors received-routes command shows that the metric (MED) has been set to 300 for these routes.


Device#show ip bgp neighbors 172.16.1.2 received-routes
BGP table version is 2, local router ID is 172.16.1.1 
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
* i172.16.1.0/24    172.16.1.2               0    100      0 i
* i172.17.1.0/24    192.168.2.2            300    100      0 65502 i
Total number of prefixes 2

distance (OSPF)

To define an administrative distance, use the distance command in router configuration mode or VRF configuration mode. To remove the distance command and restore the system to its default condition, use the no form of this command.

distance weight [ip-address wildcard-mask [access-list name]]

no distance weight ip-address wildcard-mask [access-list-name]

Syntax Description

weight

Administrative distance. Range is 10 to 255. Used alone, the weight argument specifies a default administrative distance that the software uses when no other specification exists for a routing information source. Routes with a distance of 255 are not installed in the routing table. The table in the “Usage Guidelines” section lists the default administrative distances.

ip-address

(Optional) IP address in four-part dotted-decimal notation.

wildcard-mask

(Optional) Wildcard mask in four-part, dotted-decimal format. A bit set to 1 in the wildcard-mask argument instructs the software to ignore the corresponding bit in the address value.

access-list-name

(Optional) Name of an IP access list to be applied to incoming routing updates.

Command Default

If this command is not specified, the administrative distance is the default. The table in the “Usage Guidelines” section lists the default administrative distances.

Command Modes

Router configuration (config-router)

VRF configuration (config-vrf)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the appropriate task IDs. If the user group assignment is preventing you from using a command contact your AAA administrator for assistance.

An administrative distance is an integer from 10 to 255. In general, the higher the value, the lower the trust rating. An administrative distance of 255 means that the routing information source cannot be trusted at all and should be ignored. Weight values are subjective; no quantitative method exists for choosing weight values.

If an access list is used with this command, it is applied when a network is being inserted into the routing table. This behavior allows you to filter networks based on the IP prefix supplying the routing information. For example, you could filter possibly incorrect routing information from networking devices not under your administrative control.

The order in which you enter distance commands can affect the assigned administrative distances, as shown in the “Examples” section. The following table lists default administrative distances.

Table 7. Default Administrative Distances

Rate Source

Default Distance

Connected interface

0

Static route out on interface

0

Static route to next hop

1

EIGRP summary route

5

External BGP

20

Internal EIGRP

90

OSPF

110

IS-IS

115

RIP version 1 and 2

120

External EIGRP

170

Internal BGP

200

Unknown

255

Task ID

Task ID

Operations

ospf

read, write

Examples

In the following example, the router ospf command sets up Open Shortest Path First (OSPF) routing instance 1. The first distance command sets the default administrative distance to 255, which instructs the software to ignore all routing updates from networking devices for which an explicit distance has not been set. The second distance command sets the administrative distance for all devices on the network 192.168.40.0 to 90.


Device#configure terminal
Device(config)#router ospf 1
Device(config-ospf)#distance 255
Device(config-ospf)#distance 90 192.168.40.0 0.0.0.255

eigrp log-neighbor-changes

To enable the logging of changes in Enhanced Interior Gateway Routing Protocol (EIGRP) neighbor adjacencies, use the eigrp log-neighbor-changes command in router configuration mode, address-family configuration mode, or service-family configuration mode. To disable the logging of changes in EIGRP neighbor adjacencies, use the no form of this command.

eigrp log-neighbor-changes

no eigrp log-neighbor-changes

Syntax Description

This command has no arguments or keywords.

Command Default

Adjacency changes are logged.

Command Modes

Router configuration (config-router) Address-family configuration (config-router-af) Service-family configuration (config-router-sf)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

This command enables the logging of neighbor adjacency changes to monitor the stability of the routing system and to help detect problems. Logging is enabled by default. To disable the logging of neighbor adjacency changes, use the no form of this command.

To enable the logging of changes for EIGRP address-family neighbor adjacencies, use the eigrp log-neighbor-changes command in address-family configuration mode.

To enable the logging of changes for EIGRP service-family neighbor adjacencies, use the eigrp log-neighbor-changes command in service-family configuration mode.

Examples

The following configuration disables logging of neighbor changes for EIGRP process 209:


Device(config)# router eigrp 209
Device(config-router)# no eigrp log-neighbor-changes

The following configuration enables logging of neighbor changes for EIGRP process 209:


Device(config)# router eigrp 209
Device(config-router)# eigrp log-neighbor-changes

The following example shows how to disable logging of neighbor changes for EIGRP address-family with autonomous-system 4453:


Device(config)# router eigrp virtual-name
Device(config-router)# address-family ipv4 autonomous-system 4453 
Device(config-router-af)# no eigrp log-neighbor-changes
Device(config-router-af)# exit-address-family

The following configuration enables logging of neighbor changes for EIGRP service-family process 209:


Device(config)# router eigrp 209
Device(config-router)# service-family ipv4 autonomous-system 4453 
Device(config-router-sf)# eigrp log-neighbor-changes
Device(config-router-sf)# exit-service-family

eigrp log-neighbor-warnings

To enable the logging of Enhanced Interior Gateway Routing Protocol (EIGRP) neighbor warning messages, use the eigrp log-neighbor-warnings command in router configuration mode, address-family configuration mode, or service-family configuration mode. To disable the logging of EIGRP neighbor warning messages, use the no form of this command.

eigrp log-neighbor-warnings [seconds]

no eigrp log-neighbor-warnings

Syntax Description

seconds

(Optional) The time interval (in seconds) between repeated neighbor warning messages. The range is from 1 to 65535. The default is 10.

Command Default

Neighbor warning messages are logged at 10-second intervals.

Command Modes

Router configuration (config-router) Address-family configuration (config-router-af) Service-family configuration (config-router-sf)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

When neighbor warning messages occur, they are logged by default. With this command, you can disable and enable neighbor warning messages, and you can configure the interval between repeated neighbor warning messages.

To enable the logging of warning messages for an EIGRP address family, use the eigrp log-neighbor-warnings command in address-family configuration mode.

To enable the logging of warning messages for an EIGRP service family, use the eigrp log-neighbor-warnings command in service-family configuration mode.

Examples

The following command will log neighbor warning messages for EIGRP process 209 and repeat the warning messages in 5-minute (300 seconds) intervals:


Device(config)# router eigrp 209
Device(config-router)# eigrp log-neighbor-warnings 300

The following example logs neighbor warning messages for the service family with autonomous system number 4453 and repeats the warning messages in five-minute (300 second) intervals:


Device(config)# router eigrp virtual-name
Device(config-router)# service-family ipv4 autonomous-system 4453
Device(config-router-sf)# eigrp log-neighbor-warnings 300

The following example logs neighbor warning messages for the address family with autonomous system number 4453 and repeats the warning messages in five-minute (300 second) intervals:


Device(config)# router eigrp virtual-name
Device(config-router)# address-family ipv4 autonomous-system 4453
Device(config-router-af)# eigrp log-neighbor-warnings 300

fast-reroute keep-all-paths

To create a list of all the candidate repair paths considered when a per-prefix loop-free alternate (LFA) Fast Reroute (FRR) route is computed, use the fast-reroute keep-all-paths command in router configuration mode. To disable prefix priority, use the no form of this command.

fast-reroute keep-all-paths

no fast-reroute keep-all-paths

Syntax Description

This command has no arguments or keywords.

Command Default

A list of candidate repair paths is not created.

Command Modes

Router configuration (config-router)

Command History

Release

Modification

Cisco IOS XE Amsterdam 17.3.1

This command was introduced.

Usage Guidelines

You can use the fast-reroute keep-all-paths command to display all the candidate repair paths that are considered when an LFA FRR repair path is computed. You can use this list to troubleshoot repair paths without having to enable debugs. However, this greatly increases memory consumption, and should, therefore, be reserved for testing.

Examples

The following example shows how to create a list of all the candidate LFA FRR repair paths:


Device> enable
Device# configure terminal
Device(config)# router ospf 10
Device(config-router)# fast-reroute keep-all-paths
 

fast-reroute load-sharing disable (EIGRP)

To disable Fast Reroute (FRR) load sharing among Equal Cost Multipath (ECMP) loop-free alternates (LFAs) in an Enhanced Interior Gateway Routing Protocol (EIGRP) network, use the fast-reroute load-sharing disable command in router address family topology configuration mode. To enable FRR load sharing among ECMP LFAs, use the no form of this command.

fast-reroute load-sharing disable

no fast-reroute load-sharing disable

Syntax Description

This command has no arguments or keywords.

Command Default

FRR load sharing among ECMP LFAs is enabled by default.

Command Modes

Router address family topology configuration (config-router-af-topology)

Command History

Release

Modification

Cisco IOS XE Amsterdam 17.3.1

This command was introduced.

Usage Guidelines

Use this command to disable FRR load sharing among ECMP LFAs when FRR can be enabled on a single LFA by using tiebreaking rules. These rules are used to select the best LFA (repair path) for a primary path in an EIGRP network when many candidate LFAs are available. However, if a tie-breaking rule cannot be applied to select LFAs, use the no form of this command to restore the device to its default settings.

Examples

The following example shows how to disable load sharing among ECMP LFAs in an EIGRP network:


Device> enable
Device# configure terminal
Device(config)# router eigrp test
Device(config-router)# address-family ipv4 autonomous-system 1
Device(config-router-af)# topology base
Device(config-router-af-topology)# fast-reroute load-sharing disable

fast-reroute per-prefix (EIGRP)

To enable Fast Reroute (FRR) per prefix in an Enhanced Interior Gateway Routing Protocol (EIGRP) network, use the fast-reroute per-prefix command in router address family topology configuration mode. To disable FRR per prefix in the EIGRP network, use the no form of this command.

fast-reroute per-prefix {all | route-map route-map-name}

no fast-reroute per-prefix {all | route-map route-map-name}

Syntax Description

all

Enables FRR for all the available prefixes in the EIGRP network.

route-map

Enables FRR for prefixes that are specified by a route map.

route-map-name

Name of the route map.

Command Default

FRR is not enabled for any prefix in a network.

Command Modes

Router address family topology configuration (config-router-af-topology)

Command History

Release

Modification

Cisco IOS XE Amsterdam 17.3.1

This command was introduced.

Examples

The following example shows how to enable FRR on all the available prefixes in an EIGRP network:


Device> enable
Device# configure terminal
Device(config)# router eigrp test
Device(config-router)# address-family ipv4 autonomous-system 1
Device(config-router-af)# topology base
Device(config-router-af-topology)# fast-reroute per-prefix all

The following example shows how to enable FRR on the prefixes that are specified by a route map:


Device> enable
Device# configure terminal
Device(config)# router eigrp test
Device(config-router)# address-family ipv4 autonomous-system 1
Device(config-router-af)# topology base
Device(config-router-af-topology)# fast-reroute per-prefix route-map map1

fast-reroute per-prefix enable (OSPF)

To configure a per-prefix LFA FRR path that redirects traffic to an alternative next hop other than the primary neighbor, use the fast-reroute per-prefix enable command in router configuration mode. To disable prefix priority, use the no form of this command.

fast-reroute per-prefix enable [area area-id ]prefix-priority {high | low}

no fast-reroute per-prefix enable [area area-id ]prefix-priority {high | low}

Syntax Description

area

(Optional) Specifies an area in which to enable LFA FRR.

area-id

OSPF area ID expressed as a decimal value, or in IP address format.

prefix-priority

Specifies the priority of prefixes to be protected.

high

Sets the prefix priority to high.

low

Sets the prefix priority to low.

Command Default

LFA is enabled.

Command Modes

Router configuration (config-router)

Command History

Release

Modification

Cisco IOS XE Amsterdam 17.3.1

This command was introduced.

Examples

The following command shows how to configure an LFA, and specifies the prefix priority for protection:


Device> enable
Device# configure terminal
Device(config)# router ospf 10
Device(config-router)# fast-reroute per-prefix enable prefix-priority low
 

fast-reroute per-prefix tie-break (OSPF)

To configure the tiebreaking policy in selecting in an LFA FRR repair path, use the fast-reroute per-prefix tie-break command in router configuration mode. To disable the configuration, use the no form of this command.

fast-reroute per-prefix tie-break {broadcast-interface-disjoint | downstream | interface-disjoint | linecard-disjoint | node-protecting | primary-path | secondary-path | srlg} [required] {index attribute-priority | lowest-metric index attribute-priority}

no fast-reroute per-prefix tie-break {broadcast-interface-disjoint | downstream | interface-disjoint | linecard-disjoint | node-protecting | primary-path | secondary-path | srlg} [required] {index attribute-priority | lowest-metric index attribute-priority}

Syntax Description

broadcast-interface-disjoint

Configures the interface protection attribute.

downstream

Configures LFAs whose metric to the protected destination is lower than the metric of the protecting node to the destination.

interface-disjoint

Configures the interface protection attribute.

linecard-disjoint

Configures the linecard protection attribute.

node-protecting

Configures the node-protecting repair path attribute.

primary-path

Configures the equal-cost multipath attribute.

secondary-path

Configures the not-equal-cost multipath attribute.

srlg

Configures the shared risk link group (SRLG) attribute.

required

(Optional) Specifies that the tiebreaker is required.

index

Specifies the tiebreak attribute priority.

attribute-priority

The tiebreak attribute priority number. Valid values are from 1 to 255.

lowest-metric

Configures the lowest metric repair path attribute.

Command Default

If you do not configure a tiebreaker policy, repair path attributes are assigned in the following priority order:

  1. SRLG

  2. Primary path

  3. Interface disjoint

  4. Lowest metric

  5. Line-card disjoint

  6. Node protecting

  7. Broadcast-interface disjoint

Command Modes

Router configuration (config-router)

Command History

Release

Modification

Cisco IOS XE Amsterdam 17.3.1

This command was introduced.

Usage Guidelines

You must configure the router ospf command before you can configure the fast-reroute per-prefix tie-break command. You can use the show ip ospf fast-reroute command to display the default, or the current, tiebreak configuration.

The tiebreaker policy is evaluated in the configured or the default order. If the evaluation does not select any candidate, the repair path is selected by implicit load balancing. This means that repair path selection varies depending on the prefix.

The primary-path and secondary-path keywords configure the same attribute; configuring one automatically deletes the other from the tiebreaker policy.

You can configure the required keyword for all the attributes except the lowest metric. To be selected as the LFA repair path, a candidate must have all the tiebreaker attributes that are configured as required.

Examples

The commands in the following example show how to configure a tiebreaking policy that prioritizes SRLG as a required tiebreaker, and sets the priority index for it and for the lower-priority tiebreaking attributes:


Device> enable
Device# configure terminal
Device(config)# router ospf 10
Device(config-router)# fast-reroute per-prefix tie-break srlg required index 10
Device(config-router)# fast-reroute per-prefix tie-break linecard-disjoint index 15 
Device(config-router)# fast-reroute per-prefix tie-break downstream index 20

fast-reroute tie-break (EIGRP)

To enable EIGRP FRR to select a loop-free alternate (LFA) from among multiple candidate LFAs for a given primary path by configuring a tiebreaking attribute, use the fast-reroute tie-break command in router address family topology configuration mode. To disable EIGRP FRR from selecting LFAs based on the configured tiebreaking attribute, use the no form of this command. To revert the configuration to the default attributes and their associated priorities, use the default form of this command.

fast-reroute tie-break {interface-disjoint | linecard-disjoint | lowest-backup-path-metric | srlg-disjoint} priority-number

no fast-reroute tie-break {interface-disjoint | linecard-disjoint | lowest-backup-path-metric | srlg-disjoint}

default fast-reroute tie-break {interface-disjoint | linecard-disjoint | lowest-backup-path-metric | srlg-disjoint}

Syntax Description

interface-disjoint

Enables EIGRP FRR to choose an LFA that does not share the outgoing interface with the primary path. The default priority is 20.

linecard-disjoint

Enables EIGRP FRR to choose an LFA that does not share the line card with the primary path. The default priority is 40.

lowest-backup-path-metric

Enables EIGRP FRR to choose the LFA with the lowest metric to the protected destination. The default priority is 30.

srlg-disjoint

Enables EIGRP FRR to choose an LFA that does not share any Shared Risk Link Group (SRLG) with the primary path. The default priority is 10.

priority-number

Priority number assigned to the tiebreaking attribute. The range is from 1 to 255.

Command Default

The default attributes and their associated priorities are used to determine the LFA. The following are the default priority of each attribute:

  • interface-disjoint : 20

  • linecard-disjoint : 40

  • lowest-backup-path-metric : 30

  • srlg-disjoint : 10

Command Modes

Router address family topology configuration (config-router-af-topology)

Command History

Release

Modification

Cisco IOS XE Amsterdam 17.3.1

This command was introduced.

Usage Guidelines

Use this command to configure tiebreaking rules when there are multiple LFAs for a given primary path. EIGRP allows you to use four attributes to configure tiebreaking rules. Each of the interface-disjoint , linecard-disjoint , lowest-backup-path-metric , and srlg-disjoint keywords specifies an attribute and allows you to configure a tiebreaking rule based on the attribute. You can configure a priority value for each attribute. Tiebreaking rules are applied on the basis of the priority configured for each attribute. The lower the configured priority value, the higher the priority of the tiebreaking attribute.


Note


An attribute cannot be configured more than once in an address family.


The no form of this command disables EIGRP from selecting the best LFA based on the configured tiebreaking attributes. When the no form of this command is used, EIGRP will either randomly select an LFA or resort to load sharing. The default form of this command will revert the configuration to the default attributes and their respective priorities.

Examples

The following example shows how to configure a tiebreaking rule by using the interface-disjoint keyword:


Device> enable
Device# configure terminal
Device(config)# router eigrp test
Device(config-router)# address-family ipv4 autonomous-system 1
Device(config-router-af)# topology base
Device(config-router-af-topology)# fast-reroute tie-break interface-disjoint 2

The following example shows how to configure a tiebreaking rule by using the linecard-disjoint keyword:


Device> enable
Device# configure terminal
Device(config)# router eigrp test
Device(config-router)# address-family ipv4 autonomous-system 1
Device(config-router-af)# topology base
Device(config-router-af-topology)# fast-reroute tie-break linecard-disjoint 3

The following example shows how to configure a tiebreaking rule by using the lowest-backup-path-metric keyword:


Device> enable
Device# configure terminal
Device(config)# router eigrp test
Device(config-router)# address-family ipv4 autonomous-system 1
Device(config-router-af)# topology base
Device(config-router-af-topology)# fast-reroute tie-break lowest-backup-path-metric 4

The following example shows how to configure a tiebreaking rule by using the srlg-disjoint keyword:


Device> enable
Device# configure terminal
Device(config)# router eigrp test
Device(config-router)# address-family ipv4 autonomous-system 1
Device(config-router-af)# topology base
Device(config-router-af-topology)# fast-reroute tie-break srlg-disjoint 5

ip authentication key-chain eigrp

To enable authentication of Enhanced Interior Gateway Routing Protocol (EIGRP) packets, use the ip authentication key-chain eigrp command in interface configuration mode. To disable such authentication, use the no form of this command.

ip authentication key-chain eigrp as-number key-chain

no ip authentication key-chain eigrp as-number key-chain

Syntax Description

as-number

Autonomous system number to which the authentication applies.

key-chain

Name of the authentication key chain.

Command Default

No authentication is provided for EIGRP packets.

Command Modes

Interface configuration (config-if) Virtual network interface (config-if-vnet)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Examples

The following example applies authentication to autonomous system 2 and identifies a key chain named SPORTS:


Device(config-if)#ip authentication key-chain eigrp 2 SPORTS

ip authentication mode eigrp

To specify the type of authentication used in Enhanced Interior Gateway Routing Protocol (EIGRP) packets, use the ip authentication mode eigrp command in interface configuration mode. To disable that type of authentication, use the no form of this command.

ip authentication mode eigrp as-number md5

no ip authentication mode eigrp as-number md5

Syntax Description

as-number

Autonomous system number.

md5

Keyed Message Digest 5 ( MD5) authentication.

Command Default

No authentication is provided for EIGRP packets.

Command Modes

Interface configuration (config-if) Virtual network interface (config-if-vnet)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Configure authentication to prevent unapproved sources from introducing unauthorized or false routing messages. When authentication is configured, an MD5 keyed digest is added to each EIGRP packet in the specified autonomous system.

Examples

The following example configures the interface to use MD5 authentication in EIGRP packets in autonomous system 10:


Device(config-if)#ip authentication mode eigrp 10 md5

ip bandwidth-percent eigrp

To configure the percentage of bandwidth that may be used by Enhanced Interior Gateway Routing Protocol (EIGRP) on an interface, use the ip bandwidth-percent eigrp command in interface configuration mode. To restore the default value, use the no form of this command.

ip bandwidth-percent eigrp as-number percent

no ip bandwidth-percent eigrp as-number percent

Syntax Description

as-number

Autonomous system number.

percent

Percent of bandwidth that EIGRP may use.

Command Default

EIGRP may use 50 percent of available bandwidth.

Command Modes

Interface configuration (config-if) Virtual network interface (config-if-vnet)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

EIGRP will use up to 50 percent of the bandwidth of a link, as defined by the bandwidth interface configuration command. This command may be used if some other fraction of the bandwidth is desired. Note that values greater than 100 percent may be configured. The configuration option may be useful if the bandwidth is set artificially low for other reasons.

Examples

The following example allows EIGRP to use up to 75 percent (42 kbps) of a 56-kbps serial link in autonomous system 209:


Device(config)#interface serial 0
Device(config-if)#bandwidth 56
Device(config-if)#ip bandwidth-percent eigrp 209 75

ip cef load-sharing algorithm

To select a Cisco Express Forwarding load-balancing algorithm, use theip cef load-sharing algorithm command in global configuration mode. To return to the default universal load-balancing algorithm, use the no form of this command.

ip cef load-sharing algorithm {original | [universal [id] ]}

no ip cef load-sharing algorithm

Syntax Description

original

Sets the load-balancing algorithm to the original algorithm based on a source and destination hash.

universal

Sets the load-balancing algorithm to the universal algorithm that uses a source and destination and an ID hash.

id

(Optional) Fixed identifier.

Command Default

The universal load-balancing algorithm is selected by default. If you do not configure the fixed identifier for a load-balancing algorithm, the router automatically generates a unique ID.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The original Cisco Express Forwarding load-balancing algorithm produced distortions in load sharing across multiple devices because of the use of the same algorithm on every device. When the load-balancing algorithm is set to universal mode, each device on the network can make a different load sharing decision for each source-destination address pair, and that resolves load-balancing distortions.

Examples

The following example shows how to enable the Cisco Express Forwarding original load-balancing algorithm:

Device> enable
Device# configure terminal
Device(config)# ip cef load-sharing algorithm original
Device(config)# exit

ip community-list

To configure a BGP community list and to control which routes are permitted or denied based on their community values, use the ip community-list command in global configuration mode. To delete the community list, use the no form of this command.

Standard Community Lists

ip community-list {standard | standard list-name} {deny | permit} [community-number] [AA:NN] [internet] [local-as] [no-advertise] [no-export] [gshut]

no ip community-list {standard | standard list-name}

Expanded Community Lists

ip community-list {expanded | expanded list-name} {deny | permit} regexp

no ip community-list {expanded | expanded list-name}

Syntax Description

standard

Standard community list number from 1 to 99 to identify one or more permit or deny groups of communities.

standard list-name

Configures a named standard community list.

deny

Denies routes that match the specified community or communities.

permit

Permits routes that match the specified community or communities.

community-number

(Optional) 32-bit number from 1 to 4294967200. A single community can be entered or multiple communities can be entered, each separated by a space.

AA : NN

(Optional) Autonomous system number and network number entered in the 4-byte new community format. This value is configured with two 2-byte numbers separated by a colon. A number from 1 to 65535 can be entered for each 2-byte number. A single community can be entered or multiple communities can be entered, each separated by a space.

internet

(Optional) Specifies the Internet community. Routes with this community are advertised to all peers (internal and external).

local-as

(Optional) Specifies the local-as community. Routes with community are advertised to only peers that are part of the local autonomous system or to only peers within a subautonomous system of a confederation. These routes are not advertised to external peers or to other subautonomous systems within a confederation.

no-advertise

(Optional) Specifies the no-advertise community. Routes with this community are not advertised to any peer (internal or external).

no-export

(Optional) Specifies the no-export community. Routes with this community are advertised to only peers in the same autonomous system or to only other subautonomous systems within a confederation. These routes are not advertised to external peers.

gshut

(Optional) Specifies the Graceful Shutdown (GSHUT) community.

expanded

Expanded community list number from 100 to 500 to identify one or more permit or deny groups of communities.

expanded list-name

Configures a named expanded community list.

regexp

Regular expression that is used to specify a pattern to match against an input string.

Note

 

Regular expressions can be used only with expanded community lists.

Command Default

BGP community exchange is not enabled by default.

Command Modes


Global configuration (config)

Command History

Table 8.

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The ip community-list command is used to filter BGP routes based on one or more community values. BGP community values are configured as a 32-bit number (old format) or as a 4-byte number (new format). The new community format is enabled when the ip bgp-community new-format command is entered in global configuration mode. The new community format consists of a 4-byte value. The first two bytes represent the autonomous system number, and the trailing two bytes represent a user-defined network number. Named and numbered community lists are supported.

BGP community exchange is not enabled by default. The exchange of BGP community attributes between BGP peers is enabled on a per-neighbor basis with the neighbor send-community command. The BGP community attribute is defined in RFC 1997 and RFC 1998.

The Internet community is applied to all routes or prefixes by default, until any other community value is configured with this command or the set community command.

Use a route map to reference a community list and thereby apply policy routing or set values.

Community List Processing

Once a permit value has been configured to match a given set of communities, the community list defaults to an implicit deny for all other community values. Unlike an access list, it is feasible for a community list to contain only deny statements.

  • When multiple communities are configured in the same ip community-list statement, a logical AND condition is created. All community values for a route must match the communities in the community list statement to satisfy an AND condition.

  • When multiple communities are configured in separate ip community-list statements, a logical OR condition is created. The first list that matches a condition is processed.

Standard Community Lists

Standard community lists are used to configure well-known communities and specific community numbers. A maximum of 16 communities can be configured in a standard community list. If you attempt to configure more than 16 communities, the trailing communities that exceed the limit are not processed or saved to the running configuration file.

Expanded Community Lists

Expanded community lists are used to filter communities using a regular expression. Regular expressions are used to configure patterns to match community attributes. The order for matching using the * or + character is longest construct first. Nested constructs are matched from the outside in. Concatenated constructs are matched beginning at the left side. If a regular expression can match two different parts of an input string, it will match the earliest part first. For more information about configuring regular expressions, see the “Regular Expressions” appendix of the Terminal Services Configuration Guide.

Examples

In the following example, a standard community list is configured that permits routes from network 10 in autonomous system 50000:


Device(config)#ip community-list 1 permit 50000:10 

In the following example, a standard community list is configured that permits only routes from peers in the same autonomous system or from subautonomous system peers in the same confederation:


Device(config)#ip community-list 1 permit no-export

In the following example, a standard community list is configured to deny routes that carry communities from network 40 in autonomous system 65534 and from network 60 in autonomous system 65412. This example shows a logical AND condition; all community values must match in order for the list to be processed.


Device(config)#ip community-list 2 deny 65534:40 65412:60 

In the following example, a named, standard community list is configured that permits all routes within the local autonomous system or permits routes from network 20 in autonomous system 40000. This example shows a logical OR condition; the first match is processed.


Device(config)#ip community-list standard RED permit local-as 
Device(config)#ip community-list standard RED permit 40000:20

In the following example, a standard community list is configured that denies routes with the GSHUT community and permits routes with the local-AS community. This example shows a logical OR condition; the first match is processed.


Device(config)#ip community-list 18 deny gshut 
Device(config)#ip community-list 18 permit local-as

In the following example, an expanded community list is configured that denies routes that carry communities from any private autonomous system:


Device(config)#ip community-list 500 deny _64[6-9][0-9][0-9]_|_65[0-9][0-9][0-9]_ 

In the following example, a named expanded community list is configured that denies routes from network 1 to 99 in autonomous system 50000:


Device(config)#ip community-list expanded BLUE deny 50000:[0-9][0-9]_ 

ip prefix-list

To create a prefix list or to add a prefix-list entry, use the ip prefix-list command in global configuration mode. To delete a prefix-list entry, use the no form of this command.

ip prefix-list {list-name [seq number] {deny | permit} network/length [ge ge-length] [le le-length] | description description | sequence-number}

no ip prefix-list {list-name [seq number] [ {deny | permit} network/length [ge ge-length] [le le-length]] | description description | sequence-number}

Syntax Description

list-name

Configures a name to identify the prefix list. Do not use the word “detail” or “summary” as a list name because they are keywords in the show ip prefix-list command.

seq

(Optional) Applies a sequence number to a prefix-list entry.

number

(Optional) Integer from 1 to 4294967294. If a sequence number is not entered when configuring this command, default sequence numbering is applied to the prefix list. The number 5 is applied to the first prefix entry, and subsequent unnumbered entries are incremented by 5.

deny

Denies access for a matching condition.

permit

Permits access for a matching condition.

network / length

Configures the network address and the length of the network mask in bits. The network number can be any valid IP address or prefix. The bit mask can be a number from 1 to 32.

ge

(Optional) Specifies the lesser value of a range (the “from” portion of the range description) by applying the ge-length argument to the range specified.

Note

 

The ge keyword represents the greater than or equal to operator.

ge-length

(Optional) Represents the minimum prefix length to be matched.

le

(Optional) Specifies the greater value of a range (the “to” portion of the range description) by applying the le-length argument to the range specified.

Note

 

The le keyword represents the less than or equal to operator.

le-length

(Optional) Represents the maximum prefix length to be matched.

description

(Optional) Configures a descriptive name for the prefix list.

description

(Optional) Descriptive name of the prefix list, from 1 to 80 characters in length.

sequence-number

(Optional) Enables or disables the use of sequence numbers for prefix lists.

Command Default

No prefix lists or prefix-list entries are created.

Command Modes

Global configuration (config)

Command History

Table 9.

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Use the ip prefix-list command to configure IP prefix filtering. Prefix lists are configured with permit or deny keywords to either permit or deny a prefix based on a matching condition. An implicit deny is applied to traffic that does not match any prefix-list entry.

A prefix-list entry consists of an IP address and a bit mask. The IP address can be for a classful network, a subnet, or a single host route. The bit mask is a number from 1 to 32.

Prefix lists are configured to filter traffic based on a match of an exact prefix length or a match within a range when the ge and le keywords are used. The ge and le keywords are used to specify a range of prefix lengths and provide more flexible configuration than using only the network/length argument. A prefix list is processed using an exact match when neither the ge nor le keyword is specified. If only the ge value is specified, the range is the value entered for the ge ge-length argument to a full 32-bit length. If only the le value is specified, the range is from the value entered for the network/length argument to the le le-length argument. If both the ge ge-length and le le-length keywords and arguments are entered, the range is between the values used for the ge-length and le-length arguments.

The following formula shows this behavior:

length <ge ge-length <le le-length <= 32

If the seq keyword is configured without a sequence number, the default sequence number is 5. In this scenario, the first prefix-list entry is assigned the number 5 and subsequent prefix list entries increment by 5. For example, the next two entries would have sequence numbers 10 and 15. If a sequence number is entered for the first prefix list entry but not for subsequent entries, the subsequent entry numbers increment by 5. For example, if the first configured sequence number is 3, subsequent entries will be 8, 13, and 18. Default sequence numbers can be suppressed by entering the no ip prefix-list command with the seq keyword.

Evaluation of a prefix list starts with the lowest sequence number and continues down the list until a match is found. When an IP address match is found, the permit or deny statement is applied to that network and the remainder of the list is not evaluated.


Tip


For best performance, the most frequently processed prefix list statements should be configured with the lowest sequence numbers. The seq number keyword and argument can be used for resequencing.


A prefix list is applied to inbound or outbound updates for a specific peer by entering the neighbor prefix-list command. Prefix list information and counters are displayed in the output of the show ip prefix-list command. Prefix-list counters can be reset by entering the clear ip prefix-list command.

Examples

In the following example, a prefix list is configured to deny the default route 0.0.0.0/0:


Device(config)#ip prefix-list RED deny 0.0.0.0/0

In the following example, a prefix list is configured to permit traffic from the 172.16.1.0/24 subnet:


Device(config)#ip prefix-list BLUE permit 172.16.1.0/24

In the following example, a prefix list is configured to permit routes from the 10.0.0.0/8 network that have a mask length that is less than or equal to 24 bits:


Device(config)#ip prefix-list YELLOW permit 10.0.0.0/8 le 24

In the following example, a prefix list is configured to deny routes from the 10.0.0.0/8 network that have a mask length that is greater than or equal to 25 bits:


Device(config)#ip prefix-list PINK deny 10.0.0.0/8 ge 25

In the following example, a prefix list is configured to permit routes from any network that have a mask length from 8 to 24 bits:


Device(config)#ip prefix-list GREEN permit 0.0.0.0/0 ge 8 le 24

In the following example, a prefix list is configured to deny any route with any mask length from the 10.0.0.0/8 network:


Device(config)#ip prefix-list ORANGE deny 10.0.0.0/8 le 32
 

ip hello-interval eigrp

To configure the hello interval for an Enhanced Interior Gateway Routing Protocol (EIGRP) process, use the ip hello-interval eigrp command in interface configuration mode. To restore the default value, use the no form of this command.

ip hello-interval eigrp as-number seconds

no ip hello-interval eigrp as-number [seconds]

Syntax Description

as-number

Autonomous system number.

seconds

Hello interval (in seconds). The range is from 1 to 65535.

Command Default

The hello interval for low-speed, nonbroadcast multiaccess (NBMA) networks is 60 seconds and 5 seconds for all other networks.

Command Modes

Interface configuration (config-if) Virtual network interface (config-if-vnet)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The default of 60 seconds applies only to low-speed, NBMA media. Low speed is considered to be a rate of T1 or slower, as specified with the bandwidth interface configuration command. Note that for the purposes of EIGRP, Frame Relay and Switched Multimegabit Data Service (SMDS) networks may be considered to be NBMA. These networks are considered NBMA if the interface has not been configured to use physical multicasting; otherwise, they are considered not to be NBMA.

Examples

The following example sets the hello interval for Ethernet interface 0 to 10 seconds:


Device(config)#interface ethernet 0
Device(config-if)#ip hello-interval eigrp 109 10

ip hold-time eigrp

To configure the hold time for an Enhanced Interior Gateway Routing Protocol (EIGRP) process, use the ip hold-time eigrp command in interface configuration mode. To restore the default value, use the no form of this command.

ip hold-time eigrp as-number seconds

no ip hold-time eigrp as-number seconds

Syntax Description

as-number

Autonomous system number.

seconds

Hold time (in seconds). The range is from 1 to 65535.

Command Default

The EIGRP hold time is 180 seconds for low-speed, nonbroadcast multiaccess (NBMA) networks and 15 seconds for all other networks.

Command Modes

Interface configuration (config-if) Virtual network interface (config-if-vnet)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

On very congested and large networks, the default hold time might not be sufficient time for all routers and access servers to receive hello packets from their neighbors. In this case, you may want to increase the hold time.

We recommend that the hold time be at least three times the hello interval. If a router does not receive a hello packet within the specified hold time, routes through this router are considered unavailable.

Increasing the hold time delays route convergence across the network.

The default of 180 seconds hold time and 60 seconds hello interval apply only to low-speed, NBMA media. Low speed is considered to be a rate of T1 or slower, as specified with the bandwidth interface configuration command.

Examples

The following example sets the hold time for Ethernet interface 0 to 40 seconds:


Device(config)#interface ethernet 0
Device(config-if)#ip hold-time eigrp 109 40

ip load-sharing

To enable load balancing for Cisco Express Forwarding on an interface, use the ip load-sharing command in interface configuration mode. To disable load balancing for Cisco Express Forwarding on the interface, use the no form of this command.

ip load-sharing { per-destination }

no ip load-sharing

Syntax Description

per-destination

Enables per-destination load balancing for Cisco Express Forwarding on the interface.

Command Default

Per-destination load balancing is enabled by default when you enable Cisco Express Forwarding.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Per-destination load balancing allows the device to use multiple, equal-cost paths to achieve load sharing. Packets for a given source-destination host pair are guaranteed to take the same path, even if multiple, equal-cost paths are available. Traffic for different source-destination host pairs tends to take different paths.

Examples

The following example shows how to enable per-destination load balancing:

Device> enable 
Device# configure terminal
Device(config)# interface gigabitethernet 1/0/1
Device(config-if)# ip load-sharing per-destination

ip network-broadcast

To receive and accept the network-prefix-directed broadcast packets, configure the ip network-broadcast command at the interface of the device.

ip network-broadcast

Syntax Description

This command has no arguments or keywords.

Command Default

This command is disabled by default.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Amsterdam 17.3.1

This command was introduced.

Usage Guidelines

Configure the ip network-broadcast command at the ingress interface before configuring the ip directed-broadcast command at the egress interface. This ensures that the network-prefix-directed broadcast packets are received and accepted.

The ip network-broadcast command is disabled by default. If you do not configure this command, the network-prefix-directed broadcast packets are silently discarded.

Examples

The following example shows how to enable the network to accept the network-prefix-directed broadcast packets at ingress and then configure the directed broadcast-to-physical broadcast translation on the egress interface.

Device# configure terminal
Device(config)#interface gigabitethernet 1/0/2
Device(config-if)#ip network-broadcast
Device(config-if)#exit
Device(config)#interface gigabitethernet 1/0/3
Device(config-if)#ip directed-broadcast
Device(config-if)#exit

ip ospf database-filter all out

To filter outgoing link-state advertisements (LSAs) to an Open Shortest Path First (OSPF) interface, use the ip ospf database-filter all out command in interface or virtual network interface configuration modes. To restore the forwarding of LSAs to the interface, use the no form of this command.

ip ospf database-filter all out [disable]

no ip ospf database-filter all out

Syntax Description

disable

(Optional) Disables the filtering of outgoing LSAs to an OSPF interface; all outgoing LSAs are flooded to the interface.

Note

 

This keyword is available only in virtual network interface mode.

Command Default

This command is disabled by default. All outgoing LSAs are flooded to the interface.

Command Modes

Interface configuration (config-if)

Virtual network interface (config-if-vnet)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

This command performs the same function that the neighbor database-filter command performs on a neighbor basis.

If the ip ospf database-filter all out command is enabled for a virtual network and you want to disable it, use the disable keyword in virtual network interface configuration mode.

Examples

The following example prevents filtering of OSPF LSAs to broadcast, nonbroadcast, or point-to-point networks reachable through Ethernet interface 0:


Device(config)#interface ethernet 0
Device(config-if)#ip ospf database-filter all out

ip ospf fast-reroute per-prefix

To configure an interface as a protecting or a protected interface in a per-prefix LFA repair path, use the ip ospf fast-reroute per-prefix command in interface configuration mode.

ip ospf fast-reroute per-prefix {candidate | protection} [disable]

Syntax Description

candidate

Specifies that the interface is protecting, that is, it can be used as the next hop in a repair path.

protection

Specifies that the interface is protected, that is, routes pointing to this interface can have a repair path.

disable

(Optional) Specifies that the interface is either protecting or protected.

Command Default

All the interfaces are protected and are protecting.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

Cisco IOS XE Amsterdam 17.3.1

This command was introduced.

Usage Guidelines

If you know from the network topology that an interface cannot be used to reroute traffic, for example, if it goes to a customer site, you can use the ip ospf fast-reroute per-prefix command to disable it from being protecting interface.

Examples

The following example shows how to prohibit an interface from being a protecting interface:


Device> enable
Device# configure terminal
Device(config)# interface Ethernet 0/0
Device(config-if)# ip address 192.0.2.1 255.255.255.0
Device(config-if)# ip ospf fast-reroute per-prefix candidate disable

ip ospf name-lookup

To configure Open Shortest Path First (OSPF) to look up Domain Name System (DNS) names for use in all OSPF show EXEC command displays, use the ip ospf name-lookup command in global configuration mode. To disable this function, use the no form of this command.

ip ospf name-lookup

noipospfname-lookup

Syntax Description

This command has no arguments or keywords.

Command Default

This command is disabled by default.

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

This command makes it easier to identify a router because the router is displayed by name rather than by its router ID or neighbor ID.

Examples

The following example configures OSPF to look up DNS names for use in all OSPF show EXEC command displays:


Device(config)#ip ospf name-lookup

ip split-horizon eigrp

To enable Enhanced Interior Gateway Routing Protocol (EIGRP) split horizon, use the ip split-horizon eigrp command in interface configuration mode. To disable split horizon, use the no form of this command.

ip split-horizon eigrp as-number

no ip split-horizon eigrp as-number

Syntax Description

as-number

Autonomous system number.

Command Default

The behavior of this command is enabled by default.

Command Modes

Interface configuration (config-if)

Virtual network interface (config-if-vnet)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Use the no ip split-horizon eigrp command to disable EIGRP split horizon in your configuration.

Examples

The following is an example of how to enable EIGRP split horizon:


Device(config-if)#ip split-horizon eigrp 101

ip summary-address eigrp

To configure address summarization for the Enhanced Interior Gateway Routing Protocol (EIGRP) on a specified interface, use the ip summary-address eigrp command in interface configuration or virtual network interface configuration mode. To disable the configuration, use the no form of this command.

ip summary-address eigrp as-number ip-address mask [admin-distance] [leak-map name]

no ip summary-address eigrp as-number ip-address mask

Syntax Description

as-number

Autonomous system number.

ip-address

Summary IP address to apply to an interface.

mask

Subnet mask.

admin-distance

(Optional) Administrative distance. Range: 0 to 255.

Note

 

Starting with Cisco IOS XE Release 3.2S, the admin-distance argument was removed. Use the summary-metric command to configure the administrative distance.

leak-map name

(Optional) Specifies the route-map reference that is used to configure the route leaking through the summary.

Command Default

  • An administrative distance of 5 is applied to EIGRP summary routes.

  • EIGRP automatically summarizes to the network level, even for a single host route.

  • No summary addresses are predefined.

  • The default administrative distance metric for EIGRP is 90.

Command Modes

Interface configuration (config-if)

Virtual network interface configuration (config-if-vnet)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

The ip summary-address eigrp command is used to configure interface-level address summarization. EIGRP summary routes are given an administrative-distance value of 5. The administrative-distance metric is used to advertise a summary without installing it in the routing table.

By default, EIGRP summarizes subnet routes to the network level. The no auto-summary command can be entered to configure the subnet-level summarization.

The summary address is not advertised to the peer if the administrative distance is configured as 255.

EIGRP Support for Leaking Routes

Configuring the leak-map keyword allows a component route that would otherwise be suppressed by the manual summary to be advertised. Any component subset of the summary can be leaked. A route map and access list must be defined to source the leaked route.

The following is the default behavior if an incomplete configuration is entered:

  • If the leak-map keyword is configured to reference a nonexistent route map, the configuration of this keyword has no effect. The summary address is advertised but all component routes are suppressed.

  • If the leak-map keyword is configured but the access list does not exist or the route map does not reference the access list, the summary address and all component routes are advertised.

If you are configuring a virtual-network trunk interface and you configure the ip summary-address eigrp command, the admin-distance value of the command is not inherited by the virtual networks running on the trunk interface because the administrative distance option is not supported in the ip summary-address eigrp command on virtual network subinterfaces.

Examples

The following example shows how to configure an administrative distance of 95 on Ethernet interface 0/0 for the 192.168.0.0/16 summary address:


Device(config)#router eigrp 1
Device(config-router)#no auto-summary
Device(config-router)#exit
Device(config)#interface Ethernet 0/0
Device(config-if)#ip summary-address eigrp 1 192.168.0.0 255.255.0.0 95

The following example shows how to configure the 10.1.1.0/24 subnet to be leaked through the 10.2.2.0 summary address:


Device(config)#router eigrp 1 
Device(config-router)#exit 
Device(config)#access-list 1 permit 10.1.1.0 0.0.0.255
Device(config)#route-map LEAK-10-1-1 permit 10
Device(config-route-map)#match ip address 1
Device(config-route-map)#exit
Device(config)#interface Serial 0/0
Device(config-if)#ip summary-address eigrp 1 10.2.2.0 255.0.0.0 leak-map LEAK-10-1-1
Device(config-if)#end

The following example configures GigabitEthernet interface 0/0/0 as a virtual network trunk interface:


Device(config)#interface gigabitethernet 0/0/0
Device(config-if)#vnet global
Device(config-if-vnet)#ip summary-address eigrp 1 10.3.3.0 255.0.0.0 33

ip route static bfd

To specify static route bidirectional forwarding detection (BFD) neighbors, use the ip route static bfd command in global configuration mode. To remove a static route BFD neighbor, use theno form of this command

ip route static bfd { interface-type interface-number ip-address | vrf vrf-name} [ group group-name] [passive] [unassociate]

no ip route static bfd { interface-type interface-number ip-address | vrf vrf-name} [ group group-name] [passive] [unassociate]

Syntax Description

interface-type interface-number

Interface type and number.

ip-address

IP address of the gateway, in A.B.C.D format.

vrf vrf-name

Specifies Virtual Routing and Forwarding (VRF) instance and the destination vrf name.

group group-name

(Optional) Assigns a BFD group. The group-name is a character string of up to 32 characters specifying the BFD group name.

unassociate

(Optional) Unassociates the static route configured for a BFD.

Command Default

No static route BFD neighbors are specified.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Use the ip route static bfd command to specify static route BFD neighbors. All static routes that have the same interface and gateway specified in the configuration share the same BFD session for reachability notification.

All static routes that specify the same values for the interface-type, interface-number, and ip-address arguments will automatically use BFD to determine gateway reachability and take advantage of fast failure detection.

The group keyword assigns a BFD group. The static BFD configuration is added to the VPN routing and forwarding (VRF) instance with which the interface is associated. The passive keyword specifies the passive member of the group. Adding static BFD in a group without the passive keyword makes the BFD an active member of the group. A static route should be tracked by the active BFD configuration in order to trigger a BFD session for the group. To remove all the static BFD configurations (active and passive) of a specific group, use the no ip route static bfd command and specify the BFD group name.

The unassociate keyword specifies that a BFD neighbor is not associated with static route, and the BFD sessions are requested if an interface has been configured with BFD. This is useful in bringing up a BFDv4 session in the absence of an IPv4 static route. If the unassociate keyword is not provided, then the IPv4 static routes are associated with BFD sessions.

BFD requires that BFD sessions are initiated on both endpoint devices. Therefore, this command must be configured on each endpoint device.

The BFD static session on a switch virtual interface (SVI) is established only after the bfd interval milliseconds min_rx milliseconds multiplier multiplier-value command is disabled and enabled on that SVI.

To enable the static BFD sessions, perform the following steps:

  1. Enable BFD timers on the SVI.

    bfd interval milliseconds min_rx milliseconds multiplier multiplier-value

  2. Enable BFD for the static IP route

    ip route static bfd interface-type interface-number ip-address

  3. Disable and enable the BFD timers on the SVI again.

    no bfd interval milliseconds min_rx milliseconds multiplier multiplier-value

    bfd interval milliseconds min_rx milliseconds multiplier multiplier-value

Examples

The following example shows how to configure BFD for all static routes through a specified neighbor, group, and active member of the group:

Device#configuration terminal
Device(config)#ip route static bfd GigabitEthernet 1/0/1 10.1.1.1 group group1

The following example shows how to configure BFD for all static routes through a specified neighbor, group, and passive member of the group:

Device#configuration terminal
Device(config)#ip route static bfd GigabitEthernet 1/0/1 10.2.2.2 group group1 passive

The following example shows how to configure BFD for all static routes in an unassociated mode without the group and passive keywords:

Device#configuration terminal
Device(config)#ip route static bfd GigabitEthernet 1/0/1 10.2.2.2 unassociate

ipv6 route static bfd

To specify static route Bidirectional Forwarding Detection for IPv6 (BFDv6) neighbors, use the ipv6 route static bfd command in global configuration mode. To remove a static route BFDv6 neighbor, use theno form of this command

ipv6 route static bfd [ vrf vrf-name] interface-type interface-number ipv6-address [unassociated]

no ipv6 route static bfd

Syntax Description

vrf vrf-name

(Optional) Name of the virtual routing and forwarding (VRF) instance by which static routes should be specified.

interface-type interface-number

Interface type and number.

ipv6-address

IPv6 address of the neighbor.

unassociated

(Optional) Moves a static BFD neighbor from associated mode to unassociated mode.

Command Default

No static route BFDv6 neighbors are specified.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Use the ipv6 route static bfd command to specify static route neighbors. All of the static routes that have the same interface and gateway specified in the configuration share the same BFDv6 session for reachability notification. BFDv6 requires that BFDv6 sessions are initiated on both endpoint routers. Therefore, this command must be configured on each endpoint router. An IPv6 static BFDv6 neighbor must be fully specified (with the interface and the neighbor address) and must be directly attached.

All static routes that specify the same values for vrf vrf-name, interface-type interface-number , and ipv6-address will automatically use BFDv6 to determine gateway reachability and take advantage of fast failure detection.

Examples

The following example creates a neighbor on Ethernet interface 0/0 with an address of 2001::1:

Device#configuration terminal
Device(config)#ipv6 route static bfd ethernet 0/0 2001::1

The following example converts the neighbor to unassociated mode:

Device#configuration terminal
Device(config)#ipv6 route static bfd ethernet 0/0 2001::1 unassociated

match tag

To filter routes that match specific route tags, use the match tag command in route-map configuration mode. To remove the tag entry, use the no form of this command.

match tag {tag-value | tag-value-dotted-decimal} [... tag-value | ... tag-value-dotted-decimal]

no match tag {tag-value | tag-value-dotted-decimal} [... tag-value | ... tag-value-dotted-decimal]

Syntax Description

tag-value

Route tag value, in plain decimals. The valid range is from 0 to 4294967295.

tag-value-dotted-decimal

Route tag value, in dotted decimals. The valid range is from 0.0.0.0 to 255.255.255.255.

Command Default

No match tag values are defined.

Command Modes

Route-map configuration (config-route-map)

Command History

Release

Modification

Cisco IOS XE Amsterdam 17.3.1

This command was introduced.

Usage Guidelines

Ellipses (...) in the command syntax indicate that your command input can include multiple values for the tag-value and the tag-value-dotted-decimal arguments.

Examples

The following example shows how to match a route with a tag value of 5:

Device> enable
Device# configure terminal
Device(config)# route-map name
Device(config-route-map)# match tag 5

The following example shows how to match a route with a tag value of 10.10.10.10:

Device> enable
Device# configure terminal
Device(config)# route-map name
Device(config-route-map)# match tag 10.10.10.10

metric weights (EIGRP)

To tune the Enhanced Interior Gateway Routing Protocol (EIGRP) metric calculations, use the metric weights command in router configuration mode or address family configuration mode. To reset the values to their defaults, use the no form of this command.

Router Configuration

metric weights tos k1 k2 k3 k4 k5

no metric weights

Address Family Configuration

metric weights tos [k1 [k2 [k3 [k4 [k5 [k6] ]]]]]

no metric weights

Syntax Description

tos

Type of service. This value must always be zero.

k1 k2 k3 k4 k5 k6

(Optional) Constants that convert an EIGRP metric vector into a scalar quantity. Valid values are 0 to 255. Given below are the default values:

  • k1: 1

  • k2: 0

  • k3: 1

  • k4: 0

  • k5: 0

  • k6: 0

Note

 

In address family configuration mode, if the values are not specified, default values are configured. The k6 argument is supported only in address family configuration mode.

Command Default

EIGRP metric K values are set to their default values.

Command Modes

Router configuration (config-router)

Address family configuration (config-router-af)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

Use this command to alter the default behavior of EIGRP routing and metric computation and to allow the tuning of the EIGRP metric calculation for a particular type of service (ToS).

If k5 equals 0, the composite EIGRP metric is computed according to the following formula:

metric = [k1 * bandwidth + (k2 * bandwidth)/(256 – load) + k3 * delay + K6 * extended metrics]

If k5 does not equal zero, an additional operation is performed:

metric = metric * [k5/(reliability + k4)]

Scaled Bandwidth= 107/minimum interface bandwidth (in kilobits per second) * 256

Delay is in tens of microseconds for classic mode and pico seconds for named mode. In classic mode, a delay of hexadecimal FFFFFFFF (decimal 4294967295) indicates that the network is unreachable. In named mode, a delay of hexadecimal FFFFFFFFFFFF (decimal 281474976710655) indicates that the network is unreachable.

Reliability is given as a fraction of 255. That is, 255 is 100 percent reliability or a perfectly stable link.

Load is given as a fraction of 255. A load of 255 indicates a completely saturated link.

Examples

The following example shows how to set the metric weights to slightly different values than the defaults:


Device(config)#router eigrp 109
Device(config-router)#network 192.168.0.0
Device(config-router)#metric weights 0 2 0 2 0 0

The following example shows how to configure an address-family metric weight to ToS: 0; K1: 2; K2: 0; K3: 2; K4: 0; K5: 0; K6:1:


Device(config)#router eigrp virtual-name
Device(config-router)#address-family ipv4 autonomous-system 4533
Device(config-router-af)#metric weights 0 2 0 2 0 0 1

neighbor advertisement-interval

To set the minimum route advertisement interval (MRAI) between the sending of BGP routing updates, use the neighbor advertisement-interval command in address family or router configuration mode. To restore the default value, use the no form of this command.

neighbor {ip-address | peer-group-name} advertisement-interval seconds

no neighbor {ip-address | peer-group-name} advertisement-interval seconds

Syntax Description

ip-address

IP address of the neighbor.

peer-group-name

Name of a BGP peer group.

seconds

Time (in seconds) is specified by an integer ranging from 0 to 600.

Command Default

eBGP sessions not in a VRF: 30 seconds

eBGP sessions in a VRF: 0 seconds

iBGP sessions: 0 seconds

Command Modes


Router configuration (config-router)

Command History

Table 10.

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

When the MRAI is equal to 0 seconds, BGP routing updates are sent as soon as the BGP routing table changes.

If you specify a BGP peer group by using the peer-group-name argument, all the members of the peer group will inherit the characteristic configured with this command.

Examples

The following router configuration mode example sets the minimum time between sending BGP routing updates to 10 seconds:


router bgp 5
 neighbor 10.4.4.4 advertisement-interval 10

The following address family configuration mode example sets the minimum time between sending BGP routing updates to 10 seconds:


router bgp 5
address-family ipv4 unicast
 neighbor 10.4.4.4 advertisement-interval 10

neighbor default-originate

To allow a BGP speaker (the local router) to send the default route 0.0.0.0 to a neighbor for use as a default route, use the neighbor default-originate command in address family or router configuration mode. To send no route as a default, use the no form of this command.

neighbor {ip-address | peer-group-name} default-originate [route-map map-name]

no neighbor {ip-address | peer-group-name} default-originate [route-map map-name]

Syntax Description

ip-address

IP address of the neighbor.

peer-group-name

Name of a BGP peer group.

route-map map-name

(Optional) Name of the route map. The route map allows route 0.0.0.0 to be injected conditionally.

Command Default

No default route is sent to the neighbor.

Command Modes

Address family configuration (config-router-af)

Router configuration (config-router)

Command History

Table 11.

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

This command does not require the presence of 0.0.0.0 in the local router. When used with a route map, the default route 0.0.0.0 is injected if the route map contains a match ip address clause and there is a route that matches the IP access list exactly. The route map can contain other match clauses also.

You can use standard or extended access lists with the neighbor default-originate command.

Examples

In the following router configuration example, the local router injects route 0.0.0.0 to the neighbor 172.16.2.3 unconditionally:


 router bgp 109
 network 172.16.0.0
 neighbor 172.16.2.3 remote-as 200
 neighbor 172.16.2.3 default-originate

In the following example, the local router injects route 0.0.0.0 to the neighbor 172.16.2.3 only if there is a route to 192.168.68.0 (that is, if a route with any mask exists, such as 255.255.255.0 or 255.255.0.0):


 router bgp 109
 network 172.16.0.0
 neighbor 172.16.2.3 remote-as 200
 neighbor 172.16.2.3 default-originate route-map default-map
!
route-map default-map 10 permit
 match ip address 1
!
access-list 1 permit 192.168.68.0

In the following example, the last line of the configuration has been changed to show the use of an extended access list. The local router injects route 0.0.0.0 to the neighbor 172.16.2.3 only if there is a route to 192.168.68.0 with a mask of 255.255.0.0:


router bgp 109
 network 172.16.0.0
 neighbor 172.16.2.3 remote-as 200
 neighbor 172.16.2.3 default-originate route-map default-map
!
route-map default-map 10 permit
 match ip address 100
!
access-list 100 permit ip host 192.168.68.0 host 255.255.0.0

neighbor description

To associate a description with a neighbor, use the neighbor description command in router configuration mode or address family configuration mode. To remove the description, use the no form of this command.

neighbor {ip-address | peer-group-name} description text

no neighbor {ip-address | peer-group-name} description [text]

Syntax Description

ip-address

IP address of the neighbor.

peer-group-name

Name of an EIGRP peer group. This argument is not available in address-family configuration mode.

text

Text (up to 80 characters in length) that describes the neighbor.

Command Default

There is no description of the neighbor.

Command Modes

Router configuration (config-router) Address family configuration (config-router-af)

Command History

Release

Modification

Cisco IOS XE Everest 16.6.1

This command was introduced.

Examples

In the following examples, the description of the neighbor is “peer with example.com”:


Device(config)#router bgp 109
Device(config-router)#network 172.16.0.0
Device(config-router)#neighbor 172.16.2.3 description peer with example.com

In the following example, the description of the address family neighbor is “address-family-peer”:


Device(config)#router eigrp virtual-name
Device(config-router)#address-family ipv4 autonomous-system 4453
Device(config-router-af)#network 172.16.0.0
Device(config-router-af)#neighbor 172.16.2.3 description address-family-peer