Release Note Software Version 2.7.5 For AT-8800, Rapier i, AT-8700XL, AT-8600, AT-9900, AT-8900 and AT-9800 Series Switches and AR400 and AR700 Series Routers Introduction .......................................................................................................2 Upgrading to Software Version 2.7.5 .................................................................3 Overview of New Features .................................................................................4 MSS Clamping ..........
Introduction Release Note Introduction Allied Telesyn announces the release of Software Version 2.7.5 on the products shown in Table 1. This Release Note describes all new features in Software Version 2.7.5. The product series that each feature and enhancement applies to are shown in “Overview of New Features” on page 4. Table 1: Products supported by Software Version 2.7.
Software Version 2.7.5 3 Upgrading to Software Version 2.7.5 Software Version 2.7.5 is available as a flash release that can be downloaded directly from the Software/Documentation area of the Allied Telesyn website: www.alliedtelesyn.com/support/software Software versions must be licenced and require a password to activate. If you upgrade to Software Version 2.7.5 from any 2.7.x version, your existing licence is valid for 2.7.5.
Overview of New Features Release Note Overview of New Features This section lists the new features and enhancements by product series. For supported models, see Table 1 on page 2. AT-9900 AT-8900 AT-9800 AT-8600 AT-8700XL AT-8800 Rapier AR750S AR7x5 AR400 Table 3: New features and enhancements in Software Version 2.7.
Software Version 2.7.5 5 MSS Clamping Maximum Segment Size (MSS) clamping functionality has been introduced to Point-to-Point Protocol (PPP) to allow the following: ■ User configuration of the MSS clamping value via the command line interface. ■ A clamping range of 40 - 200 bytes. Previously, MSS clamping occurred at a fixed value of 120 bytes.
MSS Clamping Release Note Example If the MTU of a PPP interface is 1000 bytes, and you wish to limit the MSS to 850 bytes, use the command: set ppp=0 mssheader=150 By setting the mssheader parameter to 150 bytes, this amount of space is reserved for the header. If the MTU is 1000, then this leaves 850 bytes of available space in the packet for data. Command changes The following table summarises the modified commands (see Command Reference Updates).
Software Version 2.7.5 7 Command Reference Updates This section describes the changed portions of modified commands and output screens. For modified commands and output, new parameters and fields are shown in bold. create ppp Syntax CREate PPP=ppp-interface OVER=physical-interface [AUTHENTICATION={CHAP|EITHER|PAP|NONE}] [AUTHMODE={IN|OUT|INOUT}] [BAP={ON|OFF}] [BAPMODE={CALL|CALLBACK}] [CBDELAY=1..
MSS Clamping Release Note create ppp template Syntax CREate PPP TEMPlate=template [COPY=template] [AUTHENTICATION={CHAP|EITHER|PAP|NONE}] [BAP={ON|OFF}] [BAPMODE={CALL|CALLBACK}] [CBDELAY=1..100] [CBMODE={ACCEPT|OFF|REQUEST}] [CBNUMBER=e164number] [CBOPERATION={E164NUMBER|USERAUTH}] [COMPALGORITHM={PREDICTOR|STACLZS}] [COMPRESSION={ON|OFF|LINK}] [DEBUGMAXBYTES=16..256] [DESCRIPTION=description] [DOWNRATE=0..
Software Version 2.7.5 9 set ppp Syntax SET PPP==ppp-interface [OVER=physical-interface] [AUTHENTICATION={CHAP|EITHER|PAP|NONE}] [AUTHMODE={IN|OUT|INOUT}] [BAP={ON|OFF}] [BAPMODE={CALL|CALLBACK}] [CBDELAY=1..100] [CBMODE={ACCEPT|OFF|REQUEST}] [CBNUMBER=e164number] [CBOPERATION={E164NUMBER|USERAUTH}] [COMPALGORITHM={PREDICTOR|STACLZS}] [COMPRESSION={ON|OFF|LINK}] [CONFIGURE={value|CONTINUOUS}] [DEBUGMAXBYTES=16..256] [DESCRIPTION=description] [DOWNRATE=0..
MSS Clamping Release Note set ppp template Syntax SET PPP TEMPlate=template [AUTHENTICATION={CHAP|EITHER|PAP|NONE}] [BAP={ON|OFF}] [BAPMODE={CALL|CALLBACK}] [CBDELAY=1..100] [CBMODE={ACCEPT|OFF|REQUEST}] [CBNUMBER=e164number] [CBOPERATION={E164NUMBER|USERAUTH}] [COMPALGORITHM={PREDICTOR|STACLZS}] [COMPRESSION={ON|OFF|LINK}] [DEBUGMAXBYTES=16..256] [DESCRIPTION=description] [ECHO={ON|OFF|period}] [ENCRYPTION={ON|OFF}] [FRAGMENT={ON|OFF}] [FRAGOVERHEAD=0..100] [IDLE={ON|OFF|time}] [INDATALIMIT={NONE|1.
Software Version 2.7.5 11 show ppp pppoe Syntax Description SHow PPP PPPoe The output of this command includes a new field. Figure 1: Example output from the show ppp pppoe command PPPOE -----------------------------------------------------------PPP1: Service Name ................. bob Peer Mac Address ............. 00-00-cd-00-ab-a3 Session ID ................... a1a3 Maximum Segment Size ......... 1292 Access Concentrator Mode ..... Enabled Services: bob Max sessions ................ Current Sessions .
MSS Clamping Release Note show ppp template Syntax Description SHow PPP TEMPLATE[=template] [DEBUG] The output of this command includes a new field. Figure 2: Example output from the show ppp template command Template - Description Parameter Value ------------------------------------------------------------------------------pppt0 - Template for calls from Head Office Multilink ......................................... ON Maximum links .....................................
Software Version 2.7.5 13 Reflecting TOS onto L2TP-tunnelled Packets Quality of Service (QoS) for L2TP-tunnelled packets on VPN networks has been enhanced. Software Version 2.7.5 enables the router or switch to reflect the TOS/DSCP field of the IP packet’s header onto the encapsulating L2TP IP header. The IP packet’s TOS/DSCP field indicates the desired QoS for the IP packet.
Reflecting TOS onto L2TP-tunnelled Packets Release Note Command Reference Updates This section describes the changed portions of modified commands and output screens. For modified commands and output, new parameters and fields are shown in bold.
Software Version 2.7.5 15 set l2tp call Syntax SET L2TP CALL=name [DIAL=number] [IP=ipadd] [NUMber={ON|OFF|STARTup}] [PASSword=password] [PRE13={ON|OFF}] [PRECedence={IN|OUT}] [REMotecall=name] [SPeed=speed] [SUBAddress=subaddress] [TOSreflect={ON|OFF|Yes|No|True|False}] [TYpe={ASYNc|ISDN|VIrtual}] Description The new tosreflect parameter specifies whether or not the TOS/DSCP field of a data packet within the L2TP tunnel should be reflected onto the encapsulated packet.
Reflecting TOS onto L2TP-tunnelled Packets Release Note show l2tp call Syntax Description SHow L2TP CALL[=name] This command displays information about the specified call definition or all defined calls. Figure 3: Example output from the show l2tp call command L2TP Call Information -----------------------------------------------------------Name : test Type .................... virtual Precedence .............. out Sequence numbering ...... off Remote is pre draft13 ... on Speed ...................
Software Version 2.7.5 17 show l2tp user Syntax Description SHow L2TP USER[=mapping] This command displays attributes of the specified user mapping entry or all defined entries. Figure 5: Example output from the show l2tp user command L2TP User Information -----------------------------------------------------------User : dataman Action ................... database Password ................. not set Maximum timeout .......... 20 Sequence Numbering ....... on Remote is pre draft13 .... on Remote IP .......
New Speed and Duplex Mode Options Release Note New Speed and Duplex Mode Options Software Version 2.7.5 extends the speed and duplex mode options for switch ports. Fixed Speed and Autonegotiated Duplex Mode Software Version 2.7.5 enables you to fix the speed of copper switch ports to 10 or 100Mbps and still autonegotiate the duplex mode.
Software Version 2.7.5 19 For different types of port on AT-9900 series switches, the valid speed options are shown in the following table.
Disabling IP ARP Cache Refreshing Release Note Disabling IP ARP Cache Refreshing Software Release 2.7.5 enables you to disable IP ARP cache refreshing. Previously, whenever an IP ARP entry was used (hit), the cache entry was refreshed and the ageing timer reset.
Software Version 2.7.5 21 show ip Syntax Description SHow IP This command displays general configuration information regarding the router or switch (Figure 6 on page 21, Table 9 on page 21). Figure 6: Example output from the show ip command IP Module Configuration -----------------------------------------------------------Module Status .................. IP Packet Forwarding ........... IP Echo Reply .................. Debugging ...................... IP Fragment Offset Filtering ...
DHCP Option 82 Relay Release Note DHCP Option 82 Relay The existing DHCP and BOOTP functionality has been enhanced to include the addition, removal and monitoring of DHCP Option 82. Option 82 is also called the Relay Agent Information option. Option 82 is inserted by the DHCP relay agent into the DHCP options field when forwarding client-originated BOOTP/DHCP packets to a DHCP server.
Software Version 2.7.5 23 Command Reference Updates This section describes each new command and the changed portions of modified commands and output screens. For modified commands and output, new parameters, options and fields are shown in bold. enable bootp relay option82 Syntax Description ENAble BOOTp RELAy OPTion82 [DEBug] This command enables the DHCP relay agent to insert DHCP Option 82 into the DHCP options field when forwarding client-originated BOOTP/DHCP packets to a DHCP server.
DHCP Option 82 Relay Release Note set bootp relay option82 Syntax Description SET BOOTp RELAy OPTion82 [CHEck={YES|NO|ON|OFF|True|False}] [POLIcy={DROP|KEEP|REPLACE}] This command defines the checking and re-forwarding settings used by DHCP Option 82. When Option 82 is enabled, the DHCP relay agent inserts Option 82 information into the DHCP options field when forwarding client-originated BOOTP/DHCP packets to a DHCP server.
Software Version 2.7.5 25 set bootp relay option82 port Syntax SET BOOTp RELAy OPTion82 POrt={port-list|ALL} [SUBScriberid=subscriber-id] [TRusted={YES|NO|ON|OFF|True|False}] where: Description ■ port-list is a port number, a range of port numbers (specified as n-m), or a comma-separated list of port numbers and/or ranges. Port numbers start at 1 and end at m, where m is the highest numbered Ethernet switch port, including uplink ports.
DHCP Option 82 Relay Release Note show bootp relay Syntax Description SHow BOOTp RELAy This command displays the current configuration of the BOOTP Relay Agent. Figure 7: Example output from the show bootp relay command BOOTP Relaying Agent Configuration. Status ...................... Disabled Maximum hops ................ 4 DHCP Option 82: Insertion status .......... Check ..................... Reforwarding policy ....... Debugging .................
Software Version 2.7.5 27 show bootp relay port Syntax SHow BOOTp RELAy POrt[={port-list|ALL}] where: ■ Description port-list is a port number, a range of port numbers (specified as n-m), or a comma-separated list of port numbers and/or ranges. Port numbers start at 1 and end at m, where m is the highest numbered Ethernet switch port, including uplink ports. This command displays port-related information about the BOOTP Relay port settings.
IGMP Enhancements Release Note IGMP Enhancements Software Version 2.7.5 includes the following enhancements for IGMP: ■ Fast Leave ■ Filtering and Throttling This section describes each enhancement, then the new and modified commands in Command Reference Updates. Fast Leave When an IGMP group-specific leave message is received on a port, IGMP Snooping stops the transmission of the group multicast stream after a timeout period.
Software Version 2.7.5 29 Filtering and Throttling IGMP filtering and throttling let you control the distribution of multicast services on each switch port. IGMP filtering controls which multicast groups a host on a switch port can join. IGMP throttling limits the number of multicast groups that a host on a switch port can join. IGMP filtering and throttling are applied to multicast streams forwarded by IGMP, IGMP Snooping, or MVR.
IGMP Enhancements Order of entries Release Note The order of entries in a filter is important. When IGMP tries to match a Membership Report to a filter, it performs a linear search of the filter to find a matching entry. Each entry is tried in turn, and processing stops at the first match found. Address ranges can overlap. If the address range of an entry falls entirely within the address range of another entry, the entry with the smaller address range should appear first in the filter.
Software Version 2.7.5 31 IGMP Throttling IGMP throttling controls the maximum number of multicast groups that a port can join. When the number of multicast group memberships associated with a switch port reaches the limit set, further Membership Reports are subject to a throttling action—deny or replace.
IGMP Enhancements Release Note Command Reference Updates This section describes each new command and the changed portions of modified commands and output screens. For modified commands and output, new parameters, options and fields are shown in bold. add igmp filter Syntax ADD IGMP FILter=filter-id GROupaddress=ipadd[-ipadd] [ACtion={INCLude|EXCLude}] [ENTry=1..65535] where: Description ■ filter-id is a decimal number in the range 1 to 99. ■ ipadd is an IP address in dotted decimal notation.
Software Version 2.7.5 33 create igmp filter Syntax CREate IGMP FILter=filter-id where: ■ Description filter-id is a decimal number in the range 1 to 99. This command creates an IGMP filter. IGMP filters control a port’s membership of multicast groups by filtering Membership Reports received from hosts attached to the port. The filter parameter specifies the number of the filter to create, and is used to identify the filter. A filter with the specified number must not already exist.
IGMP Enhancements Release Note destroy igmp filter Syntax DESTroy IGMP FILter=filter-id where: ■ Description filter-id is a decimal number in the range 1 to 99. This command destroys an IGMP filter and all entries in the filter. IGMP filters control a port’s membership of multicast groups by filtering Membership Reports received from hosts attached to the port. The filter parameter specifies the number of the filter to destroy. A filter with the specified number must already exist.
Software Version 2.7.5 35 If an IGMP filter contains at least one entry, then Membership Reports for group addresses that do not match any entries in the filter are implicitly excluded and the packets are discarded. Examples To change the group address for entry 12 in filter 6 to the range 229.1.1.2 to 230.1.2.3, use the command: set igmp fil=6 ent=12 gro=229.1.1.2-230.1.2.
IGMP Enhancements Release Note set switch port Syntax (AR400, AR700) SET SWItch POrt={port-list|ALL} [BCLimit={NONE|limit}] [DESCription=description] [DLFLimit={NONE|limit}] [IGMPACtion={DENY|REPlace}] [IGMPFIlter={NONE|filter-id}] [IGMPMAxgroup={NONE|1..
Software Version 2.7.5 Syntax (AT-9800) 37 SET SWItch POrt={port-list|ALL} [ACCeptable={ALL|VLAN}] [DESCription=description] [EGResslimit={bandwidth|DEFault}] [FClength=length] [IGMPACtion={DENY|REPlace}] [IGMPFIlter={NONE|filter-id}] [IGMPMAxgroup={NONE|1..65535}] [INTRusionaction={DISable|DIScard|TRap}] [JUmbo={ON|OFF|packetsize] [LEARn={NONE|0|1..
IGMP Enhancements Example Release Note To apply IGMP filter 1 to port 12, use the command: set swi po=12 igmpfi=1 To limit the number of multicast groups that ports 12–23 can join to 50, use the command: set swi po=12-23 igmpma=50 show igmp filter Syntax SHow IGMP FILter[=filter-id] where: ■ Description filter-id is a decimal number in the range 1 to 99. This command displays information about an IGMP filter or all IGMP filters (Figure 9, Table 12).
Software Version 2.7.5 39 show igmpsnooping Syntax SHow IGMPSNooping [VLAN={vlan-name|1..4094}] where vlan-name is a unique name for the VLAN 1 to 32 characters long. Valid characters are uppercase and lowercase letters, digits, the underscore, and the hyphen. Description The output of this command includes a new field (Figure 10, Table 13). Figure 10: Example output from the show igmpsnooping command IGMP Snooping -------------------------------------------------------------------------------Status .
IGMP Enhancements Release Note show switch port Syntax SHow SWItch POrt[={port-list|ALL}] where port-list is a port number, range (specified as n-m), or comma-separated list of numbers and/or ranges. Port numbers start at 1 and end at m, where m is the highest numbered Ethernet port. Description The output of this command includes a new field (Figure 11, Table 14). The output shown is for AR400 and AR700 routers.
Software Version 2.7.5 41 OSPF Network Types OSPF treats the networks attached to OSPF interfaces as one of the following network types, depending on the physical media: ■ broadcast ■ non-broadcast multi-access (NBMA) ■ point-to-point ■ point-to-multipoint ■ virtual By default, Ethernet and VLAN networks are treated as broadcast networks. You can configure an Ethernet or VLAN interface as either a broadcast or an NBMA network.
OSPF Network Types Release Note You can add, delete or modify static neighbours by using the commands: add ospf neighbour=ipadd priority=0..255 delete ospf neighbour=ipadd set ospf neighbour=ipadd You can display the list of currently configured static neighbours using the command: show ospf neighbour You can configure the time interval between hello messages sent to neighbours that are deemed to be inactive.
Software Version 2.7.5 43 Command Reference Updates This section describes each new command and the changed portions of modified commands and output screens. For modified commands and output, new parameters, options and fields are shown in bold. add ospf interface Syntax Description Software Version 2.7.5 C613-10454-00 REV A ADD OSPF INTerface=interface AREa={BAckbone|area-number} [AUthentication={AREadefault|NONE|PASSword|MD5}] [BOOST1=0..1023] [DEadinterval=2..
OSPF Network Types Release Note set ospf interface Syntax SET OSPF INTerface=interface [AREa={BAckbone|area-number}] [AUthentication={AREadefault|NONE|PASSword|MD5}] [BOOST1=0..1023] [DEadinterval=2..2147483647] [DEMand={ON|OFF|YES|NO|True|False}] [HEllointerval=1..65535] [NETwork={BROadcast|NON-broadcast}] [PASSIve={ON|OFF|YES|NO|True|False}] [PASSword=password] [POLLInterval=1..2147483647] [PRIOrity=0..255] [RXminterval=1..3600] [TRansitdelay=1..
Software Version 2.7.5 45 show ospf interface Syntax Description SHow OSPF INTerface[=interface] [AREa={BAckbone|area-number}] [IPaddress=ipadd] [{FULl|SUMmary}] This command displays information about OSPF interfaces. The existing Type field displays the configured network type. Figure 12: Example output from show ospf interface command for a specified interface vlan1: Status ........................ Area .......................... IP address .................... IP net mask ...................
BGP Enhancements Release Note BGP Enhancements Software Version 2.7.5 includes the following enhancements for BGP: ■ Changes to Algorithm for Determining the Best Route ■ Automatic Summarising: Advertising as Few Routes as Possible ■ Importing and Advertising the Default Route This section describes each enhancement, then the new and modified commands in Command Reference Updates.
Software Version 2.7.5 47 Rule For this... the router or switch chooses the route that... 6 has external AS numbers in its AS path, rather than a route that has AS confederation sets or sequences in its AS path. Routes with external AS numbers are considered external paths; routes with AS confederation sets or sequences are internal paths. path type Note that candidate routes’ AS paths only contain EBGP and confederation AS numbers, because BGP drops routes with the local AS path in their path list.
BGP Enhancements Release Note Automatic Summarising: Advertising as Few Routes as Possible Problem Solution When BGP learns routes, it imports and advertises every route, even if some are routes to subnets of the same network. For example, if you used the subnets 192.168.1.64/26 and 192.168.1.128/26, BGP would advertise routes to both of these.
Software Version 2.7.5 Configuring automatic summarising 49 If you want to import routes from RIB into BGP and automatically summarise them into networks, use the following procedure. Instead of importing routes to subnets within each network, BGP then imports and advertises the route to the summary network. It specifies this router or switch as the next hop for the summary route.
BGP Enhancements Release Note Aggregating Routes About route aggregation When BGP receives routes from its peers or imports them from the RIB, by default it advertises every route, no matter how specific. You can reduce the number of routes BGP advertises, by configuring aggregate prefix entries. If the router or switch receives a route to a subset of the entry’s prefix, BGP adds the aggregate prefix to its database, as well as the route for the more specific prefix.
Software Version 2.7.5 51 Importing and Advertising the Default Route Software Version 2.7.5 enables you to control whether: ■ BGP imports the default route (0.0.0.
BGP Enhancements Release Note Command Reference Updates This section describes each new command and the changed portions of modified commands and output screens. For modified commands and output, new parameters, options and fields are shown in bold. add bgp peer Syntax Description ADD BGP PEer=ipadd REMoteas=1 ..65534 [DEFaultoriginate={NO|YES}] [other-options...] The new defaultoriginate parameter specifies whether to advertise the default route (0.0.0.
Software Version 2.7.5 53 disable bgp defaultoriginate Syntax Description DISable BGP DEFaultoriginate This command prevents BGP from importing the default route (0.0.0.0/0) into its routing table. This command over-rides other import options, so BGP does not import the default route even when it is configured with an import or network entry that includes the default route. This feature is disabled by default. Therefore, by default BGP excludes the default route.
BGP Enhancements Release Note enable bgp defaultoriginate Syntax Description ENAble BGP DEFaultoriginate This command enables BGP to import the default route (0.0.0.0/0) into its routing table. You also need to do both of the following: ■ create the default route on the router or switch (or the router or switch needs to learn it from another routing source) ■ configure BGP with an import or network entry that includes the default route This feature is disabled by default.
Software Version 2.7.5 55 show bgp Syntax Description SHow BGP The output of this command includes a new field. Figure 13: Example output from the show bgp command BGP router ID ................. BGP Cluster ID ................ Local autonomous system ....... Confederation ID .............. Local preference .............. Multi Exit Discriminator ...... Route table route map ......... Auto soft reconfiguration ..... Default route origination ..... Auto summary .................. Number of peers Defined .
BGP Enhancements Release Note show bgp peer Syntax Description SHow BGP PEer[=ipadd] The output of this command includes a new field. Figure 14: Example output from the show bgp peer command for a specific peer Peer ................ Description ......... State ............... Policy Template ..... Description ....... Private AS filter ... Remote AS ........... BGP Identifier ...... Authentication ...... Password .......... Fast Fall-Over ...... Default originate ... . . . 192.168.10.
Software Version 2.7.5 57 Classifying According to the Layer 5 Byte Software Version 2.7.5 enables you to create classifiers that match specific bytes in the Layer 5 part of IP packets. Layer 5 is the Layer 4 payload, so the new classifier parameters match parts of the TCP or UDP payload. The switch can perform its full array of hardware filtering and Quality of Service actions on matched traffic. The flexibility of this classifier option means you can match the traffic you need to, even new protocols.
Classifying According to the Layer 5 Byte Release Note Command Reference Updates This section describes each new command and the changed portions of modified commands and output screens. For modified commands and output, new parameters, options and fields are shown in bold. create classifier Syntax CREate CLASSifier=rule-id [MACSaddr={macadd|ANY}] [MACDaddr={macadd|ANY}] [MACType={L2Ucast|L2Mcast|L2Bcast|ANY}] [TPID=tpid|ANY] [VLANPriority=0..7|ANY] [VLAN={vlanname|1..
Software Version 2.7.5 59 ■ (optionally) bytemask, which is a 2-digit hexadecimal number. This specifies an eight-bit binary mask to apply to the field. When a bit is set to 1 in the mask, the value of the bit at the same position in the byte value is used to determine a match. A 0 in the mask means that the corresponding bit is ignored. The default is ff, which means the classifier matches against all bits in the byte.
Classifying According to the Layer 5 Byte Release Note [L5BYTE07=byteoffset,bytevalue[,bytemask]] [L5BYTE08=byteoffset,bytevalue[,bytemask]] [L5BYTE09=byteoffset,bytevalue[,bytemask]] [L5BYTE10=byteoffset,bytevalue[,bytemask]] [L5BYTE11=byteoffset,bytevalue[,bytemask]] [L5BYTE12=byteoffset,bytevalue[,bytemask]] [L5BYTE13=byteoffset,bytevalue[,bytemask]] [L5BYTE14=byteoffset,bytevalue[,bytemask]] [L5BYTE15=byteoffset,bytevalue[,bytemask]] [L5BYTE16=byteoffset,bytevalue[,bytemask]] Description The new
Software Version 2.7.5 61 show classifier Syntax SHow CLASSifier[={rule-id|ALL}] [MACSaddr={macadd|ANY}] [MACDaddr={macadd|ANY}] [MACType={L2Ucast|L2Mcast|L2Bcast|ANY}] [TPID=tpid|ANY] [VLANPriority=0..7|ANY] [VLAN={vlanname|1..4094|ANY}] [INNERTpid=tpid|ANY] [INNERVLANPriority=0..7|ANY] [INNERVLANId=VLAN=1..4094|ANY] [ETHFormat={802.2-Tagged|802.
Classifying According to the Layer 5 Byte Release Note Figure 15: Example output from the show classifier command (layer 5 byte data) Classifier Rules -----------------------------------------------------------Rule .................. 1 S-IP Address ......... ANY D-IP Address ......... ANY IP Protocol .......... ANY TOS/DSCP ............. ANY Layer 5 Byte 01: Offset ............. 0 Value .............. 50 Layer 5 Byte 02: Offset ............. 1 Value .............. 4f Layer 5 Byte 03: Offset ..........
Software Version 2.7.5 63 Firewall Enhancements Software Version 2.7.5 includes the following enhancements to the firewall: ■ Increased Number of Firewall Policy Rules ■ SIP Application Layer Gateway Diagnostic Tools ■ UDP Port Timeout This section describes each enhancement, then the new and modified commands in Command Reference Updates. Increased Number of Firewall Policy Rules Software Version 2.7.5 enables you to associate up to 699 rules with each interface in a firewall policy.
Firewall Enhancements Release Note To see the logging settings, use the command: show firewall policy[=policy-name] Displaying Sessions Software Version 2.7.5 enables you to limit information displayed about firewall sessions to only the sessions that are associated with a particular IP address or range of addresses. To do this, use the command: show firewall session[=session-number] ip=ipadd[-ipadd] [other-options...
Software Version 2.7.5 65 UDP Port Timeout Existing software versions allow you to configure a specific amount of time, per firewall policy, for which the firewall maintains inactive UDP sessions. This amount of time is called the UDP timeout, and is configured with the udptimeout parameter in the set firewall policy command. As well as this firewall UDP timeout, you can now configure a UDP port timeout value per server port.
Firewall Enhancements Release Note Command Reference Updates This section describes each new command and the changed portions of modified commands and output screens. For modified commands and output, new parameters, options and fields are shown in bold. add firewall policy udpporttimeout Syntax ADD FIREwall POLIcy=policy-name UDPPorttimeout=port [TIMeout={0..43200|DEFault}] where: Description ■ policy-name is a character string 1 to 15 characters long.
Software Version 2.7.5 67 delete firewall policy udpporttimeout Syntax DELete FIREwall POLIcy=policy-name UDPPorttimeout=port where: Description ■ policy-name is a character string 1 to 15 characters long. Valid characters are uppercase and lowercase letters, digits, and the underscore character. ■ port is a UDP port number or a list of comma-separated UDP port numbers from 1 to 65535. This command deletes a previously defined UDP port timeout from the specified port.
Firewall Enhancements Release Note disable firewall policy debug Syntax Description DISable FIREwall POLIcy[=policy-name] DEBug={ALL|ARP|HTTP|PACKET|PKT|PROCESS|PROXY|SMTP| RADius|TCP|UPNP|SIPAlg} [DEBUGMode={ALL|ERRORcode|MESSage|PARSing|TRAce}] The new sipalg option on the debug parameter specifies that SIP ALG debugging is disabled. The new debugmode parameter specifies one or more modes of SIP ALG debugging to be disabled. You can specify a single mode or a comma-separated list of modes.
Software Version 2.7.5 69 enable firewall policy debug Syntax ENAble FIREwall POLIcy[=policy-name] DEBug={ALL|ARP|HTTP|PACKET|PKT|PROCESS|PROXY|SMTP| RADius|TCP|UPNP|SIPAlg} [DEBUGMode={ALL|ERRORcode|MESSage|PARSing|TRAce}] [IP=ipadd[-ipadd]] where: ■ Description ipadd is an IP address in dotted decimal notation The new sipalg option on the debug parameter displays information about the SIP application layer gateway and packets it processes.
Firewall Enhancements Release Note set firewall policy udpporttimeout Syntax SET FIREwall POLIcy=policy-name UDPPorttimeout=port TIMeout={0..43200|DEFault} where: Description ■ policy-name is a character string 1 to 15 characters long. Valid characters are uppercase and lowercase letters, digits, and the underscore character. ■ port is a UDP port number or a list of comma-separated UDP port numbers from 1 to 65535. This command sets a UDP port timeout for the specified server port.
Software Version 2.7.5 71 show firewall policy Syntax SHow FIREwall POLIcy[=policy-name] [COUnter] [SUMmary] where: ■ Description policy-name is a string 1 to 15 characters long. Valid characters are uppercase and lowercase letters, digits, and the underscore character. This command displays detailed information about the specified policy or all policies. Figure 16: Example output from the show firewall policy command Policy : Office TCP Timeout (s) ................... UDP Timeout (s) ................
Firewall Enhancements Release Note show firewall policy udpporttimeout Syntax SHow FIREwall POLIcy[=policy-name] UDPPorttimeout where: ■ Description policy-name is a character string 1 to 15 characters long. Valid characters are uppercase and lowercase letters, digits, and the underscore character. This command displays information about any UDP ports on the firewall that are explicitly set with a UDP port timeout.
Software Version 2.7.5 73 show firewall session Syntax SHow FIREwall SEssion[=session-number] [POLIcy=policy-name] [COUnter] [IP=ipadd[-ipadd]] [POrt={port[-port]|service-name}] [PROTocol={protocol|ALL|EGP|GRE|ICmp|OSPF|TCP|UDP}] [SUMmary] [UPNP] where: ■ Description ipadd is an IP address in dotted decimal notation This command displays information about the sessions and flows currently active for the specified policy. The new ip parameter specifies an IP address or a range of addresses.
WAN Load Balancing Release Note WAN Load Balancing WAN load balancing enables you to distribute your router's wide area traffic across two or more of its ports. Software Version 2.7.5 provides support for WAN load balancing on AR400 series routers. A range of traffic balancing distribution methods are provided. Basic load balancer distribution methods are: ■ round robin distribution ■ weighted lottery distribution On both AR400 and AR700 series routers, Software Version 2.7.
Software Version 2.7.5 75 VRRP Preemption Delay Preemption delay support is an enhancement to the Virtual Router Redundancy Protocol (VRRP) that lets you specify a time delay between one router or switch assuming control from another one. The effect of this enhancement is that it is now possible to specify a delay between the time the higher-priority device becomes available, and the time it assumes mastership. VRRP specifies the method of how a backup assumes control when the master fails.
VRRP Preemption Delay Release Note Command Reference Updates This section describes each new command and the changed portions of modified commands and output screens. For modified commands and output, new parameters, options and fields are shown in bold. create vrrp Syntax Description CREate VRRP=vr-identifier OVER=physical-interface IPaddress=ipadd [ADINTerval=1 ..
Software Version 2.7.5 77 set vrrp Syntax Description SET VRRP=vr-identifier [ADINTerval=1 ..255] [ADOPTvrip={ON|OFF}] [ADVertisements={ON|OFF|YES|NO|TRUE|FALSE}] [AUTHentication={NONE|PLAINtext}] [PASSword=password] [PORTMOnitoring={ON|OFF} [STEPVALue={stepvalue|PRoportional}]] [PREEmpt={ON|OFF}] [DELay=0 ..3600] [PRIOrity=1..254] The new delay parameter specifies the number of seconds that a higher priority switch must wait before preempting a lower priority switch.
VRRP Preemption Delay Release Note show vrrp Syntax Description SHow VRRP[=vr-identifier] This command displays information about the specified virtual router or all the virtual routers in which the router or switch is participating. Figure 18: Example output from the show vrrp command Virtual Router Identifier ............. 1 Configuration: VR MAC ADDRESS .................... Interface ......................... Priority .......................... State ............................. Authentication ..
Chapter 1 WAN Load Balancing Introduction ................................................................................................... 1-2 Operating Principles ....................................................................................... 1-2 Load Distribution Methods ............................................................................. 1-3 Round Robin Distribution ........................................................................ 1-3 Weighted Lottery Distribution ...........
1-2 Release Note Introduction This chapter describes the WAN load balancing feature, how it is supported on the router, and how you can configure its operation. With the increasing use of the Internet to service core business functions comes the need for reliable WAN connectivity. A specific aspect of this requirement is the need for reliable connectivity to specific destinations.
WAN Load Balancing 1-3 When WAN load balancing is disabled, the router uses its existing routing protocols and tables to determine the path for a particular IP flow and will also remember this route for future packets that belong to the same flow. In order to efficiently operate with applications that can simultaneously run multiple applications, the WAN load balancer is able to create sessions without the need to specify port information. The load balancer manages its sessions (creating, deleting, etc.
1-4 Release Note For example, if a router has two ports A and B, and: • port A is configured with a weighting factor of 1000 • port B is configured with a weighting factor of 2000. then the load balancer is twice as likely to select port B than port A. However, if both ports are assigned the same weighting factor then the selection process resorts to the round robin selection method.
WAN Load Balancing 1-5 Weighted Fast Response Distribution This distribution method assigns new load balancer sessions to WAN ports based on the response times recorded for the transmission of WAN load balancer healthcheck messages. These messages are transmitted from each of the WAN load balancer ports and record response times between these ports and selected distant hosts. WAN ports that have faster healthcheck response times will be selected more frequently than those with slower response times.
1-6 Release Note The following figure shows how the round trip response times are used to determine which port the load balancer will use for its data traffic.
WAN Load Balancing 1-7 Assigning Weights For weighted least connect and weighted lottery, the WAN port's assigned weight influences how often the WAN port will be selected. A good rule of thumb is to base this weight on the link's bandwidth. For situations where the underlying bandwidth of a WAN port is not known, or the bandwidth does not reflect the actual achievable throughput, WAN load balancer provides two alternatives; Automatic, and Perfect Automatic, weightings.
1-8 Release Note The following figure illustrates the adaptive bandwidth Detection - Weight Calculation process 1500 1000 500 Ave BW 750 kbps Ave BW 1000 kbps 1s IP Throughput (kbps) 1s Ave BW 1250 kbps Ave BW 1000 kbps 1s 1s Ave BW 750 kbps 1s Resolution Period (set to 1second) 2000 Maximum average throughput detected 1500 1000 50 5 10 15 20 25 30 35 40 45 50 55 60 Update Interval (set to 1 minute) Instantaneous bandwidth Maximum average throughput over the update interval = 1
WAN Load Balancing 1-9 To determine a host's reachability, the router sends it a series of healthcheck packets. After it receives a set number of successful responses termed successchecks, it considers the host to be reachable. If the router has received no replies to a defined number of healthcheck requests called failchecks, it considers the host to be unreachable. You can configure the various healthcheck parameters by using the set wanlb healthcheck command on page 1-32.
1-10 Release Note The firewall shown has two public interfaces, WAN ISP1 and WAN ISP2, that are configured for both network address translation (NAT) and for WAN load balancing. Two translated IP addresses (i.e. NATx and NATy) are configured for the two WAN connections ISP1 and ISP2. When the firewall receives a packet from its private interface, it finds a route in its routing table based on the WAN load-balancing algorithm.
WAN Load Balancing 1-11 Configuring WAN Load Balancing This section gives a step by step procedure and simple configuration examples for configuring WAN load balancing on the router.
1-12 Release Note Table 1-1: WAN load balancing configuration procedure (Continued) Step Commands Description 8 add firewall policy=policy-name interface=interface type={public|private} Add the firewall policy to the interfaces that the load balancer will use. 9 add firewall policy=policy-name nat={enhanced|standard} interface=interface [ip=ipadd] gblinterface=interface [gblip=ipadd[-ipadd]] Add the firewall policy for NAT and define the global IP addresses for each interface.
WAN Load Balancing 1-13 Configuration Examples The following examples illustrate the steps required to configure WAN load balancing on the router. This example shows a load balancer where data travels to remote destinations via two Internet connections, each routed via a separate ISPs. A simple firewall configuration is also included that provides for basic network address translation (NAT).
1-14 Release Note To configure the WAN Balancer. 1. Enable IP To enable the IP routing module, if it has been disabled, use the command: enable ip 2. Disable multipath IP route To disable multipath IP routing use the command: disable ip route multipath 3. Add the IP interfaces To add the logical interfaces to the IP module, use the command: add ip interface=eth0 ip=192.0.2.32 mask=255.255.255.224 add ip interface=eth1 ip=192.0.2.65 mask=255.255.255.224 add ip interface=vlan1 ip=192.168.1.
WAN Load Balancing 1-15 For weighted least connect selection set wanlb select=wleastconnect For weighted lottery selection set wanlb select=wlottery For weighted fast response selection set wanlb select=wfastresponse 13. Set the WAN load balancer resource weight This step is only required if you are using weighted lottery or weighted least connect selection methods.
1-16 add wanlb healthcheck Release Note Command Reference This section describes the commands available on the router to enable, configure, control and monitor the WAN load balancing module. The shortest valid command is denoted by capital letters in the Syntax section. add wanlb healthcheck Syntax Description ADD WANLB HEALthcheck[=1..3] HOst=hostaddress This command adds a healthcheck host to the WAN load balancer. Up to three hosts can be added.
WAN Load Balancing add wanlb resource 1-17 add wanlb resource Syntax Description ADD WANLB RESource=interface [HEALthchecksipaddress=ipadd] [WEIght={0..10000000|AUTOmatic|PERFectautomatic}] This command adds a new resource to the WAN load balancer interface. By default, a newly added resource is enabled. The state of a new resource is the same as that of its associated IP interface. This means that the WAN load balancer interface will be available whenever the interface is available.
1-18 delete wanlb healthcheck Release Note delete wanlb healthcheck Syntax Description Examples DELete WANLB HEALthcheck={1..3|ALL} This command removes one or more healthcheck hosts from the WAN load balancer. If all hosts are deleted, the WAN load balancer cannot use its healthchecks to determine the status of its resources. In this situation, the router will change the state of its WAN load balancer resources to be the same as their associated IP interfaces. Parameter Description 1..
WAN Load Balancing disable wanlb 1-19 delete wanlb resource Syntax Description DELete WANLB RESource={ALL|interface} This command deletes a WAN load balancer resource. You can only delete the resource when it is in the down state and there are no WAN load balancer sessions assigned to it. To place the resource in the down state, use the disable wanlb resource command. Parameter Description RESource An existing IP interface for the resource.
1-20 disable wanlb debug Release Note disable wanlb debug Syntax Description DISable WANLB DEBug[={ABD|HEALthcheck|IP|RESource|SELect|ALL}] This command disables debugging on the WAN load balancer. Parameter DEBug Examples Description The type of debugging to disable. Default: all ABD Disables adaptive bandwidth detection debugging. HEALthcheck Disables healthcheck debugging. IP Disables debugging for the creation of WAN load balancer sessions for new IP flows.
WAN Load Balancing disable wanlb healthcheck 1-21 disable wanlb healthcheck Syntax Description DISable WANLB HEALthcheck This command disables background healthchecking for resources. Under high load, these resources may sometimes ignore ICMP healthchecks and be marked as closing or down even though the resource is still operational and can take connections. After executing this command, response times for resources are set to zero. healthchecks are disabled by default.
1-22 disable wanlb resource Release Note disable wanlb resource Syntax Description DISable WANLB RESource={ALL|interface} [IMMEDiately] This command disables a resource by moving it from the up state to the down state, or by moving it from the up state to the closing state and then to the down state. When a resource moves to the closing state it allows all existing sessions associated with it to complete, but the resource cannot participate in load balancing for any new sessions.
WAN Load Balancing enable wanlb 1-23 enable wanlb Syntax Description ENAble WANLB This command enables the WAN load balancer. Although you do not need to enable the WAN load balancer to configure its settings, you do need to enable it to run the WAN load balancing operation. You cannot enable the WAN load balancer when equal cost multipath routing is also enabled. To disable equal cost multipath routing, use the disable ip route command.
1-24 enable wanlb debug Release Note enable wanlb debug Syntax Description ENAble WANLB DEBug[={ALL|ABD|HEALthcheck|IP|RESource|SELect}] This command enables debugging on the WAN load balancer. Parameter DEBug Description Enables WAN load balancer debugging ABD Displays information about Adaptive Bandwidth Detection calculations, such as the observed resource throughput and updates to the resource weight.
WAN Load Balancing enable wanlb healthcheck 1-25 enable wanlb healthcheck Syntax Description ENAble WANLB HEALthcheck This command enables background healthchecking for WAN load balancer resources. Background healthchecking periodically monitors the health of connections between each WAN load balancer resource and its configured healthcheck hosts. The WAN load balancer healthchecks consist of sending ICMP echo requests to the healthcheck hosts.
1-26 enable wanlb resource Release Note enable wanlb resource Syntax Description ENAble WANLB RESource={ALL|interface} This command enables a configured resource by moving it from the down state to the up state. A device must be in the up state to participate in WAN load balancing. Parameter Description RESource Enables the specified interfaces interface Specifies an existing IP interface for the resource. The resource must currently be in the down state before it can be enabled.
WAN Load Balancing reset wanlb resource 1-27 reset wanlb resource Syntax Description RESET WANLB RESource={ALL|interface} This command resets states of the specified wan load balancer resource. A reset is equivalent to the disable wanlb resource command on page 1-22, immediately followed by the enable wanlb resource command on page 1-26. Parameter Description interface The resource whose states are to be reset.
1-28 reset wanlb resource counter Release Note reset wanlb resource counter Syntax Description RESET WANLB RESource={interface|ALL} COUnter This command resets the specified wan load balancer resource counters. Parameter Description Interface The resource whose counters are to be reset. Interface is a valid interface name formed by concatenating an interface type and an interface instance.
WAN Load Balancing set wanlb 1-29 set wanlb Syntax Description SET WANLB [ORPhantimeout={OFF|1..65535}] [SELect={ROundrobin|WLEastconnect|WLOttery| WFAStresponse}] This command sets the global parameters of WAN load balancer. Parameter Orphantimeout Description Specifies the number of seconds in which a WAN load balancer session can remain in an orphan state before timing out. An orphan state exists when the load balancer session is open, but neither sending nor receiving traffic.
1-30 set wanlb abd Release Note set wanlb abd Syntax Description SET WANLB ABD [RESOLution=200..5000] [UPDAteinterval=1..1440] [DECReasethreshold=0..75] [TRAFfic={TOTal|INBound|OUTBound}] This command sets the parameters for adaptive bandwidth detection (ABD) that are used to update the weight of resources. To apply this command you must first set the weight parameter of the add wanlb resource command on page 1-17, to perfectautomatic.
WAN Load Balancing set wanlb abd Parameter TRAFfic Examples Description The type of traffic that will be measured in the throughput calculations. This parameter may be useful for disparities in price or speed between the upstream and downstream ISP connections. Default: total INBound The throughput is calculated based on inbound traffic only. OUTBound The throughput is calculated based on outbound traffic only. TOTal The throughput is calculated based on both inbound and outbound traffic.
1-32 set wanlb healthcheck Release Note set wanlb healthcheck Syntax Description Examples SET WANLB HEALthcheck [INTerval=1..300] [FAILchecks=1..6] [SUCCesschecks=1..5] This command sets parameters used by the healthchecking mechanism. Parameter Description INTerval The period of time, in seconds, with which WAN load balancer regularly commences healthchecking of each resource to each healthcheck host.
WAN Load Balancing set wanlb resource 1-33 set wanlb resource Syntax SET WANLB RESource=interface [HEALthchecksipaddress=ipadd] [WEIght={0..10000000|AUTOmatic|PERFfectautomatic}] Description This command sets the configuration of a resource. The weight parameter can be changed when the resource is in either the up or down state. Changes to a resource will take effect the next time the resource is used for a WAN load balancer session.
1-34 show wanlb Release Note show wanlb Syntax Description SHow WANLB This command displays information about the general configuration and status of the WAN load balancer (Figure 1-3, Table 1-2). Figure 1-3: Example output from the show wanlb command Global WAN Load Balancer Configuration ---------------------------------------------------------Status ...................... ENABLED Select Method ............... ROUNDROBIN Orphan Timeout .............. 3600s Current Sessions ............
WAN Load Balancing show wanlb debug 1-35 Table 1-2: Parameters in the output of the show wanlb command (Continued) Parameter Description Decrease Threshold The maximum percentage that the bandwidth can decrease in one update interval and still be updated as the resource's new weight. If the maximum bandwidth detected for the last update interval has decreased beyond the threshold, then the resource's weight is not updated.
1-36 show wanlb healthcheck Release Note show wanlb healthcheck Syntax Description SHow WANLB HEALthcheck This command displays information about wan load balancer healthcheck resources (Figure 1-5, Table 1-4). Figure 1-5: Example output from the show wanlb healthcheck command WAN Load Balancer Healthcheck configuration ----------------------------------------------------------State ............................ ENABLED Interval ......................... 60 seconds Consecutive Success Checks .......
WAN Load Balancing show wanlb resource 1-37 show wanlb resource Syntax Description SHow WANLB RESource[={ALL|interface}] [HEALthcheck] This command displays information about all resources for the WAN load balancer (Figure 1-6, Figure 1-7, Table 1-5). If a resource name is specified, the output displays detailed information about the particular resource (Figure 1-8 on page 1-39, Table 1-6 on page 1-40).
1-38 show wanlb resource Release Note Table 1-5: Parameters in the summary output from the show wanlb resource command Parameter Description Resource The resource whose information is to be displayed. Status The current status of the resource; one of ENABLED or DISABLED. State The current state of the resource; one of UP, DOWN, or CLOSING. The state of a resource will have the same state as its associated IP Interface. So if the IP interface is UP, the resource state will also be UP.
WAN Load Balancing show wanlb resource Figure 1-8: Example output from the show wanlb resource=all command WAN Load Balancer Resource Configuration --------------------------------------------------------Resource....................ppp0 Status......................ENABLED State.......................UP Weight......................3000 Weight type ................Manual Total Sessions .............34123 Current Sessions............24 Healthchecks Avg overall response time ....40 ms Resource up events .....
1-40 show wanlb resource Release Note Table 1-6: Parameters in the detailed output from the show wanlb resource=all command Parameter Description Resource The resource interface. Status The current state of the interface; on of ENABLED or DISABLED. State The current state of the resource; one of UP, DOWN, or CLOSING. The state of a resource will have the same state as its associated IP Interface. So if the IP interface is UP, the resource state will also be UP.
WAN Load Balancing show wanlb resource 1-41 Table 1-6: Parameters in the detailed output from the show wanlb resource=all command (Continued) Parameter Software Version 2.7.5 C613-10454-00 REV A Description Resource Up events The number of times the resource's state has changed from down to up due to healthchecks, i.e. because one or more hosts became reachable. Resource Down Events The number of times the resource's state has changed from up to down due to healthchecks, i.e.
1-42 show wanlb resource Release Note Figure 1-9: example output from the show wanlb resource=ppp0 healthcheck command WAN Load Balancer Resource Healthchecks --------------------------------------------------------Resource .................... ppp0 Ave overall response......... 40 ms Resource up events .......... 1 Resource down events ........ 0 Unreachable host events ..... 1 Host ..................... 202.36.8.11 Status ................... Unreachable Avg response ............. N/A Total sent .......
WAN Load Balancing show wanlb resource 1-43 Table 1-7: Parameters in the detailed output from the show wanlb resource=ppp0 healthcheck command (Continued) Parameter Description Unreachable host events The number of separate times a host has become unreachable. Host The IP address or domain name of the configured healthcheck host. Status The status of the healthcheck host for the resource; one of REACHABLE or UNREACHABLE.
1-44 show wanlb sessions Release Note show wanlb sessions Syntax Description SHow WANLB SEssions [RESource=interface] This command displays information about all of the sessions currently open on WAN load balancer for a specified resource, or for all resources. The resource parameter specifies the interface of the resource to display sessions for. If no resource is specified, all WAN load balancer sessions are displayed.
Chapter 2 Filtering IP Routes Introduction ................................................................................................... 2-3 Types of Filters ............................................................................................... 2-4 About Prefix Lists ..................................................................................... 2-4 About AS Path Lists ................................................................................. 2-5 About Route Maps ..............
2-2 Release Note delete ip routemap ................................................................................ 2-59 set ip prefixlist ....................................................................................... 2-60 set ip route filter .................................................................................... 2-62 set ip routemap ..................................................................................... 2-65 show ip aspathlist .........................................
Filtering IP Routes 2-3 Introduction This chapter describes the router or switch’s functions for filtering IP routes. IP route filtering enables you to control your routing tables, for example, to meet the terms of business relationships you have with the networks you are connected to. If you are a network provider, you can filter the routing information that your routers or switches receive from the networks they connect to, and that they advertise to those networks.
2-4 Release Note Types of Filters The type of filter to use depends on the route source and the point at which you want to filter. This section describes the available filters, in the following subsections: ■ About Prefix Lists ■ About AS Path Lists ■ About Route Maps ■ About IP Route Filters ■ About IP Filters This section describes each of these types of filters and summarises the circumstances in which you use them.
Filtering IP Routes 2-5 For OSPF, you can use prefix lists in a route map, and then use the route map: ■ to filter OSPF routes before adding them to the RIB ■ when importing static routes into the OSPF LSA database About AS Path Lists Description In BGP, the AS_path attribute lists the AS numbers of every Autonomous System that the routing information in an update message has passed through. It shows the path the update message has taken, and how “close” the routes are to the router or switch.
2-6 Release Note The following figure shows valid combinations of action and clause inside a route map.
Filtering IP Routes 2-7 For OSPF, you can use route maps: ■ to filter routes from OSPF before adding them to the RIB ■ when importing static routes into the OSPF LSA database When applied to OSPF routes, route maps can: ■ accept or reject particular routes on the basis of their metric, route type, source, nexthop or tag, or the interface they are received on ■ accept or reject particular routes, by comparing the update message’s routes with a prefix list ■ alter matching routes’ metric, type and
2-8 Release Note About IP Filters Description When to use IP filters An IP filter filters routes if it has a filter ID number in the range 300 to 399. It matches on the source and mask of the route, and specifies whether matching routes are included or excluded. Use an IP filter when you want to filter routes that the router or switch imports from BGP into OSPF. “Applying Filters When Redistributing from the RIB” on page 2-23 has more information.
Filtering IP Routes 2-9 Creating AS Path Lists for BGP To create an AS path list and add entries to it, use one of the commands: add ip aspathlist=1..99 [entry=1..4294967295] include=aspath-reg-exp add ip aspathlist=1..99 [entry=1..4294967295] exclude=aspath-reg-exp Each entry uses a regular expression, aspath-reg-exp, to both specify the AS numbers that the entry matches, and to establish whether matching AS numbers are included or excluded.
2-10 Release Note When a BGP process passes an update message through a route map: 1. It checks the entries in order, starting with the lowest numbered entry, until it finds a match. 2. It then takes the action specified by that entry’s action parameter. If the action is exclude, it filters out that update or prefix. If the action is include, it filters in that update or prefix. 3. If the action is include, it modifies attributes as specified by the entry’s set clauses if there are any. 4.
Filtering IP Routes 2-11 Then use the AS path list in the match clause of a route map by using the command: add ip routemap=routemap entry=1..4294967295 [action={include|exclude}] match aspath=1..99 When the router or switch uses this route map to examine an update message, the router or switch goes through the entries in the AS path list. The update matches if an entry in the AS path list matches the AS path in the update message, and that AS path list entry is an include entry.
2-12 Release Note Example comparing AS path filter and route map Compare this configuration, which uses an AS path list in a path filter: add ip aspathlist=2 entry=1 exclude="^$" add ip aspathlist=2 entry=2 include="15557" set bgp peer=192.168.200.
Filtering IP Routes Matching on MED 2-13 An entry that matches on med lets you select or discard routes with a particular Multi Exit Discriminator metric. BGP can use the MED to determine the best route to a destination. To match on MED, use the command: add ip routemap=routemap entry=1..4294967295 [action={include|exclude}] match med=0..4294967295 Matching on next hop An entry that matches on nexthop lets you select or discard routes that traverse a particular node.
2-14 Release Note Note that the action of the prefix list and of the route map entry are separate. Table 2-2 shows the effect of each combination. Table 2-2: The effect of actions in prefix list and route map entries Prefix list entry Route map entry Action when route map applied match include An update message that contains the prefix matches the route map entry. The prefix is processed. match exclude An update message that contains the prefix matches the route map entry.
Filtering IP Routes 2-15 How to configure an entry with a set clause Once you have determined what update messages or prefixes a route map entry matches, you can configure set clauses to change the attributes of matching items. To create a set clause for an entry, use one of the commands shown in the following table. Table 2-3: The available set clauses for route maps for BGP Route map set clauses for BGP Command Result add ip routemap=routemap entry=1..4294967295 set aspath={1..65534[,...
2-16 Release Note Creating Route Maps for OSPF A route map consists of multiple entries, which are in effect individual filters. Each entry specifies both what it matches on, in a match clause, and what is done to matching traffic, in the entry’s action and any set clauses it has. When the router or switch applies a route map to routes for OSPF: 1. It checks the entries in order, starting with the lowest numbered entry, until it finds a match. 2.
Filtering IP Routes Matching on metric 2-17 An entry that matches on metric lets you select or discard all routes with that OSPF metric or a metric in that range. To do this, use the command: add ip routemap=routemap entry=1..4294967295 [action={include|exclude}] match metric=0..4294967295[-0..4294967295] Matching on next hop An entry that matches on nexthop lets you select or discard routes that traverse a particular node. To do this, use the command: add ip routemap=routemap entry=1..
2-18 Release Note Matching on route source An entry that matches on routesource lets you select or discard routes depending on the router ID of the router that they were learnt from. To do this, first create a prefix list for the router IDs, by using the command: add ip prefixlist=name entry=1..65535 [action={match|nomatch}] masklength=32 [prefix=ipadd] See “Creating Prefix Lists” on page 2-8 for more information. Note that the mask for a router ID must be 255.255.255.255, so the mask length must be 32.
Filtering IP Routes 2-19 How to configure an entry with a set clause Once you have determined what routes a route map entry matches, you can configure set clauses to change the characteristics of matching items. To create a set clause for an entry, use one of the commands shown in the following table. Route map set clauses for OSPF Command Result add ip routemap=routemap entry=1..4294967295 set metric=0..4294967295 Sets the OSPF metric of matching routes. Routes with a lower metric are preferred.
2-20 Release Note Creating IP Filters To create an IP filter that will filter routes, use the command: add ip filter=300..399 action={include|exclude} source=ipadd [smask=ipadd] [entry=1..255] The source parameter is the network IP address of the subnet to be filtered. The smask parameter determines how many bits of the prefix are significant. When the router or switch checks routes against the filter, it only checks the significant bits. By default, new entries are added at the end of the filter.
Filtering IP Routes 2-21 Applying Filters When Writing to the RIB When the router or switch receives information about a route, it normally adds that route to its RIB. This makes the route available for the router or switch to use. You can use route filters to stop the router or switch from adding certain routes—or routes with certain characteristics—into the RIB. This gives you control over the routes packets take when they leave the router or switch.
2-22 Applying route maps Release Note To use a route map to filter or modify update messages that it receives from a peer, use one of the commands: add bgp peer=ipadd remoteas=asn inroutemap=routemap [other-options] set bgp peer=ipadd inroutemap=routemap [other-options] The router or switch checks every route in the update message against every entry in the filter, starting with the entry with the lowest entry number, until it finds a match or gets to the end of the filter.
Filtering IP Routes 2-23 Applying Filters When Redistributing from the RIB The router or switch is able to import routes from the RIB into BGP, OSPF or RIP, even if it learnt them from a different routing protocol or source. For example, you can add non-BGP routes to BGP, such as static routes and routes learned by OSPF or RIP. BGP can then advertise these routes. When you import routes from some route sources, you can also filter, to block certain routes.
2-24 Release Note Filtering when copying routes to OSPF OSPF: ■ can import BGP routes, with or without filtering ■ can import RIP routes, with or without filtering ■ automatically imports interface routes, without filtering ■ can import statically-configured routes, with or without filtering. The following table shows how to filter routes from RIP, BGP and static routes. From How to filter Static routes 1.
Filtering IP Routes 2-25 Filtering when copying routes to RIP RIP can import static and OSPF routes. It also automatically imports interface routes. The following table shows how to filter routes. From How to filter OSPF 1. Turn on exporting of OSPF routes into RIP, by using the command: set ospf rip=export [other-options] 2.
2-26 Release Note Applying Filters Before Advertising Routes Routing protocols send their neighbours or peers information about the routes in the router or switch’s RIB. You can use route filters to stop the router or switch from advertising certain routes or routes with certain characteristics. This gives you control over the routes that packets take through your network and when leaving your network.
Filtering IP Routes Applying AS path lists 2-27 To apply an AS path list directly as a filter on a BGP peer, use one of the commands: add bgp peer=ipadd remoteas=asn [inpathfilter=1..99] [outpathfilter=1..99] [other-options] set bgp peer=ipadd [inpathfilter=1..99] [outpathfilter=1..99] [other-options] The outpathfilter parameter applies the AS path list as a filter on update messages that the router or switch sends to the peer.
2-28 Release Note Filtering when using RIP to advertise routes To filter routes before advertising them with RIP, create a filter or series of filters, using the command: add ip route filter[=filter-id] ip=ipadd mask=ipadd action={include|exclude} protocol=rip direction=send [other-options] The router or switch automatically applies the filter when advertising routes to RIP neighbours, because protocol=rip.
Filtering IP Routes 2-29 Overview of Filters for each Route Source The sections above describe each type of filter. This section contains a series of diagrams that summarise the available filters for each route source: ■ Border Gateway Protocol (BGP-4) ■ Open Shortest Path First (OSPF) ■ Routing Information Protocol (RIP) ■ Interface Routes ■ Statically-Configured Routes Border Gateway Protocol (BGP-4) When the router or switch runs BGP, it receives routing information from peer routers.
2-30 Release Note Open Shortest Path First (OSPF) When the router or switch runs OSPF, it receives routing information from neighbouring routers and advertises routing information to neighbouring routers. This routing information is contained in Link State Advertisements (LSAs). OSPF also generates LSAs internally. You can filter routing information at the processing points shown in the following figure. The figure also indicates the type of LSA at each processing point.
Filtering IP Routes Limitations of route filtering on OSPF 2-31 LSA Name LSA describes LSA is created Type-3 Summary-LSA inter-area destinations, when the destination is an IP network from the RIB, by Area Border Routers Type-4 Summary-LSA inter-area destinations, when the destination is an Autonomous System (AS) boundary router by OSPF, by Area Border Routers Type-5 AS-external-LSA a destination outside the AS from the RIB, by AS boundary routers Type-7 AS-external-LSA a destination outside t
2-32 Release Note Routing Information Protocol (RIP) When the router or switch runs RIP, it receives routing information from neighbouring routers, and can advertise RIP, statically-configured and interface routes to neighbouring routers. You can filter routing information at the processing points shown in the following figure.
Filtering IP Routes 2-33 Statically-Configured Routes You can manually enter routing information into the router or switch, which creates static routes. Dynamic routing protocols import these routes. For BGP and OSPF, you can filter static routes when the protocol imports them, as shown in the following figure.
2-34 Release Note Configuration Examples These examples apply filters to BGP routes in the following situations: ■ Filtering When Writing BGP Routes to the RIB: Using an AS Path Filter ■ Filtering When Writing BGP Routes to the RIB: Using a Route Map ■ Filtering Before Advertising Routes with BGP: Using an AS Path Filter ■ Filtering Before Advertising Routes with BGP: Using a Route Map ■ Filtering Inbound and Outbound BGP Routes: Using Communities ■ Filtering When Importing Routes from BGP to O
Filtering IP Routes 2-35 Filtering When Writing BGP Routes to the RIB: Using a Route Map This example extends the basic BGP configuration shown in Basic BGP Configuration in the BGP chapter of the Software Reference, which connects two routers or switches as EBGP peers and gives: ■ Router or Switch A an IP address of 10.0.0.2 and AS number of 65000 ■ Router or Switch B an IP address of 10.0.0.1 and AS number of 65001 This example uses the inroutemap filter on a BGP peer.
2-36 Release Note Filtering Before Advertising Routes with BGP: Using an AS Path Filter This example extends the basic BGP configuration shown in Basic BGP Configuration in the BGP chapter of the Software Reference, which connects two routers or switches as EBGP peers and gives: ■ Router or Switch A an IP address of 10.0.0.2 and AS number of 65000 ■ Router or Switch B an IP address of 10.0.0.1 and AS number of 65001 This example uses the outpathfilter filter on a BGP peer.
Filtering IP Routes 2-37 Filtering Before Advertising Routes with BGP: Using a Route Map This example extends the basic BGP configuration shown in Basic BGP Configuration in the BGP chapter of the Software Reference, which connects two routers or switches as EBGP peers and gives: ■ Router or Switch A an IP address of 10.0.0.2 and AS number of 65000 ■ Router or Switch B an IP address of 10.0.0.1 and AS number of 65001 This example uses the outroutemap filteron a BGP peer.
2-38 Release Note Filtering Inbound and Outbound BGP Routes: Using Communities This example extends the basic BGP configuration shown in Basic BGP Configuration in the BGP chapter of the Software Reference, which connects two routers or switches as EBGP peers and gives: ■ Router or Switch A an IP address of 10.0.0.2 and AS number of 65000 ■ Router or Switch B an IP address of 10.0.0.
Filtering IP Routes 2-39 This community list consists of those routes with the community attribute value set to 2:7. All other routes are excluded from the community list. 5. On Router or Switch B, use the community list in a route map. add ip routemap=mapin entry=1 match communitylist=1 add ip routemap=mapin entry=2 action=exclude 6. On Router or Switch B, apply the route map to updates from the peer (Router or Switch A). set bgp peer=10.0.0.
2-40 add ip aspathlist Release Note Command Reference This section describes the commands available on the router or switch to configure IP route filtering. The shortest valid command is denoted by capital letters in the Syntax section. See Conventions in About this Software Reference in the front of the Software Reference for details of the conventions used to describe command syntax. See Appendix A, Messages for a complete list of messages and their meanings.
Filtering IP Routes add ip aspathlist 2-41 Parameter (cont.) Description (cont.) INCLude An AS path regular expression, which specifies the AS path values that this entry includes in this AS path list. When you use the AS path list in a route map or filter, the map or filter carries out its specified action on update messages with a matching AS path attribute value. Regular expressions are a list of one or more AS numbers, separated by spaces.
2-42 add ip communitylist Release Note add ip communitylist Syntax ADD IP COMmunitylist=1..99 [ENTry=1..4294967295] INCLude={INTernet|NOExport|NOAdvertise| NOEXPORTSubconfed|aa:xx}[,...] ADD IP COMmunitylist=1..99 [ENTry=1..4294967295] EXCLude={INTernet|NOExport|NOAdvertise| NOEXPORTSubconfed|aa:xx}[,...] Description This command adds an entry to a community list, and creates the list if it does not already exist.
Filtering IP Routes add ip communitylist 2-43 Parameter (cont.) Description (cont.) EXCLude A community name, community number, or comma-separated list of names and numbers, which specifies the communities that this entry excludes from this community list. When you use the community list in a route map or filter, the map or filter does not carry out its specified action on update messages with a matching community attribute value.
2-44 add ip prefixlist Release Note add ip prefixlist Syntax Description ADD IP PREFIXList=name ENTry=1..65535 [ACTion={MATch|NOMatch}] [MASklength=range] [PREfix=ipadd] This command adds a numbered entry to a prefix list. If the prefix list does not already exist, this command first creates it. You can create up to 400 prefix lists, with up to 1000 entries in each list. Parameter Description PREFIXList A name to identify the prefix list. A string 1 to 15 characters long.
Filtering IP Routes add ip prefixlist 2-45 Parameter (cont.) Description (cont.) MASklength The range of prefix mask lengths matched by this entry in the prefix list. The range is either a single CIDR mask from 0 to 32, or two masks separated by a hyphen. These options are valid for setting the mask length: • as a mask length range (masklength=a-b). For a route to match against this entry, its prefix mask length must be between a and b inclusive. a must be less than b.
2-46 add ip route filter Release Note add ip route filter Syntax Description ADD IP ROUte FILter[=filter-id] IP=ipadd MASK=ipadd ACtion={INCLude|EXCLude|SWItch} [DIrection={RECeive|SENd|BOTH}] [INTerface=interface] [NEXThop=ipadd] [POLIcy=0..7] [PROTocol={ANY|OSPF|RIP}] This command creates a route filter. A route filter controls which routes RIP receives and advertises, and which external routes OSPF copies into its LSA database.
Filtering IP Routes add ip route filter 2-47 Parameter (cont.) Description (cont.) DIrection Whether the router or switch applies this filter to routes that the routing protocol receives or routes that it advertises. The routing protocol is specified using the protocol parameter. Default: both RECeive The router or switch applies this filter to routes that the routing protocol receives, to determine whether to write those routes into the RIB.
2-48 add ip route filter Release Note Parameter (cont.) Description (cont.) PROTocol The routing protocol to which the filter applies. If direction is receive, then protocol specifies the routing protocol that receives the route information. If direction is send, then protocol specifies the routing protocol that advertises the routes.
Filtering IP Routes add ip routemap add ip routemap Syntax for an empty entry ADD IP ROUTEMap=routemap ENTry=1..4294967295 [ACtion={INCLude|EXCLude}] Syntax for a match clause ADD IP ROUTEMap=routemap ENTry=1..4294967295 [ACtion={INCLude|EXCLude}] MAtch ASPath=1..99 ADD IP ROUTEMap=routemap ENTry=1..4294967295 [ACtion={INCLude|EXCLude}] MAtch COMmunity=1..99 [EXAct={NO|YES}] ADD IP ROUTEMap=routemap ENTry=1..
2-50 add ip routemap Release Note ADD IP ROUTEMap=routemap ENTry=1..4294967295 [ACtion=INCLude] SET MED={0..4294967295|REMOVE} ADD IP ROUTEMap=routemap ENTry=1..4294967295 [ACtion=INCLude] SET METric=0..4294967295 ADD IP ROUTEMap=routemap ENTry=1..4294967295 [ACtion=INCLude] SET ORIGin={IGP|EGP|INCOmplete} ADD IP ROUTEMap=routemap ENTry=1..4294967295 [ACtion=INCLude] SET TYpe={1|2} ADD IP ROUTEMap=routemap ENTry=1..4294967295 [ACtion={INCLude|EXCLude}] SET TAG=1..
Filtering IP Routes Parameters for both match and set clauses add ip routemap 2-51 Parameter Description ROUTEMap The name of the route map to add the entry or clause to. The routemap is a character string 0 to 15 characters long. Valid characters are uppercase and lowercase letters, digits (0-9), and the underscore character. Default: no default ENTry An integer to specify the position of the new entry in the route map.
2-52 add ip routemap Release Note Parameter (cont.) Description (cont.) EXAct Whether the community attribute in an update message must precisely match the route map’s community list. Only valid when you specify both match and community. Default: no INTerface YES An update message only matches the route map entry if its community attribute contains all the communities specified in the community list and only those communities.
Filtering IP Routes add ip routemap 2-53 Parameter (cont.) Description (cont.) PREFIXList The name of a prefix list. A route matches the route map entry if the prefix list contains that route. To create a list use the add ip prefixlist command on page 2-44. Valid when filtering routes from any source. Default: no default ROUTESource The name of a prefix list that lists one or more router IDs.
2-54 add ip routemap Parameters for set clauses Release Note Parameter Description SET Adds a set clause to the entry. For BGP, this modifies an attribute in update messages that match the entry. For OSPF, this modifies characteristics of routes that match the entry. A route map entry can have zero, one or more set clauses, but can only modify each attribute once. An entry without a set clause does not modify any attributes. ASPath A comma-separated list of 1 to 10 AS numbers.
Filtering IP Routes add ip routemap 2-55 Parameter (cont.) Description (cont.) BGPDampid The BGP route flap damping ID that is given to matching routes. This is the same as the ID number of the parameter set that maintains that route’s FoM upon it exhibiting instability. If the parameter set does not exist, the default parameter set is applied to matching routes.
2-56 delete ip aspathlist Examples Release Note To add a route map entry that sets the community attribute to 489816064 for all BGP routes, use the command: add ip routem=set_comm ent=10 set com=489816064 This command creates the route map, adds an entry to it, and adds a set clause to the entry. No match clause is required because we wish to match all routes. To use this route map for routes being sent to BGP peer 192.168.1.1, use the command: set bgp peer=192.168.1.
Filtering IP Routes delete ip prefixlist 2-57 delete ip communitylist Syntax Description DELete IP COMmunitylist=1..99 [ENTry=1..4294967295] This command deletes an entry from a community list or the entire list. You cannot delete a community list if a route map is using it. First use the match parameter of the delete ip routemap command on page 2-59 to delete the route map entry. Parameter Description COMmunitylist The ID number of the community list to delete, or to remove an entry from.
2-58 delete ip route filter Release Note delete ip route filter Syntax Description DELete IP ROUte FILter=1..100 This command deletes a route filter. A route filter controls which routes are sent and received by the routing protocols. The filter parameter specifies the index in the filter list of the filter to delete. The specified entry must exist.
Filtering IP Routes delete ip routemap 2-59 delete ip routemap Syntax DELete IP ROUTEMap=routemap DELete IP ROUTEMap=routemap ENTry=1..4294967295 DELete IP ROUTEMap=routemap ENTry=1..4294967295 MAtch={ASPath|COMmunity|INTerface|MED|METric|NEXThop| ORIGin|PREFIXList|ROUTESource|ROUTEType|TAG} DELete IP ROUTEMap=routemap ENTry=1..
2-60 set ip prefixlist Release Note set ip prefixlist Syntax Description SET IP PREFIXList=name ENTry=1..65535 [ACTion={MATch|NOMatch}] [MASklength=range] [PREfix=ipadd] This command modifies an existing entry in a prefix list. Parameter Description PREFIXList A name that identifies the prefix list. Default: no default ENTry An integer that specifies the position of the entry in the prefix list.
Filtering IP Routes Examples set ip prefixlist To modify entry 1 in prefix list sample1 so that it matches only routes from the 192.168.0.0/16 network, use the command: set ip prefixlist=sample1 entry=1 action=match prefix=192.168.0.0 masklength=16 Related Commands Software Version 2.7.
2-62 set ip route filter Release Note set ip route filter Syntax SET IP ROUte FILter=filter-id [IP=ipadd] [MASK=ipadd] [ACtion={INCLude|EXCLude|SWItch}] [DIrection={RECeive|SENd|BOTH}] [INTerface=interface] [NEXThop=ipadd] [POLIcy=0..7] [PROTocol={ANY|OSPF|RIP}] where: Description ■ filter-id is a number from 1 to 100. ■ ipadd is an IP address in dotted decimal notation.
Filtering IP Routes set ip route filter 2-63 Parameter (cont.) Description (cont.) DIrection Whether the router or switch applies this filter to routes that the routing protocol receives or routes that it advertises. The routing protocol is specified using the protocol parameter. Default: both RECeive The router or switch applies this filter to routes that the routing protocol receives, to determine whether to write those routes into the RIB.
2-64 set ip route filter Examples Release Note To modify route filter 1 to include only OSPF-derived routes, use the command: set ip rou fil=1 prot=ospf Related Commands add ip route filter delete ip route filter show ip route filter Software Version 2.7.
Filtering IP Routes set ip routemap set ip routemap Syntax to change the action Syntax to change a match clause SET IP ROUTEMap=routemap ENTry=1..4294967295 [ACtion={INCLude|EXCLude}] SET IP ROUTEMap=routemap ENTry=1..4294967295 [ACtion={INCLude|EXCLude}] MAtch ASPath=1..99 SET IP ROUTEMap=routemap ENTry=1..4294967295 [ACtion={INCLude|EXCLude}] MAtch COMmunity=1..99 [EXAct={NO|YES}] SET IP ROUTEMap=routemap ENTry=1..
2-66 set ip routemap Release Note SET IP ROUTEMap=routemap ENTry=1..4294967295 [ACtion=INCLude] SET LOCalpref=0..4294967295 SET IP ROUTEMap=routemap ENTry=1..4294967295 [ACtion=INCLude] SET MED={0..4294967295|REMOVE} SET IP ROUTEMap=routemap ENTry=1..4294967295 [ACtion=INCLude] SET METric=0..4294967295 SET IP ROUTEMap=routemap ENTry=1..4294967295 [ACtion=INCLude] SET ORIGin={IGP|EGP|INCOmplete} SET IP ROUTEMap=routemap ENTry=1..4294967295 [ACtion=INCLude] SET TYpe={1|2} SET IP ROUTEMap=routemap ENTry=1..
Filtering IP Routes Parameters for match clauses set ip routemap 2-67 Parameter Description MAtch Modifies the match clause in the entry. The match clause determines which routes or BGP update messages the entry applies to. A route map entry can have zero or one match clauses. An entry without a match clause matches all routes or updates. ASPath The ID number of an AS path list. An update message matches the route map entry if its AS path attribute matches the AS path list.
2-68 set ip routemap Release Note Parameter (cont.) Description (cont.) METric The OSPF metric or a range of metric values. A route matches the route map entry if its OSPF metric equals this value or is in this range. Valid when filtering OSPF routes. Default: no default NEXThop The IP address of the next node in the path to the route’s destination, specified in dotted decimal notation. For BGP, an update message matches the route map entry if its next_hop attribute matches this address.
Filtering IP Routes set ip routemap 2-69 Parameter (cont.) Description (cont.) ROUTEType The type of route, which indicates whether the route is within the OSPF area, to another area with the same AS, or to another AS. See Routing with OSPF in the OSPF chapter of the Software Reference for more information about these route types. Valid when filtering OSPF routes. Default: no default TAG INTRA A route matches the route map entry if it is an OSPF intra-area route.
2-70 set ip routemap Parameters for set clauses Release Note Parameter Description SET Modifies a set clause in the entry. For BGP, set clauses modify an attribute in update messages that match the entry. For OSPF, set clauses modify characteristics of routes that match the entry. A route map entry can have zero, one or more set clauses, but can only modify each attribute once. An entry without a set clause does not modify any attributes. ASPath A comma-separated list of 1 to 10 AS numbers.
Filtering IP Routes set ip routemap 2-71 Parameter (cont.) Description (cont.) BGPDampid The BGP route flap damping ID that is given to matching routes. This is the same as the ID number of the parameter set that maintains that route’s FoM upon it exhibiting instability. If the parameter set does not exist, the default parameter set is applied to matching routes.
2-72 set ip routemap Examples Release Note To change a route map entry number 10 so that it selects all routes with an OSPF metric in the range 5 to 15, use the command: set ip routem=metric_ent=10 ma met=5-15 To change the MED for an existing set MED clause in entry 10 of the route map called set_med, use the command: set ip routem=set_med ent=10 set med=234 Related Commands add ip routemap delete ip routemap show ip routemap Software Version 2.7.
Filtering IP Routes show ip aspathlist 2-73 show ip aspathlist Syntax Description SHow IP ASPATHlist[=1..99] This command displays information about a specific AS path list or all lists in the router or switch (Figure 2-2, Table 2-5). Figure 2-2: Example output from the show ip aspathlist command IP AS path lists List Entry Regular expression -----------------------------------------1 1 Include ^$ 2 Exclude .* -----------------------------------------34 1 Exclude ^123 2 Include 345 234.+123 3 Exclude .
2-74 show ip communitylist Release Note show ip communitylist Syntax Description SHow IP COMmunitylist[=1..99] [OLDcommunityformat] This command displays information about a specific community list or all lists in the router or switch (Figure 2-3, Table 2-6). The communitylist parameter specifies the community list to display. If a list is not specified, all are displayed. The oldcommunityformat parameter specifies that community numbers are displayed in the old format.
Filtering IP Routes show ip prefixlist 2-75 show ip prefixlist Syntax Description SHow IP PREFIXList[=name] This command displays information about prefix lists on the router or switch. If you specify a prefix list name, detailed information about that prefix list and its entries is displayed (Figure 2-5, Table 2-8). Otherwise, summary information about all existing prefix lists is displayed (Figure 2-4, Table 2-7).
2-76 show ip prefixlist Examples Release Note To see the entries in prefix list “office”, use the command: sh ip prefixl=office Related Commands add ip prefixlist add ip routemap delete ip prefixlist set ip routemap Software Version 2.7.
Filtering IP Routes show ip route filter 2-77 show ip route filter Syntax Description SHow IP ROUte FILter This command displays information about configured IP route filters (Figure 2-6, Table 2-9). Figure 2-6: Example output from the show ip route filter command IP Route Filters -------------------------------------------------------------------------------Ent.
2-78 show ip routemap Release Note show ip routemap Syntax SHow IP ROUTEMap[=routemap] [OLDcommunityformat] where routemap is a character string 0 to 15 characters long. Valid characters are uppercase and lowercase letters, digits (0-9), and the underscore character (“_”). Description This command displays information about all IP route maps or a specific one (Figure 2-7, Table 2-10). The routemap parameter specifies the name of the route map to display.
Filtering IP Routes show ip routemap 2-79 . Table 2-10: Parameters in the output of the show ip routemap command Examples Parameter Meaning Map name Name of the route map. Entry Entry number for the route map entry. Entry numbers can be any number, but all entries within a route map are sorted by entry number. Action Whether the action for this route map entry is include or exclude. Clauses The match and set clauses for this route map entry.
