Table Of Contents
Cisco VPNSC: MPLS Solution Command Reference
show tag-switching forwarding vrf
Cisco VPNSC: MPLS Solution Command Reference
This appendix provides a command reference for the new or modified Cisco IOS commands used to configure MPLS VPNs. All other commands used with MPLS VPNs are documented in the Cisco IOS Release 12.0 Command Reference. The commands listed in this appendix are as follows:
In Cisco IOS Release 12.0(1)T or later, you can search and filter the output for show and more commands. This functionality is useful when you need to sort through large amounts of output, or if you want to exclude output that you do not need to see.
To use this functionality, enter a show or more command followed by the pipe character ( | ), one of the keywords begin, include, or exclude, and an expression that you want to search or filter on:
command
| {
begin|
include|
exclude}
regular-expressionBelow is an example of the show atm vc command in which the command output begins with the first line where the expression "PeakRate" appears:
show atm vc | begin PeakRate
For more information on the search and filter functionality, refer to the Cisco IOS Release 12.0(1)T feature module titled CLI String Search.
address-family
To enter the address family submode for configuring routing protocols, such as BGP, RIP, and static routing, use the address-family global configuration command.To disable the address family submode for configuring routing protocols, use the no form of this command.
VPN-IPv4 unicast
address-family vpnv4 [unicast]
no address-family vpnv4 [unicast]
IPv4 unicast
address-family ipv4 [unicast]
no address-family ipv4 [unicast]
IPv4 unicast with CE router
address-family ipv4 [unicast] vrf vrf_name
no address-family ipv4 [unicast] vrf vrf_name
Syntax Description
Examples
Routing information for address family IPv4 is advertised by default when you configure a BGP session using the neighbor...remote-as command, unless you execute the no bgp default ipv4-activate command.
Usage Guidelines
Using the address-family command puts you in address family configuration submode. Its prompt is:
(config-router-af)#
.Within this submode, you can configure address-family specific parameters for routing protocols, such as BGP, that can accommodate multiple Layer 3 address families.
To leave address family configuration submode and return to router configuration mode, enter exit-address-family, or simply exit.
Examples
The address-family command in the following example puts the router into address family configuration submode for the VPNv4 address family. Within the submode, you can configure advertisement of NLRI for the VPNv4 address family using neighbor activate and other related commands:
(config)#
router bgp 100(config-router)#
address-family vpnv4(config-router-af)#
The command in the following example puts the router into address family configuration submode for the IPv4 address family. Use this form of the command, which specifies a VRF, only to configure routing exchanges between PE and CE devices. This address-family command causes subsequent commands entered in the submode to be executed in the context of VRF vrf2. Within the submode, you can use neighbor activate and other related commands to accomplish the following:
•Configure advertisement of IPv4 NLRI between the PE and CE routers.
•Configure translation of the IPv4 NLRI (that is, translate IPv4 into VPNv4 for NLRI received from the CE, and translate VPNv4 into IPv4 for NLRI to be sent from the PE to the CE).
•Enter the routing parameters that apply to this VRF.
Enter the address family submode as follows:
(config)#
router bgp 100
(config-router)#
address-family ipv4 unicast vrf v2:blue
(config-router-af)#
Related Commands
Command Descriptionexit-address-family
Exits address family submode.
neighbor activate
Exchanges an address with a neighboring router.
clear ip route vrf
To remove routes from the VRF routing table, use the clear ip route vrf EXEC command.
clear ip route vrf
vrf_name
{
*|
network[
mask]}
Syntax Description
Usage Guidelines
Use this command to clear routes from the routing table. Use the asterisk ( * ) to delete all routes from the forwarding table for a specified VRF, or enter the address and mask of a particular network to delete the route to that network.
Examples
The following command removes the route to the network 10.13.0.0 in the v1 routing table:
Router#
clear ip route vrf v1:red 10.13.0.0Related Commands
exit-address-family
To exit from the address family submode, use the exit-address-family address family submode command.
exit-address-family
Usage Guidelines
This command has no arguments or keywords. It has no default behavior or values.
You can abbreviate this command to exit.
Examples
The following example shows how to exit the address-family command mode:
(config-router-af)#
exit-address-familyRelated Commands
Command Descriptionaddress-family
Enters the address family submode used to configure routing protocols.
import map
To configure an import route map for a VRF, use the import VRF submode command.
import map
route-map
Syntax Description
Defaults
There is no default. A VRF has no import route map unless one is configured using the import map command.
Usage Guidelines
Use an import route map when an application requires finer control over the routes imported into a VRF than provided by the import and export extended communities configured for the importing and exporting VRF.
The import-map command associates a route map with the specified VRF. You can filter routes that are eligible for import into a VRF, based on the route target extended community attributes of the route, through the use of a route map.
The route map might deny access to selected routes from a community that is on the import list.
Examples
The following example shows how to configure an import route map for a VRF:
(config)#
ip vrf v1:blue
(config-vrf)#
import map blue_import_mapRelated Commands
ip route vrf
To establish static routes for a VRF, use the ip route vrf global configuration command. To disable static routes, use the no form of this command.
ip route vrf vrf_name prefix mask [next-hop-address] [interface {interface-number}]
[global] [distance] [permanent] [tag tag]
no ip route vrf vrf_name prefix mask [next-hop-address] [interface {interface-number}]
[global] [distance] [permanent] [tag tag]
Syntax Description
Usage Guidelines
Use a static route when the Cisco IOS software cannot dynamically build a route to the destination.
If you specify an administrative distance when you set up a route, you are flagging a static route that can be overridden by dynamic information. For example, IGRP-derived routes have a default administrative distance of 100. To set a static route to be overridden by an IGRP dynamic route, specify an administrative distance greater than 100. Static routes each have a default administrative distance of 1.
Static routes that point to an interface are advertised through RIP, IGRP, and other dynamic routing protocols, regardless of whether the routes are redistributed into those routing protocols. That is, static routes configured by specifying an interface lose their static nature when installed into the routing table.
However, if you define a static route to an interface not defined in a network command, no dynamic routing protocols advertise the route unless a redistribute static command is specified for these protocols.
Examples
The following command reroutes packets addressed to network 209.165.201.0 in VRF v3:blue to the router at IP address 209.165.200.250:
(config)#
ip route vrf v3:bRelated Commands
ip vrf
To configure a VRF routing table, use the ip vrf global configuration command. To remove a VRF routing table, use the no form of this command.
ip vrf
vrf_name
no ip vrf
vrf_name
Syntax Description
Usage Guidelines
By default, no VRFs are defined. No import or export lists are associated with a VRF. No route maps are associated with a VRF.
The ip vrf vrf_name command creates a VRF routing table and a CEF (forwarding) table, both named vrf_name.
The default route distinguisher value route-distinguisher is also associated with these tables.
Examples
The following example imports a route map to a VRF:
(Router-config)#
ip vrf v2:green
(config-vrf)#
rd 100:2
route-target both 100:2
route-target import 100:1
Related Commands
ip vrf forwarding
To associate a VRF with an interface or subinterface, use the ip vrf forwarding interface configuration command. To disassociate a VRF, use the no form of this command.
Executing this command on an interface removes the IP address. The IP address should be reconfigured.
ip vrf forwarding
vrf_name
no ip vrf forwarding
vrf_name
Syntax Description
Defaults
The default for an interface is the global routing table.
Examples
The following example shows how to link a VRF to ATM interface 0/0:
(config)#
interface atm0/0
(config-if)#
ip vrf forwardRelated Commands
neighbor activate
To enable the exchange of information with a BGP neighboring router, use the neighbor activate router configuration command. To disable the exchange of an address with a neighboring router, use the no form of this command.
neighbor
{
ip-address | peer-group-name}
activateno neighbor
{
ip-address | peer-group-name}
activateSyntax Description
Defaults
The exchange of IP addresses with neighbors is enabled by default for the VPN IPv4 address family. You can disable IPv4 address exchange using the general command no default bgp ipv4 activate, or you can disable it for a particular neighbor using the no form of this command.
For all other address families, address exchange is disabled by default. You can explicitly activate the default command using the appropriate address family submode.
Examples
In the following example, a BGP router activates the exchange of a customer's IP address 10.15.0.15 to a neighboring router.
router bgp 100neighbor 10.15.0.15 remote-as 100
neighbor 10.15.0.15 update-source loopback0
address-family vpnv4 unicast
neighbor 10.15.0.15 activate
exit-address-family
Related Commands
Command Descriptionaddress-family
Enters the address family submode.
exit-address-family
Exits the address family submode.
rd
For a VRF to be functional, a route-distinguisher must be configured. To create routing and forwarding tables for a VRF, use the rd VRF submode command.
rd
route-distinguisher
Syntax Description
Defaults
There is no default.
Usage Guidelines
A route distinguisher (RD) creates routing and forwarding tables and specifies the default route-distinguisher for a VPN. The RD is added to the beginning of the customer's IPv4 prefixes to change them into globally unique VPN-IPv4 prefixes.
An RD is either ASN-relative, in which case it is composed of an autonomous system number and an arbitrary number, or it is IP-address-relative, in which case it is composed of an IP address and an arbitrary number.
You can enter an RD in either of these formats:
•16-bit AS number: your 32-bit number
For example, 101:3
•32-bit IP address: your 16-bit number
For example, 192.168.122.15:1
Examples
The following example configures a default RD for two VRFs. It illustrates the use of both AS-relative and IP address-relative RDs:
(config)#
ip vrf v1:blue(config-vrf)#
rd 100:3(config-vrf)#
exit(config)#
ip vrf v2:red(config-vrf)#
rd 173.13.0.12:200Related Commands
Command Descriptionip vrf
Enters VRF configuration mode.
show ip vrf
Displays information about a VRF.
route-target
To create a route-target extended community for a VRF, use the route-target VRF submode command. To disable the configuration of a route-target community option, use the no form of this command.
route-target
{
import|
export|
both}
route-target-ext-communityno route-target
{
import|
export|
both}
route-target-ext-communitySyntax Description
Defaults
There are no defaults. A VRF has no route-target extended community attributes associated with it until specified by the route-target command.
Usage Guidelines
The route-target command creates lists of import and export route target extended communities for the specified VRF.
Execute the command one time for each target community. Learned routes that carry a specific route target extended community are imported into all VRFs configured with that extended community as an import route target. Routes learned from a VRF site (for example, by BGP, RIP, or static route configuration) contain export route targets for extended communities configured for the VRF added as route attributes to control the VRFs into which the route is imported.
The route-target specifies a target VPN extended community. Like a route-distinguisher, an extended community is composed of either an autonomous system number and an arbitrary number, or an IP address and an arbitrary number.
You can enter the numbers in either of these formats:
•16-bit AS number: your 32-bit number
For example, 101:3
•32-bit IP address: your 16-bit number
For example, 192.168.122.15:1
Examples
The following example shows how to configure route-target extended community attributes for a VRF. The result of the command sequence is that VRF v1:blue has two export extended communities (1000:1 and 1000:2) and two import extended communities (1000:1 and 173.27.0.130:200).
(config)#
ip vrf v1:blue(config-vrf)#
route-target both 1000:1(config-vrf)#
route-target export 1000:2(config-vrf)#
route-target import 173.27.0.130:200Related Commands
Command Descriptionip vrf
Enters VRF configuration mode.
import
Configures an import route map for the VRF.
show ip bgp vpnv4
To display VPN address information from the BGP table, use the show ip bgp vpnv4 EXEC command.
show ip bgp vpnv4
{
all|
rdroute-distinguisher
|
vrfvrf_name
}
[ip-prefix/length [longer-prefixes] [output-modifiers]]
[network-address [mask] [longer-prefixes] [output-modifiers]] [cidr-only] [community]
[community-list] [dampened-paths] [filter-list] [flap-statistics] [inconsistent-as]
[neighbors] [paths [line]] [peer-group] [quote-regexp] [regexp] [summary] [tags]
Syntax Description
Usage Guidelines
Use this command to display VPNv4 information from the BGP database. The command show ip bgp vpnv4 all displays all available VPNv4 information. The command show ip bgp vpnv4 summary displays BGP neighbor status.
Examples
The following example shows output for all available VPNv4 information in a BGP routing table:
Router#
show ip bgp vpnv4 all
BGP table version is 18, local router ID is 14.14.14.14
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP,? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (v1:blue)
*> 11.0.0.0 50.0.0.1 0 0 101 i
*>i12.0.0.0 13.13.13.13 0 100 0 102 i
*> 50.0.0.0 50.0.0.1 0 0 101 i
*>i51.0.0.0 13.13.13.13 0 100 0 102 i
The following example shows how to display a table of labels for NLRIs that have a route-distinguisher value of 100:1.
Router#
show ip bgp vpnv4 rd 100:1 tags
Network Next Hop In tag/Out tag
Route Distinguisher: 100:1 (vrf1)
2.0.0.0 10.20.0.60 34/notag
10.0.0.0 10.20.0.60 35/notag
12.0.0.0 10.20.0.60 26/notag
10.20.0.60 26/notag
13.0.0.0 10.15.0.15 notag/26
The following example shows VPNv4 routing entries for the VRF called v1:red.
Router#
show ip bgp vpnv4 vrf v1:red
BGP table version is 18, local router ID is 14.14.14.14
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP,? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (vrf1)
*> 11.0.0.0 50.0.0.1 0 0 101 i
*>i12.0.0.0 13.13.13.13 0 100 0 102 i
*> 50.0.0.0 50.0.0.1 0 0 101 i
*>i51.0.0.0 13.13.13.13 0 100 0 102 i
Related Command
Related Commands
show ip cef vrf
To display the CEF forwarding table associated with a VRF, use the show ip cef vrf EXEC command.
show ip cef vrf
vrf_name
[
ip-prefix[
mask[
longer-prefixes]] [
detail] [
output-modifiers]]
[interface interface-number] [adjacency [interface interface-number] [detail] [discard]
[drop] [glean] [null] [punt] [output-modifiers]] [detail [output-modifiers]]
[non-recursive [detail] [output-modifiers]] [summary [output-modifiers]]
[traffic [prefix-length] [output-modifiers]] [unresolved [detail] [output-modifiers]]
Syntax Description
Usage Guidelines
Used with only the vrf_name argument, the show ip cef vrf command shows a shortened display of the CEF table. Used with the detail argument, the show ip cef vrf command shows detailed information for all CEF table entries.
Examples
This example shows the forwarding table associated with the VRF called v3:green.
Router#
show ip cef vrf v3:green
Prefix Next Hop Interface
0.0.0.0/32 receive
11.0.0.0/8 50.0.0.1 Ethernet1/3
12.0.0.0/8 52.0.0.2 POS6/0
50.0.0.0/8 attached Ethernet1/3
50.0.0.0/32 receive
50.0.0.1/32 50.0.0.1 Ethernet1/3
50.0.0.2/32 receive
50.255.255.255/32 receive
51.0.0.0/8 52.0.0.2 POS6/0
224.0.0.0/24 receive
255.255.255.255/32 receive
Table C-3 Show IP CEF VRF Field Descriptions
Field DescriptionPrefix
Specifies the network prefix.
Next Hop
Specifies the BGP next hop address.
Interface
Specifies the VRF interface.
Related Commands
Command Descriptionshow ip vrf
Displays the VRFs and their associated interfaces.
show ip route vrf
Displays the IP routing table associated with a VRF.
show ip protocols vrf
To display the routing protocol information associated with a VRF, use the show ip protocols vrf EXEC command.
show ip protocols vrf
vrf_name
Syntax Description
Examples
The following example shows information about a VRF called v2:red.
Router#
show ip protocols vrf v2:redRouting Protocol is "bgp 100"Sending updates every 60 seconds, next due in 0 secOutgoing update filter list for all interfaces isIncoming update filter list for all interfaces isIGP synchronization is disabledAutomatic route summarization is disabledRedistributing: connected, staticRouting for Networks:Routing Information Sources:Gateway Distance Last Update13.13.13.13 200 03:26:1518.18.18.18 200 03:26:54Distance: external 20 internal 200 local 200
Related Commands
show ip route vrf
To display the IP routing table associated with a VRF (VPN routing/forwarding instance), use the show ip route vrf EXEC command.
show ip route vrf
vrf_name
[
connected] [protocol [as-number] [tag] [output-modifiers]]
[list number [output-modifiers]] [profile] [static [output-modifiers]]
[summary [output-modifiers]] [supernets-only [output-modifiers]]
[traffic-engineering [output-modifiers]]
Syntax Description
Examples
This example shows the IP routing table associated with the VRF called v1:red.
Router#
show ip route vrf v1:redCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPU - per-user static route, o - ODRT - traffic engineered routeGateway of last resort is not setB 51.0.0.0/8 [200/0] via 13.13.13.13, 00:24:19C 50.0.0.0/8 is directly connected, Ethernet1/3B 11.0.0.0/8 [20/0] via 50.0.0.1, 02:10:22B 12.0.0.0/8 [200/0] via 13.13.13.13, 00:24:20This example shows BGP entries in the IP routing table associated with the VRF called v1:red.
Router#
show ip route vrf v1:red bgpB 51.0.0.0/8 [200/0] via 13.13.13.13, 03:44:14B 11.0.0.0/8 [20/0] via 51.0.0.1, 03:44:12B 12.0.0.0/8 [200/0] via 13.13.13.13, 03:43:14Related Commands
Command Descriptionshow ip vrf
Displays VRFs and their associated interfaces.
show ip cef vrf
Displays the CEF forwarding table associated with a VRF.
show ip vrf
To display the set of defined VRFs (VPN routing/forwarding instances) and associated interfaces, use the show ip vrf EXEC command.
show ip vrf
[{
brief|
detail|
interfaces}] [
vrf_name] [
output-modifiers]
Syntax Description
Usage Guidelines
Use this command to display information about VRFs. Two levels of detail are available: use the brief keyword or no keyword to display concise information, or use the detail keyword to display all information. To display information about all interfaces bound to a particular VRF, or to any VRF, use the interfaces keyword.
When no optional parameters are specified, the command shows concise information about all configured VRFs.
Examples
This example shows brief information for the VRFs currently configured:
Router#
show ip vrfName Default RD Interfacesvrf1:red 100:1 Ethernet1/3vrf2:blue 100:2 Ethernet0/3
Table C-5 Show IP vrf Field Descriptions
Field DescriptionName
Specifies the VRF name.
Default RD
Specifies the default route distinguisher.
Interfaces
Specifies the network interfaces.
This example shows detailed information for the VRF called v1:blue.
Router#show ip vrf detail v1:blue
VRF vrf1:blue; default RD 100:1Interfaces:Ethernet1/3Export VPN route-target communitiesRT:100:1Import VPN route-target communitiesRT:100:1No import route-map
This example shows the interfaces bound to a particular VRF:
router#
show ip vrf interfacesInterface IP-Address VRF ProtocolEthernet2 130.22.0.33 vrf3:blue upEthernet4 130.77.0.33 hub uprouter#
Related Commands
show tag-switching forwarding vrf
To display label forwarding entries associated with a particular VRF or IP prefix, use the show tag-switching forwarding vrf EXEC command. To disable the display of label forwarding information, use the no form of this command.
show tag-switching forwarding vrf
vrf_name
[
ip-prefix/length [mask]] [detail] [
output-modifiers]
no show tag-switching forwarding vrf
vrf_name
[
ip-prefix/length [mask]] [detail] [
output-modifiers]
Syntax Description
Examples
The following example shows label forwarding entries that correspond to the VRF called v2:green.
Router#
show tag-switching forwarding vrf v2:green detailRelated Commands
Command Descriptionshow tag-switching forwarding
Displays label forwarding information.
show ip cef vrf
Displays the CEF forwarding table associated with a VRF.
debug ip bgp
To display information related to processing BGPs, use the debug ip bgp EXEC command. To disable the display of BGP information, use the no form of this command.
debug ip bgp
[
A.B.C.D.|
dampening|
events|
in|
keepalives|
out|
updates|
vpnv4]
no debug ip bgp
[
A.B.C.D.|
dampening|
events|
in|
keepalives|
out|
updates|
vpnv4]
Syntax Description
Examples
The following example displays the output from this command:
Router#
debug ip bgp vpnv4
03:47:14:vpn:bgp_vpnv4_bnetinit:100:2:58.0.0.0/8
03:47:14:vpn:bnettable add:100:2:58.0.0.0 / 8
03:47:14:vpn:bestpath_hook route_tag_change for v2:58.0.0.0/255.0.0.0(ok)
03:47:14:vpn:bgp_vpnv4_bnetinit:100:2:57.0.0.0/8