To create a community list entry, use the
ip
community-list command. To remove the entry, use
the
no form of this command.
ip community-list standard list-name {deny | permit} {aa: nn | internet | local-AS | no-advertise | no-export}
no ip community-list standard list-name
ip community-list expanded list-name {deny | permit} regexp
no ip community-list expanded list-name
Syntax Description
standard
list-name
|
Configures a named standard community list.
|
permit
|
Permits access for a matching condition.
|
deny
|
Denies access for a matching condition.
|
aa :nn
|
(Optional) Autonomous system number and network number
entered in the 4-byte new community format. This value is configured with two
2-byte numbers separated by a colon. A number from 1 to 65535 can be entered
each 2-byte number. A single community can be entered or multiple communities
can be entered, each separated by a space.
You can pick more than one of these optional community
keywords.
|
internet
|
(Optional) Specifies the Internet community. Routes with
this community are advertised to all peers (internal and external).
You can pick more than one of these optional community
keywords.
|
no-export
|
(Optional) Specifies the no-export community. Routes with
this community are advertised to only peers in the same autonomous system or to
only other subautonomous systems within a confederation. These routes are not
advertised to external peers.
You can pick more than one of these optional community
keywords.
|
local-AS
|
(Optional) Specifies the local-as community. Routes with
community are advertised to only peers that are part of the local autonomous
system or to only peers within a subautonomous system of a confederation. These
routes are not advertised external peers or to other subautonomous systems
within a confederation.
You can pick more than one of these optional community
keywords.
|
no-advertise
|
(Optional) Specifies the no-advertise community. Routes
with this community are not advertised to any peer (internal or external).
You can pick more than one of these optional community
keywords.
|
expanded
list-name
|
Configures a named expanded community list.
|
regexp
|
Regular expression that is used to specify a pattern to
match against an input string. See the Cisco Nexus 7000 Series NX-OS
Fundamentals Configuration Guide, Release 6.x at the following URL for details
on regular expressions:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/6_x/nx-os/fundamentals/configuration/guide/b_Cisco_Nexus_7000_Series_NX-OS_Fundamentals_Configuration_Guide_Release_6-x.html
Note
|
Regular expressions can be used with expanded community
lists only.
|
|
Command Default
Community exchange is not enabled by default.
Command Modes
Global configuration (config)
Command History
Release
|
Modification
|
4.0(1)
|
This command was introduced.
|
Usage Guidelines
The
ip
community-list command is used to configure BGP
community filtering. BGP community values are configured as a 4-byte number.
The first two bytes represent the autonomous system number, and the trailing
two bytes represent a user-defined network number. BGP community attribute
exchange between BGP peers is enabled when the send-community command is
configured for the specified neighbor. The BGP community attribute is defined
in RFC 1997 and RFC 1998.
BGP community exchange is not enabled by default. Use the
send-community command in BGP neighbor fix-family
configuration mode to enable BGP community attribute exchange between BGP
peers.
The Internet community is applied to all routes or prefixes by
default, until any other community value is configured with this command or the
set
community command.
Once you configure a permit value to match a given set of
communities, the community list defaults to an implicit deny for all other
community values. Use the
internet community to apply an implicit
permit to the community list.
Standard Community Lists
Standard community lists are used to configure well-known communities and specific community numbers. You can pick more than
one of the optional community keywords. A maximum of 32 communities can be configured in a standard community list. If you
attempt to configure, the trailing communities that exceed the limit are not processed or saved to the running configuration
file. The route-map can also match up to 32 community lists in one sequence.
Expanded Community Lists
Expanded community lists are used to filter communities using a
regular expression. Regular expressions are used to configure patterns to match
community attributes. The order for matching using the * or + character is
longest construct first. Nested constructs are matched from the outside in.
Concatenated constructs are matched beginning at the left side. If a regular
expression can match two different parts of an input string, it will match the
earliest part first.
Community List Processing
When multiple values are configured in the same community list
statement, a logical AND condition is created. All community values must match
to satisfy an AND condition. When multiple values are configured in separate
community list statements, a logical OR condition is created. The first list
that matches a condition is processed.
This command does not require a license.
Examples
This example shows how to configure a standard community list where
the routes with this community are advertised to all peers (internal and
external):
switch# configure terminal
switch(config)# ip community-list standard test1 permit internet
switch(config)#
In this example, a standard community list is configured that permits
routes from:
- Network 40 in autonomous system 65534 and from network 60 in
autonomous system 65412.
- Peers in the same autonomous system or from subautonomous system
peers in the same confederation.
This example shows how to configure a logical AND condition; all
community values must match in order for the list to be processed:
switch# configure terminal
switch(config)# ip community-list standard test1 permit 65534:40 65412:60 no-export
switch(config)#
This example shows how to configure a standard community list that
will deny routes that carry communities from network 40 in autonomous system
65534 and from network 60 in autonomous system 65412. This example shows a
logical AND condition; all community values must match in order for the list to
be processed.
switch# configure terminal
switch(config)# ip community-list standard test2 deny 65534:40 65412:60
This example shows how to configure a named standard community list
that permits all routes within the local autonomous system or permits routes
from network 20 in autonomous system 40000. This example shows a logical OR
condition; the first match is processed.
switch# configure terminal
switch(config)# ip community-list standard RED permit local-AS
switch(config)# ip community-list standard RED permit 40000:20
switch(config)#
In this example, an expanded community list is configured that will
deny routes that carry communities from any private autonomous system:
switch# configure terminal
switch(config)# ip community-list expanded 500 deny _64[6-9][0-9][0-9]_|_65[0-9][0-9][0-9]_
switch(config)#
In this example, a named expanded community list configured that
denies routes from network 1 through 99 in autonomous system 50000:
switch# configure terminal
switch(config)# ip community-list list expanded BLUE deny 50000:[0-9][0-9]_
switch(config)#