Configuration Guide User guide
FastIron Configuration Guide 1357
53-1002494-02
Basic configuration tasks required for BGP4
• The <threshold> parameter specifies the percentage of the value you specified for the
maximum-prefix <num>, at which you want the software to generate a Syslog message. You
can specify a value from 1 (one percent) to 100 (100 percent). The default is 100.
• The teardown parameter tears down the neighbor session if the maximum-prefix limit is
exceeded. The session remains shutdown until you clear the prefixes using the clear ip bgp
neighbor all or clear ip bgp neighbor <ip-addr> command, or change the neighbor
maximum-prefix configuration. The software also generates a Syslog message.
next-hop-self specifies that the router should list itself as the next hop in updates sent to the
specified neighbor. This option is disabled by default.
The nlri multicast | unicast | multicast unicast parameter specifies whether the neighbor is a
multicast neighbor or a unicast neighbor. Optionally, you also can specify unicast if you want the
Layer 3 switch to exchange unicast (BGP4) routes as well as multicast routes with the neighbor. The
default is unicast only.
password [0 | 1] <string> specifies an MD5 password for securing sessions between the Layer 3
switch and the neighbor. You can enter a string up to 80 characters long. The string can contain any
alphanumeric characters, but the first character cannot be a number. If the password contains a
number, do not enter a space following the number.
The 0 | 1 parameter is the encryption option, which you can omit (the default) or which can be one
of the following:
• 0 – Disables encryption for the authentication string you specify with the command. The
password or string is shown as clear text in the output of commands that display neighbor or
peer group configuration information.
• 1 – Assumes that the authentication string you enter is the encrypted form, and decrypts the
value before using it.
For more information, refer to “Encryption of BGP4 MD5 authentication keys” on page 1359.
NOTE
If you want the software to assume that the value you enter is the clear-text form, and to encrypt
display of that form, do not enter 0 or 1. Instead, omit the encryption option and allow the software
to use the default behavior.
If you specify encryption option 1, the software assumes that you are entering the encrypted form
of the password or authentication string. In this case, the software decrypts the password or string
you enter before using the value for authentication. If you accidentally enter option 1 followed by the
clear-text version of the password or string, authentication will fail because the value used by the
software will not match the value you intended to use.
prefix-list <string> in | out specifies an IP prefix list. You can use IP prefix lists to control routes to
and from the neighbor. IP prefix lists are an alternative method to AS-path filters. The in | out
keyword specifies whether the list is applied on updates received from the neighbor or sent to the
neighbor. You can configure up to 1000 prefix list filters. The filters can use the same prefix list or
different prefix lists. To configure an IP prefix list, refer to “Defining IP prefix lists” on page 1401.
remote-as <as-number> specifies the AS the remote neighbor is in. The <as-number> can be a
number from 1 through 65535. There is no default.
remove-private-as configures the router to remove private AS numbers from UPDATE messages the
router sends to this neighbor. The router will remove AS numbers 64512 through 65535 (the
well-known BGP4 private AS numbers) from the AS-path attribute in UPDATE messages the Layer 3
switch sends to the neighbor. This option is disabled by default.