Layer 3 Configuration

The Cisco Nexus 3550-T Programmable Switch Platform supports a number of unicast and multicast routing protocols, along with static Network Address Translation (NAT) and filtering of ingress packets using Access Control Lists (ACL).

Border Gateway Protocol

Nexus 3550-T supports using BGP to exchange routes between configured peer routers both within the same Autonomous System and across Autonomous Systems. The following sections contain information about BGP features supported by Nexus 3550-T.

Starting a BGP Instance

To start a BGP instance, use the following command:

admin@NX-3550-T# config router bgp <AS NUMBER>

where AS NUMBER is the local Autonomous System number. Once the BGP instance is started, this argument can be omitted for the purpose of entering the BGP configuration mode. Currently, only one BGP instance can be active at any given time.

To stop the BGP instance, use the following command:

admin@NX-3550-T# config no router bgp

Configuring BGP Peers

Routers become part of a BGP network by explicitly peering with other BGP routers. To add a BGP peer, use the following command:

admin@NX-3550-T# config router bgp neighbor <ADDRESS> remote-as <AS NUMBER>

where ADDRESS is the IPv4 address of the neighbour and AS NUMBER is the neighbour's Autonomous System number.

To remove a BGP peer, use the "no" form of that command:

admin@NX-3550-T# config router bgp no neighbor <ADDRESS>

To display information about a BGP peer, use the following command:

admin@NX-3550-T# show ip bgp neighbors <ADDRESS>

If ADDRESS is omitted, then information about all configured BGP peers is displayed.

Configuring External Peer Maximum Hops

By default, an eBGP neighbour is assumed to be directly connected. To change the maximum allowed hops to an eBGP neighbour, use the following command:

admin@NX-3550-T# config router bgp neighbor <ADDRESS> ebgp-multihop <HOP>

Configuring Next-Hop-Self

By default, it is assumed that an Interior Gateway Protocol is running within an Autonomoys System, and routes advertised between iBGP neighbours do not point the next hop address to the advertising router. To change that behaviour, use the following command:

admin@NX-3550-T# config router bgp neighbor <ADDRESS> next-hop-self

Configuring Shared Password

To configure a shared password used during peering, use the following command:

admin@NX-3550-T# config router bgp neighbor <ADDRESS> password <PASSWORD>

Configuring Update-Source

Loopback Interfaces are commonly used for iBGP peering. This is because iBGP usually requires that the peers form a full mesh. If a physical interface is used for iBGP peering and that physical interface goes down, network connectivity will be disrupted. With loopback interfaces, the iBGP router can remain reachable through other routes.

To make the source IP address of BGP packets sent to the neighbour agree with the neighbour's configured IP address (which will be the address of our loopback interface), it is necessary to use to following command:

admin@NX-3550-T# config router bgp neighbor <ADDRESS> update-source <INTERFACE>

where INTERFACE is the name of the loopback interface.

Filtering Route Updates

Nexus 3550-T supports using both Route Maps and Prefix Lists to filter and modify prefixes advertised to and received from a BGP neighbour. To configure prefix list or route map filtering:

admin@NX-3550-T# config router bgp address-family ipv4 unicast neighbor <ADDRESS> <prefix-list|route-map> <NAME> <in|out>

where in applies the named prefix list or route map identified by NAME to route updates received from the peer, and out to route updates advertised to the peer.

To disable filtering, use the following command:

admin@NX-3550-T# config router bgp address-family ipv4 unicast no neighbor <ADDRESS> <prefix-list|route-map> <NAME> <in|out>

Resetting BGP Sessions

Resetting the affected BGP session is required after changing route filtering policies for a peer for the new policies to take effect. Nexus 3550-T supports both hard and soft reset. Hard reset closes the TCP connection to the BGP peer and re-establishes the connection, deleting all routes learnt from that peer. Soft reset, when enabled for a peer (see the next section), runs the new filtering policy through all recorded route updates.

To perform a BGP reset, use the following command:

admin@NX-3550-T# clear ip bgp <PEER|AS NUMBER|*> [soft <in|out>]

This command allows the user to reset BGP sessions with a given peer, for all peers with a given remote AS number, or all peers in the system.

Configuring Soft Reconfiguration

By default, if filtering policies are changed for an established BGP session, the new policies do not take effect until the peering session is reset. Nexus 3550-T supports inbound soft reconfiguration. When active in a peering session, Nexus 3550-T will store route updates from that neighbour in memory and update the BGP instance's routing table when filtering policies change. This removes the need to perform hard resets at the expense of memory usage. To enable inbound soft reconfiguration for a peer, use the following command:

admin@NX-3550-T# config router bgp neighbor <ADDRESS> soft-reconfiguration inbound

Announcing Reachable Networks

To add a network into the BGP routing table, use the following command:

admin@NX-3550-T# config router bgp address-family ipv4 unicast network <NETWORK>

where NETWORK is an IPv4 network specified using CIDR notation. Once the prefix is added to the BGP routing table, it

To remove a network from the BGP routing table, use the "no" form of the above command:

admin@NX-3550-T# config router bgp address-family ipv4 unicast no network <NETWORK>

Route maps can be used to modified attributes of statically-added BGP prefixes:

admin@NX-3550-T# config router bgp address-family ipv4 unicast network <NETWORK> route-map <RM NAME>

See the section on Route Maps for details.

Displaying the BGP Routing Table

To display the BGP routing table, use the following command:

admin@NX-3550-T# show ip bgp [NETWORK]

where NETWORK is an IPv4 network specified in CIDR notation. If this argument is given, then only those BGP prefixes through which the network is reachable are returned. Otherwise, the entire BGP routing table is displayed.

Configuring Redistribution into BGP

Routes from other routing protocols and sources can be redistributed into the BGP routing table. These sources include:

Statically configured routes
Kernel routes configured using Linux tools
Directly connected networks
OSPF

To configure redistribution into the BGP routing table, use the following command:

admin@NX-3550-T# config router bgp address-family ipv4 unicast redistribute <SOURCE>

SOURCE can be one of static, kernel, connected or ospf.

To disable a redistribution source, use the following command:

admin@NX-3550-T# config router bgp address-family ipv4 unicast no redistribute <SOURCE>

Route Maps can be used to control route redistribution into the BGP routing table.

Displaying Miscellaneous BGP Information

Displaying BGP Summary

admin@NX-3550-T# show ip bgp summary
BGP router identifier 192.168.10.1, local AS number 123
BGP table version 0
RIB entries 0, peers 1
Neighbor      V     AS  MsgRcvd MsgSent TblVer  InQ  OutQ   Up/Down  State/PfxRcd
192.168.10.2  4     456  0       0       0       0    0     00:00:00 active
Total number of neighbors 1

Open Shortest Path First Protocol

OSPFv2 is an IETF link-state protocol for IPv4 networks. It is an interior gateway protocol that operates within a single autonomous system. Neighbors advertise link-state information that include information like link cost that can be used to build a routing table for the network.

The Nexus 3550-T CLI can be used to enable and configure OSPFv2 on the device.

Configure OSPFv2

OSPF is enabled by starting a service instance. Nexus 3550-T currently only supports one OSPF instance. Once an instance is started interfaces can be associated with it. The OSPF instance has global and interface specific parameters that can be configured.

Start OSPFv2 instance

To enable OSPFv2 start an instance using the following CLI command:

admin@NX-3550-T# config router ospf

To stop the OSPFv2 instance use the following command:

admin@NX-3550-T# config no router ospf

To configure OSPF instance settings enter the OSPF router mode and configure the parameters as required. To set the specific parameters back to their default use the no <parameter> form.

admin@NX-3550-T# config router ospf
admin@NX-3550-T(config-router)#

Set the reference bandwidth used to calculate link cost with the following command (for example 40Gb):

admin@NX-3550-T(config-router)# auto-cost reference-bandwidth 40000

Set the OSPFv2 administrative distance. The allowed value is a decimal in the range 1-255. For example:

admin@NX-3550-T(config-router)# distance 120

Set all interfaces to be in passive mode by default. This will not affect interfaces already configured for OSPF.

admin@NX-3550-T(config-router)# passive-interface default

Set the routes that can be redistributed via OSPF. Options allowed are as follows:

Statically configured routes
Kernel routes not installed by the management software
Directly connected networks
BGP

To enable redistribution of BGP routes via OSPF use the following command:

admin@NX-3550-T(config-router)# redistribute bgp

Show the running OSPF instance details with the following CLI command:

admin@NX-3550-T# show ip ospf
 OSPF Routing Process with ID: 192.168.200.1
 Supports only single TOS(TOS0) routes
 Does not support opaque LSA
 Administrative distance 110
 Reference Bandwidth is 100000 Mbps
 Minimum LSA interval 5000 msec
 Minimum LSA arrival 1000 msec
 Number of external LSAs 0, checksum sum 0x0
 Number of opaque AS LSAs 0, checksum sum 0x0
 Number of areas is 0

Configure Networks

A network is configured by associating the interface that is connected to that network. All networks can be added to the default backbone area or new areas can be created. An area is identified by a number that is either a decimal number in the range 0-4294967295 or a valid IPv4 address. The backbone area is defined as Area 0 (0.0.0.0).

To associate a network interface with an OSPFv2 backbone area, use the following CLI commands:

admin@NX-3550-T# config int eth1 ip ospf area 0

Nexus 3550-T supports simple clear-text password authentication. To enable authentication and set the password use the following commands:

admin@NX-3550-T# config int eth1 ip ospf authentication
admin@NX-3550-T# config int eth1 ip ospf authentication-key secret

To change the routing cost of an interface to a decimal value between 1-65535, use:

admin@NX-3550-T# config int eth1 ip ospf cost 80

It is possible to change the network type that an interface is connected to. The default type is set to 'Broadcast'. Supported network types are:

Broadcast multi-access network
Non-broadcast multi-access network
Point-to-multipoint network
Point-to-point network

The following command can be used to set an interface to the 'point-to-point' network type:

admin@NX-3550-T# config int eth1 ip ospf network point-to-point

To set an interface to passive mode and suppress routing updates for that interface use:

admin@NX-3550-T# config int eth1 ip ospf passive-interface

The router priority can be set for an interface. Setting the priority to 0 means the router will never become the Designated Router. To set the router priority use:

admin@NX-3550-T# config int eth1 ip ospf priority 0

To show a summary of OSPF enabled interfaces, use the following command:

admin@NX-3550-T# show ip ospf interface brief
 Total number of interfaces: 1
  Interface        Area             Cost    State     Neighbors  Status
  ethernet1        0.0.0.0          10      Backup    1          up

To show the interface details use the following CLI command:

admin@NX-3550-T# show ip ospf interface
 ethernet1 is up
   IP address 192.168.4.2/24
   Router ID 192.168.200.1, Area 0.0.0.0
   State Backup, Network type BROADCAST, Cost 10
   Transmit delay 1 sec, Priority 1
   Backup Designated Router ID 192.168.200.1, Address 192.168.4.2
   Neighbor count 1, adjacent with 1
   Timer intervals: Hello 10s, Dead 40s, Wait 40s, Retransmit 5s
     Hello due in 00:00:05

Display OSPFv2 Specific Information

When an OSPFv2 instance is enabled and interfaces have been associated neighbor and route information can be displayed.

Display OSPFv2 neighbor information

admin@NX-3550-T# show ip ospf neigbors
 Total number of neigbors: 2
  Neighbor ID      Pri  State             Dead Time  Address          Interface
  192.168.4.1      1    Full/DR           00:00:32   192.168.3.2      ethernet2
  192.168.5.1      1    Full/DR           00:00:38   192.168.4.1      ethernet1

Display OSPFv2 route information

admin@NX-3550-T# show ip ospf route
 Total number of networks: 7
  Network          Type  Cost Area    Nexthop
  192.168.1.0/24   intra   20 0.0.0.0 192.168.4.1 on ethernet1
  192.168.101.0/24 type2   20         192.168.3.2 on ethernet2
                                      192.168.4.1 on ethernet1
  192.168.2.0/24   intra   20 0.0.0.0 192.168.3.2 on ethernet2
  192.168.3.0/24   intra   10 0.0.0.0 direct on ethernet2
  192.168.4.0/24   intra   10 0.0.0.0 direct on ethernet1
  192.168.6.0/24   inter   30 0.0.0.0 192.168.3.2 on ethernet2
                                      192.168.4.1 on ethernet1
  192.168.8.0/24   intra   10 4.3.2.1 direct on ethernet4

Configure Static Routing

With the Nexus 3550-T CLI, you can configure static routes. You have the following options:

Via some physical interface
Via a virtual interface
A blackhole route without any interface

To configure routes, use the following commands.

Routes via Physical Interfaces

admin@NX-3550-T# config ip  route 200.200.200.0/24 200.200.200.1 et48

Routes via Virtual Interfaces

admin@NX-3550-T# config ip  route 200.200.210.0/24 200.200.210.1 vlan10

Blackhole Routes

admin@NX-3550-T# config ip route 200.200.220.0/24 null 255

You can also specify the admin distance for a particular route while configuring the routes as a last parameter of that command. The supported range of admin distance is 0 to 255, where the lower value has higher priority over the higher values. To view the configured routes by use the show running config command.

Note

If you configure two routes for the same network with same admin distance, then the behavior is undefined. If the admin distances are different, then the reachable route with lower admin distance is pushed to FIB.

IGMP and Multicast Support

Nexus 3550-T includes support for IGMP snooping to optimize delivery of IPv4 multicast traffic. Nexus 3550-T learns about the multicast traffic on the basis of either static joins triggered from CLI or dynamically by snooping the IGMP reports coming from the hosts connected to it.

Enable IGMP

You can select the routed ports that need to participate in the multicast traffic processing. To enable IGMP on a particular port, use the following CLI command:

admin@NX-3550-T# config int et8 ip pim

Verify the IGMP Status

The Nexus 3550-T CLI enables you to verify the status of IGMP service on a particular port by using the following CLI command:

admin@NX-3550-T# show ip pim int et8
ethernet8
  IP address: 192.168.10.1
  PIM DR: 192.168.10.1, DR's priority: 1
  PIM neighbor count: 0

Dump IGMP Neighbor and Rendezvous Point

Apart from the generic PIM configurations, you can also dump the neighbor and rendezvous point by using the following CLI commands.

Dump IGMP Neighbor

To dump the IGMP neighbor, use the following CLI command:

admin@NX-3550-T# show ip pim neighbor et8
Neighbor      Interface       Uptime      Holdtime        DR Priority

Dump IGMP Rendezvous Point

To dump the IGMP rendezvous point, use the following CLI command:

admin@NX-3550-T# show ip pim rp
RP address        Group                OIF                Source
192.168.10.2      224.0.0.0/4          ethernet8          static

Note

Currently, the option to enable or disable the IGMP reports snooping via CLI is not supported.

Display the Snooped IGMP Groups

The Nexus 3550-T CLI enables you to see all the multicast groups that have been snooped on a specific port by using the following CLI command:

admin@NX-3550-T# show ip igmp snooping
Switchport      Group              VLAN
et2             224.0.0.0/4         10

Configure IGMP Version

The Nexus 3550-T CLI enables you to configure the version of IGMP protocol. You can configure the version to be either IGMPv2 or IGMPv3 by using the following CLI command:

admin@NX-3550-T# config int et8 ip igmp version 3

Display IGMP Version

The Nexus 3550-T CLI enables you to verify the version of IGMP service running on each configured port by using the following CLI command:

admin@NX-3550-T# show ip igmp interface
Interface      State       Address       V   Querier   Query Timer   Uptime
ethernet1       up          10.0.1.1     2   local     00:01:20      05:34:37
ethernet8       up          192.168.10.1 3   local     00:01:20      05:34:37
vlan10          up          10.0.0.1     3   local     00:01:48      05:34:08

To verify the version on a particular port, use the same CLI command appended with the interface name:

admin@NX-3550-T# show ip igmp interface et1
Interface      State       Address       V   Querier   Query Timer   Uptime
ethernet1       up          10.0.1.1     2   local     00:01:20      05:34:37

Static IGMP Join

The Nexus 3550-T CLI enables you to configure joining multicast groups by using static joins. Use the following command to configure Nexus 3550-T as a member of a specific multicast group. To configure static joins for specific multicast groups, use the following CLI command:

admin@NX-3550-T# config int et8 ip igmp join-group  224.0.2.10

Display IGMP Groups Subscription

To verify the specific multicast groups subscribed on specific ports, use the following CLI command:

admin@NX-3550-T# show ip igmp groups
Interface     Address      Group        Mode    Timer  Srcs  V  Uptime
ethernet8    192.168.10.1  224.0.2.10  EXCLUDE 00:04:19  1   3  00:00:04

To verify the specific multicast groups subscribed on specific ports which are locally joined by using the CLI, use the following CLI command:

admin@NX-3550-T# show ip igmp local-groups
Interface      Address      Source        Group         Uptime
ethernet8     192.168.10.1   *            224.0.2.10    00:05:37

Network Address Translation / Port Address Translation

Network Address Translation (NAT) / Port Address Translation (PAT) enables translation of local or private network IP addresses (and TCP/UDP ports) to global or public network IP addresses (and TCP/UDP ports). With the Nexus 3550-T you can configure a one-to-one mapping of the local IP address and port pair to the global IP Address and port pair. This configuration is also known as Static NAT.

Configuring NAT Rules

To add an address mapping, use the following command:

admin@NX-3550-T# config ip nat source static <LOCAL IP> <GLOBAL IP>

where LOCAL IP is the IP address as appears on the inside network, and GLOBAL IP is the IP address as appears on the outside network.

To add an address/port mapping, use the following command:

admin@NX-3550-T# config ip nat source static <tcp|udp> <LOCAL IP> <LOCAL PORT> <GLOBAL IP> <GLOBAL PORT>

Configuring NAT Ports

To let interfaces participate in NAT, place the inside NAT marker on inside-network-facing interfaces, and outside NAT marker on outside-network-facing interfaces:

admin@NX-3550-T# config int <INTERFACE> ip nat <inside|outside>

Packets that arrive on an outside NAT interface undergo destination address and port translation, while packets that arrive on an inside NAT interface undergo source address and port translation.

To disable NAT on an interface, use the "no" form of the above command:

admin@NX-3550-T# config int <INTERFACE> no ip nat <inside|outside>

Note

As of release 1.1.0, only L3 interfaces and L3 port channels can participate in NAT. Switchports and SVIs cannot perform NAT.

Access Control Lists

Nexus 3550-T supports ACL filtering of ingress packets on L3 interfaces and port channels. To apply packet filtering policies on an interface, first create a named access control list and then add the interface to that access group under the interface configuration mode.

Creating an Access Control List

To create a named ACL, use the following command to enter the ACL mode:

admin@NX-3550-T# config ip access-list <NAME>

Once inside the ACL mode, use the following command to create an ACL clause:

admin@NX-3550-T(config-acl)# [SEQ] <permit|deny> <PROT> <SRC NETWORK> [SRC PROT OPTIONS] <DST NETWORK> [DST PROT OPTIONS]

SEQ is an optional argument specifying where in the access control list to insert the new clause. If this argument is omitted for the first clause in a new ACL, that clause will have the sequence number 5. For a new clause in an existing ACL, the sequence number will be 5 after the sequence number of the last clause in the ACL.

When a packet is matched against an ACL, the clauses are evaluated in the order of their sequence numbers until a match is found, at which time the matching policy of the clause, which can either be "permit" or "deny", is returned as the evaluation result of the ACL. If no match is found, then the result is implicitly "deny".

PROT is the protocol that the clause will match. It can be a number from 0 to 255, or it can be one of "ip", "icmp", "tcp" or "udp". If a number is given, then that number is used to match verbatim the IPv4 protocol field of the packet. To match all IPv4 packets, use "ip".

SRC NETWORK and DST NETWORK match against the source and destination addresses of the IPv4 packet. The network can be specified in the following ways: CIDR notation, address plus bitmask, "any" for any host, and "host" for a single host, equivalent to a bitmask of 255.255.255.255 or an address length of 32 in CIDR notation.

SRC PROT OPTIONS and DST PROT OPTIONS are higher-level protocol options to match. As of release 1.1.0, the only options implemented are TCP and UDP ports. The port is specified using the operators "eq", "lt", and "gt", for "equal to", "less than" and "greater than", respectively. "lt" and "gt" can be used alone or combined to match against a range of ports, while "eq" can be used to match the exact TCP or UDP port.

Below is an example clause:

admin@NX-3550-T(config-acl)# 42 permit tcp any 192.168.0.0 255.255.0.0 eq 8080

which inserts a clause at sequence number 42 that permits TCP packets bound for 192.168.0.0/16 network with destination port 8080.

Note

As of release 1.1.0, to specify higher-level protocol options such as TCP and UDP port range, the protocol must be specified in text instead of number. If "6" is given as the protocol, the CLI will not recognise it as "tcp" or parse TCP protocol arguments.

Applying an Access Control List

To apply ACL filtering on an interface, use the following command:

admin@NX-3550-T# conf int <INTERFACE> ip access-group <NAME> in

where NAME is the name of the ACL to apply.

Currently only ACL filtering on the ingress direction is supported.

Note

As of release 1.1.0, ACL filtering is only supported on L3 interfaces and L3 port channels. Switchports and SVIs cannot use ACL.

Deleting Access Control Lists and Clauses

To delete an ACL clause, use either the no form of the ACL clause creation command:

admin@NX-3550-T(config-acl)# no <permit|deny> <PROT> <SRC NETWORK> [SRC PROT OPTIONS] <DST NETWORK> [DST PROT OPTIONS]

Alternatively, ACL clauses can also be deleted by sequence number:

admin@NX-3550-T(config-acl)# no <SEQ>

Examine the running configs to identify the sequence number of the clause to delete.

To delete an entire ACL, use the following command:

admin@NX-3550-T# conf no ip access-list <NAME>

Prefix Lists

A prefix list is an ordered list of network prefixes and matching policies. It is used for specifying network ranges for which to perform operations. When a network prefix, such as the destination network of a BGP route, is evaluated against a prefix list, each prefix list entry is compared with the network prefix in order until a match is found, at which point the matching policy ("permit" or "deny") is returned. "Permit" allows further processing of the network prefix, such as inserting into the BGP routing table.

Creating a Prefix List

To create a prefix list entry, use the following command:

admin@NX-3550-T# config ip prefix-list <NAME> [seq <SEQ>] <permit|deny> <NETWORK> [ge <LEN>|le <LEN>|eq <LEN>]

where NAME identifies the prefix list. SEQ is an optional argument that specifies where in the prefix list to insert the new entry. If omitted, 5 is chosen for the first entry in a new prefix list, and 5 after the sequence number of the last entry is used for additional entries in an existing prefix list.

NETWORK is an IPv4 prefix in CIDR notation. ge and le are lower and upper bounds for the address length of a matched prefix. If neither ge, le nor eq is provided, the address length of the match prefix must be exactly the same as that of NETWORK to produce a match. Otherwise, the significant bits in the matched prefix are checked against NETWORK and the address length is checked against the upper and lower bound.

For example, the following entry will only match a prefix that is exactly 192.168.0.0/16 and return deny:

admin@NX-3550-T# config ip prefix-list foo deny 192.168.0.0/16

while the following entry will permit a prefix included in 192.168.0.0/16 with an address length shorter than 24:

admin@NX-3550-T# config ip prefix-list foo deny 192.168.0.0/16 le 24

When the prefix 192.168.1.0/24 is evaluated against prefix list foo, the first entry will not match the prefix, since the length is 24 instead of 16, but the second entry will match the prefix, since 192.168.1.0/24 is a subset of 192.168.0.0/16 and the address length is exactly 24.

Deleting Prefix Lists and Entries

Similar to ACL, a prefix list entry can also be deleted either by policy:

admin@NX-3550-T# config no ip prefix-list <NAME> <permit|deny> <NETWORK> [ge <LEN>|le <LEN>|eq <LEN>]

or by sequence number:

admin@NX-3550-T# config no ip prefix-list <NAME> seq <SEQ>

To delete an entire prefix list, use the following command:

admin@NX-3550-T# config no ip prefix-list <NAME>

Route Maps

Route maps provides a mechanism to filter routes and set protocol-specific attributes based on certain match conditions. As of release 1.1.0, the only routing protocol that makes use of route maps is BGP.

A route map is a named list of entries. An entry has a sequence number, a matching policy, a number of match conditions, a number of set actions, and optionally a continue clause. When a route is evaluated against a route map, these entries are evaluated in the order of their sequence numbers until an entry is found where all match conditions are satisfied. If no matches are found, the route is implicitly denied. Depending on the matching policy and the presence of the continue clause, the following actions are taken when a match happens:

If the matching policy is deny, then the set actions and continue clauses are ignored. Execution stops and the route is denied.

If the matching policy is permit, then the set actions are carried out. By default, execution stops and the route is permitted, unless a continue clause is present, in which case execution continues at the specified clause. The behavior of the route map at this point is the same as described above except that if execution reaches the end of the route map without producing another match, permit is returned instead of the implicit deny.

Adding a Route Map Entry

To add a route map entry, use the following command:

admin@NX-3550-T# config route-map <NAME> <permit|deny> <SEQ>

This command will enter the CLI into the route map entry configuration mode, which allows the user to add match, set and continue actions to the entry.

admin@NX-3550-T(config-route-map)# ?
  continue  Continue on a different entry within this route map
  end       Exit configuration mode
  exit      Exit route-map configuration mode
  match     Match values from routing table
  no        Negate a command or set to defaults
  set       Set values in destination routing protocol

Match Conditions

As of release 1.1.0, the following match conditions are supported:

as-path: match the list of Autonomous Systems traversed to reach the destination network of a BGP prefix
interface: first-hop interface of a route
ip address: match the destination network of a route, specified using a prefix list
ip next-hop: match the next-hop address of a route, specified using a prefix list
metric: match the metric value of a route
origin: match the BGP origin code, which can be either igp, egp or incomplete, for routes learnt from iBGP peers, eBGP peers and other sources, respectively
source-protocol: match the routing protocol from which this route was redistributed
tag: match the route tag

To remove a match condition, use the "no" form of the command:

admin@NX-3550-T(config-route-map)# no match <ATTR>

Set Actions

As of release 1.1.0, the following set actions are supported:

as-path prepend: prepend either the last Autonomous System or a specified AS number in front of the AS path of a BGP route to influence route preference
community: set the community attribute of a BGP route. The additive option can be specified to add to the list of communities rather than overwrite it
distance: set the administrative distance of a route to influence route preference
ip next-hop: set the next hop of a route to either the advertising peer (BGP-specific) or a specified IPv4 address
local-preference: set the local preference attribute of a BGP route
metric: set the metric of a route. The metric can either be a number, or + or - followed by a number to add or subtract from the current metric.
origin: set the BGP origin code to igp, egp or incomplete
tag: set the route tag
weight: set the weight attribute of a BGP route

To remove a set action, use the "no" form of the command:

admin@NX-3550-T(config-route-map)# no set <ATTR>

Continue Clause

To add a continue clause, use the following command:

admin@NX-3550-T(config-route-map)# continue [SEQ]

When this continue clause is evaluated, execution will continue from the first entry with a sequence number greater or equal to SEQ. If SEQ is omitted, execution continues with the next entry after the current entry.

To remove the continue clause, use the "no" form of the command:

admin@NX-3550-T(config-route-map)# no continue

Configuring Loopback Interfaces

When using Nexus 3550-T as the Rendezvous Point in PIM Sparse Mode or in an iBGP network, it is often preferable to use a loopback interface instead of physical interfaces. To create a loopback interface, use the following command:

admin@NX-3550-T# config int loopback <NUMBER>

NUMBER identifies the loopback interface. For example, if NUMBER is 0, loopback0 should be used to refer to the loopback interface after creation.

Setting ip address and options for a loopback interface follows the same CLI syntax as for physical interfaces.

This page was last updated on Mar-23-2021.