CP R75 AdvancedRoutingSuite CLI ReferenceGuide

7/31/2019 CP R75 AdvancedRoutingSuite CLI ReferenceGuide

1/494

15 December 2010

Reference Guide

Advanced Routing Suite

CLIR75


2/494

2010 Check Point Software Technologies Ltd.

All rights reserved. This product and related documentation are protected by copyright and distributed underlicensing restricting their use, copying, distribution, and decompilation. No part of this product or relateddocumentation may be reproduced in any form or by any means without prior written authorization of CheckPoint. While every precaution has been taken in the preparation of this book, Check Point assumes noresponsibility for errors or omissions. This publication and features described herein are subject to changewithout notice.

RESTRICTED RIGHTS LEGEND:Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph(c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR52.227-19.

TRADEMARKS:

Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks.

Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list ofrelevant copyrights and third-party licenses.
http://www.checkpoint.com/copyright.htmlhttp://www.checkpoint.com/copyright.htmlhttp://www.checkpoint.com/copyright.htmlhttp://www.checkpoint.com/3rd_party_copyright.htmlhttp://www.checkpoint.com/3rd_party_copyright.htmlhttp://www.checkpoint.com/3rd_party_copyright.htmlhttp://www.checkpoint.com/3rd_party_copyright.htmlhttp://www.checkpoint.com/copyright.html


3/494

Important InformationLatest Software

We recommend that you install the most recent software release to stay up-to-date with the latest functionalimprovements, stability fixes, security enhancements and protection against new and evolving attacks.

Latest Documentation

The latest version of this document is at:http://supportcontent.checkpoint.com/documentation_download?ID=11656

For additional technical information, visit the Check Point Support Center(http://supportcenter.checkpoint.com).

Revision History

Date Description

15 December 2010 First release of this document

Feedback

Check Point is engaged in a continuous effort to improve its documentation.

Please help us by sending your comments(mailto:[email protected]?subject=Feedback on Advanced Routing Suite CLI R75Reference Guide).
http://supportcontent.checkpoint.com/documentation_download?ID=11656http://supportcontent.checkpoint.com/documentation_download?ID=11656http://supportcenter.checkpoint.com/http://supportcenter.checkpoint.com/http://supportcenter.checkpoint.com/mailto:[email protected]?subject=Feedback%20on%20Advanced%20Routing%20Suite%20CLI%20R75%20Reference%20Guidemailto:[email protected]?subject=Feedback%20on%20Advanced%20Routing%20Suite%20CLI%20R75%20Reference%20Guidemailto:[email protected]?subject=Feedback%20on%20Advanced%20Routing%20Suite%20CLI%20R75%20Reference%20Guidemailto:[email protected]?subject=Feedback%20on%20Advanced%20Routing%20Suite%20CLI%20R75%20Reference%20Guidemailto:[email protected]?subject=Feedback%20on%20Advanced%20Routing%20Suite%20CLI%20R75%20Reference%20Guidemailto:[email protected]?subject=Feedback%20on%20Advanced%20Routing%20Suite%20CLI%20R75%20Reference%20Guidehttp://supportcenter.checkpoint.com/http://supportcontent.checkpoint.com/documentation_download?ID=11656


4/494

Contents

Important Information .............................................................................................. 3The Advanced Routing Suite ................................................................................. 14

Overview of the Advanced Routing Suite CLI ...................................................... 14About this Guide ................................................................................................... 14How CLI Commands are Documented in this Guide ............................................ 14

Overview .......................................................................................................... 15Name ............................................................................................................... 15Syntax.............................................................................................................. 15Mode................................................................................................................ 15Parameters ...................................................................................................... 16Description ....................................................................................................... 16Default ............................................................................................................. 16Command History ............................................................................................ 16Examples ......................................................................................................... 16See Also .......................................................................................................... 16

Using the Advanced Routing Suite CLI ................................................................ 17Starting the Advanced Routing Suite CLI ............................................................. 17

The -p option ................................................................................................... 17The -f option .................................................................................................... 18The -e option ................................................................................................... 18The -a option ................................................................................................... 18The -s option .................................................................................................... 18

Basic Features ..................................................................................................... 19Command Tokens ........................................................................................... 19Command Line Completion ............................................................................. 19

Moving About the Command Line ................................................................... 20Context-Sensitive Help .................................................................................... 20History ............................................................................................................. 21Disabling/Enabling CLI Tracing ....................................................................... 21Aborting an Executing Command .................................................................... 21Screen Paging ................................................................................................. 21Exiting the CLI ................................................................................................. 21

CLI Modes ............................................................................................................ 21User Execution M ode ..................................................................................... 21Privileged Execution M ode ............................................................................. 22Global Configuration M ode ............................................................................. 22Router Configuration Mode ............................................................................. 22Interface Configuration M ode ......................................................................... 22

CLI Behavior Commands ..................................................................................... 23configure file .................................................................................................... 23configure terminal ............................................................................................ 23disable ............................................................................................................. 24enable .............................................................................................................. 24end ................................................................................................................... 25exit ................................................................................................................... 25ip router-id ....................................................................................................... 25ip routingtable-id .............................................................................................. 26logout ............................................................................................................... 26quit ................................................................................................................... 27show debugging .............................................................................................. 27show history ..................................................................................................... 28show running-config ........................................................................................ 29


5/494

show version .................................................................................................... 30terminal history ................................................................................................ 30terminal history size ......................................................................................... 31terminal length ................................................................................................. 31write memory ................................................................................................... 32

Querying the Advanced Routing Suite CLI........................................................... 32Memory Information ......................................................................................... 32Task Information .............................................................................................. 37

General Concepts ................................................................................................ 39Address and Prefix Formats ............................................................................ 39Preferences Overview ..................................................................................... 39Assigning Preferences ..................................................................................... 40

Interfaces ................................................................................................................. 42Interfaces Overview ............................................................................................. 42autonomous-system ............................................................................................. 42disable .................................................................................................................. 43preference ............................................................................................................ 44primary-alias ......................................................................................................... 44unnumbered ......................................................................................................... 45

Kernel Interface ....................................................................................................... 47Kernel Interface Overview .................................................................................... 47kernel background limit ........................................................................................ 47kernel background priority .................................................................................... 48kernel flash limit ................................................................................................... 49kernel flash type ................................................................................................... 50kernel no-change ................................................................................................. 51kernel no-flush-at-exit ........................................................................................... 51kernel no-install .................................................................................................... 52kernel remnant-holdtime ...................................................................................... 53kernel routes ........................................................................................................ 54kernel trace file ..................................................................................................... 55kernel trace flag .................................................................................................... 56

show kernel .......................................................................................................... 57

Martian Addresses .................................................................................................. 60Martian Addresses Overview ............................................................................... 60martian ................................................................................................................. 60

Multicast .................................................................................................................. 63Multicast Overview ............................................................................................... 63clear ip mroute ..................................................................................................... 63ip multicast boundary ........................................................................................... 64ip multicast ttl-threshold ....................................................................................... 64show ip mroute ..................................................................................................... 65show ip multicast boundary .................................................................................. 66show ip multicast ttl-threshold .............................................................................. 67Trace Options .......................................................................................................... 68Trace Options Overview ....................................................................................... 68trace file ................................................................................................................ 68trace flag .............................................................................................................. 69

Border Gateway Protocol (BGP) ........................................................................... 71Border Gateway Protocol (BGP) Overview .......................................................... 73address-family ...................................................................................................... 77bgp always-compare-med .................................................................................... 78bgp as-path-loops ................................................................................................ 78bgp bestpath as-path ignore ................................................................................ 79bgp bestpath compare-cluster-list-length ............................................................. 80bgp bestpath compare-originator-id ..................................................................... 81bgp bestpath compare-router-id ........................................................................... 82bgp bestpath med confed ..................................................................................... 82bgp bestpath med missing-as-worst..................................................................... 83


6/494

bgp cluster-id ........................................................................................................ 84bgp confederation identifier .................................................................................. 85bgp confederation peers ...................................................................................... 86bgp non-leading-confeds ...................................................................................... 86bgp open-on-accept ............................................................................................. 88bgp pass-optional-nontrans .................................................................................. 88bgp restart-defer ................................................................................................... 89bgp restart-delete-remnants ................................................................................. 90bgp restart-time .................................................................................................... 91bgp restart-timeout ............................................................................................... 91bgp router-id ......................................................................................................... 92bgp send-group-always ........................................................................................ 93bgp tie-break-on-age ............................................................................................ 94clear ip bgp ........................................................................................................... 94default-metric ....................................................................................................... 95distance ................................................................................................................ 96distribute-list ......................................................................................................... 97enable .................................................................................................................. 98maximum-routes .................................................................................................. 99neighbor add-communities ................................................................................. 100neighbor aggregator-id ....................................................................................... 101neighbor allow .................................................................................................... 102neighbor as-loop ................................................................................................ 103neighbor as-override .......................................................................................... 104neighbor aspath-prepend ................................................................................... 105neighbor capability orf comm-filter ..................................................................... 106neighbor capability orf extcomm-filter................................................................. 106neighbor capability orf prefix-filter ...................................................................... 107neighbor cluster-id .............................................................................................. 108neighbor distance ............................................................................................... 109neighbor dynamic ............................................................................................... 110neighbor enable ................................................................................................. 111

neighbor end-of-rib ............................................................................................. 112neighbor export-localpref ................................................................................... 112neighbor graceful-restart .................................................................................... 113neighbor ignore-leading-as ................................................................................ 114neighbor import-localpref ................................................................................... 115neighbor keep .................................................................................................... 116neighbor keepalives-always ............................................................................... 117neighbor local-as ................................................................................................ 118neighbor log-up-down ........................................................................................ 119neighbor maximum-routes ................................................................................. 120neighbor metric-out ............................................................................................ 122neighbor multi-protocol-nexthop ......................................................................... 123neighbor next-hop-self ....................................................................................... 124neighbor orf comm-list ........................................................................................ 125neighbor orf extcomm-list ................................................................................... 125neighbor orf prefix-list ......................................................................................... 126neighbor out-delay ............................................................................................. 127neighbor passive ................................................................................................ 128neighbor password ............................................................................................. 129neighbor pedantic ............................................................................................... 130neighbor peer-group ........................................................................................... 131neighbor preference2 ......................................................................................... 132neighbor receive-buffer ...................................................................................... 133neighbor remote-as ............................................................................................ 134neighbor remove-private-as ............................................................................... 135neighbor route-map ............................................................................................ 136neighbor route-reflector-client ............................................................................ 136


7/494

neighbor route-to-peer ....................................................................................... 137neighbor send-buffer .......................................................................................... 138neighbor send-community .................................................................................. 139neighbor soft-reconfiguration inbound ................................................................ 140neighbor timers .................................................................................................. 141neighbor ttl ......................................................................................................... 142neighbor update-source ..................................................................................... 143neighbor use-med .............................................................................................. 144neighbor v4-gateway .......................................................................................... 145neighbor version ................................................................................................. 146network ............................................................................................................... 146preference2 ........................................................................................................ 147redistribute ......................................................................................................... 148router bgp ........................................................................................................... 150show ip bgp ........................................................................................................ 151show ip bgp instance .......................................................................................... 152show ip bgp neighbors ....................................................................................... 152show ip bgp orf ................................................................................................... 154show ip bgp paths .............................................................................................. 155show ip bgp peer-group ..................................................................................... 155show ip bgp summary ........................................................................................ 156timers bgp .......................................................................................................... 157trace file .............................................................................................................. 158trace flag ............................................................................................................ 159

Internet Control Message Protocol (ICMP) ......................................................... 162Internet Control Message Protocol (ICMP) Overview ........................................ 162router icmp ......................................................................................................... 162trace file .............................................................................................................. 163trace flag ............................................................................................................ 164

Fast Open Shortest Path First (OSPF) ................................................................ 166Fast Open Shortest Path First (OSPF) Overview ............................................... 168router ospf .......................................................................................................... 172

advertise-subnet ................................................................................................. 173authentication ..................................................................................................... 174compatible rfc1583 ............................................................................................. 176dead-interval ...................................................................................................... 176distance .............................................................................................................. 177enable ................................................................................................................ 178enable-te ............................................................................................................ 179hello-interval ....................................................................................................... 180igp-shortcut ........................................................................................................ 181inherit-metric ...................................................................................................... 182monitor-auth-key ................................................................................................ 182multicast-rib ........................................................................................................ 183network area ...................................................................................................... 184nssa-inherit-metric .............................................................................................. 185nssa-stability-interval .......................................................................................... 186poll-interval ......................................................................................................... 186priority ................................................................................................................ 187redistribute ......................................................................................................... 188redistribute-nssa ................................................................................................. 190require-vbit ......................................................................................................... 191restart-allow-changes ......................................................................................... 192restart-enable ..................................................................................................... 193restart-max-sync-time......................................................................................... 194restart-type ......................................................................................................... 195retransmit-interval .............................................................................................. 195router-id .............................................................................................................. 196timers spf ............................................................................................................ 197


8/494

trace file .............................................................................................................. 198trace flag ............................................................................................................ 199transmit-delay ..................................................................................................... 200area advertise-subnet ........................................................................................ 201area authentication ............................................................................................. 202area dead-interval .............................................................................................. 204area filter ............................................................................................................ 205area hello-interval ............................................................................................... 206area nssa ........................................................................................................... 207area nssa-range ................................................................................................. 208area nssa-translate-always ................................................................................ 209area poll-interval ................................................................................................. 210area priority ........................................................................................................ 211area range .......................................................................................................... 212area retransmit-interval ...................................................................................... 213area stub ............................................................................................................ 214area stubhost ..................................................................................................... 215area stubnetwork ................................................................................................ 216area transmit-delay ............................................................................................ 217area virtual-link ................................................................................................... 218default-metric ..................................................................................................... 219default-nssa-metric ............................................................................................. 220default-nssa-type ................................................................................................ 221default-preference .............................................................................................. 221default-tag .......................................................................................................... 222default-type ........................................................................................................ 223advertise-subnet ................................................................................................. 224allow-all .............................................................................................................. 225authentication ..................................................................................................... 225cost ..................................................................................................................... 227dead-interval ...................................................................................................... 228enable ................................................................................................................ 229

hello-interval ....................................................................................................... 230neighbor ............................................................................................................. 231network ............................................................................................................... 232no-multicast ........................................................................................................ 233passive-interface ................................................................................................ 234poll-interval ......................................................................................................... 235priority ................................................................................................................ 236retransmit-interval .............................................................................................. 237traffic-eng administrative-weight......................................................................... 238traffic-eng attribute-flags .................................................................................... 239traffic-eng bandwidth .......................................................................................... 240transmit-delay ..................................................................................................... 241ip ospf advertise-subnet ..................................................................................... 242ip ospf allow-all ................................................................................................... 243ip ospf area ........................................................................................................ 243ip ospf authentication ......................................................................................... 244ip ospf cost ......................................................................................................... 246ip ospf dead-interval ........................................................................................... 247ip ospf enable ..................................................................................................... 248ip ospf hello-interval ........................................................................................... 249ip ospf neighbor .................................................................................................. 250ip ospf network ................................................................................................... 250ip ospf no-multicast ............................................................................................ 251ip ospf passive-interface .................................................................................... 252ip ospf poll-interval ............................................................................................. 253ip ospf priority ..................................................................................................... 254ip ospf retransmit-interval ................................................................................... 255


9/494

ip ospf traffic-eng administrative-weight ............................................................. 256ip ospf traffic-eng attribute-flags ......................................................................... 257ip ospf traffic-eng bandwidth .............................................................................. 258ip ospf transmit-delay ......................................................................................... 258show ip ospf ....................................................................................................... 259show ip ospf border-routers ............................................................................... 260show ip ospf database ....................................................................................... 261show ip ospf interface ........................................................................................ 262show ip ospf neighbor ........................................................................................ 262show ip ospf request-list ..................................................................................... 263show ip ospf retransmission-list ......................................................................... 264show ip ospf summary-address.......................................................................... 265show ip ospf virtual-links .................................................................................... 265

Redirect Processing ............................................................................................. 267Redirect Processing Overview ........................................................................... 267ip redirect ........................................................................................................... 267router redirect ..................................................................................................... 268trace file .............................................................................................................. 268trace flag ............................................................................................................ 269

Router Discovery .................................................................................................. 271Router Discovery Overview ................................................................................ 271ip router-discovery address-policy...................................................................... 272ip router-discovery enable .................................................................................. 273ip router-discovery trace file ............................................................................... 273ip router-discovery trace flag .............................................................................. 274router-discovery lifetime ..................................................................................... 275router-discovery maximum-interval .................................................................... 276router-discovery minimum-interval ..................................................................... 277

Routing Information Protocol (RIP) .................................................................... 279Routing Information Protocol (RIP) Overview .................................................... 279router rip ............................................................................................................. 282default-metric ..................................................................................................... 282

distribute-list ....................................................................................................... 283ecmp .................................................................................................................. 286enable ................................................................................................................ 286flash-update-time ............................................................................................... 287ignore-host-routes .............................................................................................. 288ignore-must-be-zero ........................................................................................... 289network ............................................................................................................... 289preference .......................................................................................................... 290query-authentication ........................................................................................... 291redistribute ......................................................................................................... 292send-updates ..................................................................................................... 294source-gateways ................................................................................................ 296split-horizon ........................................................................................................ 297

Example 3 ...................................................................................................... 298term-updates ...................................................................................................... 298timers basic ........................................................................................................ 299trace file .............................................................................................................. 300trace flag ............................................................................................................ 301trusted-gateways ................................................................................................ 302ip rip authentication ............................................................................................ 304ip rip enable ........................................................................................................ 305ip rip metric-in ..................................................................................................... 306ip rip metric-out .................................................................................................. 307ip rip no-receive .................................................................................................. 307ip rip no-send ..................................................................................................... 308ip rip secondary-authentication .......................................................................... 309ip rip version ....................................................................................................... 310


10/494

show ip rip database .......................................................................................... 311Example 3 ...................................................................................................... 312

SNMP Multiplexing (SMUX) .................................................................................. 314SNMP Multiplexing (SMUX) Overview ............................................................... 314smux password .................................................................................................. 314smux port ........................................................................................................... 315smux trace file .................................................................................................... 316smux trace flag ................................................................................................... 316

Distance Vector Multicast Routing Protocol (DVMRP) ..................................... 318Distance Vector Multicast Routing Protocol (DVMRP) Overview ....................... 318ip dvmrp ............................................................................................................. 318ip dvmrp distance ............................................................................................... 319ip dvmrp default-metric ....................................................................................... 320ip dvmrp disable ................................................................................................. 321ip dvmrp metric-offset ......................................................................................... 321ip dvmrp nodvmrpout ......................................................................................... 322ip dvmrp noretransmit ........................................................................................ 323ip dvmrp prune-lifetime ....................................................................................... 324ip dvmrp trace file ............................................................................................... 325ip dvmrp trace flag .............................................................................................. 326ip dvmrp unicast-routing ..................................................................................... 327show ip dvmrp interfaces ................................................................................... 328show ip dvmrp neighbors ................................................................................... 329show ip dvmrp route ........................................................................................... 330tunnel mode dvmrp ............................................................................................ 332

Internet Group Management Protocol (IGMP) .................................................... 334Internet Group Management Protocol (IGMP) Overview ................................... 334clear ip igmp group ............................................................................................. 335ip igmp ................................................................................................................ 336ip igmp ignore-v1-messages .............................................................................. 337ip igmp ignore-v2-messages .............................................................................. 337ip igmp last-member-query-count....................................................................... 338

ip igmp last-member-query-interval .................................................................... 339ip igmp query-interval ......................................................................................... 341ip igmp query-max-response-time ...................................................................... 342ip igmp require-router-alert ................................................................................. 343ip igmp robustness ............................................................................................. 344ip igmp send-router-alert .................................................................................... 345ip igmp startup-query-count................................................................................ 346ip igmp startup-query-interval ............................................................................. 347ip igmp static-group ............................................................................................ 349ip igmp trace file ................................................................................................. 350ip igmp trace flag ................................................................................................ 351ip igmp version ................................................................................................... 352show ip igmp groups .......................................................................................... 353show ip igmp interface ....................................................................................... 357show ip igmp interface-summary........................................................................ 360show ip igmp static-groups ................................................................................. 361

Protocol Independent Multicast (PIM) ................................................................ 362Protocol Independent Multicast (PIM) Overview ................................................ 362ip pim assert-holdtime ........................................................................................ 363ip pim dr-priority ................................................................................................. 364ip pim hello-holdtime .......................................................................................... 365ip pim hello-interval ............................................................................................ 365ip pim jp-holdtime ............................................................................................... 366ip pim jp-interval ................................................................................................. 367ip pim lan-delay .................................................................................................. 368ip pim mrt-interval ............................................................................................... 369ip pim mrt-stale-multiplier ................................................................................... 369


11/494

ip pim override-interval ....................................................................................... 370ip pim triggered-hello-delay ................................................................................ 371show ip pim control-counters ............................................................................. 372show ip pim interface ......................................................................................... 373show ip pim neighbor ......................................................................................... 375Protocol Independent Multicast - Dense Mode (PIM-DM) .................................. 377

Protocol Independent Multicast - Dense Mode (PIM-DM) Overview ............. 377ip pim dense-mode ........................................................................................ 377ip pim graft-retry-interval ................................................................................ 378ip pim require-genid ....................................................................................... 379ip pim source-lifetime ..................................................................................... 380ip pim state-refresh-capable .......................................................................... 380ip pim state-refresh-interval ........................................................................... 381ip pim state-refresh-rate-limit ......................................................................... 382ip pim state-refresh-ttl .................................................................................... 383ip pim dense trace file .................................................................................... 383ip pim dense trace flag .................................................................................. 384show ip pim dense-mode interface-summary ................................................ 386show ip pim dense-mode mrt ........................................................................ 386show ip pim dense-mode mrt-summary ........................................................ 388show ip pim grafts .......................................................................................... 389

Protocol Independent Multicast - Sparse Mode (PIM-SM) ................................. 391Protocol Independent Multicast - Sparse Mode (PIM-SM) Overview ............ 392ip pim associate-msdp ................................................................................... 392ip pim bsr-admin-scope ................................................................................. 393ip pim bsr-border ........................................................................................... 393ip pim bsr-candidate ...................................................................................... 394ip pim bsr-candidate global ............................................................................ 395ip pim bsr-candidate group ............................................................................ 396ip pim bsr-candidate interval .......................................................................... 396ip pim bsr-candidate priority .......................................................................... 397ip pim bsr-holdtime ........................................................................................ 398

ip pim dr-switch-immediate ............................................................................ 398ip pim mrt-spt-multiplier ................................................................................. 399ip pim probe-interval ...................................................................................... 400ip pim register-suppression-timeout .............................................................. 401ip pim rp-address ........................................................................................... 402ip pim rp-candidate ........................................................................................ 402ip pim rp-candidate advertisement-interval .................................................... 403ip pim rp-candidate group .............................................................................. 404ip pim rp-candidate holdtime ......................................................................... 405ip pim rp-candidate priority ............................................................................ 406ip pim rp-switch-immediate ............................................................................ 406ip pim sparse-mode ....................................................................................... 407ip pim threshold ............................................................................................. 408ip pim threshold-dr ......................................................................................... 409ip pim threshold-rp ......................................................................................... 410ip pim trace file .............................................................................................. 411ip pim trace flag ............................................................................................. 412ip pim whole-packet-checksum ..................................................................... 413show ip pim bsr-router ................................................................................... 414show ip pim cbsr ............................................................................................ 415show ip pim rp ............................................................................................... 415show ip pim rp-candidate ............................................................................... 416show ip pim rp-hash ...................................................................................... 416show ip pim sparse-mode join-prune xmit ..................................................... 417show ip pim sparse-mode mrt ....................................................................... 417

Access Lists .......................................................................................................... 420Access Lists Overview ....................................................................................... 420


12/494

access-list .......................................................................................................... 420access-list sequence-number............................................................................. 422ip access-list sequence-number ......................................................................... 423ip access-list standard ........................................................................................ 424permit | deny....................................................................................................... 424show access-list ................................................................................................. 426show ip access-list ............................................................................................. 427

AS Paths and AS Path Lists ................................................................................ 429AS Paths and AS Path Lists Overview ............................................................... 429ip as-path access-list .......................................................................................... 430ip as-path name ................................................................................................. 431show ip as-path-access-list ................................................................................ 432show ip bgp paths .............................................................................................. 433

BGP Communities and Community Lists ........................................................... 435BGP Communities and Community Lists Overview ........................................... 435ip community-list ................................................................................................ 435ip community-set ................................................................................................ 436

Prefix Lists and Prefix Trees ............................................................................... 439Prefix Lists and Prefix Trees Overview .............................................................. 439ip prefix-list ......................................................................................................... 439ip prefix-list sequence-number ........................................................................... 440ip prefix-tree ....................................................................................................... 441show ip prefix-list ................................................................................................ 443show ip prefix-tree .............................................................................................. 444

Route Aggregation and Generation .................................................................... 446Route Aggregation and Generation Overview.................................................... 446aggregate-address ............................................................................................. 446router aggregate ................................................................................................. 450

Route Flap Damping ............................................................................................. 451Route Flap Damping Overview .......................................................................... 451dampen-flap ....................................................................................................... 451keep-history ........................................................................................................ 452

max-flap ............................................................................................................. 453reach-decay ....................................................................................................... 453reach-tick ............................................................................................................ 454reuse-below ........................................................................................................ 455suppress-above .................................................................................................. 456unreach-decay ................................................................................................... 456

Route Maps ........................................................................................................... 458Route Maps Overview ........................................................................................ 459match aggregate-contributors ............................................................................ 459match as ............................................................................................................. 460match as-path .................................................................................................... 460match as-path-list ............................................................................................... 461match community ............................................................................................... 462match community-set ......................................................................................... 463match distance ................................................................................................... 464match extended-community-set ......................................................................... 465match instance ................................................................................................... 466match interface ................................................................................................... 467match ip address access-list .............................................................................. 468match ip address prefix-list ................................................................................ 468match ip address prefix-tree ............................................................................... 469match ip gateway ............................................................................................... 470match ip next-hop ............................................................................................... 471match ip route-source prefix-tree ....................................................................... 472match localpref ................................................................................................... 473match med ......................................................................................................... 473match metric ....................................................................................................... 474


13/494

match metric-type ............................................................................................... 475match protocol .................................................................................................... 475match ribs ........................................................................................................... 476match tag ........................................................................................................... 477route-map ........................................................................................................... 478set as-path prepend ........................................................................................... 479set community-set .............................................................................................. 480set dampen-flap ................................................................................................. 481set ip next-hop .................................................................................................... 481set local-preference ............................................................................................ 482set med .............................................................................................................. 483set metric ............................................................................................................ 484set metric-type .................................................................................................... 485set origin ............................................................................................................. 485set preference .................................................................................................... 486set propagate ..................................................................................................... 487set ribs ................................................................................................................ 488set tag ................................................................................................................ 489

Index ...................................................................................................................... 491


14/494

Page 14

Chapter 1

The Advanced Routing Suite

In This Chapter

Overview of the Advanced Routing Suite CLI 14

About this Guide 14

How CLI Commands are Documented in this Guide 14

Overview of the Advanced Routing SuiteCLIThe Advanced Routing Suite CLI is available as part of the Advanced Networking Software Blade(http://www.checkpoint.com/products/softwareblades/advanced-networking.html).

For organizations looking to implement scalable, fault-tolerant, secure networks, the Advanced Networkingblade enables them to run industry-standard dynamic routing protocols including BGP, OSPF, RIPv1, andRIPv2 on security gateways. OSPF, RIPv1, and RIPv2 enable dynamic routing over a single autonomoussystemlike a single department, company, or service providerto avoid network failures. BGP providesdynamic routing support across more complex networks involving multiple autonomous systemssuch aswhen a company uses two service providers or divides a network into multiple areas with differentadministrators responsible for the performance of each.

Advanced Routing is supported on the Check Point SecurePlatform operating system. For information aboutSecurePlatform, see the R75 SecurePlatform Administration Guide(http://supportcontent.checkpoint.com/documentation_download?ID=11666 ).

The Advanced Routing Suite CLI accepts user entered text commands and sends them to AdvancedRouting Suite. These commands can encode a configuration change as well as queries for configurationinformation and dynamic protocol state.

About this GuideThis guide describes the basic, protocol-independent functionality of the Advanced Routing Suite Command

Line Interface (CLI), including command-line completion, logging, and history.

Advanced Routing Suite commands are listed alphabetically within protocol sections. For example, if youare looking for the query-authentication command in RIP, look in the Routing Information Protocol(RIP) (on page279) chapter, then look for the command under the letter A. You can also use the Index toquickly search for a command.

How CLI Commands are Documented inthis Guide

Most chapters in this guide consist of the following sections:

Overview of ... (one per chapter)

Name
http://www.checkpoint.com/products/softwareblades/advanced-networking.htmlhttp://www.checkpoint.com/products/softwareblades/advanced-networking.htmlhttp://www.checkpoint.com/products/softwareblades/advanced-networking.htmlhttp://supportcontent.checkpoint.com/documentation_download?ID=11666http://supportcontent.checkpoint.com/documentation_download?ID=11666http://supportcontent.checkpoint.com/documentation_download?ID=11666http://supportcontent.checkpoint.com/documentation_download?ID=11666http://www.checkpoint.com/products/softwareblades/advanced-networking.html


15/494

How CLI Commands are Documented in this Guide

The Advanced Routing Suite Page 15

Syntax

Mode

Parameters

Description

Default

Command History

Examples

See Also

OverviewEach chapter includes an Overview section. In most cases, this section describes a protocol or policy.Unlike the remaining sections, each chapter includes only one Overview section.

NameThe Name section lists the name and a short description of the command. For example, the key commandin RIP:

key - sets a RIP MD5 key

SyntaxThe Syntax section lists the valid syntax configuration, including the no configuration (where applicable). Forexample, configure the IGMP robustness to be 4 using the following syntax:

ip igmp robustness 4

Notation for parameters

In this manual, the allowed values for each parameter are listed similar to below:

Parameter: [ max-size size [ k | m ] ] ?

Parameter: address-family [ ipv4 | ipv6 ] {0,2}

The words in italics are user-entered commands that must be typed exactly as shown. The words in italicsgive a type of value. Some common types are size, time, or interface-name.

A pipe in a syntax (|) separates alternatives: one of them must occur. A double pipe (A || B) means that

either A or B or both must occur, in any order. Brackets ([]) are for grouping. Juxtaposition is stronger than

the double bar, and the double bar is stronger than the bar. Thus "a b | c || d e" is equivalent to "[ a

b ] | [ c || [ d e ]]".

A pair of numbers in curly braces ({A,B}) indicates that the preceding type, word or group is repeated atleast A and at most B times.

Note: A question mark (?) indicates that the preceding type, word or group is optional.

Therefore, in the preceding example, specifying a max-size is optional. However, if you do specify a max-

size, you must enter a value for the sizeand specify either k or m.

ModeThe Mode section shows the modes in which the command is valid. Some commands are valid in multiplemodes. For those, the Description section details how the affects of those configurations differ in AdvancedRouting Suite.


16/494

How CLI Commands are Documented in this Guide

The Advanced Routing Suite Page 16

ParametersThe Parameters section lists the information that is accepted in the referenced configuration. It includes adescription of what sort of parameter Advanced Routing Suite expects (for example, the number of secondsfor a query), and the range of values Advanced Routing Suite expects. (For example, the startup-queryinterval in IGMP accepts a value between 0 and 31744.)

Note: If the parameter is a value that is user-define, such as a time or a name, then the parameter is

displayed in italics (for example, timeor value). If the parameter is one of several predetermined options,such as version 1, 2, or 3 in IGMP, then that parameter is displayed in bold courier new format (for example,version 3).

DescriptionThe Description section includes a detailed description of the configuration.

DefaultThe Default section includes the default value(s) of the command and its content.

Command HistoryThe Command History section indicates when the command was first introduced. It can also indicatewhether the command, its defaults, or any of its parameters have changed.

ExamplesThe Examples section lists valid configurations for a specified command.

See AlsoSome commands will include a relevant See Also section. The See Also section lists other commands orsections of this guidethat might be useful. In addition, other publicly available documents, such as RFCs,may be listed here.


17/494

Page 17

Chapter 2

Using the Advanced Routing SuiteCLI

In This Chapter

Starting the Advanced Routing Suite CLI 17

Basic Features 19

CLI Modes 21

CLI Behavior Commands 23

Querying the Advanced Routing Suite CLI 32General Concepts 39

Starting the Advanced Routing Suite CLIBe sure no other users are connected to Advanced Routing Suite. With Advanced Routing Suite installedproperly and running:

1. Enter the SecurePlatform expert mode.

2. Type pro enable at the prompt and press Enter.

3. Reboot.4. Type router at the prompt and press Enter.

This begins your CLI session in User Execution mode.

The Advanced Routing Suite CLI can be started with several additional command line options. Theseoptions include the following:

-p

-f

-l

-a

-s

Note - If the CLI is given an invalid command line option, then it printsout a list of valid options, arguments for those options with a shortdescription of each, then exits without connecting to AdvancedRouting Suite.

The -p option-p

The -p option specifies the port on which Advanced Routing Suite's XML subsystem is listening. The

argument to this option must be a valid port number. If the -p option is not specified, then the CLI assumesthat Advanced Routing Suite's XML subsystem is listening on port 4242.


18/494

Starting the Advanced Routing Suite CLI

Using the Advanced Routing Suite CLI Page 18

The -f option-f

The -f option specifies a file from which CLI commands are to be read after the CLI has initialized.

The -e option-e [ ( s || c || e || w || d || i ) | 0 | all ]The -e option specifies the event class or classes that the CLI will log. The arguments have the followingmeanings:

s - Trace security events

c - Trace user-typed commands

e - Trace errors

w - Trace internal warnings and errors

d - Trace debugging events

i - Trace informational events

0 - Trace no events

all - Trace all event sets

Default

If the -e option is not specified, it is the same as if -e wg were specified.

The -a option-a [ o | a | m ]

The -a option specifies the action to take if you want a log file, and a cli.log file already exists in thelocation specified by the -l option. Available arguments include the following:

o - Overwrite the existing cli.log file

a - Append to the existing cli.log file

m - Move the existing cli.log file to cli.log.x, where x is the next highest integer among the other filesnamed cli.log.* in the logging directory.

Default

If -a is not specified, then it is as if -a a were specified.

The -s option-s [k | m]

The -s option specifies the maximum size of the CLI log in either kilobytes or megabytes. The action to take

when the current log's maximum size is reached is determined by the -a option.

Default

If the -s option is not specified, then it is as if -s 5m were specified.


19/494

Basic Features


Basic FeaturesBasic features of the Advanced Routing Suite CLI include the following:

Command Tokens

Command Line Completion

Moving About the Command Line

Context-Sensitive Help

Command History

Disabling/Enabling CLI Logging

Aborting an Executing Command

Exiting the CLI

Command TokensThe Advanced Routing Suite CLI command strings are composed of space-delimited tokens. The maximumnumber of tokens permitted per line is 32. After a full command line is typed, the Enter key sends the line tothe CLI for processing. The CLI is case insensitive.

Command Line CompletionThe max number of characters per line is 1024. At any point when typing a command line, you can hit theTab key to either complete the current command token or show a list of possible completions. Consider thefollowing command structure as an example:

abc| |

--------

| |bar groove| |

-------| |par-name1 par-name2

| |number number

The valid complete command strings are the following:

abc groove

abc bar par-name1 [number]

abc bar par-name2 [number]With command line completion, when you type

ab

the command will be completed as abc on the same line because no other legal token begins with "ab".

When you type

abc bar

the CLI will display the tokens that can followbar on a separate line, then re-display your typed line as

shown below. Note that "routerz>" is the Advanced Routing Suite CLI prompt, with "routerz" being thename of the machine on which Advanced Routing Suite is running.

routerz> abc bar par-name1 par-name2routerz> abc bar


20/494

Basic Features


Note - The space between "bar" and is required for the legaltoken list to display.

Valid commands are not required to be composed of complete tokens. Only a token's smallest uniqueabbreviation is required. For example, the following two command strings are equivalent:

abc bar par-name1 20

a b par-name1 20If the abbreviation is not unique, the CLI will respond with an "Invalid command" error.

Moving About the Command LineThe curser does not need to be at the end of a command line before hitting the Enter key. In the examplesbelow, the underscore indicates the position of the curser.

routerz> abc bat bas_

If, in the example above, you intended to type "abc bar bas", move the left arrow key back to the spacefollowing "bat", delete the "t", and type "r".

routerz> abc bar_bas

With the curser still just right of the "r", you can still hit the ENTER key, and the complete line will be given tothe CLI for processing.

Context-Sensitive HelpType "?" immediately after any token to obtain context-sensitive help about the last command that youtyped. For example requesting help immediately after typing "router" shows you that the command entersrouter mode:

(config)#router?

router Enter router modeType "?" followed by a space after any set of tokens to obtain a list of options that can be used in thecommand. For example, if you type the following:

(config)# router ?

the CLI will respond with the following:

aggregate Configure Aggregate/Generate routesbgp Configure BGPicmp Configure ICMPospf Configure OSPFrip Configure RIP

(config)# router

If "router" was not a valid sequence of tokens (or, if it was misspelled), then the CLI would respond withan "Error completing word" error.

Note - Because the "?" special character is used for Help, it cannot beincluded in any character string. In other words, a "?" cannot be usedwhen configuring a route map name, a prefix list name, and so on.Doing so will display Help for the command, as shown in the examplebelow.

(config)#access-list an?

Name of an access list


21/494

CLI Modes


HistoryAll commands entered during a CLI session are saved in a command history. The command history can beviewed and with short-hand "!" commands. The history can be toggled on and off.

Disabling/Enabling CLI TracingThe CLI provides a flexible tracing mechanism. Events to be traced are divided into several classes, each ofwhich can be traced individually. Classes can be traced to any or all three of the following locations: theterminal, a file, or the underlying system's tracing system (i.e., syslog).

Aborting an Executing CommandIt may sometimes be desirable to abort a query that generates a lot of output. Typing Ctrl+C generates suchan abort signal and flushes any queued input.

Screen PagingIf a response to a command contains more lines than provided by the command line window, then the word"more" appears at the bottom of the screen to indicate that not all lines have been displayed. Press theSpace bar to display more lines. To stop viewing the output and return to the command line prompt, pressany other key.

Exiting the CLIChanges are saved as soon as you hit "Enter" after a command. Use the "quit" command to exit the CLI.

CLI ModesThe Advanced Routing Suite CLI has the following five modes:

User Execution

Privileged Execution

Global Configuration

Router Configuration

Interface Configuration

The current mode is easily discerned by examining the current command line prompt. The CLI promptalways indicates the current mode. The modes and prompts are described in the sections that follow.

User Execution M odeUser Execution mode is the default mode that the CLI assumes when it begins execution. In User Executionmode, the prompt is ">".

Note - If the CLI is started with the "-f " parameter(see The -f option on page18for more information), then thecommands contained in cmd_fname could leave the CLI in somethingother than User Execution mode when command-line entry control isturned over to the user.

Within User Execution mode, the following actions are allowed:

Querying of Advanced Routing Suite configuration state

Querying of dynamic protocol state (for example, the number of OSPF neighbors)


22/494

CLI Modes


Modification of various CLI options, such as command history length, CLI events to trace, and so on.

Privileged Execution M odePrivileged Execution mode allows for "privileged" commands. In Privileged Execution mode, the prompt is"#". This mode is password protected and is entered using enable as follows:

routerz> enablePassword: [password]routerz#

Note - The CLI allows three attempts at the "Password:" prompt

before returning to the ">" prompt.

Use the disable command to leave Privileged Execution mode and return to User Execution mode.

Global Configuration M odeGlobal Configuration mode is used to change the configuration of Advanced Routing Suite. From this mode,you can stop and start protocols and set protocol-specific parameters. This mode can only be entered fromPrivileged Execution mode with the configure terminal command. When this mode is entered, the

prompt changes to "(config)#" as shown below.

routerz> enablePassword: [password]routerz# configure terminalrouterz(config)#

Unless otherwise noted, configuration changes that are entered in this mode are made immediately uponhitting Enter.

To exit Global Configuration mode and return to Privileged Execution mode, use the "exit" or "end"command or type "Ctrl+Z". All three are synonymous.

routerz(config)# endrouterz#

Router Configuration ModeRouter Configuration mode is used to change the protocol state on a specific router. This mode is enteredby typing the following at the (config)# prompt:

router protocol_name

For example, type the following to enter Router Configuration mode for the ICMP protocol:

routerz(config)# router icmprouterz(config-icmp)#

The prompt changes to "(config-[protocol_name])# " in Router Configuration mode. To exit Router

Configuration mode and return to Global Configuration mode, use the "exit" command.

routerz(config-icmp)# exitrouterz(config)#

Interface Configuration M odeInterface Configuration mode is used to change protocol state on a specific interface. This mode is enteredby typing the following at the (config)# prompt:

interface [ if-type if-number | if-name ]

For example, type the following to enter Interface Configuration mode for the physical interface named ppp-interface-0:

routerz(config)# interface ppp-interface-0routerz(config-if)#


23/494

CLI Behavior Commands


The prompt changes to "(config-if)#" in Interface Configuration mode. To exit Interface Configuration modeand return to Global Configuration mode, use the "exit" command.

routerz(config-if)# exitrouterz(config)#

CLI Behavior CommandsThe section describes the commands that control the CLI behavior, as opposed to commands that controlAdvanced Routing Suite behavior.

configure file

Syntax

configure file [filename | replace filename]

ModePrivileged Execution

Parameters

filename - the name and/or path of the configure file

replace filename - specifies to replace the current configuration file with the specified filename

Description

The configure file command is used to enter an atomic batch mode, where configuration commandsare read from the named file or replace with the named file. If any errors are encountered during processingof the named file, then the router's configuration is left unchanged. The filename argument to file can

be either a fully or partially qualified name. A fully qualified file name begins with "/" and gives the complete

path to the file in addition to the file name. A partially qualified file name does not begin with"/" and mayindicate path information in addition to the file name. If path information is given, it is interpreted with respectto the CLI's working directory.

Examples

In the following example, configuration commands are read from the file, /etc/routerz.cfg.

routerz# configure file /etc/routerz.cfgrouterz#

configure terminal

Syntax

configure terminal

Mode

Privileged Execution Mode


24/494



Description

Use the configure terminal command in Privileged Execution mode to enter Global Configuration

mode and change the router's configuration. This command takes one of two parameters. The "#" prompt

changes to "(config)#" to indicate the changed mode. Use the "end" command to leave GlobalConfiguration mode.

ExamplesIn the following example, configuration commands are entered from the terminal.

routerz# configure terminalrouterz(config)# terminal history size 1024routerz(config)# endrouterz#

disable

Syntax

disable

Mode

Privileged Execution

Description

Use the disable command to leave Privileged Execution Mode and re-enter User Execution mode.

Examplesrouterz# disablerouterz>

enable

Syntax

enable

ModeUser Execution

Description

Use the enable command to enter Privileged Execution mode from User Execution mode. The # promptindicates that the current mode is Privileged Execution mode.

Note - A password is required to enter Privileged Execution mode.


25/494



Example

CP R75 AdvancedRoutingSuite CLI ReferenceGuide

Documents

Transcript of CP R75 AdvancedRoutingSuite CLI ReferenceGuide