-
Cisco IOS IP Routing: LISP Command Reference
-
LISP Clear Commands
-
LISP Debug Commands
-
LISP DDT Configuration Commands
-
LISP Global Configuration Commands
-
LISP Interface Configuration Commands
-
LISP-Related Configuration Commands
-
LISP Router Configuration Commands
-
LISP Router IPv4 Configuration Commands
-
LISP Router IPv6 Configuration Commands
-
LISP Site Configuration Commands
-
LISP Show Commands
-
LISP VM-Mobility Commands
-
Index
-
Feedback
Contents
LISP Site Configuration Commands
- site
- allowed-locator (LISP site)
- authentication-key (LISP site)
- description (LISP site)
- eid-prefix (LISP site)
site
To configure a Locator/ID Separation Protocol (LISP) site and enter LISP site configuration mode on a LISP map server, use the site command in LISP configuration mode. To remove the reference to a LISP site, use the no form of this command.
Command History
Release
Modification
15.1(1)XB2
This command was introduced.
Cisco IOS XE Release 2.5.1XB
This command was integrated into Cisco IOS XE Release 2.5.1XB
Cisco IOS XE Release 3.3.0S
This command was modified. Support for this command was removed at the global configuration level and added for LISP configuration mode. Also, the lisp keyword was removed from the command syntax.
15.1(4)M
This command was modified. Support for this command was removed at the global configuration level and added for LISP configuration mode. Also, the lisp keyword was removed from the command syntax.
Usage Guidelines
Before a LISP Egress Tunnel Router (ETR) registers with a map server, the map server must already be configured with certain LISP site attributes that match those of the ETR. At a minimum, this includes the endpoint identifier (EID) prefixes to be registered by the ETR and a shared authentication key. On the ETR, these attributes are configured using the database-mapping, ipv4 etr map-server, and ipv6 etr map-server commands.
When the site command is entered, the referenced LISP site is created and the router is placed in the site configuration mode. In this mode, all attributes associated with the referenced LISP site can be entered.
Examples
The following example shows how to configure a LISP site named ‘Customer-1’ and enters LISP site configuration mode.
Router(config)# router lisp Router(config-router-lisp)# site Customer-1Related Commands
Command
Description
database-mapping
Configures an IPv4 or IPv6 EID-to-RLOC mapping relationship and its associated traffic policy.
ipv4 etr map-server
Configures the IPv4 or IPv6 locator address of the LISP map server to which an ETR should register for its IPv4 EID prefixes.
ipv6 etr map- server
Configures the IPv4 or IPv6 locator address of the LISP map server to which an ETR should register for its IPv6 EID prefixes.
allowed-locator (LISP site)
To configure a list of locators to be verified in a map-register message sent by an Egress Tunnel Router (ETR) when registering to the map server, use the allowed-locator command in Locator/ID Separation Protocol (LISP) site configuration mode. To remove locators from the list, use the no form of this command.
Command Default
By default, allowable locators are not defined and the map server will accept any locators.
Command History
Release
Modification
15.1(1)XB2
This command was introduced.
Cisco IOS XE Release 2.5.1XB
This command was integrated into Cisco IOS XE Release 2.5.1XB
Cisco IOS XE Release 3.3.0S
This command was integrated into Cisco IOS XE Release 3.3.0S.
15.1(4)M
This command was integrated into Cisco IOS Release 15.1(4)M.
Usage Guidelines
When a LISP ETR registers with a map server, it sends a map-register message that contains one or more endpoint identifier (EID) prefixes and routing locators that the ETR is configured to use. After verifying the authentication data, the map server checks the presented EID-prefixes against those configured on the map server. If they agree, the map register is accepted and the ETR registration is completed.
The map server default behavior can be further constrained such that the ETR can register only using specific routing locators. To enable this functionality, configure the allowed-locator command in LISP site configuration mode. When the allowed-locator command is used, the map-register message from the ETR must contain the same locators that are listed in the map server LISP site configuration. If the list in the map register does not match the one configured on the map server, the map-register message is not accepted and the ETR is not registered. Up to four IPv4 or IPv6 routing locators (total) can be configured.
NoteWhen the allowed-locator command is configured, all locators listed on the map server within the LISP site configuration must also appear in the Map-Register message sent by the ETR for it to be accepted.
Examples
The following example shows how to configure the LISP site named Customer-1 and then enter LISP site command mode. The IPv4 address 172.16.1.1 and the IPv6 address 2001:db8:bb::1 are configured as allowable locators for the LISP site Customer-1:
Router(config-router-lisp)# site Customer-1 Router(config-router-lisp-site)# allowed-locator 172.16.1.1 Router(config-router-lisp-site)# allowed-locator 2001:db8:bb::1authentication-key (LISP site)
To configure the password used to create the SHA-1 HMAC hash for authenticating the map-register message sent by an Egress Tunnel Router (ETR) when registering to the map server, use the authentication-key command in Locator/ID Separation Protocol (LISP) site configuration mode. To remove the password, use the no form of this command.
Syntax Description
0
The key type that indicates that the following SHA-1 password is encoded using a cleartext password.
6
The key type that indicates that the following SHA-1 password is encoded using an AES encrypted key.
7
The key type that indicates that the following SHA-1 password is encoded using a Cisco-encrypted key.
password
The password used to create the SHA-1 HMAC hash when authenticating the map-register message sent by the ETR.
Command History
Release
Modification
15.1(1)XB2
This command was introduced.
Cisco IOS XE Release 2.5.1XB
This command was integrated into Cisco IOS XE Release 2.5.1XB
Cisco IOS XE Release 3.3.0S
This command was integrated into Cisco IOS XE Release 3.3.0S
15.1(4)M
This command was integrated into Cisco IOS Release 15.1(4)M.
Usage Guidelines
Before a LISP ETR registers with a map server, the map server must already be configured with certain LISP site attributes that match those of the ETR, including a shared password that is used to create the SHA-1 HMAC hash that the map server uses to validate the authentication data presented in the Map-Register message. On the ETR, this password is configured with the [ip|ipv6] lisp etr map-server command.
On the map-server, the password is configured as part of the LISP site configuration process. To enter the LISP site password, configure the authentication-key command in LISP site configuration mode. The SHA-1 HMAC password may be entered in unencrypted (cleartext) form or encrypted form. To enter an unencrypted password, specify a key-type value of 0. To enter an AES-encrypted password, specify a key-type value of 6. To enter a Cisco-encrypted password, specify a key-type value of 7.
Caution
Map server authentication keys entered in cleartext form will remain in cleartext form and be displayed in the configuration in cleartext form unless the Cisco IOS Encrypted Preshared Key feature is enabled. The Encrypted Preshared Key feature allows you to securely store plaintext passwords in type 6 (AES encryption) format in NVRAM. To enable this feature, use the key config-key password-encryption and password encryption aescommands. For additional information on the Encrypted Preshared Key feature and its usage see: http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801f2336.shtml .
Caution
If you enable the Encrypted Preshared Key feature and then remove it, all type 6 encrypted keys immediately become unusable because the master key is deleted—type 6 passwords cannot be unencrypted and used by the router. A warning message displays that details this and confirms the master key deletion.
NoteThe map server and ETR must be configured with matching passwords for the map-registration process to successfully complete. When a LISP site successfully completes the map-registration process, its attributes will be displayed by the show lisp site command. If the map-registration process is unsuccessful, the site will not be display.
Examples
The following example shows how to configure the LISP site named ‘Customer-1’ and enter the LISP site configuration mode. The shared password s0m3-s3cr3t-k3y is then entered in cleartext form:
Router(config)# router lisp Router(config-router-lisp)# site Customer-1 Router(config-router-lisp-site)# authentication-key 0 s0m3-s3cr3t-k3yRelated Commands
Command
Description
ipv4 etr map-server
Configures the IPv4 or IPv6 locator address of the LISP map server to which an ETR should register for its IPv4 EID prefixes.
ipv6 etr map-server
Configures the IPv4 or IPv6 locator address of the LISP map server to which an ETR should register for its IPv6 EID prefixes.
key config-key password-encryption
Enables storage of a type 6 encryption key in private NVRAM.
password encryption aes
Enables a type 6 encrypted preshared key.
show lisp site
Displays registered LISP sites on a map server.
site
Configures a LISP site and enter LISP site configuration mode on a map server.
description (LISP site)
To configure a description for a Locator/ID Separation Protocol (LISP) site, use the description command in LISP site configuration mode. To remove the description for a LISP site, use the no form of this command.
Command History
Release
Modification
15.1(1)XB2
This command was introduced.
Cisco IOS XE Release 2.5.1XB
This command was integrated into Cisco IOS XE Release 2.5.1XB
Cisco IOS XE Release 3.3.0S
This command was integrated into Cisco IOS XE Release 3.3.0S
.15.1(4)M
This command was integrated into Cisco IOS Release 15.1(4)M.
Usage Guidelines
When you enter the site command in a map server, the router enters LISP site configuration mode. In this mode, you can associate a description with the referenced LISP site using the description command. This description is displayed in the output of the show lisp site command.
Examples
The following example shows how to configure the LISP site named ‘Customer-1’ and enter LISP site configuration mode. The description string for Customer-1 is then entered:
Router(config)# router lisp Router(config-router-lisp)# site Customer-1 Router(config-router-lisp-site)# description Customer-1 Site Informationeid-prefix (LISP site)
To configure a list of endpoint identifier (EID) prefixes that are allowed in a Map-Register message sent by an Egress Tunnel Router (ETR) when registering to the map server, use the eid-prefix command in Locator/ID Separation Protocol (LISP) site configuration mode. To remove the locators, use the no form of this command.
eid-prefix EID-prefix [ route-tag tag ] [ accept-more-specifics ]
no eid-prefix EID-prefix [ route-tag tag ]
Command History
Release
Modification
15.1(1)XB2
This command was introduced.
Cisco IOS XE Release 2.5.1XB
This command was integrated into Cisco IOS XE Release 2.5.1XB.
Cisco IOS XE Release 3.3.0S
This command was integrated into Cisco IOS XE Release 3.3.0S.
15.1(4)M
This command was integrated into Cisco IOS Release 15.1(4)M.
Usage Guidelines
When a LISP ETR registers with a map server, it sends a map-register message that contains, among other things, one or more EID prefixes that the ETR is configured to use. On the ETR, EID prefixes are configured using the database-mapping command. To configure these EID prefixes on the map server, use the eid-prefix command in LISP site configuration mode.
The same EID prefixes must be configured on the map server and the ETR in order for the ETR to be registered, and for these EID prefixes to be advertised by LISP. After verifying the authentication data, the map server compares the EID prefixes within the map-register message against those configured on the map server for the LISP site. If they agree, the map register is accepted and the ETR registration is completed. If the EID-prefixes in the Map-Register message do not match those configured on the map server, the map-register message is not accepted and the ETR is not registered.
Note
A map-register message sent by an ETR contains all of the EID prefixes that the ETR is authoritative for. All of these EID prefixes must be listed on the map server within the LISP site configuration for the map-register message sent by the ETR to be accepted. If the list in the map register does not match the one configured on the map server, the map-register message is not accepted and the ETR is not registered.
When a LISP site successfully completes the map-registration process, its attributes can be displayed by the show lisp site command. If the map-registration process is unsuccessful, the site will not be displayed.
When the route-tag keyword is used, a tag value is associated with the EID prefix being configured. This tag value may be useful for simplifying processes that populate the routing information base (RIB). For example, a route-map policy can be defined to match this tag for Border Gateway Protocol (BGP) redistribution of these EID prefixes into the virtual routing and forwarding (VRF) used by the LISP Alternative Logical Topology (ALT).
Examples
The following example shows how to configure the IPv4 EID-prefix 192.168.1.0/24 and the IPv6 EID-prefix 2001:db8:aa::/48, each with the route-tag 123, for the LISP site Customer-1:
Router(config)# router lisp Router(config-router-lisp)# site Customer-1 Router(config-router-lisp-site)# eid-prefix 192.168.1.0/24 route-tag 123 Router(config-router-lisp-site)# eid-prefix 2001:db8:aa::/48 route-tag 123Related Commands
Command
Description
database-mapping
Configures an IPv6 EID-to-RLOC mapping relationship and its associated traffic policy.
ipv4 etr map-server
Configures the IPv4 or IPv6 locator address of the LISP Map-Server to which an ETR should register for its IPv4 EID prefixes.
ipv6 etr map-server
Configures the IPv4 or IPv6 locator address of the LISP Map-Server to which an ETR should register for its IPv6 EID prefixes.
show lisp site
site
Configures a LISP site and enters LISP site configuration mode on a Map-Server.
