Feedback
Contents
radius attribute nas-port-type through rd
- radius-server attribute nas-port format
- radius-server configure-nas
- radius-server dead-criteria
- radius-server load-balance
- radius-server vsa send
- rd
radius-server attribute nas-port format
To set the NAS-Port format used for RADIUS accounting features and restore the default NAS-port format, or to set the global attribute 61 session format e string or configure a specific service port type for attribute 61 support, use the radius-server attribute nas-port format command in global configuration mode. To stop sending attribute 61 to the RADIUS server, use the no form of this command.
NAS-Port for RADIUS Accounting Features and Restoring Default NAS-Port Format
radius-server attribute nas-port format format
no radius-server attribute nas-port format format
Extended NAS-Port Support
radius-server attribute nas-port format format [string] [ type nas-port-type ]
no radius-server attribute nas-port format format [string] [ type nas-port-type ]
Syntax Description
Command Default
Standard NAS-Port format for NAS-Port for RADIUS accounting features and restoring default NAS-Port format or extended NAS-Port support.
Command History
Release
Modification
11.3(7)T
This command was introduced.
11.3(9)DB
The PPP extended NAS-Port format was added.
12.1(5)T
The PPP extended NAS-Port format was expanded to support PPPoE over ATM and PPPoE over IEEE 802.1Q VLANs.
12.2(4)T
Format e was introduced.
12.2(11)T
Format e was extended to support PPPoX information.
12.3(3)
Format e was extended to support Session ID U.
12.3(7)XI1
Format e was extended to allow the format string to be NAS-Port-Type attribute specific. The following keyword and arguments were added: string, type nas-port-type.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.(33)SRA.
12.2SX
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
12.2(33)SRC
This command was integrated into Cisco IOS Release 12.2(33)SRC.
Usage Guidelines
The radius-server attribute nas-port format command configures RADIUS to change the size and format of the NAS-Port attribute field (RADIUS IETF attribute 5).
The following NAS-Port formats are supported:
- Standard NAS-Port format--This 16-bit NAS-Port format indicates the type, port, and channel of the controlling interface. This is the default format used by Cisco IOS software.
- Extended NAS-Port format--The standard NAS-Port attribute field is expanded to 32 bits. The upper 16 bits of the NAS-Port attribute display the type and number of the controlling interface; the lower 16 bits indicate the interface that is undergoing authentication.
- Shelf-slot NAS-Port format--This 16-bit NAS-Port format supports expanded hardware models requiring shelf and slot entries.
- PPP extended NAS-Port format--This NAS-Port format uses 32 bits to indicate the interface, virtual path identifier (VPI), and virtual channel indicator (VCI) for PPPoA and PPPoEoA, and the interface and VLAN ID for PPPoE over Institute of Electrical and Electronic Engineers (IEEE) standard 802.1Q VLANs.
Format e
Before Cisco IOS Release 12.2(4)T formats a through c did not work with Cisco platforms such as the AS5400. For this reason, a configurable format e was developed. Format e requires you to explicitly define the usage of the 32 bits of attribute 25 (NAS-Port). The usage is defined with a given parser character for each NAS-Port field of interest for a given bit field. By configuring a single character in a row, such as x, only one bit is assigned to store that given value. Additional characters of the same type, such as x, will provide a larger available range of values to be stored. The table belowshows how the ranges may be expanded:
It is imperative that you know what the valid range is for a given parameter on a platform that you want to support. The Cisco IOS RADIUS client will bitmask the determined value to the maximum permissible value on the basis of configuration. Therefore, if one has a parameter that turns out to have a value of 8, but only 3 bits (xxx) are configured, 8 and 0x7 will give a result of 0. Therefore, you must always configure a sufficient number of bits to capture the value required correctly. Care must be taken to ensure that format e is configured to properly work for all NAS port types within your network environment.
The table below shows the supported parameters and their characters:
Table 2 Supported Parameters and Characters Supported Parameters
Characters
Zero
0 (always sets a 0 to that bit)
One
1 (always sets a 0 to that bit)
DS0 shelf
f
DS0 slot
s
DS0 adaptor
a
DS0 port
p (physical port)
DS0 subinterface
i
DS0 channel
c
Async shelf
F
Async slot
S
Async port
P
Async line
L (modern line number, that is, physical terminal [TTY] number)
PPPoX slot
S
PPPoX adaptor
A
PPPoX port
P
PPPoX VLAN ID
V
PPPoX VPI
I
PPPoX VCI
C
Session ID
U
All 32 bits that represent the NAS-Port must be set to one of the above characters because this format makes no assumptions for empty fields.
Access Router
The DS0 port on a T1-based card and on a T3-based card will give different results. On T1-based cards, the physical port is equal to the virtual port (because these are the same). So, p and d will give the same information for a T1 card. However, on a T3 system, the port will give you the physical port number (because there can be more than one T3 card for a given platform). As such, d will give you the virtual T1 line (as per configuration on a T3 controller). On a T3 system, p and d will be different, and one should capture both to properly identify the physical device. As a working example for the Cisco AS5400, the following configuration is recommended:
Router (config)# radius-server attribute nas-port format e SSSSPPPPPPPPPsssspppppcccccThis will give one an asynchronous slot (0-16), asynchronous port (0-512), DS0 slot (0-16), DS0 physical port (0-32), DS0 virtual port (0-32), and channel (0-32). The parser has been implemented to explicitly require 32-bit support, or it will fail.
Finally, format e is supported for channel-associated signaling (CAS), PRI, and BRI-based interfaces.
NoteThis command replaces the radius-server attribute nas-port extended command.
Extended NAS-Port-Type Attribute Support
This command allows you to configure a specific service port type for extended attribute 61 support which overrides the default global setting.
Examples
In the following example, a RADIUS server is identified, and the NAS-Port field is set to the PPP extended format:
radius-server host 192.0.2.96 auth-port 1645 acct-port 1646 radius-server attribute nas-port format dThe following example shows how to configure global support for extended NAS-Port-Type ports and how to specify two separate format e strings globally for two different types of ports:
- type 30 (which is PPPoA)
- type 33 which is (PPPoEoVLAN)
Router# configure terminal Router(config)# Router(config)# radius-server attribute 61 extended Router(config)# radius-server attribute nas-port format e SSSSAPPPUUUUUUUUUUUUUUUUUUUUUUUU Router(config)# radius-server attribute nas-port format e SSSSAPPPIIIIIIIICCCCCCCCCCCCCCCC type 30 Router(config)# Router(config)# radius-server attribute nas-port format e SSSSAPPPVVVVVVVVVVVVVVVVVVVVVVVV type 33Related Commands
Command
Description
radius attribute nas-port-type
Configures subinterfaces such as Ethernet, vLANs, stacked VLAN (Q-in-Q), virtual circuit (VC), and VC ranges.
radius-server attribute 61 extended
Enables extended, non-RFC-compliant NAS-Port-Type attribute (RADIUS attribute 61).
vpdn aaa attribute
Enables the LNS to send PPP extended NAS-Port format values to the RADIUS server for accounting.
radius-server configure-nas
To have the Cisco router or access server query the vendor-proprietary RADIUS server for the static routes and IP pool definitions used throughout its domain when the device starts up, use the radius-server configure-nas command in global configuration mode. To discontinue the query of the RADIUS server, use the no form of this command.
Command History
Release
Modification
11.3
This command was introduced.
12.2(33)SRA
This command was integrated into Cisco IOS release 12.(33)SRA.
12.2SX
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
Usage Guidelines
Use the radius-server configure-nas command to have the Cisco router query the vendor-proprietary RADIUS server for static routes and IP pool definitions when the router first starts up. Some vendor-proprietary implementations of RADIUS let the user define static routes and IP pool definitions on the RADIUS server instead of on each individual network access server in the network. As each network access server starts up, it queries the RADIUS server for static route and IP pool information. This command enables the Cisco router to obtain static routes and IP pool definition information from the RADIUS server.
NoteBecause the radius-server configure-nas command is performed when the Cisco router starts up, it will not take effect until you issue a copy system:running-config nvram:startup-config command.
radius-server dead-criteria
To force one or both of the criteria--used to mark a RADIUS server as dead--to be the indicated constant, use the radius-server dead-criteria command in global configuration mode. To disable the criteria that were set, use the no form of this command.
radius-server dead-criteria [ time seconds ] [ tries number-of-tries ]
no radius-server dead-criteria [ time seconds | tries number-of-tries ]
Syntax Description
Command Default
The number of seconds and number of consecutive timeouts that occur before the RADIUS server is marked as dead will vary, depending on the transaction rate of the server and the number of configured retransmissions.
Command History
Release
Modification
12.2(15)T
This command was introduced.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2SX
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
Usage Guidelines
NoteBoth the time criterion and the tries criterion must be met for the server to be marked as dead.
The no form of this command has the following cases:
- If neither the seconds nor the number-of-tries argument is specified with the no radius-server dead-criteriacommand, both time and tries will be reset to their defaults.
- If the seconds argument is specified using the originally set value, the time will be reset to the default value range (10 to 60).
- If the number-of-tries argument is specified using the originally set value, the number of tries will be reset to the default value range (10 to 100).
Examples
The following example shows how to configure the router so that it will be considered dead after 5 seconds and 4 tries:
Router (config)# radius-server dead-criteria time 5 tries 4The following example shows how to disable the time and number-of-tries criteria that were set for the radius-server dead-criteria command.
Router (config)# no radius-server dead-criteriaThe following example shows how to disable the time criterion that was set for the radius-server dead-criteria command.
Router (config)# no radius-server dead-criteria time 5The following example shows how to disable the number-of-tries criterion that was set for the radius-server dead-criteria command.
Router (config)# no radius-server dead-criteria tries 4Related Commands
Command
Description
debug aaa dead-criteria transactions
Displays AAA dead-criteria transaction values.
show aaa dead-criteria
Displays dead-criteria information for a AAA server.
show aaa server-private
Displays the status of all private RADIUS servers.
show aaa servers
Displays information about the number of packets sent to and received from AAA servers.
radius-server load-balance
To enable RADIUS server load balancing for the global RADIUS server group referred to as “radius” in the authentication, authorization and accounting (AAA) method lists, use the radius-server load-balance command in global configuration mode. To disable RADIUS server load balancing, use the no form of this command.
radius-server load-balance method least-outstanding [ batch-size number ] [ignore-preferred-server]
no radius-server load-balance
Syntax Description
method least-outstanding
Enables least outstanding mode for load balancing.
batch-size
(Optional) The number of transactions to be assigned per batch.
number
(Optional) The number of transactions in a batch.
- The default is 25.
- The range is 1-2147483647.
Note Batch size may impact throughput and CPU load. It is recommended that the default batch size, 25, be used because it is optimal for high throughput, without adversely impacting CPU load.
ignore-preferred-server
(Optional) Indicates if a transaction associated with a single AAA session should attempt to use the same server or not.
- If set, preferred server setting will not be used.
- Default is to use the preferred server.
Command Default
If this command is not configured, global RADIUS server load balancing will not occur.
Examples
The following example shows how to enable load balancing for global RADIUS server groups. It is shown in three parts: the current configuration of RADIUS command output, debug output, and AAA server status information. You can use the delimiting characters to display only the relevant parts of the configuration.
Examples
Server Configuration and Enabling Load Balancing for Global RADIUS Server Group Example
The following shows the relevant RADIUS configuration:
Router# show running-config | inc radius aaa authentication ppp default group radius aaa accounting network default start-stop group radius radius-server host 192.0.2.238 auth-port 2095 acct-port 2096 key cisco radius-server host 192.0.2.238 auth-port 2015 acct-port 2016 key cisco radius-server load-balance method least-outstanding batch-size 5The lines in the current configuration of RADIUS command output above are defined as follows:
- The aaa authentication pppcommand authenticates all PPP users using RADIUS.
- The aaa accounting command enables the sending of all accounting requests to the AAA server after the client is authenticated and after the disconnect using the keyword start-stop.
- The radius-server host command defines the IP address of the RADIUS server host with the authorization and accounting ports specified and the authentication and encryption key identified.
- The radius-server load-balance command enables load balancing for the global RADIUS server groups with the batch size specified.
Examples
Debug Output for Global RADIUS Server Group Example
The debug output below shows the selection of preferred server and processing of requests for the configuration above.
Router# show debug General OS: AAA server group server selection debugging is on Router# <sending 10 pppoe requests> Router# *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT(00000014):No preferred server available. *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT:Obtaining least loaded server. *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT:No more transactions in batch. Obtaining a new server. *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT:Obtaining a new least loaded server. *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT:Server[0] load:0 *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT:Server[1] load:0 *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT:Selected Server[0] with load 0 *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT:[5] transactions remaining in batch. *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT(00000014):Server (192.0.2.238:2095,2096) now being used as preferred server *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT(00000015):No preferred server available. *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT:Obtaining least loaded server. *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT:[4] transactions remaining in batch. Reusing server. *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT(00000015):Server (192.0.2.238:2095,2096) now being used as preferred server *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT(00000016):No preferred server available. *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT:Obtaining least loaded server. *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT:[3] transactions remaining in batch. Reusing server. *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT(00000016):Server (192.0.2.238:2095,2096) now being used as preferred server *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT(00000017):No preferred server available. *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT:Obtaining least loaded server. *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT:[2] transactions remaining in batch. Reusing server. *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT(00000017):Server (192.0.2.238:2095,2096) now being used as preferred server *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT(00000018):No preferred server available. *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT:Obtaining least loaded server. *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT:[1] transactions remaining in batch. Reusing server. *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT(00000018):Server (192.0.2.238:2095,2096) now being used as preferred server *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT(00000019):No preferred server available. *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT:Obtaining least loaded server. *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT:No more transactions in batch. Obtaining a new server. *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT:Obtaining a new least loaded server. *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT:Server[1] load:0 *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT:Server[0] load:5 *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT:Selected Server[1] with load 0 *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT:[5] transactions remaining in batch. *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT(00000019):Server (192.0.2.238:2015,2016) now being used as preferred server *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT(0000001A):No preferred server available. *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT:Obtaining least loaded server. *Feb 28 13:40:32.199:AAA/SG/SERVER_SELECT:[4] transactions remaining in batch. Reusing server. *Feb 28 13:40:32.203:AAA/SG/SERVER_SELECT(0000001A):Server (192.0.2.238:2015,2016) now being used as preferred server *Feb 28 13:40:32.203:AAA/SG/SERVER_SELECT(0000001B):No preferred server available. *Feb 28 13:40:32.203:AAA/SG/SERVER_SELECT:Obtaining least loaded server. *Feb 28 13:40:32.203:AAA/SG/SERVER_SELECT:[3] transactions remaining in batch. Reusing server. *Feb 28 13:40:32.203:AAA/SG/SERVER_SELECT(0000001B):Server (192.0.2.238:2015,2016) now being used as preferred server *Feb 28 13:40:32.203:AAA/SG/SERVER_SELECT(0000001C):No preferred server available. *Feb 28 13:40:32.203:AAA/SG/SERVER_SELECT:Obtaining least loaded server. *Feb 28 13:40:32.203:AAA/SG/SERVER_SELECT:[2] transactions remaining in batch. Reusing server. *Feb 28 13:40:32.203:AAA/SG/SERVER_SELECT(0000001C):Server (192.0.2.238:2015,2016) now being used as preferred server *Feb 28 13:40:32.203:AAA/SG/SERVER_SELECT(0000001D):No preferred server available. *Feb 28 13:40:32.203:AAA/SG/SERVER_SELECT:Obtaining least loaded server. *Feb 28 13:40:32.203:AAA/SG/SERVER_SELECT:[1] transactions remaining in batch. Reusing server . . .Server Status Information for Global RADIUS Server Group Example
The output below shows the AAA server status for the global RADIUS server group configuration example.
Router# show aaa server RADIUS:id 4, priority 1, host 192.0.2.238, auth-port 2095, acct-port 2096 State:current UP, duration 3175s, previous duration 0s Dead:total time 0s, count 0 Quarantined:No Authen:request 6, timeouts 1 Response:unexpected 1, server error 0, incorrect 0, time 1841ms Transaction:success 5, failure 0 Author:request 0, timeouts 0 Response:unexpected 0, server error 0, incorrect 0, time 0ms Transaction:success 0, failure 0 Account:request 5, timeouts 0 Response:unexpected 0, server error 0, incorrect 0, time 3303ms Transaction:success 5, failure 0 Elapsed time since counters last cleared:2m RADIUS:id 5, priority 2, host 192.0.2.238, auth-port 2015, acct-port 2016 State:current UP, duration 3175s, previous duration 0s Dead:total time 0s, count 0 Quarantined:No Authen:request 6, timeouts 1 Response:unexpected 1, server error 0, incorrect 0, time 1955ms Transaction:success 5, failure 0 Author:request 0, timeouts 0 Response:unexpected 0, server error 0, incorrect 0, time 0ms Transaction:success 0, failure 0 Account:request 5, timeouts 0 Response:unexpected 0, server error 0, incorrect 0, time 3247ms Transaction:success 5, failure 0 Elapsed time since counters last cleared:2m Router#The output shows the status of two RADIUS servers. Both servers are up and, in the last 2 minutes, have processed successfully:
- 5 out of 6 authentication requests
- 5 out of 5 accounting requests
Related Commands
Command
Description
debug aaa sg-server selection
Shows why the RADIUS and TACACS+ server group system in a router is selecting a particular server.
debug aaa test
Shows when the idle timer or dead timer has expired for RADIUS server load balancing.
load-balance
Enables RADIUS server load balancing for named RADIUS server groups.
radius-server host
Enables RADIUS automated testing for load balancing.
test aaa group
Tests RADIUS load balancing server response manually.
radius-server vsa send
To configure the network access server (NAS) to recognize and use vendor-specific attributes (VSAs), use the radius-server vsa send command in global configuration mode. To disable the NAS from using VSAs, use the no form of this command.
radius-server vsa send [ accounting | authentication | cisco-nas-port ] [3gpp2]
no radius-server vsa send [ accounting | authentication | cisco-nas-port ] [3gpp2]
Syntax Description
accounting
(Optional) Limits the set of recognized VSAs to only accounting attributes.
authentication
(Optional) Limits the set of recognized VSAs to only authentication attributes.
cisco-nas-port
(Optional) Returns the Cisco NAS port VSA.
Note Due to the IETF requirement for including NAS port information in attribute 87 (Attr87), the Cisco NAS port is obsoleted by default.
3gpp2
(Optional) Adds Third Generation Partnership Project 2 (3GPP2) Cisco VSAs to the 3GPP2 packet type.
Command History
Release
Modification
11.3T
This command was introduced.
12.2(27)SBA
This command was integrated into Cisco IOS Release 12.2(27)SBA.
12.2(33)SRA
This command was modified. The cisco-nas-port and 3gpp2 keywords were added to provide backward compatibility for Cisco VSAs.
12.2SX
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
Cisco IOS XE Release 3.3S
This command was integrated into Cisco IOS XE Release 3.3S.
Cisco IOS XE Release 3.8S
This command was modified. The accounting and authentication keywords were enabled by default for NAS to use VSAs in accounting and authentication requests, respectively.
Usage Guidelines
The IETF draft standard specifies a method for communicating vendor-specific information between the NAS and the RADIUS server by using the VSA (attribute 26). VSAs allow vendors to support their own extended attributes not suitable for general use. The radius-server vsa send command enables the NAS to recognize and use both accounting and authentication VSAs. Use the accounting keyword with the radius-server vsa send command to limit the set of recognized VSAs to accounting attributes only. Use the authentication keyword with the radius-server vsa send command to limit the set of recognized VSAs to authentication attributes only. Use the show running-config all command to see the default radius-server vsa send accounting and radius-server vsa send authentication commands.
The Cisco RADIUS implementation supports one vendor-specific option using the format recommended in the specification. The Cisco vendor ID is 9, and the supported option has vendor-type 1, which is named cisco-avpair. The value is a string with the following format:
"protocol : attribute separator value"In the preceding example, protocol is a value of the Cisco protocol attribute for a particular type of authorization; attribute and value are an appropriate attribute-value (AV) pair defined in the Cisco TACACS+ specification; and separator is = for mandatory attributes. This solution allows the full set of features available for TACACS+ authorization to also be used for RADIUS.
For example, the following AV pair causes the Multiple Named IP Address Pools feature to be activated during IP authorization (that is, during the PPP Internet Protocol Control Protocol [IPCP] address assignment):
cisco-avpair= "ip:addr-pool=first"The following example causes a NAS Prompt user to have immediate access to EXEC commands.
cisco-avpair= "shell:priv-lvl=15"Other vendors have their own unique vendor IDs, options, and associated VSAs. For more information about vendor IDs and VSAs, see RFC 2138, Remote Authentication Dial-In User Service (RADIUS).
rd
To specify a route distinguisher (RD) for a VPN routing and forwarding (VRF) instance, use the rdcommand in VRF configuration mode. To remove a route distinguisher, use the no form of this command.
Command History
Release
Modification
12.0(5)T
This command was introduced.
12.0(21)ST
This command was integrated into Cisco IOS 12.0(21)ST.
12.0(22)S
This command was integrated into Cisco IOS 12.0(22)S.
12.2(13)T
This command was integrated into Cisco IOS 12.2(13)T.
12.2(14)S
This command was integrated into Cisco IOS 12.2(14)S.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SRB
Support for IPv6 was added.
12.2(33)SB
This command was integrated into Cisco IOS Release 12.2(33)SB.
12.2(33)SXI
This command was integrated into Cisco IOS Release 12.2(33)SXI.
12.2(54)SG
This command was integrated into Cisco IOS Release 12.2(54)SG.
Cisco IOS XE Release 3.1S
This command was integrated into Cisco IOS XE Release 3.1S.
15.1(2)SNG
This command was implemented on the Cisco ASR 901 Series Aggregation Services Routers.
Usage Guidelines
An RD creates routing and forwarding tables and specifies the default route distinguisher for a VPN. The RD is added to the beginning of the customer’s IPv4 prefixes to change them into globally unique VPN-IPv4 prefixes.
An RD is either:
- ASN-related--Composed of an autonomous system number and an arbitrary number.
- IP-address-related--Composed of an IP address and an arbitrary number.
You can enter an RD in either of these formats:
16-bit autonomous-system-number : your 32-bit number For example, 101:3.
32-bit IP address : your 16-bit number For example, 192.168.122.15:1.
Examples
The following example shows how to configure a default RD for two VRFs. It illustrates the use of both autonomous-system-number-relative and IP-address-relative RDs:
Router(config)# ip vrf vrf1 Router(config-vrf)# rd 100:3 Router(config-vrf)# exit Router(config)# ip vrf vrf2 Router(config-vrf)# rd 10.13.0.12:200The following is an example of a VRF for IPv4 and IPv6 that has common policies defined in the global part of the VRF configuration:
vrf definition vrf2 rd 200:1 route-target both 200:2 ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family end
