Feedback
Table Of Contents
Cisco Nexus 7000 Series LISP Commands
ip lisp etr accept-map-request-mapping
ip lisp shortest-eid-prefix-length
ipv6 lisp etr accept-map-request-mapping
ipv6 lisp shortest-eid-prefix-length
show ip lisp translation-cache
show ipv6 lisp translation-cache
Cisco Nexus 7000 Series LISP Commands
This chapter describes the Cisco Nexus 7000 Series NX-OS Locator/ID Separation Protocol (LISP) commands.
allowed-locator
To configure a list of locators that are allowed in a Map-Register message sent by an egress tunnel router (ETR) when registering to the Map Server, use the allowed-locator command. To remove the locators, use the no form of this command.
allowed-locator {rloc1 [rloc2 [rloc3 [rloc4]]]}
Syntax Description
rloc1
IPv4 or IPv6 Routing Locator (RLOC) allowed within the Map-Registration message.
rloc2,rloc3,rloc14
Additional IPv4 or IPv6 RLOCs allowed within the Map-Registration message.
Defaults
None
Command Modes
LISP site configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When a LISP ETR registers with a Map Server, it sends a Map-Register message that contains, one or more EID-prefixes and routing locators that the ETR is configured to use. After verifying the authentication data, the Map Server checks the EID-prefixes against those configured on the Map-Server. If they agree, the Map Register is accepted and the ETR registration is completed.
You can constraint the Map Server default behavior so that the ETR can only register using specific routing locators. To enable this functionality, enter the allowed-locator command in LISP site configuration mode. The Map-Register message from the ETR must contain the same locators that are listed in the Map-Server LISP site configuration. If the list in the Map Register does not match the one configured on the Map Server, the Map-Register message is not accepted and the ETR is not registered. You can configure up to four IPv4 or IPv6 routing locators.
Note
When you configure allowed locators, an exact match for all locators or a subset of all locators listed on the Map Server within the LISP site configuration must also appear in the Map-Register message sent by the ETR for it to be accepted.
This command does not require a license.
Examples
This example shows how to configure the LISP site named Customer-1 and enter the site command mode. This example also shows the IPv4 address 172.16.1.1 and the IPv6 address 2001:db8:bb::1 are configured as allowable locators for the LISP site Customer-1. When Customer-1 registers with this Map Server, at least one or both of the configured locators must be included in the Map Registration for the site to register.
switch# configuration terminalswitch(config)# lisp site Customer-1switch(config-lisp-site)# allowed-locator 172.16.1.1 2001:db8:bb::1Related Commands
lisp site
Configures a LISP site and enters site configuration mode on a Map Server.
show lisp site
Displays registered LISP sites on a Map Server.
authentication-key
To configure the password used to create the SHA-1 HMAC hash for authenticating the Map-Register message sent by an egress tunnel router (ETR) when registering to the Map-Server, use the authentication-key command. To remove the password, use the no form of this command.
authentication-key key-type password
no authentication-key key-type password
Syntax Description
Defaults
None
Command Modes
LISP site configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When a Locator/ID Separation Protocol (LISP) ETR registers with a Map-Server, the Map Server must already have been configured with certain LISP site attributes that match the ETR attributes. These attributes include a shared password that is used to create the SHA-1 HMAC hash that the Map Server uses to validate the authentication data in the Map-Register message. On the ETR, this password is configured by using the ip lisp etr map-server and ipv6 lisp etr map-server command.
On the Map Server, the password is configured as part of the lisp site configuration process. To enter the LISP site password, enter the authentication-key command in LISP site configuration mode. You can enter the SHA-1 HMAC password in unencrypted (cleartext) form or encrypted form. To enter an unencrypted password, specify a key-type value of 0. To enter a 3DES-encrypted password, specify a key-type value of 3. To enter a Cisco-encrypted password, specify a key-type value of 7.
Caution
Note
This command does not require a license.
Examples
This example shows how to configure the LISP site named Customer-1, enter the site command mode, and enter the shared password:
switch# configuration terminalswitch(config)# lisp site Customer-1switch(config-lisp-site)# authentication-key 0 s0m3-s3cr3t-k3yRelated Commands
clear ip lisp data-cache
To clear the LISP IPv4 data-cache, use the clear ip lisp data-cache command.
clear ip lisp data-cache [vrf vrf-name] [EID]
Syntax Description
vrf vrf-name
(Optional) Specifies virtual routing and forwarding (VRF) instance with which to clear the data cache.
EID
(Optional) IPv4 EID to clear from LISP data-cache.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The clear ip lisp data-cache command removes all IPv4 endpoint identifier to Routing Locator (EID-to-RLOC) mapping in the forwarding data-cache. Data-cache entries are present in two cases only: when the ip lisp itr send-data-probe command entered, after a data-probe is sent, this data-probe is stored in the data cache until a Map-Reply is returned, when you enter the ip lisp etr glean-mapping command, gleaned EID-to-RLOC mapping data is stored in the data cache until the data is verified. When you use the optional vrf keyword, the data-cache is cleared for the specified VRF. When the EID option is used, only the EID-to-RLOC mapping for that entry is cleared.
This command does not require a license.
Examples
This example shows how to clear the LISP IPv4 data cache:
switch# clear ip lisp data-cacheRelated Commands
show ip lisp data-cache
Displays the LISP IPv4 EID-to-RLOC data-cache mapping on an Ingress Tunnel Router (ITR).
clear ip lisp map-cache
To clear the Locator/ID Separation Protocol (LISP) IPv4 map-cache, use the clear ip lisp map-cache command.
clear ip lisp map-cache [vrf vrf-name] [EID]
Syntax Description
vrf vrf-name
(Optional) Specifies virtual routing and forwarding (VRF) with which to clear the map cache.
EID
(Optional) IPv4 EID prefix to clear from LISP map cache.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The clear ipv lisp map-cache command removes all IPv4 dynamic endpoint identifier to Routing Locator (EID-to-RLOC) map-cache entries in the map cache. When the optional EID prefix is specified, only the EID-to-RLOC mapping for that entry is cleared. Otherwise, the entire data cache is cleared. When you specify the optional vrf keyword, the data cache is cleared for the specified VRF
This command does not require a license.
Examples
This example shows how to clear the LISP IPv4 map-cache:
switch# clear ip lisp map-cacheswitch# show ip lisp map-cacheLISP IP Mapping Cache for VRF "default", 0 entriesThis example shows display all LISP map-cache entries, and then clears the LISP map-cache for an IPv4 EID prefix:
switch# show ip lisp map-cacheLISP IP Mapping Cache for VRF "default", 2 entries153.16.1.0/24, uptime: 00:00:06, expires: 23:59:53, via map-reply, authLocator Uptime State Priority/ Data ControlWeight in/out in/out129.250.1.255 00:00:06 up 254/0 0/0 0/0129.250.26.242 00:00:06 up 1/100 0/0 0/0153.16.12.0/24, uptime: 00:00:04, expires: 23:59:55, via map-reply, selfLocator Uptime State Priority/ Data ControlWeight in/out in/out128.223.156.23 00:00:04 up 1/100 0/0 0/0switch# clear ip lisp map-cache 153.16.1.0/24switch# show ip lisp map-cacheLISP IP Mapping Cache for VRF "default", 1 entries153.16.12.0/24, uptime: 00:00:46, expires: 23:59:13, via map-reply, selfLocator Uptime State Priority/ Data ControlWeight in/out in/out128.223.156.23 00:00:46 up 1/100 0/0 2/1switch#Related Commands
show ip lisp map-cache
Displays current dynamic and static IPv4 EID-to-RLOC map-cache entries.
clear ip lisp statistics
To clear the Locator/ID Separation Protocol (LISP) ingress tunnel router (ITR) and Egress Tunnel Router (ETR) IPv4 address-family packet count statistics, use the clear ip lisp statistics command.
clear ip lisp statistics [vrf vrf-name]
Syntax Description
vrf vrf-name
(Optional) Specifies virtual routing and forwarding (VRF) with which to clear the LISP statistics.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
d.
Usage Guidelines
The clear ip lisp statistics command clears all of the LISP Ingress Tunnel Router (ITR) and ETR IPv4 address-family packet count statistics. IPv4 address family packet count statistics are maintained for all LISP control plane packets. These packet counters are displayed using the show ip lisp statistics command.
This command does not require a license.
Examples
This example shows how to clear the LISP Ingress Tunnel Router (ITR) and ETR IPv4 address-family packet count statistics:
switch# clear ip lisp statisticsswitch#Related Commands
clear ipv6 lisp data-cache
To clear the LISP IPv6 data-cache, use the clear ipv6 lisp data-cache command.
clear ipv6 lisp data-cache [vrf vrf-name] [EID]
Syntax Description
vrf vrf-name
(Optional) Specifies virtual routing and forwarding (VRF) instance with which to clear the data cache.
EID
(Optional) IPv6 EID to clear from LISP map cache.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The clear ipv6 lisp data-cache command removes all IPv4 endpoint identifier to Routing Locator (EID-to-RLOC) mapping in the forwarding data-cache. Data-cache entries are present in two cases only: when the ip lisp itr send-data-probe command entered, after a data-probe is sent, this data-probe is stored in the data cache until a Map-Reply is returned, when you enter the ip lisp etr glean-mapping command, gleaned EID-to-RLOC mapping data is stored in the data cache until the data is verified. When you use the optional vrf keyword, the data-cache is cleared for the specified VRF. When the EID option is used, only the EID-to-RLOC mapping for that entry is cleared.
This command does not require a license.
Examples
This example shows how to clear the LISP IPv6 data-cache:
switch# clear ipv6 lisp data-cacheRelated Commands
show ipv6 lisp data-cache
Displays the LISP IPv6 EID-to-RLOC data-cache mapping on an Ingress Tunnel Router (ITR).
clear ipv6 lisp map-cache
To clear the Locator/ID Separation Protocol (LISP) IPv6 map-cache, use the clear ipv6 lisp map-cache command.
clear ipv6 lisp map-cache [vrf vrf-name] [EID]
Syntax Description
vrf vrf-name
(Optional) Specifies virtual routing and forwarding (VRF) with which to clear the map cache.
EID
(Optional) IPv6 EID prefix to clear from LISP map cache.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The clear ipv6 lisp map-cache command removes all IPv6 dynamic endpoint identifier to Routing Locator (EID-to-RLOC) map-cache entries in the map cache. When the optional EID prefix is specified, only the EID-to-RLOC mapping for that entry is cleared. Otherwise, the entire data cache is cleared. When you specify the optional vrf keyword, the data cache is cleared for the specified VRF
This command does not require a license.
Examples
This example shows how to clear the LISP IPv6 map-cache:
switch# clear ipv6 lisp map-cacheswitch# show ipv6 lisp map-cacheLISP IPv6 Mapping Cache for VRF "default", 0 entriesThis example shows how to display all LISP map-cache entries, and then clears the LISP map-cache for an IPv4 EID prefix:
switch# show ipv6 lisp map-cacheLISP IP Mapping Cache for VRF "default", 2 entries153.16.1.0/24, uptime: 00:00:06, expires: 23:59:53, via map-reply, authLocator Uptime State Priority/ Data ControlWeight in/out in/out129.250.1.255 00:00:06 up 254/0 0/0 0/0129.250.26.242 00:00:06 up 1/100 0/0 0/0153.16.12.0/24, uptime: 00:00:04, expires: 23:59:55, via map-reply, selfLocator Uptime State Priority/ Data ControlWeight in/out in/out128.223.156.23 00:00:04 up 1/100 0/0 0/0switch# show ipv6 lisp map-cacheLISP IPv6 Mapping Cache for VRF "default", 1 entries2610:d0:210f::/48, uptime: 00:00:58, expires: 23:59:01, via map-reply, authLocator Uptime State Priority/ Data ControlWeight in/out in/out85.184.2.10 00:00:58 up 0/100 0/0 0/02001:6e0:4:2::2 00:00:58 up 0/100 0/0 0/0switch# clear ipv6 lisp map-cache 2610:d0:210f::/48switch# show ipv6 lisp map-cacheLISP IPv6 Mapping Cache for VRF "default", 0 entriesswitch#Related Commands
show ipv6 lisp map-cache
Displays current dynamic and static IPv6 EID-to-RLOC map-cache entries.
clear ipv6 lisp statistics
To clear the Locator/ID Separation Protocol (LISP) ingress tunnel router (ITR) and Egress Tunnel Router (ETR) IPv4 address-family packet count statistics, use the clear ip lisp statistics command.
clear ipv6 lisp statistics [vrf vrf-name]
Syntax Description
vrf vrf-name
(Optional) Specifies virtual routing and forwarding (VRF) with which to clear the LISP statistics.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
d.
Usage Guidelines
The clear ipv6 lisp statistics command clears all of the LISP Ingress Tunnel Router (ITR) and ETR IPv4 address-family packet count statistics. IPv4 address family packet count statistics are maintained for all LISP control plane packets. These packet counters are displayed using the show ipv6 lisp statistics command.
This command does not require a license.
Examples
This example shows how to clear the LISP Ingress Tunnel Router (ITR) and ETR IPv6 address-family packet count statistics:
switch# clear ipv6 lisp statisticsswitch#Related Commands
clear lisp dynamic-eid
To clear all dynamically learned dynamic endpoint identifiers (EIDs) that are associated with the configured dynamic-EID policy, use the clear lisp dynamic-eid command.
clear lisp dynamic-eid dynamic-eid-name
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The clear lisp dynamic-eid command clears all dynamically learned dynamic EIDs that are associated with the configured dynamic-EID policy.
This command does not require a license.
Examples
This example shows how to display all dynamically learned dynamic-EIDs associated with the configured dynamic-EID policy:
switch# show lisp dynamic-eid bc4 detailLISP Dynamic EID Information for VRF "default"Dynamic-EID name: bc4Database-mapping EID-prefix: 30.1.110.104/32, LSBs: 0x00000001Locator: 90.1.93.1, priority: 1, weight: 10, localRegistering more-specific dynamic-EIDsMap-Server(s): 90.32.32.32Number of roaming dynamic-EIDs discovered: 1Last dynamic-EID discovered: 30.1.110.104, 00:08:06 agoRoaming dynamic-EIDs:30.1.110.104, Ethernet2/5, uptime: 00:08:06, last activity: 0.998355This example shows how to remove all dynamically learned dynamic EIDs that are associated with the configured dynamic-EID policy:switch# clear lisp dynamic-eid bc4switch#Related Commands
clear lisp proxy-itr
To clear the list of Proxy-ITR (PITR) locators that have been discovered through Map-Requests, use the clear lisp proxy-itr command.
clear lisp proxy-itr [locator] [vrf vrf-name]
Syntax Description
locator
(Optional) IPv4 or IPv6 locator address of the PITR to clear.
vrf vrf-name
(Optional) Specifies virtual routing and forwarding (VRF) with which to clear locator address of the PITR.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
When an xTR receives a Map-Request from a PITR for an endpoint identifier to Routing Locator (EID-to-RLOC) mapping resolution, the locator address of the PITR is saved (separately from the map cache) by an xTR there is a need to send Solicit-Map-Requests (SMRs) to other LISP devices, including PITRs. The number of locators currently cached is eight (8).
The clear lisp proxy-itr command removes all of the PITR locators that have been discovered through Map-Requests. When the locator form is used, only this PITR locator entry is removed. When you enter the vrf keyword, all PITR locators that are associated with this VRF are removed
This command does not require a license.
Examples
This example shows how to clear the list of PITR locators that have been discovered through Map-Requests:
switch# clear lisp proxy-itrRelated Commands
clear lisp site
To clear the registration data for the specified Locator/ID Separation Protocol (LISP) site, use the clear lisp site command.
clear lisp site site-name
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The clear lisp site command clears the registration data for the specified LISP site. This command can only be used on a LISP Map-Server.
Use the show lisp site command to display the registration status of LISP sites.
This command does not require a license.
Examples
This example shows how to clear the registration data for the specified LISP site:
switch# clear lisp site Customer-1switch#Related Commands
show lisp site
Displays LISP site information. This command is applicable only for the Map-Server.
database-mapping
To configure a IPv4 or IPv6 dynamic-endpoint identifier to Routing Locator (EID-to-RLOC) mapping relationship and its associated traffic policy, use the database-mapping command. To remove the configured database mapping, use the no form of this command.
database-mapping dynamic-EID-prefix locator priority priority weight weight
no database-mapping dynamic-EID-prefix locator priority priority weight weight
Syntax Description
Defaults
None
Command Modes
Dynamic-EID configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When you configure a dynamic-EID policy is configured, you must specify the dynamic-EID-to-RLOC mapping relationship and its associated traffic policy to use for each permitted prefix. When a packet is received on an interface on which the lisp mobility command has been applied, the source address of the packet is compared against the EID configured in the database-mapping entry (or entries) of the referenced lisp dynamic-eid dynamic-EID-policy-name that matches the lisp mobility dynamic-EID-policy-name.
When a dynamic-EID match is discovered, the dynamic-EID is registered to the Map Server with a 3-tuple of (locator, priority, weight). You can use multiple database-mapping entry commands to make up the locator-set for a dynamic-EID prefix. Both the dynamic-EID prefix and locator can be either an IPv4 or IPv6 address.
Note
This command does not require a license.
Examples
This example shows how to configure the LISP dynamic-EID policy named Roamer-1 and enter the dynamic-EID configuration mode and then configure the IPv4 dynamic-EID prefix with the IPv4 locator and a priority and weight:
switch# configuration terminalswitch(config)# lisp dynamic-eid Roamer-1switch(config-lisp-dynamic-eid)# database-mapping 172.16.1.1/32 10.1.1.1 priority 1 weight 100Related Commands
description
To add a description to a Locator/ID Separation Protocol (LISP) site configuration, use the description command. To remove the reference to a LISP site, use the no form of this command.
no lisp site description
no lisp site description
Syntax Description
Defaults
None
Command Modes
LISP site configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
On the Map Server, when you enter the lisp site command, you are placed in the site sub-command mode. In this mode, you can add a description with the referenced LISP site by using the description command. This description displays when you enter the show lisp site command.
This command does not require a license.
Examples
This example shows how to configure the LISP site named Customer-1, enter the site command mode, and add the description string for Customer-1:
switch# configuration terminalswitch(config)# lisp site Customer-1switch(config-lisp-site)# description Customer-1 Site InformationRelated Commands
lisp site
Configures a LISP site and enters site configuration mode on a Map Server.
show lisp site
Displays registered LISP sites on a Map Server.
eid-prefix
To configure a list of endpoint identifier (EID)-prefixes that are allowed in a Map-Register message sent by an egress tunnel router (ETR) when registering to the Map Server, use the eid-prefix command. To remove the locators, use the no form of this command.
eid-prefix [instance-id id] {EID-prefix [route-tag tag]} [accept-more-specifics]
no eid-prefix [instance-id id] {EID-prefix [route-tag tag]} [accept-more-specifics]
Syntax Description
Defaults
None
Command Modes
LISP site configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
5.0(1.13)
This command was introduced.
5.0(1.13) (August update)
Added the accept-more-specifics keyword.
5.0(3.lisp)
Added the instance-id keyword.
Usage Guidelines
When a LISP ETR registers with a Map Server, it sends a Map-Register message that contains, one or more EID prefixes that the ETR is configured to be authoritative for. On the ETR, you can configure these EID prefixes by using the ip lisp database-mapping or ipv6 lisp database-mapping command. You must also configure these same EID prefixes on the Map Server in order for the ETR to properly register. On the Map Server, these EID prefixes are configured by using the eid-prefix command.
When you configure the registering xTR to enable a LISP instance ID by using the lisp instance-id command, you must also configure the Map Server to include this same instance ID within the EID prefix configurations for this LISP site by using the instance-id keyword and id value as part of the eid-prefix command.
The same EID prefix(es), and instance ID when applicable, must be configured on the Map Server and the ETR in order for the ETR to be registered, and for these EID prefixes to be advertised by LISP. After verifying the authentication data, the Map Server compares the EID prefixes within the Map Register message against those configured on the Map Server for the LISP site. If they agree, the Map Register is accepted and the ETR registration is completed. If the EID prefixes in the Map Register message do not match those configured on the Map Server, the Map-Register message is not accepted and the ETR is not registered.
Note
When a LISP site successfully completes the Map-Registration process, you can display its attributes by using the show lisp site command. If the Map-Registration process is unsuccessful, the site does not display.
When you use the route-tag keyword, a tag value is associated with the EID prefix that is being configured. This tag value is useful for simplifying processes that populate the URIB or U6RIB alt-vrf. For example, you can define a route-map policy to match this tag for Border Gateway Protocol (BGP) redistribution of these EID prefixes into the virtual routing and forwarding (VRF) used by the LISP-ALT.
When you use the accept-more-specifics keyword, any EID prefix that is more specific then the EID prefix configured is accepted and tracked. The accept-more-specifics keyword is intended for LISP VM Mobility (dynamic-EID roaming). When a dynamic-EID moves from one LISP-VM switch to another, the registration of the dynamic-EID to a new locator is performed to the Map Server. Using this keyword avoids the need to configure an EID prefix for each dynamic-EID that is capable of roaming.
This command does not require a license.
Examples
This example shows how to configure the IPv4 EID prefix 192.168.1.0/24 and the IPv6 EID prefix 2001:db8:aa::/48, each with the route-tag 123, for the LISP site Customer-1:
switch# configuration terminalswitch(config)# lisp site Customer-1switch(config-lisp-site)# eid-prefix 192.168.1.0/24 route-tag 123switch(config-lisp-site)# eid-prefix 2001:db8:aa::/48 route-tag 123This example shows how to configure the IPv4 EID prefix 192.168.2.0/24 for the LISP site Roamer-1 and adds the accept-more-specific keyword. In this case, the host-prefix 192.68.2.12/32, could register according to this configuration:
switch# configuration terminalswitch(config)# lisp site Roamer-1switch(config-lisp-site)# eid-prefix 192.168.2.0/24 accept-more-specificsThis example shows how to configure the IPv4 EID prefix 192.168.1.0/24 with the instance ID of 123 for the LISP site Customer-2:
switch# configuration terminalswitch(config)# lisp site Customer-2switch(config-lisp-site)# eid-prefix instance-id 123 192.168.1.0/24 route-tag 123Related Commands
instance-id
To configure an instance ID to be associated with EID prefixes configured for this dynamic-EID policy, use the instance-id command. To disable this functionality, use the no form of this command.
instance-id id
no instance-id id
Syntax Description
Defaults
None
Command Modes
Dynamic-EID configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Virtualization support is currently available in LISP xTRs and Map Server (MS) or Map Resolver (MRs), including for LISP VM mobility. The instance ID has been added to LISP to support virtualization.
Use this command to configure the instance ID associated with EID prefixes configured for this dynamic-EID policy. Entering this command allows ETRs to register multiple overlapping EID prefixes in a segmented manner by using the instance ID as the distinguisher. Only one instance-id may be configured for each dynamic-EID policy. When an instance-id is configured, this instance ID is included with the EID prefixes when they are registered with the Map Server. The Map Server must also include the same instance-id within the EID prefix configurations for this LISP site. Instance IDs are configured on the MS using the eid-prefix command within the lisp site command mode.
Note
This command does not require a license.
Examples
This example shows how to configure an instance ID for the dynamic-EID policy Roamer-1:
switch# configuration terminalswitch(config)# lisp dynamic-eid Roamer-1switch(config-lisp-dynamic-eid)# instance-id 123Related Commands
eid-prefix
Enters the LISP Map-Server site configuration mode subcommand for configuring the EID prefix and associated instance ID for a LISP site.
ip lisp alt-vrf
To configure the virtual routing and forwarding (VRF) instance that the Cisco NX-OS device uses when sending map requests for an IPv4 end point identifier (EID) to Routing Locator mapping directly over the Locator/ID Separation Protocol Alternative Topology (LISP-ALT), use the ip lisp alt-vrf command. To remove the reference to a VRF, use the no form of this command.
ip lisp alt-vrf vrf-name
no ip lisp alt-vrf vrf-name
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-admin
Command History
Usage Guidelines
Use the ip lisp alt-vrf command to configure which virtual routing and forwarding (VRF) instance that the LISP device should use for control plane mapping resolution functions.
You must use the ip lisp alt-vrf command for all devices that connect to the ALT to exchange LISP control plane messages for mapping. These devices include LISP Map-Server (MS), Map-Resolver (MR), and Proxy Ingress Tunnel Router (PITR) devices, and directly ALT-connected xTRs.
Follow these guidelines when using this command:
•
•
•
•
Note
Examples
This example shows how to configure the VRF named lisp and then configure LISP to use this VRF when resolving IPv4 EID-to-RLOC mappings:
switch# configure terminalswitch(config)# vrf context lispswitch(config-vrf)# exitswitch(config-vrf)# ip lisp alt-vrf lispRelated Commands
ip lisp database-mapping
To configure an IPv4 endpoint identifier to Routing Locator (EID-to-RLOC) mapping relationship and its associated traffic policy, use the ip lisp database-mapping command. To remove the configured database mapping, use the no form of this command.
ip lisp database-mapping EID-prefix {locator | dynamic} priority priority weight weight
no ip lisp database-mapping EID-prefix {locator | dynamic} priority priority weight weight
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip lisp database-mapping command to configure the LISP database parameters for the specified IPv4 EID prefix block, including its associated locator, priority, and weight. The IPv4 EID prefix is the LISP IPv4 EID prefix block that is associated with the site that the Cisco NX-OS Series device registers as being authoritative with a Map Server. The locator is typically the IPv4 or IPv6 address of a loopback interface but can be the IPv4 or IPv6 address of any interface used as the Routing Locator (RLOC) address for the EID prefix assigned to the site. A priority and weight are used to define traffic policies when multiple RLOCs apply to the same EID prefix block.
When you configure a Cisco NX-OS Series device as an egress tunnel router (ETR), these LISP database-mapping parameters are advertised within a Map-Reply message to indicate the ingress traffic preferences of the site for the associated EID prefix block. An ingress tunnel router (ITR) then selects a source locator (outer header) address for encapsulating packets destined to the EID prefix based on these advertised parameters.
When a LISP site has multiple locators associated with the same EID prefix block, you use multiple ip lisp database mapping commands to configure all of the locators for a given EID prefix block. Each locator can be assigned with the same or a different priority value between 0 and 255. When multiple locators are assigned different priority values, the priority value is used to determine which locator to prefer. A lower value indicates a more preferable path. A value of 255 indicates that the locator must not be used for unicast traffic forwarding.
When multiple locators have the same priority, they can be used in a load-sharing manner. In this case, for a given priority, the weight given to each locator is used to determine how to load-balance unicast packets between them. The weight is a value between 0 and 100 and represents the percentage of traffic to be load shared to that locator. If you assign a nonzero weight value to any locator for a given EID prefix block, you must assign all locators with the same priority for that same EID prefix block with a nonzero weight value. The sum of all weight values must equal 100. If you assign a weight value of zero to any locator for a given EID prefix block, you must assign all locators with the same priority for that same EID prefix block with a weight value of zero. A weight value of zero indicates to an Ingress Tunnel Router (ITR) that receives the Map-Reply that it can decide how to load-share traffic destined to that EID prefix block.
When you assign a LISP site with multiple IPv4 EID prefixes, the ip lisp database-mapping is configured for each IPv4 EID prefix assigned to the site and for each locator that has a reachable IPv4 EID prefix.
When multiple ETRs are used at a LISP site, you must enter the ip lisp database-mapping command on all ETRs for all locators to make an IPv4 EID prefix block reachable even when the locator is not local to the specific ETR that is being configured.
If the ETR receives its RLOC through a dynamic process such as DHCP, or if it is sited behind a Network Address Translation (NAT) device and the routing locator belongs to the private address space that the NAT device translates to a public globally routed address, you might not be able to specify a locator in the ip lisp database-mapping entry. Add the dynamic keyword with the ip lisp database-mapping command so that the RLOC for this Cisco NX-OS device will be determined dynamically rather than being statically defined in each ip lisp database-mapping entry.
When an ETR is sited behind NAT, it needs to know the public global locator address; this is address that is required for Map-Register and Map-Reply messages. You should enter the {ip | ipv6} lisp nat-traversal command. For more information, see the {ip | ipv6} lisp nat-traversal command.
This command does not require a license.
Examples
This example shows how to configure LISP database-mapping entries for a single IPv4 EID prefix block and two locators associated with the EID prefix block. Each locator is assigned with the same priority (1) and weight (50), indicating that ingress traffic is expected to be load-shared equally across both paths.
switch# configure terminalswitch(config)# ip lisp database-mapping 192.168.1.0/24 10.1.2.1 priority 1 weight 50switch(config)# ip lisp database-mapping 192.168.1.0/24 10.1.1.1 priority 1 weight 50Related Commands
ip lisp etr
To configure a Cisco NX-OS device to act as an IPv4 Locator/ID Separation Protocol (LISP) Egress Tunnel Router (ETR), use the ip lisp etr command. To remove LISP ETR functionality, use the no form of this command.
ip lisp etr
no ip lisp etr
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When you configure a Cisco NX-OS device as an IPv4 ETR, also use the ip lisp database-mapping command so that the Egress Tunnel Router (ETR) knows what endpoint identifier (EID) prefix blocks and corresponding locators are used for the LISP site. You should configure the ETR to register with a Map Server by using the ip lisp etr map-server command or to use static LISP EID-to-RLOC mappings by using the ip lisp map-cache command in order to participate in LISP networking.
When a map-cache entry contains mixed locators (both IPv4 and IPv6 RLOCs) and an ingress tunnel router (ITR) encapsulates using an IPv4 locator, you must configure the ETR that is assigned with the IPv4 locator by using the ip lisp etr command. When an IPv6 locator is used by an Ingress Tunnel Router (ITR), you must configure the ETR that is assigned with the IPv6 locator by using the ipv6 lisp etr command.
Note
This command does not require a license.
Examples
This example shows how to configure the IPv4 LISP ETR functionality on the Cisco NX-OS device:
switch# configure terminalswitch(config)# ip lisp etrRelated Commands
ip lisp etr accept-map-request-mapping
To configure an Egress Tunnel Router (ETR) to cache IPv4 mapping data contained in a Map-Request message, use the ip lisp etr accept-map-request-mapping command. To remove this functionality, use the no form of this command.
ip lisp etr accept-map-request-mapping [verify]
no ip lisp etr accept-map-request-mapping [verify]
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When an ETR receives a Map-Request message, this message might contain mapping data for the invoking IPv4 source-EID packet. By default, the ETR ignores mapping data included in Map-Request messages. However, by entering the ip lisp etr accept-map-request-mapping command, the ETR caches the mapping data in its map cache and immediately uses it to forward packets.
When you use the optional verify keyword, the ETR still caches the mapping data but does not forward packets until the ETR can send its own Map Request to one of the locators from the mapping data record and receive the same data in a Map-Reply message.
Note
When you enable and then later disable this command, you must enter the clear ip lisp map-cache command to clear any map-cache entries that are currently in the tentative state. Map-cache entries can remain in the tentative state for up to one minute; therefore, you might want to clear these entries manually when this command is removed.
This command does not require a license.
Examples
This example shows how to configure the ETR to cache IPv4 mapping data included in Map-Request messages and verify its accuracy prior to using this data to forward packets:
switch# configure terminalswitch(config)# ip lisp etr accept-map-request-mapping verifyRelated Commands
ip lisp etr glean-mapping
To configure an egress tunnel router (ETR) to add inner header (EID) source address to outer header (RLOC) source address mappings it to its endpoint identifier to Routing Locator (EID-to-RLOC) cache (map-cache), use the ip lisp etr glean-mapping command. To remove this functionality, use the no form of this command.
ip lisp etr glean-mapping [verify]
no ip lisp etr glean-mapping [verify]
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When an ETR receives Locator/ID Separation Protocol (LISP)-encapsulated packets, the inner header EID source address and outer header RLOC source address should match an entry found in the map cache as determined by the results of a Map-Request/Map-Reply exchange. When a host moves from one ingress tunnel router (ITR) to another ITR, the EID-to-RLOC mapping changes because the new Ingress Tunnel Router (ITR) can encapsulate packets to the ETR using a different locator. By entering the ip lisp etr glean-mapping command, the ETR recognizes the new locator information for the moved host's EID and updates the map cache with this information.
The learned EID-to-RLOC map-cache entries are stored with a priority of 1 and a weight of 100.
When you enter the optional verify keyword, the ETR caches the learned EID-to-RLOC mapping data but does not forward packets until the ETR can send its own Map Request to the originating Ingress Tunnel Router (ITR) and receive a Map Reply. The gleaned locator will then be used. When you specify the verify keyword, the locator is used to forward traffic and all packets are dropped until the Map Reply is returned.
Note
This command does not require a license.
Examples
This example shows how to configure the ETR to cache IPv4 mapping data included in Map-Request messages and verify its accuracy prior to using this data to forward packets:
switch# configure terminalswitch(config)# ip lisp etr glean-mapping verifyRelated Commands
ip lisp etr
Configures the Cisco NX-OS device to act as an IPv4 LISP Egress Tunnel Router (ETR).
ip lisp etr map-cache-ttl
To configure the Time-to-live (TTL) value inserted into Locator/ID Separation Protocol (LISP) IPv4 Map-Reply messages, use the ip lisp etr map-cache-ttl command. To remove the configured TTL value and return to the default value, use the no form of this command.
ip lisp etr map-cache-ttl time-to-live
no ip lisp etr map-cache-ttl time-to-live
Syntax Description
time-to-live
Value, in minutes, to be inserted in the TTL field in Map-Reply messages. The range is from 60 to 10080.
Defaults
1440
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip lisp etr map-cache-ttl command to change the default value associated with the TTL field in IPv4 Map-Reply messages. Use this command when you want to change the default TTL that remote Ingress Tunnel Routers (ITRs) cache and use for your site's IPv4 EID prefix. The default value is 1440 minutes (24 hours). The minimum value cannot be less than 60 minutes, and the maximum cannot be greater than 10080 minutes (one week).
This command does not require a license.
Examples
This example shows how to configure the ETR to use a TTL of 120 minutes in its IPv4 Map-Reply messages:
switch# configure terminalswitch(config)# ip lisp etr map-cache-ttl 120Related Commands
ip list etr
Configures the Cisco NX-OS device to act as an IPv4 LISP Egress Tunnel Router (ETR).
ip lisp etr map-server
To configure the IPv4 or IPv6 locator address of the Locator/ID Separation Protocol (LISP) Map Server to be used by the egress tunnel router (ETR) when registering for IPv4 EIDs, use the ip lisp etr map-server command. To remove the configured locator address of the LISP Map Server, use the no form of this command.
ip lisp etr map-server map-server-address {[key key-type authentication-key] | proxy-reply}
no ip lisp etr map-server map-server-address {[key key-type authentication-key] | proxy-reply}
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip lisp etr map-server command to configure the IPv4 or IPv6 locator of the Map Server to which the ETR registers for its IPv4 EID(s). A password used for a SHA-1 HMAC hash that is included in the header of the Map-Register message must also be provided. You can configure the ETR to register with a maximum of two Map Servers per EID address family. Once the ETR registers with the Map-Server(s), the Map Server(s) begin to advertise the EID prefix block(s) and RLOC(s) for the LISP site.
You can enter the SHA-1 HMAC password in unencrypted (cleartext) form or encrypted form. To enter an unencrypted password, specify a key-type value of 0. To enter a 3DES-encrypted password, specify a key-type value of 3. To enter a Cisco-encrypted password, specify a key-type value of 7.
Caution
Note
•
When you use the proxy-reply keyword, the ETR indicates to the Map Server through a Map-Register message that the Map Server should send Map Replies on behalf of the site. The Map Server sends nonauthoritative Map Replies for all the EID prefixes in the Map-Register message. On the Map Server, the show lisp site site-name command indicates whether proxy-reply is enabled or not.
This command does not require a license.
Examples
This example shows how to configure the ETR to register to two Map Servers, one with the locator 10.1.1.1 and another with the locator 172.16.1.7:
switch# configure terminalswitch(config)# ip lisp etr map-server 10.1.1.1 key 3 1c27564ab12121212switch(config)# ip lisp etr map-server 172.16.1.7 key 3 1c27564ab12121212This example shows how to configure the ETR to register to the Map Server with the locator 10.1.1.1 and to request a Map Server proxy reply for the site:
switch# configure terminalswitch(config)# ip lisp etr map-server 10.1.1.1 key 3 1c27564ab12121212switch(config)# ip lisp etr map-server 10.1.1.1 proxy-replyRelated Commands
ip lisp hardware-forwarding
To enable hardware-forwarding specifically on the Cisco Nexus 7000 Series device when at least one 32x10GE line card is installed, use the ip lisp hardware-forwarding command. To disable hardware-forwarding functionality, use the no form of this command.
ip lisp hardware-forwarding
no ip lisp hardware-forwarding
Syntax Description
This command has no arguments or keywords.
Defaults
Enabled
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The ip lisp hardware-forwarding command is applicable to the Cisco Nexus 7000 Series switch only. Hardware forwarding for LISP is supported on the N7K-M132XP-12 line card only. That is, LISP input and output interfaces must be on the N7K-M132XP-12 line card.
Caution
This command does not require a license.
Examples
This example shows how to disable IPv4 LISP hardware forwarding on the Cisco Nexus 7000 Series device:
switch# configure terminalswitch(config)# no ip lisp hardware-forwardingswitch(config)# exitip lisp itr
To configure a Cisco NX-OS device to act as an IPv4 LISP Ingress Tunnel Router (ITR), use the ip lisp itr command. To remove LISP Ingress Tunnel Router (ITR) functionality, use the no form of this command.
ip lisp itr
no ip lisp itr
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When a Cisco NX-OS device is configured as an Ingress Tunnel Router (ITR), if a packet is received for which no IPv4 destination address prefix match exists in the routing table or which matches a default route (you can configure that the source address of the packet matches an IPv4 EID prefix block configured by using the ip lisp database-mapping command or ip lisp map-cache command. The packet is a candidate for LISP routing. The Ingress Tunnel Router (ITR) looks in the LISP map cache and forwards either the packet, drops the packet, sends a Map Request, or LISP-encapsulates the packet.
If there is no match in the LISP map cache, the Ingress Tunnel Router (ITR) might use one of two methods to obtain an IPv4 EID-to-RLOC mapping. When a Map Resolver is configured when you enter the ip lisp itr map-resolver command, the Ingress Tunnel Router (ITR) sends its Map Request in a LISP Encapsulated Control Message (ECM) to the Map Resolver. When the Ingress Tunnel Router (ITR) is attached to the ALT using the ip lisp alt-vrf command, the Ingress Tunnel Router (ITR) sends its Map Request directly on the alternate LISP topology (LISP-ALT). The Ingress Tunnel Router (ITR) caches the IPv4 EID-to-RLOC mapping information returned by the associated Map Reply in its map cache. Subsequent packets destined to the same IPv4 EID prefix block are then LISP-encapsulated according to this IPv4 EID-to-RLOC mapping entry.
Note
This command does not require a license.
Examples
This example shows how to configure the IPv4 LISP Ingress Tunnel Router (ITR) on the Cisco NX-OS device:
switch# configure terminalswitch(config)# ip lisp itrRelated Commands
ip lisp itr map-resolver
To configure the IPv4 or IPv6 locator address of the Locator/ID Separation Protocol (LISP) Map Resolver to be used by the ingress tunnel router (ITR) or Proxy ITR (PITR) when sending Map Requests for IPv4 EID-to-RLOC mapping resolution, use the ip lisp itr map-resolver command. To remove the configured locator address of the LISP Map Resolver, use the no form of this command.
ip lisp itr map-resolver map-resolver-address
no ip lisp itr map-resolver map-resolver-address
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Up to two Map Resolvers can be configured per Ingress Tunnel Router (ITR) or PITR within a site for each address family.
When a LISP Ingress Tunnel Router (ITR) or PITR needs to resolve an IPv4 EID-to-RLOC mapping for a destination EID, you can be configure it to send a map request either to a Map Resolver by using the ip lisp itr map-resolver command or directly over the LISP ALT by using the ip lisp alt-vrf command. When a Map Resolver is used, map requests are sent to the Map Resolver with the additional LISP Encapsulated Control Message (ECM) header that includes the Map Resolver RLOC as its destination address. When the ALT is used, map requests are sent directly over the ALT without the additional LISP Encapsulated Control Message (ECM) header, where the destination of the map request is the EID being queried.
Note
This command does not require a license.
Examples
This example shows how to configure an Ingress Tunnel Router (ITR) to use the Map Resolver when sending its Map-Request messages:
switch# configure terminalswitch(config)# ip lisp itr map-resolver 10.1.1.1switch(config)# ip lisp itr map-resolver 2001:db8:0a::1Related Commands
ip lisp itr send-data-probe
To configure an ingress tunnel router (ITR) or Proxy ITR (PITR) to find an IPv4 endpoint identifier to Routing Locator (EID-to-RLOC) mapping for a packet it needs to encapsulate by sending a Data Probe rather than by sending a Map-Request message, use the ip lisp itr send-data-probe command. To remove this functionality, use the no form of this command.
ip lisp itr send-data-probe
no ip lisp itr send-data-probe
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When a Locator/ID Separation Protocol (LISP) Ingress Tunnel Router (ITR) or PITR gets a map-cache miss and needs to resolve an IPv4 EID-to-RLOC mapping for a destination EID, you can send a Map-Request message either in a LISP Encapsulate Control Message (ECM) to the Map Resolver by using the ip lisp itr map-resolver command or directly over the Locator/ID Separation Protocol Alternative Topology (LISP-ALT) by using the ip lisp alt-vrf command. In either case, the first packet of the flow that caused the map-cache miss is dropped. Once the Map Reply populates the map cache, subsequent packets to the same destination are forwarded directly by LISP.
Note
Caution
This command does not require a license.
Examples
This example shows how to configure a LISP Ingress Tunnel Router (ITR) to send data probes to determine IPv4 EID-to-RLOC mappings:
switch# configure terminalswitch(config)# ip lisp itr send-data-probeRelated Commands
ip lisp itr-etr
To configure a Cisco NX-OS device to act as both an IPv4 LISP Ingress Tunnel Router (ITR) and Egress Tunnel Router (ETR), use the ip lisp itr-etr command. To remove the LISP Ingress Tunnel Router (ITR) functionality, use the no form of this command.
ip lisp itr-etr
no ip lisp itr-etr
Syntax Description
This command has no arguments or keywords
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip lisp itr-etr command to enable the Cisco NX-OS device to perform both IPv4 LISP Ingress Tunnel Router (ITR) and Egress Tunnel Router (ETR) functionality simultaneously, by using a single command.
For usage guidelines for the IPv4 LISP Ingress Tunnel Router (ITR) functionality, see the ip lisp itr command.
For usage guidelines for the IPv4 LISP ETR functionality, see the ip lisp etr command.
Note
This command does not require a license.
Examples
This example shows how to configure the IPv4 LISP Ingress Tunnel Router (ITR) and ETR functionality:
switch# configure terminalswitch(config)# ip lisp itr-etrRelated Commands
ip lisp locator-down
To configure a locator from a locator set that is associated with an IPv4 endpoint identifier (EID)-prefix database-mapping to be unreachable (down), use the ip lisp locator-down command. To return the locator to be reachable (up), remove the configuration using the no form of this command.
ip lisp locator-down EID-prefix/prefix-length locator
no ip lisp locator-down EID-prefix/prefix-length locator
Syntax Description
EID-prefix/prefix-length
IPv4 EID prefix and length advertised by the Cisco NX-OS device.
locator
IPv4 or IPv6 Routing Locator (RLOC) associated with this EID prefix.
Defaults
An IPv4 or IPv6 locator associated with a configured IPv4 EID prefix block is considered reachable (up) unless an IGP routing protocol indicates it is down.
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When you configure LISP database parameters on an Ingress Tunnel Router (ITR) for specified IPv4 EID prefix blocks by using the ip lisp database-mapping command or the ip lisp map-cache command, the locators associated with these IPv4 EID prefix blocks are considered as reachable (up) by default. You can use the ip lisp locator-down command to configure a locator from a locator-set associated with the EID prefix database mapping to be down.
When you enter the ip lisp locator-down command, the Locator Status Bits (LSBs) for the configured locator is cleared when encapsulating packets to remote sites. ETRs at remote sites look for changes in the LSB when decapsulating LISP packets, and when the LSB indicates that a specific locator is down, the ETR refrains from encapsulating packets using this locator to reach the local site.
Note
This command does not require a license.
Examples
This example shows how to configure the locator down state for the EID prefix block:
switch# configure terminalswitch(config)# ip lisp locator-down 192.168.1.0/24 10.1.1.1Related Commands
ip lisp locator-vrf
To configure a nondefault virtual routing and forwarding (VRF) table to be referenced by any IPv4 locators, use the ip lisp locator-vrf command. To return to using the default routing table for locator address references, use the no form of this command.
ip lisp locator-vrf {vrf-name| default}
no ip lisp locator-vrf {vrf-name| default}
Syntax Description
vrf-name
Name of the VRF instance to be referenced by IPv4 locator addresses.
default
Specifies that the default VRF should be referenced by the IPv4 locator addresses.
Defaults
IPv4 locator addresses are associated with the default (global) routing table.
Command Modes
VRF configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When you configure Locator/ID Separation Protocol (LISP) in a nondefault VRF to keep EID prefixes in one VRF separate from EID prefixes in another VRF, and both EID VRFs share the same locator-based core network and same mapping database system infrastructure, these locator addresses must be reachable from the default VRF or a specified common VRF. Use the ip lisp locator-vrf command to specify the VRF to be associated with these locator addresses.
When you enter the ip lisp locator-vrf command, the locator addresses in any subsequent LISP commands are referenced to the specified VRF. For example, the locator addresses in the ip lisp itr map-resolver and ip lisp etr map-server commands refer to the VRF that you configured when you entered the ip lisp locator-vrf command. The Map Servers and Map Resolvers can also share the configuration from the locator VRF.
Note
This command does not require a license.
Examples
In the following example, a LISP xTR is configured with three EID contexts red, blue, and green, and the locator VRF default. Red and blue are both using the RLOC of 10.10.10.1 if you enter the ip lisp locator-vrf default command. In addition, red and blue both inherit the globally defined map-resolver and Map Server located at 10.100.1.1 (configured at the end of this example). Both red and blue have an EID prefix of 172.16.0.0/24, but segmentation is maintained due to the unique LISP instance ID for each VRF context. The green context also uses the RLOC of 10.10.10.1 if you enter the ip lisp locator-vrf default command. However, green overrides the inheritance of the globally defined Map Resolver and Map Server by including the ones configured within the VRF context and located at 10.200.1.1. The locator for this locally defined map resolver or Map Server remains within the default VRF when you enter the ip lisp locator-vrf default command.
switch# configure terminalswitch(config)# vrf context redswitch(config-vrf)# ip lisp itr-etrswitch(config-vrf)# ip lisp database-mapping 172.16.0.0/24 10.10.10.1 priority 1 weight 1switch(config-vrf)# lisp instance-id 111switch(config-vrf)# ip lisp locator-vrf defaultswitch(config-vrf)# exitswitch(config)# vrf context blueswitch(config-vrf)# ip lisp itr-etrswitch(config-vrf)# ip lisp database-mapping 172.16.0.0/24 10.10.10.1 priority 1 weight 1switch(config-vrf)# lisp instance-id 222switch(config-vrf)# ip lisp locator-vrf defaultswitch(config-vrf)# exitswitch(config)# vrf context greenswitch(config-vrf)# ip lisp itr-etrswitch(config-vrf)# ip lisp database-mapping 172.16.3.0/24 10.10.10.1 priority 1 weight 1switch(config-vrf)# lisp instance-id 444switch(config-vrf)# ip lisp locator-vrf defaultswitch(config-vrf)# ip lisp itr map-resolver 10.200.1.1switch(config-vrf)# ip lisp etr map-server 10.200.1.1 key 3 xxxxxxxxxxxswitch(config-vrf)# exitswitch(config)# ip lisp itr map-resolver 10.100.1.1switch(config)# ip lisp etr map-server 10.100.1.1 key 3 xxxxxxxxxxxRelated Commands
ip lisp map-cache
To configure a static IPv4 endpoint identifier to Routing Locator (EID-to-RLOC) mapping relationship and its associated traffic policy or to statically configure the packet handling behavior associated with a specified destination IPv4 EID prefix, use the ip lisp map-cache command. To remove the configuration, use the no form of this command.
ip lisp map-cache destination-EID-prefix/prefix-length {locator priority priority weight weight}
no ip lisp map-cache destination-EID-prefix/prefix-length {locator priority priority weight weight}
ip lisp map-cache destination-EID-prefix/prefix-length {drop | map-request | native-forward}
no ip lisp map-cache destination-EID-prefix/prefix-length {drop | map-request | native-forward}
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
You can use of the ip lisp map-cache command to configure an ingress tunnel router (ITR) with a static IPv4 EID-to-RLOC mapping relationship and its associated traffic policy. For each entry, you must enter a destination IPv4 EID prefix block and its associated locator, priority, and weight. The IPv4 EID prefix/prefix length is the LISP EID prefix block at the destination site. The locator is an IPv4 or IPv6 address of the remote site where the IPv4 EID prefix can be reached. The locator address has a priority and weight that are used to define traffic policies when multiple RLOCs are defined for the same EID prefix block. You can enter this command up to four times for a given EID prefix. Static IPv4 EID-to-RLOC mapping entries configured when you enter the ip lisp map-cache command take precedence over dynamic mappings learned through Map-Request/Map-Reply exchanges.
You can also use the ip lisp map-cache command to statically configure the packet handling behavior associated with a specified destination IPv4 EID prefix. For each entry, a destination IPv4 EID prefix block is associated with a configured forwarding behavior. When a packet's destination address matches the EID prefix, one of the following packet handling occur:
•
•
•
This command does not require a license.
Examples
This example shows how to configure a destination EID-to-RLOC mapping and associated traffic policy for the IPv4 EID prefix block 192.168.1.0/24. In this example, the locator for this EID prefix block is 10.1.1.1 and the traffic policy for this locator has a priority of 1 and a weight of 100.
switch# configure terminalswitch(config)# ip lisp map-cache 192.168.1.0/24 10.1.1.1 priority 1 weight 100This example shows how to configure a destination EID-to-RLOC mapping and associated traffic policy for the IPv4 EID prefix block 192.168.2.0/24 to drop. No traffic is forwarded to this destination as a result.switch# configure terminalswitch(config)# ip lisp map-cache 192.168.2.0/24 dropRelated Commands
ip lisp map-cache-limit
To configure the maximum number of IPv4 Locator/ID Separation Protocol (LISP) map-cache entries allowed to be stored by the Cisco NX-OS device, use the ip lisp map-cache-limit command. To remove the configured map-cache limit, use the no form of this command.
ip lisp map-cache-limit cache-limit [reserve-list list]
no ip lisp map-cache-limit cache-limit [reserve-list list]
Syntax Description
Defaults
1000
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip lisp map-cache-limit command to control the maximum number of IPv4 LISP map-cache entries that are allowed to be stored on the Cisco NX-OS device. An optional reserve list can be configured to guarantee that the Cisco NX-OS device always stores the referenced IPv4 EID prefixes.
LISP IPv4 map-cache entries are added in one of two ways: dynamically or statically. Dynamic entries are added when a valid Map-Reply message is returned for a Map Request message generated in response to a cache-miss lookup. Static entries are added when you enter the ip lisp map-cache command.
Dynamic map-cache entries are always added until the default or configured cache limit is reached. After the default or configured cache limit is reached, unless the optional reserve list is configured, no further dynamic entries are added and no further Map Requests are generated in response to cache-miss lookups until a free position is available.
When you do no configure an optional reserve-list keyword, dynamic entries are added on a first-in-first-added basis until the configured map-cache limit is reached. After that time, no new dynamic entries can be added. If the reserve-list keyword is configured but the prefix list to which it refers is not configured, the results are the same as if the reserve-list keyword was not configured.
When you use the optional reserve-list keyword, a Map Request is generated and a new dynamic map-cache entry can be added only for IP v4 EID prefixes that are permitted by the prefix-list referenced by the reserve-list keyword. The new entry must be able to replace an existing dynamic entry so that the cache limit is maintained. The deleted dynamic entry is either a nonreserve idle map-cache entry or a nonreserve active map-cache entry. Idle map-cache entries are those entries that have seen no activity in the last 10 minutes. If all current dynamic entries are also permitted by the prefix-list referenced by the reserve list, no further dynamic entries can be added.
Existing dynamic IPv4 map-cache entries can time out due to inactivity or can be removed by the using the clear ip lisp map-cache command to create a free position in the map cache.
Static map-cache entries are always added, until the default or configured cache limit is reached. After the default or configured cache limit is reached, unless the optional reserve-list is configured, no further static entries are added.
When the optional reserve-list keyword is used, static entries are added on a first-in-first-added basis until the configured map-cache limit is reached. After that time, no new static entries can be added. If you use the reserve-list keywordbut you do not configure the prefix-list to which it refers, the results are the same as if the reserve-list keyword was not configured.
When you use the optional reserve-list keyword, you can add a prefix list to a static entry that matches the reserve list, but only if it can replace an existing static entry or dynamic entry that does not match the reserve list prefix list.
Caution
Note
This command does not require a license.
Examples
This example shows how to configures a LISP cache limit of 2000 entries and a reserve list that references the IPv4 prefix-list LISP-v4-always:
switch# configure terminalswitch(config)# ip lisp map-cache-limit 2000 reserve-list LISP-v4-alwaysswitch(config)# ip prefix-list LISP-v4-always seq 20 permit 172.16.0.0/16 le 32Related Commands
ip lisp map-cache
Configures a static IPv4 EID prefix to the locator map-cache entry.
clear ip lisp map-cache
Clears the LISP IPv4 map cache on the local Cisco NX-OS device.
ip lisp map-request-source
To configure an IPv4 or IPv6 address to be used as the source address for Locator/ID Separation Protocol (LISP) IPv4 Map-Request messages, use the ip lisp map-request-source command. To remove the configured Map-Request source address and return to the default behavior, use the no form of this command.
ip lisp map-request-source source-address
no ip lisp map-request-source source-address
Syntax Description
Defaults
The Cisco NX-OS device uses one of the locator addresses that you configure by using the ipv6 lisp database-mapping command as the default source address for LISP Map-Request messages.
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
A locator address that you configured by using the ip lisp database-mapping command is used as the source address for LISP IPv4 Map-Request messages. There are cases, however, where it might be necessary to configure the specified source address for these Map-Request messages. For example, when the ingress tunnel router (ITR) is behind a Network Address Translation (NAT) device, you might need to specify a source address that matches the NAT configuration to properly allow for return traffic.
When you enter the ip lisp map-request-source command on an Ingress Tunnel Router (ITR), the specified IPv4 or IPv6 locator is used by an Ingress Tunnel Router (ITR) as the source address for LISP IPv4 Map-Request messages. When you enter the ip lisp map-request-source command on a Map Server, this locator is used as the source address in the Encapsulated Control Message that carries a Map Request to an ETR.
This command does not require a license.
Examples
This example shows how to configure an Ingress Tunnel Router (ITR) to use the source IP address 172.16.1.7 in its IPv4 Map-Request messages:
switch# configure terminalswitch(config)# ip lisp map-request-source 172.16.1.7Related Commands
ip lisp database-mapping
Configures an IPv4 EID-to-RLOC mapping relationship and its associated traffic policy.
ip lisp map-resolver
To configure a Cisco NX-OS device to act as an IPv4 Locator/ID Separation Protocol (LISP) Map-Resolver (MR), use the ip lisp map-resolver command. To remove LISP Map-Resolver functionality, use the no form of this command.
ip lisp map-resolver
no ip lisp map-resolver
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
A Map Resolver receives a LISP Encapsulated Control Message (ECM) that contains a Map Request from a LISP Ingress Tunnel Router (ITR) directly over the underlying locator-based network. The Map Resolver decapsulates this message and forwards it on the LISP Alternative Topology (LISP-ALT), where it is delivered either to an ingress tunnel router (ITR) that is directly connected to the LISP-ALT and that is authoritative for the endpoint identifier (EID) being queried by the Map Request or to the Map Server that is injecting EID prefixes into the LISP-ALT on behalf of the authoritative ETR.
Map Resolvers also send Negative Map Replies directly back to an Ingress Tunnel Router (ITR) in response to queries for non-LISP addresses.
When deploying a LISP Map Resolver, follow these guidelines:
•
•
•
This command does not require a license.
Examples
This example shows how to configure the IPv4 LISP Map-Resolver functionality on the Cisco NX-OS device:
switch# configure terminalswitch(config)# ip lisp map-resolverRelated Commands
ip lisp alt-vrf
Configures which VRF that LISP should use when sending Map Requests for an IPv4 EID-to-RLOC mapping directly over the ALT.
ip lisp map-server
To configure the Cisco NX-OS device to act as an IPv4 Locator/ID Separation Protocol (LISP) Map-Server (MS), use the ip lisp map-server command. To remove the LISP Map-Server functionality, use the no form of this command.
ip lisp map-server
no ip lisp map-server
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
LISP site commands are configured on the Map Server for a LISP egress tunnel router (ETR) that registers to it, including an authentication key, which must match the one also configured on the ETR. A Map Server receives Map-Register control packets from ETRs. When you configure the Map Server with a service interface to the LISP Alternative Topology (LISP-ALT), it injects aggregates for the registered EID prefixes into the LISP-ALT.
The Map Server also receives Map-Request control packets from the LISP-ALT, which it then forwards as a LISP Encapsulated Control Message (ECM) to the registered ETR that is authoritative for the EID prefix being queried. The ETR returns a Map-Reply message directly back to the Ingress Tunnel Router (ITR).
When deploying a LISP Map-Resolver, follow these guidelines:
•
•
•
This command does not require a license.
Examples
This example shows how to configure the IPv4 LISP Map-Server functionality on the Cisco NX-OS device:
switch# configure terminalswitch(config)# ip lisp map-serverRelated Commands
ip lisp alt-vrf
Configures which VRF that LISP should use when sending Map Requests for an IPv4 EID-to-RLOC mapping directly over the ALT.
ip lisp multicast
To configure the device to support Locator/ID Separation Protocol (LISP) to carry multicast traffic, when the Ingress Tunnel Router (ITR) or ETR function is enabled, use the ip lisp multicast command. To remove the LISP Map-Server functionality, use the no form of this command.
ip lisp multicast
no ip lisp multicast
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
VRF configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to configure the device to support Locator/ID Separation Protocol (LISP) to carry multicast traffic:
switch# configure terminalswitch(config-vrf)# ip lisp multicastswitch(config-vrf)#Related Commands
ip lisp alt-vrf
Configures which VRF that LISP should use when sending Map Requests for an IPv4 EID-to-RLOC mapping directly over the ALT.
ip lisp nat-transversal
To configure an egress tunnel router (ETR) with a private locator that is sited behind a Network Address Translation (NAT) device to dynamically determine its NAT-translated public locator for use in Map-Register and Map-Reply messages, use the ip lisp nat-transversal command. To remove this functionality, use the no form of this command.
ip lisp nat-transversal
no ip lisp nat-transversal
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Interface configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When an ETR is sited behind a NAT device, its routing locator belongs to the private address space that the NAT device translates to a public globally routed address. The ETR needs to know this public global locator address because this address is required for use in Map-Register and Map-Reply messages.
When you enter the ip lisp nat-transversal command, the ETR determines its own public global locator dynamically. When configured, the ETR sends a LISP Echo-Request message to the configured Map Server out the interface under which this command is configured. The Map Server replies with an Echo-Reply message that includes the source address from the Echo Request, which is the NAT-translated public global locator address.
The ip lisp nat-transversal is useful when the dynamic keyword is used with the ip lisp database-mapping command in order to dynamically determine the routing locator rather than statically defining it.
This command does not require a license.
Examples
This example shows how to configure the ETR to dynamically determine its public global routing locator when it is behind a NAT device:
switch# configuration terminalswitch(config)# interface Ethernet 2/0switch(config-if)# ip lisp nat-transversalRelated Commands
ip lisp proxy-etr
To configure the Cisco NX-OS device to act as the IPv4 Locator/ID Separation Protocol (LISP) Proxy Egress Tunnel Router (PETR), use the ip lisp proxy-etr command. To remove the LISP PETR functionality, use the no form of this command.
ip lisp proxy-etr
no ip lisp proxy-etr
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The Cisco NX-OS device accepts LISP-encapsulated packets from an ingress tunnel router (ITR) or Proxy ITR (PITR) that are destined to non-LISP sites, deencapsulates them, and then forwards them natively toward the non-LISP destination.
PETR services may be necessary in several cases. For example, by default, when a LISP site forwards packets to a non-LISP site natively (not LISP encapsulated), the source IP address of the packet is that of a site EID. If the provider side of the access network is configured with strict unicast reverse path forwarding (uRPF) or an anti spoofing access-list, it would consider these packets to be spoofed and drop them because EIDs are not advertised in the provider default free zone (DFZ). Instead of natively forwarding packets destined to non-LISP sites, the Ingress Tunnel Router (ITR) encapsulates these packets using the site locator as the source address and the PETR as the destination address. Packets destined for LISP sites follow normal LISP forwarding processes and are sent directly to the destination ETR.
Note
This command does not require a license.
Examples
This example shows how to configure the Cisco NX-OS device to act as an IPv4 LISP PETR:
switch# configure terminalswitch(config)# ip lisp proxy-etrRelated Commands
ip lisp proxy-itr
To configure a Cisco NX-OS device to act as an IPv4 Locator/ID Separation Protocol (LISP) Proxy Ingress Tunnel Router (PITR), use the ip lisp proxy-itr command. To remove the LISP PITR functionality, use the no form of this command.
ip lisp proxy-itr ipv4-local-locator [ipv6-local-locator]
no ip lisp proxy-itr ipv4-local-locator [ipv6-local-locator]
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The Cisco NX-OS device receives native packets from non-LISP sites that are destined for LISP sites, encapsulates them, and forwards them to the ETR that is authoritative for the destination LISP site EID.
PITR services are required to provide interworking between non-LISP sites and LISP sites. For example, when connected to the Internet, a PITR acts as a gateway between the legacy Internet and the LISP-enabled network. The PITR must advertise one or more highly aggregated endpoint identifier (EID) prefixes on behalf of LISP sites into the underlying default free zone (DFZ) (that is the Internet) and act as an Ingress Tunnel Router (ITR) for traffic received from the public Internet.
When you enable PITR services by using the ip lisp proxy-itr command, the PITR creates LISP-encapsulated packets when it sends a data packet to a LISP site, sends a data probe, or sends a Map-Request message. The outer (LISP) header address family and source address are determined as follows:
•
•
When you configure a switch to function as an IPv4 PITR, you can also configure it to use the LISP-ALT for IPv4 EID-to-RLOC mapping resolution. When configured to use the LISP-ALT, the PITR sends its map request messages directly over the LISP ALT using the virtual routing and forwarding (VRF) when you enter the ip lisp alt-vrf command. A PITR can send a Map Request to a configured Map Resolver for EID-to-RLOC mapping resolution as an alternative to sending a Map Request directly over the LISP-ALT. (See the ipv4 map-resolver command) When using a PITR in a virtualized LISP deployment, you must configure the PITR to use a Map-Resolver for EID-to-RLOC mapping resolution and not the LISP-ALT because the LISP-ALT does not support virtualization.
Note
This command does not require a license.
Examples
This example shows how to configure the LISP PITR functionality on the Cisco NX-OS device and how to encapsulate packets using a source locator:
switch# configure terminalswitch(config)# ip lisp proxy-itr 10.1.1.1Related Commands
ip lisp shortest-eid-prefix-length
To configure the shortest IPv4 endpoint identifier (EID)-prefix mask length that is acceptable to an ingress tunnel router (ITR) or Proxy ITR (PITR) in a received Map-Reply message or to an ETR in the mapping-data record of a received Map Request, use the ip lisp shortest-eid-prefix-length command. To return to the default configuration, use the no form of this command.
ip lisp shortest-eid-prefix-length IPv4-EID-prefix-length
no ip lisp shortest-eid-prefix-length IPv4-EID-prefix-length
Syntax Description
IPv4-EID-prefix-length
Shortest IPv4 EID prefix-length accepted from a Map Reply or data record in a Map Request. The range is from 0 to 32.
Defaults
a/6
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When an Ingress Tunnel Router (ITR) or PITR receives a Map-Reply message, the mapping data it contains includes the EID mask length for the returned EID prefix. By default, the shortest EID prefix mask length accepted by an Ingress Tunnel Router (ITR) or PITR for an IPv4 EID prefix is a /16. You can use the ip lisp shortest-eid-prefix-length command to change this default. For example, it might be necessary for a PITR to accept a shorter (coarser) prefix if one exists.
When an ETR receives a Map-Request message, it might contain a mapping data record that the ETR can cache and possibly use to forward traffic depending on the configuration of the ip lisp etr accept-map-request-mapping command. Use the ip lisp shortest-eid-prefix-length command to change the shortest prefix length accepted by the ETR. In this case, the check for the shortest EID prefix mask length is done prior to the verifying Map-Request, if also configured. If the EID prefix mask length is less than the configured value, the verifying Map Request is not sent and the mapping data is not accepted.
This command does not require a license.
Examples
This example shows how to configure the Cisco NX-OS device to accept a minimum IPv4 EID prefix length:
switch# configure terminalswitch(config)# ip lisp shortest-eid-prefix-length 12Related Commands
ip lisp source-locator
To configure a source locator to be used for IPv4 Locator/ID Separation Protocol (LISP)-encapsulated packets, use the ip lisp source-locator command. To remove the configured source locator, use the no form of this command.
ip lisp source-locator interface
no ip lisp source-locator interface
Syntax Description
interface
Name of the interface whose IPv4 address should be used as the source locator address for outbound LISP-encapsulated packets.
Defaults
The IPv4 address of the outbound interface is used by default as the source locator address for outbound LISP encapsulated packets.
Command Modes
Interface configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When sending a LISP-encapsulated packet (data or control message), the Cisco NX-OS device performs a destination lookup to determine the appropriate outgoing interface. By default, the IPv4 address of this outgoing interface is used as the source locator for the outbound LISP encapsulated packet.
You might need to use the IPv4 address of a different interface as the source locator for the outbound LISP-encapsulated packets rather than that of the outgoing interface. For example, when an Ingress Tunnel Router (ITR) has multiple egress interfaces, you might configure a loopback interface for stability purposes and instruct the Ingress Tunnel Router (ITR) to use the address of this loopback interface as the source locator for the outbound LISP-encapsulated packets rather than one or both of the physical interface addresses. This command is also important for maintaining locator consistency between the two LISP Tunnel Routers (xTRs) when RLOC-probing is used.
This command does not require a license.
Examples
This example shows how to configure the source locator:
switch# configuration terminalswitch(config)# interface Ethernet2/0switch(config-if)# ip lisp source-locator Loopback0switch(config-if)# interface Ethernet2/1switch(config-if)# ip lisp source-locator Loopback0Related Commands
ip lisp itr
Configures the switch to act as an IPv4 LISP Ingress Tunnel Router (ITR).
ip lisp translate
To configure IPv4 Locator/ID Separation Protocol (LISP) translation mapping, use the ip lisp translate command. To remove IPv4 LISP translation mappings and return to the default value, use the no form of this command.
ip lisp translate inside IPv4-inside-EID outside IPv4-outside-EID
no ip lisp translate inside IPv4-inside-EID outside IPv4-outside-EID
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When you configure a LISP Ingress Tunnel Router (ITR) or Engress Tunnel Router (ETR) with a nonroutable EID prefix and you want to replace it with a routable EID prefix, use the ip lisp translate command. A LISP device that acts as an Ingress Tunnel Router (ITR) and detects a nonroutable EID in the source IPv4 address field replaces it with the routable EID when you use the inside and outside keyword. In the opposite direction when acting as an ETR, it replaces the routable EID referred to by the outside keyword with the no-routable EID referred to by the inside keyword.
Note
This feature may be useful if you want to upgrade but you want to continue to communicate with non-LISP sites. An alternative approach for providing communications between LISP and non-LISP sites is to use Proxy-ITR services. See the ip lisp proxy-itr command for further details. Both proxy-ITR and Network Address Translation (NAT) translation services, also referred to as Interworking services, are described in draft-ietf-lisp-interworking-00.
This command does not require a license.
Examples
This example shows how to configure LISP to translate the inside address to the outside address:
switch# configure terminalswitch(config)# ip lisp translate inside 192.168.10.1 outside 10.1.10.1Related Commands
ip lisp use-petr
To configure a Cisco NX-OS device to use an IPv4 LISP Proxy Egress Tunnel Router (PETR), use the ip lisp use-petr command. To remove the use of a LISP PETR, use the no form of this command.
ip lisp use-petr locator-address
no ip lisp use-petr locator-address
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When the use of PETR services is enabled, instead of natively forwarding packets destined to non-LISP sites, these packets are LISP-encapsulated and forwarded to the PETR, where these packets are then deencapsulated and forwarded natively toward the non-LISP destination. An Ingress Tunnel Router (ITR) or PITR can be configured to use PETR services.
PETR services might be necessary in several cases. By default, when a LISP sites forwards packets to a non-LISP site natively (not LISP encapsulated), the source IP address of the packet is that of a site endpoint identifier (EID). If the provider side of the access network is configured with strict unicast reverse path forwarding (uRPF), it considers these packets to be spoofed and drops them because EIDs are not advertised in the provider default free zone (DFZ). In this case, instead of natively forwarding packets destined to non-LISP sites, the Ingress Tunnel Router (ITR) encapsulates these packets using the site locator as the source address and the PETR as the destination address. Packets destined for LISP sites follow normal LISP forwarding processes and are sent directly to the destination ETR.
Note
This command does not require a license.
Examples
This example shows how to configure the Ingress Tunnel Router (ITR) to use the PETR with the IPv4 locator:
switch# configure terminalswitch(config)# ip lisp use-petr 10.1.1.1Related Commands
ip lisp proxy-etr
Configures the Cisco NX-OS device to act as an IPv4 LISP Proxy Egress Tunnel Router (PETR).
ip pim rp-address
To configure the static rendezvous point RP for a group range, use the ip pim rp-address command. To remove the static RP for a group range, use the no form of this command.
ip pim rp-address rp-address group-list access-list
no ip lisp use-petr rp-address group-list access-list
Syntax Description
rp-address
Specifies the IP address of router which is the RP for the group range.
group-list
Specifies the group range for the static RP.
access-list
Group range prefixes.
Defaults
None
Command Modes
VRF configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to configure the static RP for a group range:
switch# configure terminalswitch(config)# vrf context managementswitch(config-vrf)# ip pim rp-address 10.0.0.1 group-list 224.0.0.0/8switch(config-vrf)#Related Commands
ip lisp proxy-etr
Configures the Cisco NX-OS device to act as an IPv4 LISP Proxy Egress Tunnel Router (PETR).
ip pim ssm
To define the Source Specific Multicast (SSM) range of IP, use the ip pim ssm command. To remove the SSM range of IP, use the no form of this command.
ip pim ssm range access-list
no ip lisp use-petr access-list
Syntax Description
Defaults
None
Command Modes
VRF configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to configure the Source Specific Multicast (SSM) range of IP:
switch# configure terminalswitch(config)# vrf context managementswitch(config-vrf)# ip pim ssm 224.0.0.0/8Related Commands
ip lisp proxy-etr
Configures the Cisco NX-OS device to act as an IPv4 LISP Proxy Egress Tunnel Router (PETR).
ip route
To configure a default route to the upstream next hop for all IPv4 destinations, use the ip route command. To remove the default route to the upstream next hop for all IPv4 destinations, use the no form of this comand.
ip route ipv4-prefix next-hop
no ip route ipv4-prefix next-hop
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to configure a default route to the upstream next hop for all IPv4 destinations:
switch# configure terminalswitch(config)# ip route 0.0.0.0 0.0.0.0 10.0.0.1Related Commands
ip lisp proxy-etr
Configures the Cisco NX-OS device to act as an IPv4 LISP Proxy Egress Tunnel Router (PETR).
ipv6 lisp alt-vrf
To configure the virtual routing and forwarding (VRF) instance that the Cisco NX-OS device uses when sending map requests for an IPv6 end point identifier (EID) to Routing Locator mapping directly over the Locator/ID Separation Protocol Alternative Topology (LISP-ALT), use the ipv6 lisp alt-vrf command. To remove the reference to a VRF, use the no form of this command.
ipv6 lisp alt-vrf vrf-name
no ipv6 lisp alt-vrf vrf-name
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ipv6 lisp alt-vrf command to configure which virtual routing and forwarding (VRF) instance that the LISP device should use for control plane mapping resolution functions.
You must use the ipv6 lisp alt-vrf command for all devices that connect to the ALT to exchange LISP control plane messages for mapping. These devices include LISP Map-Server (MS), Map Resolver (MR), and Proxy Ingress Tunnel Router (PITR) devices, and directly ALT-connected xTRs.
Follow these guidelines when using this command:
•
•
•
•
Note
Examples
This example shows how to configure the VRF named lisp and then configure LISP to use this VRF when resolving IPv6 EID-to-RLOC mappings:
switch# configure terminalswitch(config)# vrf context lispswitch(config-vrf)# exitswitch(config)# ipv6 lisp alt-vrf lispRelated Commands
ipv6 lisp database-mapping
To configure an IPv4 endpoint identifier to Routing Locator (EID-to-RLOC) mapping relationship and its associated traffic policy, use the ipv6 lisp database-mapping command. To remove the configured database mapping, use the no form of this command.
ipv6 lisp database-mapping EID-prefix {locator | dynamic} priority priority weight weight
no ipv6 lisp database-mapping EID-prefix {locator | dynamic} priority priority weight weight
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ipv6 lisp database-mapping command to configure the LISP database parameters for the specified IPv4 EID prefix block, including its associated locator, priority and weight. The IPv6 EID prefix is the LISP IPv6 EID prefix block that is associated with the site that the Cisco NX-OS Series device registers as being authoritative with a Map Server. The locator is typically the IPv4 or IPv6 address of a loopback interface but can be the IPv4 or IPv6 address of any interface used as the Routing Locator (RLOC) address for the EID prefix assigned to the site. A priority and weight are used to define traffic policies when multiple RLOCs apply to the same EID prefix block.
When you configure a Cisco NX-OS Series device as an egress tunnel router (ETR), these LISP database-mapping parameters are advertised within a Map-Reply message to indicate the ingress traffic preferences of the site for the associated EID prefix block. An ingress tunnel router (ITR) then selects a source locator (outer header) address for encapsulating packets destined to the EID prefix based on these advertised parameters.
When a LISP site has multiple locators associated with the same EID prefix block, you use multiple ipv6 lisp database mapping commands to configure all of the locators for a given EID prefix block. Each locator can be assigned with the same or a different priority value between 0 and 255. When multiple locators are assigned different priority values, the priority value alone is used to determine which locator to prefer. A lower value indicates a more preferable path. A value of 255 indicates that the locator must not be used for unicast traffic forwarding.
When multiple locators have the same priority, they can be used in a load-sharing manner. In this case, for a given priority, the weight given to each locator is used to determine how to load-balance unicast packets between them. The weight is a value between 0 and 100 and represents the percentage of traffic to be load shared to that locator. If you assign a nonzero weight value to any locator for a given EID prefix block, you must assign all locators with the same priority for that same EID prefix block with a nonzero weight value. The sum of all weight values must equal 100. If you assign a weight value of zero to any locator for a given EID prefix block, you must assign all locators with the same priority for that same EID prefix block a weight value of zero. A weight value of zero indicates to an ITR that receives the Map-Reply that it can decide how to load-share traffic destined to that EID prefix block.
When you assign a LISP site with multiple IPv6 EID prefixes, the ipv6 lisp database-mapping is configured for each IPv4 EID prefix assigned to the site and for each locator that has a reachable IPv6 EID prefix.
When multiple ETRs are used at a LISP site, you must enter the ipv6 lisp database-mapping command on all ETRs for all locators to make an IPv4 EID prefix block reachable even when the locator is not local to the specific ETR that is being configured.
If the ETR receives its RLOC through a dynamic process such as DHCP, or if it is sited behind a Network Address Translation (NAT) device and the routing locator belongs to the private address space that the NAT device translates to a public globally routed address, you might not be able to specify a locator in the ip lisp database-mapping entry. Aadd the dynamic keyword with the ipv6 lisp database-mapping command so that the RLOC for this Cisco NX-OS device will be determined dynamically rather than being statically defined in each ip lisp database-mapping entry.
When an ETR is sited behind NAT, it needs to know the public global locator address; this address that is required for Map-Register and Map-Reply messages. You should enter the {ip | ipv6} lisp nat-traversal command. For more information, see the {ip | ipv6} lisp nat-traversal command.
This command does not require a license.
Examples
This example shows how to configure lisp database-mapping entries for a single IPv6 EID prefix block and two IPv4 locators that are associated with the EID prefix block:
switch# configure terminalswitch(config)# ipv6 lisp database-mapping 2001:DB8:BB::/48 10.1.1.1 priority 1 weight 100switch(config)# ipv6 lisp database-mapping 2001:DB8:BB::/48 10.1.2.1 priority 1 weight 100Related Commands
ipv6 lisp etr
To configure a Cisco NX-OS device to act as an IPv6 Locator/ID Separation Protocol (LISP) Egress Tunnel Router (ETR), use the ipv6 lisp etr command. To remove LISP ETR functionality, use the no form of this command.
ipv6 lisp etr
no ipv6 lisp etr
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ipv6 lisp etr command to enable the Cisco NX-OS device to perform IPv4 LISP Egress Tunnel Router (ETR) functionality. When you configure a Cisco NX-OS device as an IPv4 ETR, also use ipv6 lisp database-mapping command so that the ETR knows what EID prefix blocks and corresponding locators are used for the LISP site. In addition, you should configure the ETR to register with a Map-Server by using the ipv6 lisp etr map-server command, or to use static LISP EID-to-RLOC mappings by using the ipv6 lisp map-cache command in order to participate in LISP networking.
When a map-cache entry contains mixed locators (both IPv4 and IPv6 RLOCs) and an Ingress Tunnel Router (ITR) encapsulates using an IPv4 locator, you must configure the ETR that is assigned with the IPv4 locator by using the ipv6 lisp etr command. When an IPv6 locator is used by an Ingress Tunnel Router (ITR), you must configure the ETR that is assigned with the IPv6 locator by using the ipv6 lisp etr command.
Note
This command does not require a license.
Examples
This example shows how to configure IPv6 LISP ETR functionality on the Cisco NX-OS device:
switch# configure terminalswitch(config)# ipv6 lisp etrRelated Commands
ipv6 lisp etr accept-map-request-mapping
To configure an Egress Tunnel Router (ETR) to cache IPv6 mapping data contained in a Map-Request message, use the ipv6 lisp etr accept-map-request-mapping command. To remove this functionality, use the no form of this command.
ipv6 lisp etr accept-map-request-mapping [verify]
no ipv6 lisp etr accept-map-request-mapping [verify]
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When an ETR receives a Map-Request message, this message might contain mapping data for the invoking IPv4 source-EID packet. By default, the ETR ignores mapping data included in Map-Request messages. However, by entering the ipv6 lisp etr accept-map-request-mapping command, the ETR caches the mapping data in its map cache and immediately uses it to forward packets.
When you use the optional verify keyword, the ETR still caches the mapping data but does not forward packets until the ETR can send its own Map Request to one of the locators from the mapping data record and receive the same data in a Map-Reply message.
Note
When you enable and then later disable this command, you must enter the clear ipv6 lisp map-cache command to clear any map-cache entries that are currently in the tentative state. Map-cache entries can remain in the tentative state for up to one minute; therefore, you might want to clear these entries manually when this command is removed.
This command does not require a license.
Examples
This example shows how to configure the ETR to accept and cache IPv6 mapping data included in Map-Request messages and verify its accuracy prior to using this data to forward packets:
switch# configure terminalswitch(config)# ipv6 lisp etr accept-map-request-mapping verifyRelated Commands
ipv6 lisp etr glean-mapping
To configure an egress tunnel router (ETR) to add inner header (EID) source address to outer header (RLOC) source address mappings it to its endpoint identifier to Routing Locator (EID-to-RLOC) cache (map-cache, use the ipv6 lisp etr glean-mapping command. To remove this functionality, use the no form of this command.
ipv6 lisp etr glean-mapping [verify]
no ipv6 lisp etr glean-mapping [verify]
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When an ETR receives Locator/ID Separation Protocol (LISP)-encapsulated packets, the inner header EID source address and outer header RLOC source address should match an entry found in the map cache as determined by the results of a Map-Request/Map-Reply exchange. When a host moves from one ingress tunnel router (ITR) to another ITR, the EID-to-RLOC mapping changes because the new ITR can encapsulate packets to the ETR using a different locator. By entering the ipv6 lisp etr glean-mapping command, the ETR recognizes the new locator information for the moved host's EID and updates the map cache with this information.
The learned EID-to-RLOC map-cache entries are stored with a priority of 1 and a weight of 100.
When you enter the optional verify keyword, the ETR caches the learned EID-to-RLOC mapping data but does not forward packets until the ETR can send its own Map Request to the originating Ingress Tunnel Router (ITR) and receive a Map Reply. The gleaned locator will then be used. When you specify the verify keyword, the locator is used to forward traffic and all packets are dropped until the Map Reply is returned.
Note
This command does not require a license.
Examples
This example shows how to configure the ETR to glean and cache IPv6 mapping data included in Map-Request messages and verify its accuracy prior to using this data to forward packets:
switch# configure terminalswitch(config)# ipv6 lisp etr glean-mapping verifyRelated Commands
ipv6 lisp etr
Configures the Cisco NX-OS device to act as an IPv6 LISP Egress Tunnel Router (ETR).
ipv6 lisp etr map-cache-ttl
To configure the Time-to-live (TTL) value inserted into Locator/ID Separation Protocol (LISP) IPv6 Map-Reply messages, use the ipv6 lisp etr map-cache-ttl command. To remove the configured TTL value and return to the default value, use the no form of this command.
ipv6 lisp etr map-cache-ttl time-to-live
no ipv6 lisp etr map-cache-ttl time-to-live
Syntax Description
time-to-live
Value, in minutes, to be inserted in the TTL field in Map-Reply messages. The range is from 60 to 10080.
Defaults
1440
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ipv6 lisp etr map-cache-ttl command to change the default value associated with the TTL field in IPv4 Map-Reply messages. Use this command when you want to change the default TTL that remote Ingress Tunnel Routers (ITRs) cache and use for your site's IPv4 EID prefix. The default value is 1440 minutes (24 hours). The minimum value cannot be less than 60 minutes, and the maximum cannot be greater than 10080 minutes (one week).
This command does not require a license.
Examples
This example shows how to configure the ETR to use a TTL in its IPv6 Map-Reply messages:
switch# configure terminalswitch(config)# ipv6 lisp etr map-cache-ttl 120Related Commands
ipv6 lisp etr
Configures the Cisco NX-OS device to act as an IPv6 LISP Egress Tunnel Router (ETR).
ipv6 lisp etr map-server
To configure the IPv4 or IPv6 locator address of the Locator/ID Separation Protocol (LISP) Map Server to be used by the egress tunnel router (ETR) when registering for IPv4 EIDs, use the ipv6 lisp etr map-server command. To remove the configured locator address of the LISP Map Server, use the no form of this command.
ipv6 lisp etr map-server map-server-address {[key key-type authentication-key] | proxy-reply}
no ipv6 lisp etr map-server map-server-address {[key key-type authentication-key] | proxy-reply}
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ipv6 lisp etr map-server command to configure the IPv4 or IPv6 locator of the Map Server to which the ETR registers for its IPv4 EID(s). A password used for a SHA-1 HMAC hash that is included in the header of the Map-Register message must also be provided. You can configure the ETR to register with a maximum of two Map Servers per EID address family. Once the ETR registers with the Map-Server(s), the Map Server(s) begin to advertise the EID prefix block(s) and RLOC(s) for the LISP site.
You can enter the SHA-1 HMAC password in unencrypted (cleartext) form or encrypted form. To enter an unencrypted password, specify a key-type value of 0. To enter a 3DES-encrypted password, specify a key-type value of 3. To enter a Cisco-encrypted password, specify a key-type value of 7.
Caution
Note
•
Note
This command does not require a license.
Examples
This example shows how to configure ETR to register to two Map Servers:
switch# configure terminal
switch(config)# ipv6 lisp etr map-server 2001:db8:0a::1 key 3 1c275642c17d1e17switch(config)# ipv6 lisp etr map-server 2001:db8:0b::1 key 3 1c275642c17d1e17This example shows how to configure ETR to register to the Map Server:
switch# configure terminalswitch(config)# ipv6 lisp etr map-server 2001:db8:0a::1 key 3 1c275642c17d1e17switch(config)# ipv6 lisp etr map-server 2001:db8:0a::1 proxy-replyRelated Commands
ipv6 lisp hardware-forwarding
To enable hardware-forwarding specifically on the Cisco Nexus 7000 Series device when at least one 32x10GE line card is installed, use the ipv6 lisp hardware-forwarding command. To disable this functionality, use the no form of this command.
ipv6 lisp hardware-forwarding
no ipv6 lisp hardware-forwarding
Syntax Description
This command has no arguments or keywords.
Defaults
Enabled when at least one 32x10 GE line card is installed.
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
This command is only applicable to the Cisco NX-OS device.
The ip lisp hardware-forwarding command is applicable to the Cisco Nexus 7000 Series device only. Hardware forwarding for LISP is supported on the N7K-M132XP-12 line card only. That is, LISP input and output interfaces must be on the N7K-M132XP-12 line card.
Caution
This command does not require a license.
Examples
This example shows how to disable the IPv6 LISP hardware forwarding feature:
switch# configure terminalswitch(config)# no ipv6 lisp hardware-forwardingswitch(config)# exitRelated Commands
ipv6 lisp itr
To configure a Cisco NX-OS device to act as an IPv6 Locator/ID Separation Protocol (LISP) Ingress Tunnel Router (ITR), use the ipv6 lisp itr command. To remove LISP Ingress Tunnel Router (ITR) functionality, use the no form of this command.
ipv6 lisp itr
no ipv6 lisp itr
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When a Cisco NX-OS device is configured as an Ingress Tunnel Router (ITR), if a packet is received for which no IPv6 destination address prefix match exists in the routing table or which matches a default route (you can configure that the source address of the packet matches an IPv4 EID prefix block configured by using the ipv6 lisp database-mapping command or ipv6 lisp map-cache command. The packet is a candidate for LISP routing. The Ingress Tunnel Router (ITR) looks in the LISP map cache and forwards either the packet, drops the packet, sends a Map Request, or LISP-encapsulates the packet.
If there is no match in the LISP map cache, the Ingress Tunnel Router (ITR) might use one of two methods to obtain an IPv6 EID-to-RLOC mapping. When a Map Resolver is configured when you enter the ipv6 lisp itr map-resolver command, the Ingress Tunnel Router (ITR) sends its Map Request in a LISP Encapsulated Control Message (ECM) to the Map-Resolver. When the Ingress Tunnel Router (ITR) is attached to the ALT using the ipv6 lisp alt-vrf command, the Ingress Tunnel Router (ITR) sends its Map Request directly on the alternate LISP topology (LISP-ALT). The Ingress Tunnel Router (ITR) caches the IPv4 EID-to-RLOC mapping information returned by the associated Map Reply in its map cache. Subsequent packets destined to the same IPv6 EID prefix block are then LISP-encapsulated according to this IPv4 EID-to-RLOC mapping entry.
Note
This command does not require a license.
Examples
This example shows how to configure the Ingress Tunnel Router (ITR) functionality on the NX-OS device:
switch# configuration terminalswitch(config)# ipv6 lisp itrRelated Commands
ipv6 lisp itr map-resolver
To configure the IPv4 or IPv6 locator address of the Locator/ID Separation Protocol (LISP) Map Resolver to be used by the ingress tunnel router (ITR) or Proxy ITR (PITR) when sending Map Requests for IPv4 EID-to-RLOC mapping resolution, use the ipv6 lisp itr map-resolver command. To remove the configured locator address of the LISP Map Resolver, use the no form of this command.
ip lispv6 itr map-resolver map-resolver-address
no ipv6 lisp itr map-resolver map-resolver-address
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Up to two Map Resolvers can be configured per Ingress Tunnel Router (ITR) or PITR within a site for each address family.
When a LISP Ingress Tunnel Router (ITR) or PITR needs to resolve an IPv6 EID-to-RLOC mapping for a destination EID, you can be configure it to send a map request either to a Map Resolver by using the ipv6 lisp itr map-resolver command or directly over the LISP ALT by using the ipv6 lisp alt-vrf command. When a Map Resolver is used, map requests are sent to the Map Resolver with the additional LISP Encapsulated Control Message (ECM) header that includes the Map Resolver RLOC as its destination address. When the ALT is used, map requests are sent directly over the ALT without the additional LISP Encapsulated Control Message (ECM) header, where the destination of the map request is the EID being queried.
Note
This command does not require a license.
Examples
This example shows how to configure an Ingress Tunnel Router (ITR) to use the Map Resolver located at 2001:DB8:0A::1 when sending its Map-Request messages.
switch# configuration terminalswitch(config)# ipv6 lisp itr map-resolver 2001:DB8:0A::1Related Commands
ipv6 lisp itr send-data-probe
To configure an ingress tunnel router (ITR) or Proxy ITR (PITR) to find an IPv4 endpoint identifier to Routing Locator (EID-to-RLOC) mapping for a packet it needs to encapsulate by sending a data probe rather than by sending a Map-Request message, use the ipv6 lisp itr send-data-probe command. To remove this functionality, use the no form of this command.
ipv6 lisp itr send-data-probe
no ipv6 lisp itr send-data-probe
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When a Locator/ID Separation Protocol (LISP) Ingress Tunnel Router (ITR) or PITR gets a map-cache miss and needs to resolve an IPv4 EID-to-RLOC mapping for a destination EID, you can send a Map-Request message either in a LISP Encapsulate Control Message (ECM) to the Map Resolver by using the ip lisp itr map-resolver command or directly over the Locator/ID Separation Protocol Alternative Topology (LISP-ALT) by using the ip lisp alt-vrf command. In either case, the first packet of the flow that caused the map-cache miss is dropped. Once the Map Reply populates the map cache, subsequent packets to the same destination are forwarded directly by LISP.
Note
Caution
This command does not require a license.
Examples
This example shows how to configure a LISP Ingress Tunnel Router (ITR) to send Data Probes to determine IPv6 EID-to-RLOC mappings:
switch# configuration terminalswitch(config)# ipv6 lisp itr send-data-probeRelated Commands
ipv6 lisp itr-etr
To configure a switch to act as both an IPv6 LISP Ingress Tunnel Router (ITR) and Egress Tunnel Router (ETR), use the ipv6 lisp itr-etr command. To remove the LISP Ingress Tunnel Router (ITR) functionality, use the no form of this command.
ipv6 lisp itr-etr
no ipv6 lisp itr-etr
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ipv6 lisp itr-etr command to enable the Cisco NX-OS device to perform both IPv6 LISP Ingress Tunnel Router (ITR) and Egress Tunnel Router (ETR) functionality simultaneously, by using a single command.
For usage guidelines for the IPv6 LISP Ingress Tunnel Router (ITR) functionality, see the ipv6 lisp itr command.
For usage guidelines for the IPv6 LISP ETR functionality, see the ipv6 lisp etr command.
Note
This command does not require a license.
Examples
This example shows how to configure the IPv6 LISP Ingress Tunnel Router (ITR) and ETR functionality on the NX-OS device:
switch# configuration terminalswitch(config)# ipv6 lisp itr-etrRelated Commands
ipv6 lisp etr
Configures the switch to act as an IPv6 LISP Egress Tunnel Router (ETR).
ipv6 lisp itr
Configures the switch to act as an IPv6 LISP Ingress Tunnel Router (ITR).
ipv6 lisp locator-down
To configure a locator from a locator set that is associated with an IPv6 endpoint identifier (EID)prefix database-mapping to be unreachable (down), use the ipv6 lisp locator-down command. To return the locator to be reachable (up), use the no form of this command.
ipv6 lisp locator-down EID-prefix/prefix-length locator
no ipv6 lisp locator-down EID-prefix/prefix-length locator
Syntax Description
EID-prefix/prefix-length
IPv6 EID prefix and length advertised by this switch.
locator
IPv4 or IPv6 Routing Locator (RLOC) associated with this EID prefix.
Defaults
An IPv4 or IPv6 locator associated with a configured IPv6 EID prefix block is considered reachable (up) unless an IGP routing protocol indicates it is down.
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When you configure LISP database parameters on an Ingress Tunnel Router (ITR) for specified IPv4 EID prefix blocks by using the ipv6 lisp database-mapping command or the ipv6 lisp map-cache command, the locators associated with these IPv4 EID prefix blocks are considered as reachable (up) by default. You can use the ipv6 lisp locator-down command to configure a locator from a locator-set associated with the EID prefix database mapping to be down.
When you enter the ipv6 lisp locator-down command, the Locator Status Bits (LSBs) for the configured locator is cleared when encapsulating packets to remote sites. ETRs at remote sites look for changes in the LSB when decapsulating LISP packets, and when the LSB indicates that a specific locator is down, the ETR refrains from encapsulating packets using this locator to reach the local site.
Note
This command does not require a license.
Examples
This example shows how to configure the locator to a down state for the IPv6 EID prefix block:
switch# configuration terminalswitch(config)# ipv6 lisp locator-down 2001:DB8:BB::/48 2001:DB8:0A::1Related Commands
ipv6 lisp locator-vrf
To configure a nondefault virtual routing and forwarding (VRF) table to be referenced by any IPv6 locator addresses, use the ipv6 lisp locator-vrf command. To return to using the default routing table for locator address references, use the no form of this command.
ipv6 lisp locator-vrf vrf-name
no ipv6 lisp locator-vrf vrf-name
Syntax Description
vrf-name
Name of the VRF instance to be referenced by IPv6 locator addresses instead of the default table.
Defaults
IPv6 locator addresses are associated with the default (global) routing table.
Command Modes
VRF configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When you configure Locator/ID Separation Protocol (LISP) in a nondefault VRF to keep EID prefixes in one VRF separate from EID prefixes in another VRF, and both EID VRFs share the same locator-based core network and same mapping database system infrastructure, these locator addresses must be reachable from the default VRF or a specified common VRF. Use the ipv6 lisp locator-vrf command to specify the VRF to be associated with these locator addresses.
When you enter the ipv6 lisp locator-vrf command, the locator addresses in any subsequent LISP commands are referenced to the specified VRF. For example, the locator addresses in the ipv6 lisp itr map-resolver and ipv6 lisp etr map-server commands refer to the VRF that you configured when you entered the ip lisp locator-vrf command. The Map Servers and Map-Resolvers can also share the configuration from the locator VRF.
Note
This command does not require a license.
Examples
In the following example, a LISP xTR is configured with three EID contexts red, blue, and green, and the locator VRF default. Red and blue are both using the RLOC of 10.10.10.1 if you enter the ipv6 lisp locator-vrf default command. In addition, red and blue both inherit the globally defined map resolver and Map Server located at 10.100.1.1 (configured at the end of this example). Both red and blue have an EID prefix of 172.16.0.0/24, but segmentation is maintained due to the unique LISP instance ID for each VRF context. The green context also uses the RLOC of 10.10.10.1 if you enter the ipv6 lisp locator-vrf default command. However, green overrides the inheritance of the globally defined map-resolver and Map-Server by including the ones configured within the VRF context and located at 10.200.1.1. The locator for this locally defined map-resolver or Map-Server remains within the default VRF when you enter the ipv6 lisp locator-vrf default command.
switch# configuration terminalswitch(config)# vrf context redswitch(config-vrf)# ipv6 lisp itr-etrswitch(config-vrf)# ipv6 lisp database-mapping 2001:db8:a::/48 10.10.10.1 priority 1 weight 1switch(config-vrf)# lisp instance-id 111switch(config-vrf)# ipv6 lisp locator-vrf defaultswitch(config-vrf)# exitswitch(config)# vrf context blueswitch(config-vrf)# ipv6 lisp itr-etrswitch(config-vrf)# ipv6 lisp database-mapping 2001:db8:a::/48 10.10.10.1 priority 1 weight 1switch(config-vrf)# lisp instance-id 222switch(config-vrf)# ipv6 lisp locator-vrf defaultswitch(config-vrf)# exitswitch(config)# vrf context greenswitch(config-vrf)# ipv6 lisp itr-etrswitch(config-vrf)# ipv6 lisp database-mapping 2001:db8:b::/48 10.10.10.1 priority 1 weight 1switch(config-vrf)# lisp instance-id 444switch(config-vrf)# ipv6 lisp locator-vrf defaultswitch(config-vrf)# ipv6 lisp itr map-resolver 10.200.1.1switch(config-vrf)# ipv6 lisp etr map-server 10.200.1.1 key 3 xxxxxxxxxxxswitch(config-vrf)# exitswitch(config)# ipv6 lisp itr map-resolver 10.100.1.1switch(config)# ipv6 lisp etr map-server 10.100.1.1 key 3 xxxxxxxxxxxRelated Commands
ipv6 lisp map-cache
To configure a static IPv6 endpoint identifier to Routing Locator (EID-to-RLOC) mapping relationship and its associated traffic policy or to statically configure the packet handling behavior associated with a specified destination IPv6 EID prefix, use the ipv6 lisp map-cache command. To remove the configuration, use the no form of this command.
ipv6 lisp map-cache destination-EID-prefix/prefix-length {locator priority priority weight weight}
no ipv6 lisp map-cache destination-EID-prefix/prefix-length {locator priority priority weight weight}
ipv6 lisp map-cache destination-EID-prefix/prefix-length {drop | map-request | native-forward}
no ipv6 lisp map-cache destination-EID-prefix/prefix-length {drop | map-request | native-forward}
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
You can use the ip lisp map-cache command to configure an ingress tunnel router (ITR) with a static IPv6 EID-to-RLOC mapping relationship and its associated traffic policy. For each entry, you must enter a destination IPv6 EID prefix block and its associated locator, priority, and weight. The IPv6 EID prefix/prefix-length is the LISP EID prefix block at the destination site. The locator is an IPv6 or IPv6 address of the remote site where the IPv6 EID prefix can be reached. The locator address has a priority and weight that are used to define traffic policies when multiple RLOCs are defined for the same EID prefix block. You can enter this command up to four times for a given EID prefix. Static IPv4 EID-to-RLOC mapping entries configured when you enter the ip lisp map-cache command take precedence over dynamic mappings learned through Map-Request/Map-Reply exchanges.
You can also use of the ipv6 lisp map-cache command to statically configure the packet handling behavior associated with a specified destination IPv6 EID prefix. For each entry, a destination IPv4 EID prefix block is associated with a configured forwarding behavior. When a packet's destination address matches the EID prefix, one of the following packet handling options:
•
•
•
This command does not require a license.
Examples
This example shows how to configure a destination EID-to-RLOC mapping and associated traffic policy:
switch# configuration terminalswitch(config)# ipv6 lisp map-cache 2001:DB8:BB::/48 2001:DB8:0A::1 priority 1 weight 100This example shows how to configure a destination EID-to-RLOC mapping and associated traffic policy to drop:
switch# configuration terminalswitch(config)# ip lisp map-cache 2001:DB8:AA::/64 dropRelated Commands
ipv6 lisp map-cache-limit
To configure the maximum number of IPv4 Locator/ID Separation Protocol (LISP) map-cache entries allowed to be stored by the Cisco NX-OS device, use the ipv6 lisp map-cache-limit command. To remove the configured map-cache limit, use the no form of this command.
ipv6 lisp map-cache-limit cache-limit [reserve-list list]
no ipv6 lisp map-cache-limit cache-limit [reserve-list list]
Syntax Description
Defaults
1000
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip lisp map-cache-limit command to control the maximum number of IPv6 LISP map-cache entries that are allowed to be stored on the Cisco NX-OS device. An optional reserve list can be configured to guarantee that the Cisco NX-OS device always stores the referenced IPv6 EID prefixes.
LISP IPv6 map-cache entries are added in one of two ways: dynamically or statically. Dynamic entries are added when a valid Map-Reply message is returned for a Map-Request message generated in response to a cache-miss lookup. Static entries are added when you enter the ipv6 lisp map-cache command.
Dynamic map-cache entries are always added until the default or configured cache limit is reached. After the default or configured cache limit is reached, unless the optional reserve list is configured, no further dynamic entries are added and no further Map Requests are generated in response to cache-miss lookups until a free position is available.
When you do no configure an optional reserve-list keyword, dynamic entries are added on a first-in-first-added basis until the configured map-cache limit is reached. After that time, no new dynamic entries can be added. If the reserve-list keyword is configured but the prefix list to which it refers is not configured, the results are the same as if the reserve-list keyword was not configured.
When you use the optional reserve-list keyword, a Map Request is generated and a new dynamic map-cache entry can be added only for IP v6 EID prefixes that are permitted by the prefix-list referenced by the reserve-list keyword. The new entry must be able to replace an existing dynamic entry so that the cache limit is maintained. The deleted dynamic entry is either a nonreserve idle map-cache entry ora non-reserve active map-cache entry. Idle map-cache entries are those entries that have seen no activity in the last 10 minutes. If all current dynamic entries are also permitted by the prefix list referenced by the reserve-list, no further dynamic entries can be added.
Existing dynamic IPv6 map-cache entries can time out due to inactivity or can be removed by the using the clear ip lisp map-cache command to create a free position in the map cache.
Static map-cache entries are always added, until the default or configured cache limit is reached. After the default or configured cache limit is reached, unless the optional reserve-list is configured, no further static entries are added.
When the optional reserve-list keyword used, static entries are added on a first-in-first-added basis until the configured map-cache limit is reached. After that time, no new static entries can be added. If you use the reserve-list keyword but you do not configure the prefix list to which it refers, the results are the same as if the reserve-list keyword was not configured.
When you use the optional reserve-list keyword, you can add a prefix list, but only if it can replace an existing static entry or dynamic entry that does not match the reserve list prefix list.
Note
This command does not require a license.
Examples
This example shows how to configure the LISP cache-limit and a reserve-list:
switch# configuration terminalswitch(config)# ipv6 lisp map-cache-limit 2000 reserve-list LISP-v6-alwaysswitch(config)# ip prefix-list LISP-always seq 10 permit 2001:DB8:BA::/46 le 128Related Commands
ipv6 lisp map-request-source
To configure an IPv4 or IPv6 address to be used as the source address for Locator/ID Separation Protocol (LISP) IPv6 Map-Request messages, use the ipv6 lisp map-request-source command. To remove the configured Map-Request source address and return to the default behavior, use the no form of this command.
ipv6 lisp map-request-source source-address
no ipv6 lisp map-request-source source-address
Syntax Description
Defaults
The Cisco NX-OS device uses one of the locator addresses that you configure by using the ipv6 lisp database-mapping command as the default source address for LISP Map-Request messages.
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
A locator address that you configured by using the ipv6 lisp database-mapping command is used as the source address for LISP IPv6 Map-Request messages. There are cases, however, where it might be necessary to configure the specified source address for these Map-Request messages. For example, when the ingress tunnel router (ITR) is behind a Network Address Translation (NAT) device, you might need to specify a source address that matches the NAT configuration to properly allow for return traffic.
When you enter the ipv6 lisp map-request-source command on an Ingress Tunnel Router (ITR), the specified IPv4 or IPv6 locator is used by an Ingress Tunnel Router (ITR) as the source address for LISP IPv6 Map Request messages. When you enter the ipv6 lisp map-request-source command on a Map Server, this locator is used as the source address in the Encapsulated Control Message that carries a Map Request to an ETR.
This command does not require a license.
Examples
This example shows how to configure an Ingress Tunnel Router (ITR) to use the source IPv6 address in its IPv6 Map-Request messages:
switch# configuration terminalswitch(config)# ipv6 lisp map-request-source 2001:DB8:0A::1Related Commands
ipv6 lisp database-mapping
Configures an IPv6 EID-to-RLOC mapping relationship and its associated traffic policy.
ipv6 lisp map-resolver
To configure a switch to act as an IPv6Locator/ID Separation Protocol (LISP) Map Resolver (MR), use the ipv6 lisp map-resolver command. To remove LISP Map-Resolver functionality, use the no form of this command.
ipv6 lisp map-resolver
no ipv6 lisp map-resolver
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
A Map Resolver receives a LISP Encapsulated Control Message (ECM) that contains a Map-Request from a LISP Ingress Tunnel Router (ITR) directly over the underlying locator-based network. The Map Resolver decapsulates this message and forwards it on the LISP Alternative Topology (LISP-ALT) topology, where it is delivered either to an ingress tunnel router (ITR) that is directly connected to the LISP-ALT and that is authoritative for the endpoint identifier (EID) being queried by the Map Request or to the Map Server that is injecting EID prefixes into the LISP-ALT on behalf of the authoritative ETR.
Map Resolvers also send Negative Map Replies directly back to an Ingress Tunnel Router (ITR) in response to queries for non-LISP addresses.
When deploying a LISP Map Resolver, follow these guidelines:
•
•
•
This command does not require a license.
Examples
This example shows how to configure the IPv6 LISP Map-Resolver functionality on the NX-OS device.
switch# configuration terminalswitch(config)# ipv6 lisp map-resolverRelated Commands
ipv6 lisp alt-vrf
Configures which VRF that LISP should use when sending Map Requests for an IPv4 EID-to-RLOC mapping directly over the ALT.
ipv6 lisp map-server
To configure a switch to act as an IPv6 Locator/ID Separation Protocol (LISP) Map-Server (MS), use the ipv6 lisp map-server command. To remove LISP Map-Server functionality, use the no form of this command.
ipv6 lisp map-server
no ipv6 lisp map-server
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
LISP site commands are configured on the Map Server for a LISP egress tunnel router (ETR) that registers to it, including an authentication key, which must match the one also configured on the ETR. A Map Server receives Map-Register control packets from ETRs. When you configure the Map Server with a service interface to the LISP Alternative Topology (LISP-ALT), it injects aggregates for the registered EID prefixes into the LISP-ALT.
The Map Server also receives Map-Request control packets from the LISP-ALT, which it then forwards as a LISP Encapsulated Control Message (ECM) to the registered ETR that is authoritative for the EID prefix being queried. The ETR returns a Map-Reply message directly back to the Ingress Tunnel Router (ITR).
When deploying a LISP Map Resolver, follow these guidelines:
•
•
•
This command does not require a license.
Examples
This example shows how to configure IPv6 LISP Map-Server functionality on the NX-OS device.
switch# configuration terminalswitch(config)# ipv6 lisp map-serverRelated Commands
ipv6 lisp alt-vrf
Configure which VRF supporting the IPv6 address-family LISP should use when sending Map Requests for an IPv6 EID-to-RLOC mapping directly over the ALT.
ipv6 lisp nat-transversal
To configure an egress tunnel router (ETR) with a private locator that is sited behind a Network Address Translation (NAT) device to dynamically determine its NAT-translated public locator for use in Map-Register and Map-Reply messages, use the ip lisp nat-transversal command. To remove this functionality, use the no form of this command.
ipv6 lisp nat-transversal
no ipv6 lisp nat-transversal
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Interface configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When an ETR is sited behind a NAT device, its routing locator belongs to the private address space that the NAT device translates to a public globally routed address. The ETR needs to know this public global locator address because this address is required for use in Map-Register and Map-Reply messages.
When you enter the ip lisp nat-transversal command is configured, the ETR determines its own public global locator dynamically. When configured, the ETR sends a LISP Echo-Request message to the configured Map Server out the interface under which this command is configured. The Map Server replies with an Echo Reply message that includes the source address from the Echo Request, which is the NAT-Translated public global locator address.
The ipv6 lisp nat-transversal command is useful when the dynamic keyword is used with the ipv6 lisp database-mapping command in order to dynamically determine the routing locator rather than statically defining it.
This command does not require a license.
Examples
This example shows how to configure the ETR to dynamically determine its public global routing locator when it is behind a NAT device:
switch# configuration terminalswitch(config)# interface Ethernet2/0switch(config-if)# ipv6 lisp nat-transversalRelated Commands
ipv6 lisp proxy-etr
To configure a switch to act as an IPv6 Locator/ID Separation Protocol (LISP) Proxy Egress Tunnel Router (PETR), use the ipv6 lisp proxy-etr command. To remove LISP PETR functionality, use the no form of this command.
ipv6 lisp proxy-etr
no ipv6 lisp proxy-etr
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The Cisco NX-OS device accepts LISP-encapsulated packets from an ingress tunnel router (ITR) or Proxy ITR (PITR) that are destined to non-LISP sites, deencapsulates them, and then forwards them natively toward the non-LISP destination.
PETR services may be necessary in several cases. For example, by default, when a LISP site forwards packets to a non-LISP site natively (not LISP encapsulated), the source IP address of the packet is that of a site EID. If the provider side of the access network is configured with strict unicast reverse path forwarding (uRPF) or an antispoofing access-list, it would consider these packets to be spoofed and drop them because EIDs are not advertised in the provider default free zone (DFZ). Instead of natively forwarding packets destined to non-LISP sites, the Ingress Tunnel Router (ITR) encapsulates these packets using the site locator as the source address and the PETR as the destination address. Packets destined for LISP sites follow normal LISP forwarding processes and are sent directly to the destination ETR.
Note
This command does not require a license.
Examples
This example shows how to configure IPv6 LISP PETR functionality on the NX-OS device:
switch# configuration terminalswitch(config)# ipv6 lisp proxy-etrRelated Commands
ipv6 lisp proxy-itr
To configure a switch to act as an IPv6 Locator/ID Separation Protocol (LISP) Proxy Ingress Tunnel Router (PITR), use the ipv6 lisp proxy-itr command. To remove the LISP PITR functionality, use the no form of this command.
ipv6 lisp proxy-itr ipv6-local-locator [ipv4-local-locator]
no ipv6 lisp proxy-itr ipv6-local-locator [ipv4-local-locator]
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The Cisco NX-OS device receives native packets from non-LISP sites that are destined for LISP sites, encapsulates them, and forwards them to the ETR that is authoritative for the destination LISP site EID.
PITR services are required to provide interworking between non-LISP sites and LISP sites. For example, when connected to the Internet, a PITR acts as a gateway between the legacy Internet and the LISP-enabled network. The PITR must advertise one or more highly aggregated endpoint identifier (EID) prefixes on behalf of LISP sites into the underlying DFZ (that is the Internet) and act as an Ingress Tunnel Router (ITR) for traffic received from the public Internet.
When you enable PITR services by using the ipv6 lisp proxy-itr command, the PITR creates LISP-encapsulated packets when it sends a data packet to a LISP site, sends a data probe, or sends a Map-Request message. The outer (LISP) header address family and source address are determined as follows:
•
•
When you configure a switch to function as an IPv4 PITR, you can also configure it to use the LISP-ALT for IPv4 EID-to-RLOC mapping resolution. When configured to use the LISP-ALT, the PITR sends its map request messages directly over the LISP ALT using the virtual routing and forwarding (VRF) when you enter the ipv6 lisp alt-vrf command. A PITR can send a Map Request to a configured Map Resolver for EID-to-RLOC mapping resolution as an alternative to sending a Map Request directly over the LISP-ALT. (See the ipv6 map-resolver command) When using a PITR in a virtualized LISP deployment, you must configure the PITR to use a Map-Resolver for EID-to-RLOC mapping resolution and not the LISP-ALT because the LISP-ALT does not support virtualization.
Note
This command does not require a license.
Examples
This example shows how to configure the LISP PITR functionality on the NX-OS device and to encapsulate packets using a source locator:
switch# configuration terminalswitch(config)# ipv6 lisp proxy-itr 2001:db8:bb::1Related Commands
ipv6 lisp shortest-eid-prefix-length
To configure the shortest IPv6 endpoint identifier (EID)-prefix mask length that is acceptable to an ingress tunnel router (ITR) or Proxy ITR (PITR) in a received Map-Reply message or to an ETR in the mapping-data record of a received Map Request, use the ipv6 lisp shortest-eid-prefix-length command. To return to the default configuration, use the no form of this command.
ipv6 lisp shortest-eid-prefix-length IPv6-EID-prefix-length
no ipv6 lisp shortest-eid-prefix-length IPv6-EID-prefix-length
Syntax Description
IPv6-EID-prefix-length
Shortest IPv6 EID prefix-length accepted from a Map Reply or data record in a Map Request. The range is from 0 to 128.
Defaults
48
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When an Ingress Tunnel Router (ITR) or PITR receives a Map Reply message, the mapping data it contains includes the EID mask-length for the returned EID prefix. By default, the shortest EID prefix mask length accepted by an Ingress Tunnel Router (ITR) or PITR for an IPv4 EID prefix is a /48.
You can use the ipv6 lisp shortest-eid-prefix-length command to change this default. For example, it might be necessary for a PITR to accept a shorter (coarser) prefix if one exists.
When an ETR receives a Map-Request message, it might contain a mapping data record that the ETR can cache and possibly use to forward traffic depending on the configuration of the ipv6 lisp etr accept-map-request-mapping command.
Use the ipv6 lisp shortest-eid-prefix-length command to change the shortest prefix length accepted by the ETR. In this case, the check for the shortest EID prefix mask length is done prior to the verifying Map Request, if also configured. If the EID prefix mask length is less than the configured value, the verifying Map Request is not sent and the mapping data is not accepted.
Examples
This example shows how to configure the NX-OS device to accept a minimum IPv6 EID prefix length:
switch# configuration terminalswitch(config)# ipv6 lisp shortest-eid-prefix-length 40Related Commands
ipv6 lisp source-locator
To configure a source locator to be used for IPv6 Locator/ID Separation Protocol (LISP)-encapsulated packets, use the ipv6 lisp source-locator command. To remove the configured source locator, use the no form of this command.
ipv6 lisp source-locator interface
no ipv6 lisp source-locator interface
Syntax Description
interface
Name of the interface whose IPv6 address should be used as the source locator address for outbound LISP-encapsulated packets.
Defaults
The IPv6 address of the outbound interface is used by default as the source locator address for outbound LISP-encapsulated packets.
Command Modes
Interface configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When sending a LISP-encapsulated packet (data or control message), the Cisco NX-OS device performs a destination lookup to determine the appropriate outgoing interface. By default, the IPv6 address of this outgoing interface is used as the source locator for the outbound LISP-encapsulated packet.
You might need to use the IPv6 address of a different interface as the source locator for the outbound LISP encapsulated packets rather than that of the outgoing interface. For example, when an Ingress Tunnel Router (ITR) has multiple egress interfaces, you might configure a loopback interface for stability purposes and instruct the Ingress Tunnel Router (ITR) to use the address of this loopback interface as the source locator for the outbound LISP-encapsulated packets rather than one or both of the physical interface addresses. This command ipv6 lisp source-locator is also important for maintaining locator consistency between the two LISP Tunnel Routers (xTRs) when RLOC-probing is used.
This command does not require a license.
Examples
This example shows how to configure the source locator when sending LISP encapsulated packets:
switch# configuration terminalswitch(config)# interface Ethernet 2/0switch(config-if)# ipv6 lisp source-locator Loopback0switch(config-if)# interface Ethernet2/1switch(config-if)# ipv6 lisp source-locator Loopback0Related Commands
ipv6 lisp itr
Configures the switch to act as an IPv6 LISP Ingress Tunnel Router (ITR).
ipv6 lisp translate
To configure IPv6 Locator/ID Separation Protocol (LISP) translation mapping, use the ipv6 lisp translate command. To remove IPv6 LISP translation mappings and return to the default value, use the no form of this command.
ipv6 lisp translate inside IPv6-inside-EID outside IPv6-outside-EID
no ipv6 lisp translate inside IPv6-inside-EID outside IPv6-outside-EID
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When you configure a LISP Ingress Tunnel Router (ITR) or Egress Tunnel Router (ETR) with a nonroutable EID prefix and you want to replace it with a routable EID prefix, use the ipv6 lisp translate command. A LISP device that acts as an Ingress Tunnel Router (ITR) and detects a nonroutable EID in the source IPv4 address field replaces it with the routable EID when you use the inside and outside keyword. In the opposite direction when acting as an ETR, it replaces the routable EID referred to by the outside keyword with the no-routable EID referred to by the inside keyword.
Note
This feature may be useful if you want to upgrade but you want to continue to communicate with non-LISP sites. An alternative approach for providing communications between LISP and non-LISP sites is to use Proxy-ITR services. See the ipv6 lisp proxy-itr command for further details. Both proxy-ITR and NAT translation services, also referred to as Interworking services, are described in draft-ietf-lisp-interworking-00.
This command does not require a license.
Examples
This example shows how to configure LISP to translate the inside address to the outside address:
switch# configuration terminalswitch(config)# ipv6 lisp translate inside 2001:db8:aa::1 outside 2001:db8:bb::1Related Commands
ipv6 lisp use-petr
To configure a switch to use an IPv6 Locator/ID Separation Protocol (LISP) Proxy Egress Tunnel Router (PETR), use the ipv6 lisp use-petr command. To remove the use of a LISP PETR, use the no form of this command.
ipv6 lisp use-petr locator-address
no ipv6 lisp use-petr locator-address
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When the use of PETR services is enabled, instead of natively forwarding packets destined to non-LISP sites, these packets are LISP-encapsulated and forwarded to the PETR, where these packets are then deencapsulated and forwarded natively toward the non-LISP destination. An Ingress Tunnel Router (ITR) or PITR can be configured to use PETR services.
PETR services might be necessary in several cases. By default, when a LISP sites forwards packets to a non-LISP site natively (not LISP encapsulated), the source IP address of the packet is that of a site endpoint identifier (EID). If the provider side of the access network is configured with strict unicast reverse path forwarding (uRPF), it considers these packets to be spoofed and drops them because EIDs are not advertised in the provider default free zone (DFZ). In this case, instead of natively forwarding packets destined to non-LISP sites, the Ingress Tunnel Router (ITR) encapsulates these packets using the site locator as the source address and the PETR as the destination address. Packets destined for LISP sites follow normal LISP forwarding processes and are sent directly to the destination ETR.
Note
This command does not require a license.
Examples
This example shows how to configure an Ingress Tunnel Router (ITR) to use the PETR with the IPv6 locator:
Note
switch# configuration terminalswitch(config)# ipv6 lisp use-petr 10.1.1.1Related Commands
ipv6 lisp proxy-etr
Configures the switch to act as an IPv6 LISP Proxy Egress Tunnel Router (PETR).
ipv6 route
To configures a default route to the upstream next hop for all IPv6 destinations, use the ipv6 route comand. To remove the default route to the upstream next hop for all IPv6 destinations, use the no form of this comand.
ipv6 route ipv6-prefix next-hop
no ipv6 route pv6-prefix next-hop
Syntax Description
ipv6-prefix
IPv6 prefix format: xxxx:xxxx/ml, xxxx:xxxx::/ml, xxxx::xx/128.
next-hop
Link local next hop interface.
IPv6 address format: aaaa:bbbb:cccc:dddd:eeee:ffff:gggg:hhhh, aaaa::bbbb.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Adding an IPv6 default route to Null0 ensures that all IPv6 packets are handled by LISP processing. (Use of the static route to Null0 is not strictly required, but is recommended as a LISP best practice). If the destination is another LISP site, packets are LISP-encapsulated (using IPv4 RLOCs) to the remote site. If the destination is non-LISP, all IPv6 EIDs are LISP-encapsulated to a PETR (assuming one is configured).
This command does not require a license.
Examples
This example shows how to configure a default route to the upstream next hop for all IPv6 destinations:
switch# configuration terminalswitch(config)# ipv6 route ::/0 null0switch(config)#Related Commands
ipv6 lisp proxy-etr
Configures the switch to act as an IPv6 LISP Proxy Egress Tunnel Router (PETR).
lig
To initiate a LISP Internet Groper (LIG) operation for a destination endpoint identifier (EID) or to test the router's local EID prefix, use the lig command.
lig {hostname | destination-EID} [count count] [source source-EID] [to map-resolver]
lig {self | self6 | version} [count count] [source source-EID] [to map-resolver]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the lig command to test whether a destination EID exists in the LISP mapping database system, or to see if your site is registered with the mapping database system.
When a LIG query is initiated with a hostname or destination EID, the router sends a Map Request to the configured Map Resolver for the indicated destination hostname or EID. When a Map Reply is returned, its contents are displayed and entered in the LISP map cache.
When a LIG self query is initiated, the router's local EID prefix is substituted in place of the destination EID when the router sends a Map Request to the configured Map Resolver.
The following operational attributes apply to LIG:
•
•
•
•
This command does not require a license.
Examples
This example shows how to initiate a LIG operation for a destination EID or to test the router's local EID prefix:
switch# lig selfSend loopback map-request to 128.223.156.35 for 153.16.12.0 ...Received map-reply from 128.223.156.23 with rtt 0.002770 secsMap-cache entry for EID 153.16.12.0:153.16.12.0/24, uptime: 00:00:02, expires: 23:59:57, via map-reply, selfLocator Uptime State Priority/ Data ControlWeight in/out in/out128.223.156.23 00:00:02 up 1/100 0/0 0/0This example shows how to display the local IPv6 EID prefix that is registered in the mapping database:
switch# lig self6Send loopback map-request to 128.223.156.35 for 2610:d0:1203:: ...Received map-reply from 128.223.156.23 with rtt 0.001148 secsMap-cache entry for EID 2610:d0:1203:::2610:d0:1203::/48, uptime: 00:00:02, expires: 23:59:57, via map-reply, selfLocator Uptime State Priority/ Data ControlWeight in/out in/out128.223.156.23 00:00:02 up 1/100 0/0 0/0switch#This example shows how to display all LISP map-cache entries, and then uses lig to test for the remote IPv6 EID prefix:
switch# show ipv6 lisp map-cacheLISP IPv6 Mapping Cache for VRF "default", 0 entriesThis example show to to configure LIG to test for the remote IPv6 EID prefix:
switch# lig 2610:d0:210f::1end map-request to 128.223.156.35 for 2610:d0:210f::1 ...Received map-reply from 85.184.2.10 with rtt 0.204710 secsMap-cache entry for EID 2610:d0:210f::1:2610:d0:210f::/48, uptime: 00:00:01, expires: 23:59:58, via map-reply, authLocator Uptime State Priority/ Data ControlWeight in/out in/out85.184.2.10 00:00:01 up 0/100 0/0 0/02001:6e0:4:2::2 00:00:01 up 0/100 0/0 0/0This example shows how to display all IPv6 LISP map-cache entries:
switch# show ipv6 lisp map-cacheLISP IPv6 Mapping Cache for VRF "default", 1 entries2610:d0:210f::/48, uptime: 00:01:25, expires: 23:58:34, via map-reply, authLocator Uptime State Priority/ Data ControlWeight in/out in/out85.184.2.10 00:01:25 up 0/100 0/0 0/02001:6e0:4:2::2 00:01:25 up 0/100 0/0 0/0switch#This example shows how to display the version of LIG being used by the system:
switch# lig versionhttp://tools.ietf.org/html/draft-ietf-lisp-05http://tools.ietf.org/html/draft-farinacci-lisp-lig-01Related Commands
lisp beta
To enable Locator/ID Separation Protocol (LISP) to run on the Cisco NX-OS device, use the lisp beta command. To disable this functionality, use the no form of this command.
lisp beta
no lisp beta
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The lisp beta command is only applicable to the Cisco NX-OS device.
In order to run LISP on the Cisco Nexus 7000 Series device, the functionality must be enabled by using the lisp beta command. When enabled, hardware forwarding of LISP packets is automatically enabled, assuming that at least one 32x10GE line card is installed. Hardware forwarding is the default mode of operation when LISP is enabled.
Caution
Additional caveats and requirements apply when LISP is configured on the Cisco NX-OS device only.
In order for LISP to operate, you must configure at least one tunnel interface (or any type) on the system. If no tunnel interface is configured, you must configure an arbitrary (unused) tunnel interface. The only requirements for the tunnel is that the source be active or up and that the destination be reachable, usually by matching a default route to exit the switch or by using a loopback interface that is not in a shutdown state. An example is as follows:
interface Tunnel101tunnel source Ethernet10/9tunnel destination 10.1.1.1no shutdownThis command does not require a license.
Examples
This example shows how to enable LISP on the Cisco Nexus 7000 Series device:
switch# configuration terminalswitch(config)# lisp betaRelated Commands
lisp ddt
To configure a switch to perform LISP Delegated Database Tree (DDT) functionality, use the lisp ddt command. To remove the LISP DDT mapping, use the no form of this command.
lisp ddt
no lisp ddt
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to configure a LISP DDT mapping:
switch# configuration terminalswitch(config)# lisp ddtswitch(config)#Related Commands
lisp mobility
Configures an interface on an Ingress Tunnel Router (ITR) to participate in LISP VM Mobility (dynamic-EID roaming).
lisp ddt authoritative-prefix
To configure a Locator ID/Separation Protocol (LISP) Delegated Database Tree (DDT) node to be authoritative for a specified endpoint identifier (EID) prefix., use the lisp ddt
authoritative-prefix command. To remove the LISP DDT node to be authoritative for a specified EID prfix, use the no form of this command.
lisp ddt authoritative-prefix {eid-prefix eid-prefix | instance-id id}
no lisp ddt authoritative-prefix {eid-prefix eid-prefix | instance-id id}
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to configure a LISP DDT node to be authoritative for a specified EID prefix:
switch# configuration terminalSwitch(config)# lisp ddt authoritative-prefixeid-prefix 172.16.0.0/16switch(config)#Related Commands
lisp mobility
Configures an interface on an Ingress Tunnel Router (ITR) to participate in LISP VM Mobility (dynamic-EID roaming).
lisp ddt root
To configure an IPv4 or IPv6 locator for a Delegated Database Tree (DDT) root node within the delegation hierarchy on a DT-enabled Map Resolver, use the lisp ddt root command. To remove the IPv4 or IPv6 locator for a DDT root node within the delegation hierarchy on a DT-enabled Map Resolver, use the no form of this command.
lisp ddt root root-locator [public-key number]
no lisp ddt root root-locator [public-key number]
Syntax Description
a
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to configure an IPv4 or IPv6 locator for a DDT root node within the delegation hierarchy on a DT enabled Map Resolver:
switch# configuration terminalSwitch(config)# lisp ddt root 10.1.1.1eid-prefix 172.16.0.0/16switch(config)#Related Commands
lisp mobility
Configures an interface on an Ingress Tunnel Router (ITR) to participate in LISP VM Mobility (dynamic-EID roaming).
lisp ddt map-server-peer
To configure a Delegated Database Tree (DDT) enabled Map Server, the locator and endpoint identifier EID prefix (and/or instance ID) for a Map Server peer within the Locator ID-Separation Protocol (LISP) DDT delegation hierarchy, use the lisp ddt map-server-peer command. To remove the other Map Server peers, use the no form of this command.
lisp ddt map-server-peer map-server-locator {eid-prefix eid-prefix | instance-id id}
no lisp ddt map-server-peer map-server-locator {eid-prefix eid-prefix | instance-id id}
Syntax Description
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to configure a LISP DDT Map Server that is configured as authoritative for the IPv6 EID prefix 2001:db8:eeee::/48 for its own locator 10.1.1.1:
switch# configuration terminalSwitch(config)# lisp ddt map-server-peer 10.1.1.1 eid-prefix 2001:db8:eeee::/48switch(config)#lisp dynamic-eid
To configure a Locator ID/Separation Protocol (LISP) Virtual Machine (VM) Mobility (dynamic-EID roaming) policy and enter dynamic-EID configuration mode on an xTR, use the lisp dynamic-eid command. To remove the LISP dynamic-EID policy, use the no form of this command.
lisp dynamic-eid dynamic-EID-policy-name
no lisp dynamic-eid dynamic-EID-policy-name
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
To configure LISP VM Mobility, you must create a dynamic-EID roaming policy that can be referenced by the lisp mobility dynamic-eid-policy-name command. When you enter the lisp dynamic-eid dynamic-EID-policy-name command, the referenced LISP dynamic-EID policy is created and you are placed in the dynamic-EID configuration mode. In this mode, you can enter all attributes associated with the referenced LISP dynamic-EID policy.
Note
When a dynamic EID is roaming across subnets, you must configure it with a /32 IP address and an interface route to the default switch. For example, for a Linux or UNIX host, the following configuration is used:
ifconfig eth0 eid-address netmask 255.255.255.255
route add default any-switch-address
route add default any-switch-address
When a dynamic-EID is roaming across subnets, you must configure it with a /32 IP address and an interface route to the default switch. For example, for a Linux or UNIX host, the following configuration will be used:
ifconfig eth0 eid-address netmask 255.255.255.255
route add default any-switch-address
arp -s any-switch-address 00:00:0e:1d:01:0c
All LISP VM-router interfaces (the interface the dynamic EID will roam to) must have the same MAC address. You can configure interfaces by using the mac-address 0000.0e1d.010c command.
Note
This command does not require a license.
Examples
This example shows how to configure the LISP dynamic-EID policy named Roamer-1 and enter dynamic-EID configuration mode:
switch# configuration terminalswitch(config)# lisp dynamic-eid Roamer-1switch(config-lisp-dynamic-eid)#Related Commands
lisp mobility
Configures an interface on an Ingress Tunnel Router (ITR) to participate in LISP VM Mobility (dynamic-EID roaming).
lisp extend-subnet-mode
To configure an interface to create a dynamic-endpoint identifier (EID) state for hosts attached on their own subnet in order to track the movement of EIDs from one part of the subnet to another part of the same subnet, use the lisp extend-subnet-mode command. To remove this functionality, use the no form of this command.
lisp extended-subnet-mode
no lisp extended-subnet-mod
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Interface configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the lisp extended-subnet-mode command when a subnet is extended across a Layer 3 cloud where Layer 2 connectivity is maintained by a mechanism other than the Locator Separation Protocol (LISP) (for example, Overlay Transport Virtualization (OTV) or Virtual Private LAN Services (VPLS)). Use the lisp extended-subnet-mode command to enable the dynamic-EID state to create host attached on their own subnet so that the remote Ingress Tunnel Routers (ITRs) and Proxy ITRs (PITRs) can track the movement of EIDs from one part of its subnet to another part of the same subnet.
Note
This command does not require a license.
Examples
This example shows how to configure an interface to create a dynamic EID state for hosts attached on their own subnet:
switch# configuration terminalswitch(config)# interface Ethernet 2/0switch(config-if)# lisp extended-subnet-modeRelated Commands
lisp instance id
To configure an instance ID to be associated with endpoint identifier (EID)-prefixes for a Locator/ID Separation Protocol (LISP) Tunnel Router (xTR), use the lisp instance-id command. To disable this functionality, use the no form of this command.
lisp instance-id iid
no lisp instance-id iid
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Virtualization support is currently available in LISP xTRs and the Map Server (MS) and Map Resolver (MR). The instance ID has been added to LISP to support virtualization.
Only one instance ID can be configured per EID virtual routing and forwarding (VRF) context. When an instance ID is configured, this instance ID is included with the EID prefixes when they are registered with the Map Server. The Map Server must also include the same instance ID within the EID prefix configurations for this LISP site. You can configure instance IDs on the MS by using the eid-prefix command in the lisp site command mode.
Note
This command does not require a license.
Examples
This example shows how to configure an instance ID on this xTR:
switch# configuration terminalswitch(config)# lisp xtr instance-id 123Related Commands
eid-prefix
Configures a list of EID prefixes that are allowed in a Map Register message sent by an ETR when registering to the Map Server.
lisp loc-reach-algorithm
To configure a Locator/ID Separation Protocol (LISP) locator reachability algorithm, use the lisp loc-reach-algorithm command. To disable this functionality, use the no form of this command.
lisp loc-reach-algorithm {count-tcp | echo-nonce | rloc-probing}
no lisp loc-reach-algorithm {count-tcp | echo-nonce | rloc-probing}
Syntax Description
count-tcp
Enables the tcp-count locator reachability algorithm.
echo-nonce
Enables the echo-nonce locator reachability algorithm.
rloc-probing
Enables the rloc-probing locator reachability algorithm.
Defaults
Disabled
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When a LISP site communicates with a remote LISP site, it maintains endpoint identifier-to-Routing Locator (EID-to-RLOC) mapping information in its local map cache. In order for a LISP site to maintain an accurate status of locators at remote LISP sites with which it is communicating, theLISP Tunnel Router (xTR) can be configured to use three different locator reachability algorithms: tcp-count, echo-nonce, and rloc-probing. Certain algorithms can only be enabled on certain devices.
The following locator reachability algorithms and their descriptions are as follows:
•
•
•
You can enable multiple algorithms concurrently, subject to the dependencies listed above with each algorithm.
You can view the status associated with each locator reachability algorithm by using the show ip lisp map-cache or show ipv6 lisp map-cache commands.
This command does not require a license.
Examples
This example shows how to configure the locator reachability algorithm rloc-probing functionality on a Cisco NX-OS device:
switch# configuration terminalswitch(config)# lisp loc-reach-algorithm rloc-probingRelated Commands
lisp mobility
To configure an interface on an Ingress Tunnel Router (ITR) to participate in Locator/ID Separation Protocol (LISP) Virtual Machine (VM) mobility (dynamic-endpoint identifier (EID) roaming) for a specific dynamic-EID policy, use the lisp mobility command. To remove this functionality, use the no form of this command.
lisp mobility dynamic-EID-policy-name
no lisp mobility dynamic-EID-policy-name
Syntax Description
Defaults
Disabled
Command Modes
Interface configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
In order for an interface on an xTR to participate in LISP Virtual Machine (VM) Mobility (dynamic-EID roaming), it must be associated by name with a specific LISP dynamic-EID roaming policy. A LISP dynamic-EID roaming policy is configured by using the lisp dynamic-eid command. This policy is then associated with an interface when you enter the lisp mobility dynamic-eid-policy-name command, where the dynamic-eid-policy-name provides the association.
When a packet is received on an interface configured for LISP VM Mobility, the packet is considered a candidate for LISP VM Mobility (dynamic-EID roaming) and its source address is compared against the EID prefix in the database-mapping entry (or entries) included as part of the specific LISP dynamic-EID policy. If there is a match, the rules associated with LISP dynamic-EID roaming are applied. If there is no match, the packet is forwarded natively (that is not LISP encapsulated).
You can apply multiple lisp mobility commands that refer to different dynamic-EID-policy-name instances to the same interface. Packets received on the interface are compared against all policies until a match is found or the packet discarded.
Caution
- When a dynamic-EID is roaming across subnets, you must configure it with a /32 IP address and an interface route to the default switch. For example, for a Linux or UNIX host, use the following configuration:
ifconfig eth0 eid-address netmask 255.255.255.255
route add default any-switch-address
arp -s any-switch-address 00:00:0e:1d:01:0c
- All LISP VM-router interfaces (which is the interface the dynamic EID will roam to) must have the same MAC address. You can configure interfaces by using the mac-address 0000.0e1d.010c command.
Note
•
This command does not require a license.
Examples
This example shows how to configure the Roamer-1 policy defined under the LISP dynamic-EID configuration:
switch# configuration terminalswitch(config)# interface Ethernet 2/0switch(config-if)# lisp mobility Roamer-1Related Commands
lisp site
To configure a Locator/ID Separation Protocol (LISP) site and enter site configuration mode on a LISP Map Server, use the lisp site command. To remove the LISP site, use the no form of this command.
lisp site site-name
no lisp site site-name
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
To properly register a Locator/ID Separation Protocol (LISP) Egress Tunnel Router (ETR) with a Map Server, the Map Server must already have been configured with certain LISP site attributes that match the ETR attributes. At a minimum, these attributes include the EID prefix(es) to be registered by the ETR and a shared authentication key. On the ETR, these attributes are configured by using the iplisp database-mapping, ipv6 lisp database-mapping, ip lisp etr map-server, and ipv6 lisp etr map-server commands.
When you enter the lisp site command, the referenced LISP site is created and you are placed in the site configuration mode. In this mode, all attributes associated with the referenced LISP site can be entered.
This command does not require a license.
Examples
This example shows how to configure the LISP site and enter the site command mode:
switch# configuration terminalswitch(config)# lisp site Customer-1switch(config-lisp-site)#Related Commands
map-notify-group
To configure a discovering Locator ID/Separation Protocol (LISP)-Virtual Machine (VM) switch to send a Map-Notify message to other LISP-VM switches within the same data center site so that they can also determine the location of the dynamic EID, use the map-notify-group command. To remove this functionality, use the no form of this command.
map-notify-group ipv4-group-address
no map-notify-group ipv4-group-address
Syntax Description
ipv4-group-address
IPv4 multicast group address used for both sending and receiving site-based Map-Notify multicast messages.
Defaults
Disabled
Command Modes
Dynamic-EID configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the map-notify-group command when dynamic-EID discovery is necessary in a multihomed data center. When you configure a dynamic EID with more than one locator in the locator set, any locator can decapsulate LISP packets that enter the data center. Because unicast packets that egress the data center go out a single LISP-VM switch, this switch is the only one that can discover the location of a roaming dynamic EID. By using this command, the discovering LISP-VM switch sends Map-Notify messages to other LISP-VM switches (through the configured IPv4-group-address multicast group address) at the data center site, so that all LISP-VM switches can determine the location of the dynamic EID.
The multicast group address is used for both sending and receiving site-based Map-Notify multicast messages. The interface that the multicast Map-Notify messages are received on is the interface used to send decapsulated packets to the dynamic EID.
This command does not require a license.
Examples
This example shows how to configure the LISP dynamic-EID policy, enter the dynamic EID configuration mode and configure the map notify group:
switch# configuration terminalswitch(config)# lisp dynamic-eid Roamer-1switch(config-lisp-dynamic-eid)# map-notify-group 239.1.1.254Related Commands
lisp mobility
Configures an interface on an Ingress Tunnel Router (ITR) to participate in LISP VM Mobility (dynamic-EID roaming).
map-server
To configure the Map Server to which the dynamic-endpoint identifier (EID) registers to when this policy is invoked, use the map-server command. To remove the configured reference to the Map Server, use the no form of this command.
map-server locator key key-type password
no map-server locator key key-type password
map-server locator proxy-reply
no map-server locator proxy-reply
Syntax Description
Defaults
By default, no Map Server is configured within a dynamic-EID policy and the configured Map Server on the LISP-VM router (from the {ip | ipv6} lisp etr map-server command) is used to register the dynamic EID.
Command Modes
Dynamic-EID configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
In LISP Virtual Machine (VM) mobility, when a dynamic EID roams to the LISP-VM router, you must register the dynamic-EID to a Map-Server with its new attributes (the 3-tuple of locator, priority, weight) according to the database-mapping dynamic-EID subcommand). The map-server dynamic-EID subcommand configures the Map Server to which the dynamic EID registers. The locator specified in the map-server command can be either an IPv4 or IPv6 address in the locator space.
You can configure multiple map-server commands so that registration can occur to different Map Servers with either the same or different authentication keys.
Note
If you do not enter the map-server dynamic-EID subcommand command, the configured Map-Server on the LISP-VM router that was configured by using the {ip | ipv6} lisp etr map-server command is used to register the dynamic EID.
If you configure the proxy-reply option, the Map Register sends Map- Server requests that the Map-Server proxy map-reply on behalf of dynamic EIDs when it receives a Map Request for the dynamic-EID prefix.
This command does not require a license.
Examples
This example shows how to configure the LISP dynamic-EID policy named Roamer-1, enter dynamic EID configuration mode, and configure the Map Server with IPv4 locator 10.1.1.1 for dynamic EIDs that match this policy to register to. You can also specify the Map Server to proxy reply on behalf of the dynamic EID.
switch# configuration terminalswitch(config)# lisp dynamic-eid Roamer-1switch(config-lisp-dynamic-eid)# map-server 10.1.1.1 key 3 1c27564ab1212434switch(config-lisp-dynamic-eid)# map-server 10.1.1.1 proxy-replyRelated Commands
redistribute lisp route-map
To configure the Border Gateway Protocol (BGP) on a Locator/ID Separation Protocol (LISP) Map Server to redistribute and advertise endpoint identifier (EID) prefixes from registered LISP sites, use the redistribute lisp route-map command. To remove the configuration, use the no form of this command.
redistribute lisp route-map route-map
no redistribute lisp route-map route-map
Syntax Description
Defaults
None
Command Modes
BGP configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When a Map Server registers LISP sites, the EID prefixes from these registered LISP sites are advertised through BGP into the virtual routing and forwarding (VRF) instance that is used by the Locator/ID Separation Protocol Alternative Topology (LISP-ALT). This action can be accomplished by using the redistribute lisp route-map command.
Only after an Egress Tunnel Router (ETR) successfully registers through the Map-Registration process, the EID prefixes from that LISP site are advertised in the URIB or U6RIB by the LISP process. BGP then redistributse the EID prefixes, according to the route-map rules, into the LISP-ALT.
Note
•
This command does not require a license.
Examples
This example shows how to configure redistribution of registered LISP site EID prefixes, according to the rules of the route-map Valid-LISP:
switch# configuration terminalswitch(config)# switch bgp 65001switch(config-switch)# vrf lispswitch(config-switch-vrf)# address-family ipv4 unicastswitch(config-switch-vrf)# redistribute lisp route-map Valid-LISPswitch(config-switch-vrf)# address-family ipv6 unicastswitch(config-switch-vrf)# redistribute lisp route-map Valid-LISPRelated Commands
register-database-mapping
To configure the Locator Separation Protocol (LISP) Virtual Machine (VM) switch to register the dynamic endpoint identifier (EID) prefix from the database-mapping dynamic-EID subcommand rather than a more-specific host-EID, use the optional register-database-mapping command. To remove this optional functionality, use the no form of this command.
register-database-mapping
no register-database-mapping
Syntax Description
This command has no arguments or keywords.
Defaults
More-specific (host-EID) prefix is registered with the configured Map Server.
Command Modes
Dynamic-EID configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the register-database-mapping command to cause the LISP VM switch to register the dynamic EID prefix from the database-mapping dynamic-EID subcommand rather than (more-specific) dynamic host-EIDs to the Map Server. By default, host-based dynamic-EIDs are registered to the Map Server.
You can use the register-database-mapping command to support cloud applications. When a dynamic EID matches the dynamic EID prefix from the database-mapping dynamic-EID subcommand, the entire dynamic-EID prefix is registered and all endpoint identifiers (EIDs) are moved to the new locator set.
This command does not require a license.
Examples
This example shows how to configure the Locator/ID Separation Protocol (LISP) dynamic-EID policy, enter the dynamic EID configuration mode, and configure the policy to register the entire dynamic-EID prefix instead of individual dynamic host EIDs:
switch# configuration terminalswitch(config)# lisp dynamic-eid Roamer-1switch(config-lisp-dynamic-eid)# register-database-mappingRelated Commands
roaming-eid-prefix
To configure an optional endpoint identifier (EID) or list of EIDs to be considered as roaming dynamic EIDs, use the roaming-eid-prefix command. To remove this optional functionality, use the no form of this command.
roaming-eid-prefix eid-prefix
no roaming-eid-prefix eid-prefix
Syntax Description
Defaults
Specific (host-EID) prefixes within the dynamic-EID prefix range specified in the database-mapping dynamic-EID subcommand are individually registered with the configured Map Server.
Command Modes
Dynamic-EID configuration mode
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
When an EID is detected to be a candidate for dynamic-EID roaming and the optional roaming-eid-prefix command is used, the EID must be covered by the roaming-EID prefix entry in order to be discovered. The EID prefix listed in a database-mapping entry within the lisp dynamic-eid policy is registered with the Map Server specified in the map-server command. That is, the roaming-eid-prefix command restricts the discovery of LISP virtual machine (VM) Mobility (dynamic-EID roaming) for initiating Map-Server registration.
Note
The EID referenced by the roaming-eid-prefix command can be either an IPv4 or IPv6 address in the EID space.
This command does not require a license.
Examples
This example shows how to configure the LISP dynamic-EID policy, enter dynamic-EID configuration mode, configure the IPv4 dynamic-EID prefix with an IPv4 locator, and configure the roaming EID prefix with the more-specific EID as the only EID prefix that invokes registration:
switch# configuration terminalswitch(config)# lisp dynamic-eid Roamer-1switch(config-lisp-dynamic-eid)# database-mapping 172.16.1.0/24 10.1.1.1 priority 1 weight 100switch(config-lisp-dynamic-eid)# roaming-eid-prefix 172.16.1.12/32Related Commands
show ip lisp
To display the IPv4 Locator/ID Separation Protocol (LISP) configuration status, use the show ip lisp command.
show ip lisp
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display information about the current IPv4 LISP configuration status:
switch# show ip lispLISP IP Configuration Information for VRF "default" (iid 0)Ingress Tunnel Router (ITR): enabledEgress Tunnel Router (ETR): enabledProxy-ITR Router (PTR): disabledProxy-ETR Router (PETR): disabledMap Resolver (MR): disabledMap Server (MS): disabledLast-resort source locator: 172.22.156.23LISP-NAT Interworking: disabledITR send Map-Request: enabledITR send Data-Probe: disabledLISP-ALT vrf: not configuredITR Map-Resolver: 172.22.156.35ETR Map-Server(s): 172.22.156.35, 172.22.132.89Last Map-Register sent to MS: 00:00:45ETR glean mapping: disabled, verify disabledETR accept mapping data: disabled, verify disabledETR map-cache TTL: 24 hoursShortest EID-prefix allowed: /16Use Proxy-ETRs: 172.16.2.1Locator Reachability Algorithms:Echo-nonce algorithm: disabledTCP-counts algorithm: disabledRLOC-probe algorithm: disabledStatic mappings configured: 0Map-cache limit: 10000Map-cache size: 3ETR Database, global LSBs: 0x00000001:EID-prefix: 192.168.12.0/24, LSBs: 0x00000001Locator: 172.22.156.23, priority: 1, weight: 100Uptime: 09:27:15, state: up, localswitch#describes the significant fields shown in the display.
Table 1 show ip lisp Field Descriptors
Related Commands
show ip lisp data-cache
To display the Locator ID/Separation Protocol IPv4 endpoint identifier to Routing Locator (LISP) IPv4 EID-to-RLOC data-cache mapping on an Ingress Tunnel Router (ITR), use the show ip lisp data-cache command.
show ip lisp data-cache [destination-EID]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
Data-cache mappings are built when a Map-Request is sent and are maintained until a valid (matching nonce) Map Reply is received. The data-cache entry is then moved to the map cache.
This command does not require a license.
Examples
This example shows how to display the LISP IPv4 EID-to-RLOC data-cache mapping on an Ingress Tunnel Router (ITR):
switch# show ip lisp data-cacheLISP IP Mapping Data Cache for Context "default", 0 entries, hwm: 4Complete entries removed after 15-second period: 0Incomplete entries removed after 1-minute period: 0switch#Related Commands
ip lisp map-cache
Displays the current dynamic and static IPv4 EID-to-RLOC map-cache entries.
show ip lisp database
To display Locator/ID Separator Protocol (LISP) Egress Tunnel Router (ETR) configured local IPv4 endpoint identifier (EID) prefixes and associated locator sets, use the show ip lisp database command in privileged EXEC mode.
show ip lisp database [vrf vrf-name]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display the configured local IPv4 EID prefixes and associated locator sets:
switch# show run...<skip>...!ip lisp database-mapping 192.168.12.0/24 172.22.156.23 priority 1 weight 100!switch# show ip lisp databaseLISP ETR IP Mapping Database for VRF "default" (iid 0), global LSBs: 0x00000001EID-prefix: 192.168.12.0/24, instance-id: 0, LSBs: 0x00000001Locator: 172.22.156.23, priority: 1, weight: 100Uptime: 10:36:59, state: up, localswitch#Related Commands
ip lisp database-mapping
Configures an IPv4 EID-to-RLOC mapping relationship and its associated traffic policy.
show ip lisp locator-hash
To display source and destination locators that are used for a given IPv4 source and destination endpoint identifier (EID) pair, use the show ip lisp locator-hash command.
show ip lisp locator-hash {source-EID dest-EID} | dest-EID-prefix} [vrf vrf-name]
Syntax Description
source-EID
IPv4 source EID.
dest-EID
IPv4 destination EID.
dest-EID-prefix
IPv4 destination EID prefix.
vrf vrf-name
(Optional) Specifies the VRF within which to resolve EIDs.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
The source locator is chosen based on the source EID from the EID prefix database configured by using the ip lisp etr database-mapping command. The destination locator is selected by finding the destination EID in the EID-to-Routing Locator (RLOC) map cache.
When the dest-EID-prefix argument is used, the locator hash array indicates which locator is used for each of 25 different flow hash buckets.
When you enter the vrf keyword, IPv4 EIDs are resolved within the specified VRF in order to display the locator hash.
This command does not require a license.
Examples
This example shows how to display source and destination locators that are used for a given IPv4 source and destination EID pair:
switch# show ip lisp databaseLISP ETR IP Mapping Database for VRF "default", global LSBs: 0x00000001EID-prefix: 153.16.12.0/24, LSBs: 0x00000001Locator: 128.223.156.23, priority: 1, weight: 100Uptime: 04:14:41, state: up, localswitch# show ip lisp map-cache---<skip>---153.16.11.0/24, uptime: 04:12:35, expires: 19:47:24, via map-reply, authLocator Uptime State Priority/ Data ControlWeight in/out in/out67.169.7.150 04:12:35 up 1/100 1968/1967 3/2switch# show ip lisp locator-hash 153.16.12.1 153.16.11.1EIDs 153.16.12.1 -> 153.16.11.1 yields:RLOCs 128.223.156.23 -> 67.169.7.150Address hash: 0x07 (7), hash bucket: 7, RLOC index: 0switch#Related Commands
ip lisp database-mapping
Configures an IPv4 EID-to-RLOC mapping relationship and its associated traffic policy.
show ip lisp map-cache
To display the current dynamic and static IPv4 endpoint identifier to Routing Locator (EID-to-RLOC) map-cache entries, use the show ip lisp map-cache command.
show ip lisp map-cache [destination-EID | destination-EID-prefix/prefix-length | vrf vrf-name]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
When no IPv4 EID or IPv4 EID prefix is specified, a summary of information is listed for all current dynamic and static IPv4 EID-to-RLOC map-cache entries. When you specify an IPv4 EID or IPv4 EID prefix, information is listed for the longest-match lookup in the cache. When you use the vrf keyword, summary information related to the referenced VRF name is listed.
This command does not require a license.
Examples
This example shows how to display a summary list of current dynamic and static IPv4 EID-to-RLOC map-cache entries:
switch# show ip lisp map-cacheLISP IP Mapping Cache for VRF "default", 4 entries153.16.1.0/24, uptime: 04:41:40, expires: 19:18:19, via map-reply, authLocator Uptime State Priority/ Data ControlWeight in/out in/out129.250.1.255 04:41:40 up 254/0 0/0 0/0129.250.26.242 04:41:40 up 1/100 1139/1138 1/0---<skip>---switch#This example shows how to display a specific IPv4 EID prefix information that is associated with that IPv4 EID prefix entry:
switch# show ip lisp map-cache 153.16.11.0/24LISP IP Mapping Cache for VRF "default", 4 entries153.16.11.0/24, uptime: 04:43:21, expires: 19:16:38, via map-reply, authState: complete, last modified: 04:43:21, map-source: 67.169.7.150Locator Uptime State Priority/ Data ControlWeight in/out in/out67.169.7.150 04:43:21 up 1/100 2214/2213 3/2Last up/down state change: 04:43:21, state change count: 0Last data packet in/out: 00:00:14/00:00:14Last control packet in/out: 00:45:23/00:45:23Last priority/weight change: never/neverswitch#Related Commands
show ip lisp statistics
To display Locator/ID Separation Protocol (LISP) IPv4 address-family packet count statistics, use the show ip lisp statistics command.
show ip lisp statistics
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display LISP IPv4 address-family packet count statistics:
switch# show ip lisp statisticsLISP Statistics for VRF "default" - last cleared: neverData Forwarding:IPv4-in-IPv4 encap/decap packets: 4687/33220IPv4-in-IPv6 encap/decap packets: 0/3555Translated packets in/out: 0/0Map-cache lookup succeeded/failed: 5908/78LISP-ALT lookup succeeded/failed: 0/0Packets with SMRs in/out: 0/0Loc-reach-bit changes local/remote: 0/0Control Packets:Data-Probes in/out: 0/0Map-Requests in/out: 654/90Encapsulated Map-Requests in/out: 0/90RLOC-probe Map-Requests in/out: 607/0Map-Replies in/out: 73/654Authoritative in/out: 4/654Non-authoritative in/out: 69/0Negative Map-Replies in/out: 69/0RLOC-probe Map-Replies in/out: 0/607Map-Registers in/out: 0/294Authentication failures: 0Errors:Encapsulations failed: 78Map-Request format errors: 0Map-Reply format errors: 0Map-Reply spoof alerts: 0Cache Related:Cache entries created/timed-out: 40/36Number of EID-prefixes in map-cache: 4Number of negative map-cache entries: 1Number of translation cache entries: 0Total number of RLOCs in map-cache: 6Number of best-priority RLOCs: 5Average RLOCs per EID-prefix: 1switch#Related Commands
show ip lisp translation-cache
To display the Locator/ID Separation Protocol (LISP) IPv4 address translation cache and statistics associated with each entry, use the show ip lisp translation-cache command.
show ip lisp translation-cache [non-routable-EID]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
The show ip lisp translation-cache command is applicable only when the ip lisp translate command is used to configure LISP translation.
When you use the non-routable-EID argument, only the statistics associated with that single translation appear.
This command does not require a license.
Examples
This example shows how to display the LISP IPv4 address translation cache and statistics associated with each entry:
switch# show ip lisp translation-cacheLISP EID Translation Cache for VRF "default" - 1 entriesInside: 10.1.1.1 outside: 172.16.1.1, ingress/egress count: 0/0Last ingress packet: never, last egress packet: neverswitch#Related Commands
show ip mroute detail
To display the detailed route attributes, use the show ip mroute detail command.
show ip mroute detail
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
VRF configuration mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display the Locator ID/Separation Protocol (LISP) IPv4 address translation cache and statistics associated with each entry:
switch(config)# vrf context managementswitch(config-vrf)# show ip mroute detailIP Multicast Routing Table for VRF "default"Total number of routes: 0Total number of (*,G) routes: 0Total number of (S,G) routes: 0Total number of (*,G-prefix) routes: 0switch(config-vrf)#Related Commands
show ip pim lisp encap
To display the information about the LOcator ID/Separation Protocol (LISP) encapsulation, use the show ip pim lisp encap command.
show ip pim lisp encap
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
VRF configuration mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display the information about the LISP encapsulation:
switch(config)# vrf context managementswitch(config-vrf)# show ip pim lisp encapswitch(config-vrf)#Related Commands
show ipv6 lisp
To display the only IPv6 configuration status, use the show ipv6 lisp command.
show ipv6 lisp
Syntax Description
This command has no arguments or keywords
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display the Locator ID/Separation Protocol (LISP) IPv6 configuration status:
switch# show ipv6 lispLISP IPv6 Configuration Information for VRF "default" (iid 0)Ingress Tunnel Router (ITR): enabledEgress Tunnel Router (ETR): enabledProxy-ITR Router (PTR): disabledProxy-ETR Router (PETR): disabledMap Resolver (MR): disabledMap Server (MS): disabledLast-resort source locator: 2001:db8:d01:9c::80df:9c17LISP-NAT Interworking: disabledITR send Map-Request: enabledITR send Data-Probe: disabledLISP-ALT vrf: not configuredITR Map-Resolver: 172.22.156.35ETR Map-Server(s): 172.22.156.35, 172.22.132.89Last Map-Register sent to MS: 00:00:20ETR glean mapping: disabled, verify disabledETR accept mapping data: disabled, verify disabledETR map-cache TTL: 24 hoursSend IP Map-Reply: enabledShortest EID-prefix allowed: /48Use Proxy-ETRs: 172.16.2.1Locator Reachability Algorithms:Echo-nonce algorithm: disabledTCP-counts algorithm: disabledRLOC-probe algorithm: disabledStatic mappings configured: 0Map-cache limit: 1000Map-cache size: 3ETR Database, global LSBs: 0x00000001:EID-prefix: 2001:db8:1203::/48, LSBs: 0x00000001Locator: 172.22.156.23, priority: 1, weight: 100Uptime: 09:27:51, state: up, localswitch#Table 2 describes the significant fields shown in the display.
Table 2 show ip6 lisp Field Descriptors
Related Commands
show ipv6 lisp data-cache
To display the Locator/ID Separation Protocol (LISP) IPv6 endpoint identifier to Routing Locator (EID-to-RLOC) data-cache mapping on an Ingress Tunnel Router (ITR), use the show ipv6 lisp data-cache command.
show ipv6 lisp data-cache [destination-EID]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
Data-cache mappings are built when a Map Request is sent and are maintained until a valid (matching nonce) Map Reply is received. The data-cache entry is then moved to the map cache.
This command does not require a license.
Examples
This example shows how to display the LISP IPv6 EID-to-RLOC data-cache mapping on an Ingress Tunnel Router (ITR):
switch# show ipv6 lisp data-cacheLISP IPv6 Mapping Data Cache for Context "default", 0 entries, hwm: 1Complete entries removed after 15-second period: 0Incomplete entries removed after 1-minute period: 1switch#Related Commands
ipv6 lisp map-cache
Displays the current dynamic and static IPv6 EID-to-RLOC map-cache entries.
show ipv6 lisp database
To display Locator/ID Separation Protocol (LISP) Egress Tunnel Router (ETR) configured local IPv6 EID prefixes and associated locator sets, use the show ip lisp database command.
show ipv6 lisp database [vrf vrf-name]
Syntax Description
vrf vrf-name
(Optional) Displays information for the specified virtual routing and forwarding (VRF) instance.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display the configured local IPv6 EID prefixes and the associated locator sets:
switch# show ipv6 lisp databaseLISP ETR IPv6 Mapping Database for VRF "default" (iid 0), global LSBs: 0x0000000fEID-prefix: 2001:db8:1209::/48, instance-id: 0, LSBs: 0x0000000f172.22.156.222, priority: 1, weight: 100, state: up, localswitch#Related Commands
ipv6 lisp database-mapping
Configures an IPv6 EID-to-RLOC mapping relationship and its associated traffic policy.
show ipv6 lisp locator-hash
To display source and destination locators that are used for a given IPv6 source and destination endpoint identifier (EID) pair, use the show ip lisp locator-hash command.
show ipv6 lisp locator-hash {source-EID dest-EID} | dest-EID-prefix} [vrf vrf-name]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
The source locator is chosen based on the source EID from the EID prefix database that you configured by using the ipv6 lisp etr database-mapping command. The destination locator is selected by finding the destination EID in the EID-to- Routing Locator (RLOC) map cache.
When you use the dest-EID-prefix argument, the locator hash array appears, indicating which locator is used for each of 25 different flow hash buckets.
When you use the vrf keyword, IPv4 EIDs are resolved within the specified VRF in order to display the locator hash.
This command does not require a license.
Examples
This example shows how to display source and destination locators that are used for a given IPv6 source and destination EID pair:
switch# show ipv6 lisp map-cache---<skip>---2610:d0:210f::/48, uptime: 04:18:39, expires: 19:41:20, via map-reply, authLocator Uptime State Priority/ Data ControlWeight in/out in/out85.184.2.10 04:18:39 up 0/100 0/0 0/02001:6e0:4:2::2 04:18:39 up 0/100 0/0 0/0switch# show ipv6 lisp locator-hash 2610:d0:1203::1 2610:d0:210f::1EIDs 2610:d0:1203::1 -> 2610:d0:210f::1 yields:RLOCs 128.223.156.23 -> 85.184.2.10Address hash: 0x00 (0), hash bucket: 0, RLOC index: 0switch#The example shows how to display the full locator hash bucket for the IPv6 destination EID prefix:
switch# show ipv6 lisp locator-hash 2610:d0:210f::/48RLOC Hash Indexes for EID-prefix 2610:d0:210f::/48:[00000-00000-00000-00000-00000]switch#Related Commands
ipv6 lisp database-mapping
Configures an IPv6 EID-to-RLOC mapping relationship and its associated traffic policy.
show ipv6 lisp map-cache
To display the current dynamic and static IPv6 endpoint identifier to Routing Locator (EID-to-RLOC) map-cache entries, use the show ipv6 lisp map-cache command.
show ipv6 lisp map-cache [destination-EID | destination-EID-prefix/prefix-length | vrf vrf-name]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
Use the show ipv6 lisp map-cache command to display the current dynamic and static IPv6 EID-to-RLOC map-cache entries. When you do not specify the IPv6 EID or IPv6 EID prefix, a summary of information is listed for all current dynamic and static IPv4 EID-to-RLOC map-cache entries.
This command does not require a license.
Examples
This example shows how to display a summary of current dynamic and static IPv6 EID-to-RLOC map-cache entries:
switch# show ipv6 lisp map-cacheLISP IPv6 Mapping Cache for VRF "default", 1 entries2610:d0:210f::/48, uptime: 04:48:44, expires: 19:11:15, via map-reply, authLocator Uptime State Priority/ Data ControlWeight in/out in/out85.184.2.10 04:48:44 up 0/100 0/0 0/02001:6e0:4:2::2 04:48:44 up 0/100 0/0 0/0---<skip>---switch#This example shows how to display information associated with that IPv6 EID prefix entry with a specific IPv6 EID prefix:
switch# show ipv6 lisp map-cache 2610:d0:210f::/48LISP IPv6 Mapping Cache for VRF "default", 1 entries2610:d0:210f::/48, uptime: 04:50:43, expires: 19:09:16, via map-reply, authState: complete, last modified: 04:50:43, map-source: 85.184.2.10Locator Uptime State Priority/ Data ControlWeight in/out in/out85.184.2.10 04:50:43 up 0/100 0/0 0/0Last up/down state change: 04:50:43, state change count: 0Last data packet in/out: never/neverLast control packet in/out: never/neverLast priority/weight change: never/never2001:6e0:4:2::2 04:50:43 up 0/100 0/0 0/0Last up/down state change: 04:50:43, state change count: 0Last data packet in/out: never/neverLast control packet in/out: never/neverLast priority/weight change: never/neverswitch#Related Commandsswitch# show ipv6 lisp map-cache
Related CommandsLISP IPv6 Mapping Cache for VRF "default", 1 entries
Related Commands
Related Commands2610:d0:210f::/48, uptime: 04:48:44, expires: 19:11:15, via map-reply, auth
Related Commands Locator Uptime State Priority/ Data Control
Related Commands Weight in/out in/out
Related Commands 85.184.2.10 04:48:44 up 0/100 0/0 0/0
Related Commands 2001:6e0:4:2::2 04:48:44 up 0/100 0/0 0/0
Related Commands---<skip>---
Related Commandsswitch#
Related CommandsThe following sample output from the show ipv6 lisp map-cache command with a specific IPv6 EID-prefix displays detailed information associated with that IPv6 EID prefix entry.
Related Commandsswitch# show ipv6 lisp map-cache 2610:d0:210f::/48
Related CommandsLISP IPv6 Mapping Cache for VRF "default", 1 entries
Related Commands
Related Commands2610:d0:210f::/48, uptime: 04:50:43, expires: 19:09:16, via map-reply, auth
Related Commands State: complete, last modified: 04:50:43, map-source: 85.184.2.10
Related Commands Locator Uptime State Priority/ Data Control
Related Commands Weight in/out in/out
Related Commands 85.184.2.10 04:50:43 up 0/100 0/0 0/0
Related Commands Last up/down state change: 04:50:43, state change count: 0
Related Commands Last data packet in/out: never/never
Related Commands Last control packet in/out: never/never
Related Commands Last priority/weight change: never/never
Related Commands 2001:6e0:4:2::2 04:50:43 up 0/100 0/0 0/0
Related Commands Last up/down state change: 04:50:43, state change count: 0
Related Commands Last data packet in/out: never/never
Related Commands Last control packet in/out: never/never
Related Commands Last priority/weight change: never/never
Related CommandsRo
show ipv6 lisp
Displays the IPv6 LISP configuration status for the local device.
show ipv6 lisp statistics
To display Locator ID/Separation Protocl (LISP) IPv6 address-family packet count statistics, use the show ipv6 lisp statistics command.
show ipv6 lisp statistics
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display LISP IPv6 address-family packet count statistics:
switch# show ipv6 lisp statisticsLISP Statistics for VRF "default" - last cleared: neverData Forwarding:IPv6-in-IPv4 encap/decap packets: 1239/0IPv6-in-IPv6 encap/decap packets: 0/0Translated packets in/out: 0/0Map-cache lookup succeeded/failed: 2461/1260LISP-ALT lookup succeeded/failed: 0/0Packets with SMRs in/out: 0/0Loc-reach-bit changes local/remote: 0/0Control Packets:Data-Probes in/out: 0/0Map-Requests in/out: 1219/1280Encapsulated Map-Requests in/out: 0/1280RLOC-probe Map-Requests in/out: 0/0Map-Replies in/out: 1243/1217Authoritative in/out: 1243/1219Non-authoritative in/out: 0/0Negative Map-Replies in/out: 0/0RLOC-probe Map-Replies in/out: 0/0Map-Registers in/out: 0/614Authentication failures: 0Errors:Encapsulations failed: 1260Map-Request format errors: 0Map-Reply format errors: 0Map-Reply spoof alerts: 0Cache Related:Cache entries created/timed-out: 32/27Number of EID-prefixes in map-cache: 5Number of negative map-cache entries: 4Number of translation cache entries: 0Total number of RLOCs in map-cache: 6Number of best-priority RLOCs: 6Average RLOCs per EID-prefix: 1switch#Related Commands
show ipv6 lisp
Displays the IPv6 LISP configuration status for the local device.
show ipv6 lisp translation-cache
To display the Locator/ID Separation Protocol (LISP) IPv6 address translation cache and statistics associated with each entry, use the show ipv6 lisp translation-cache command.
show ipv6 lisp translation-cache [non-routable-EID]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
The show ipv6 lisp translation-cache command is applicable only when the ipv6 lisp translate command is used to configure LISP translation.
When you use the non-routable-EID argument, only the statistics that are associated with that single translation are displayed.
This command does not require a license.
Examples
This example shows how to display the LISP IPv6 address translation cache and statistics associated with each entry:
switch# show ipv6 lisp translation-cacheLISP EID Translation Cache for VRF "default" - 1 entriesInside: 2001:db8:aa::1 outside: 2001:db8:bb::1, ingress/egress count: 0/0Last ingress packet: never, last egress packet: neverswitch#Related Commands
show ipv6 lisp
Displays the IPv6 LISP configuration status for the local device.
show lisp ddt queue
To display the Locator ID/Separation Protocol (LISP) Delegate Database Tree (DDT)map-resolver map-request queue, use the show lisp ddt queue command.
show lisp ddt queue {eid-address | instance-id id {eid-address} | vrf vrf-name]
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display the LISP DDT Map-Resolver map-request queue:
switch(config)# show lisp ddt queueswitch(config)#show lisp ddt referral-cache
To display the Locator ID/Separation Protocol (LISP)- Delegated Database Tree (DDT) referral cache, use the show lisp ddt referral-cache command.
show lisp ddt referral-cache eid-address vrf vrf-name | instance-id id eid-address vrf vrf-name |
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display the LISP-DDT referral cache:
switch(config)# show lisp ddt referral-cacheswitch(config)#show lisp ddt vrf
To display the configured Delegated Database Tree (DDT) root(s) and/or DDT delegation nodes on a switch enabled for Locator ID/Separator Protocol (LISP) DDT, use the show lisp ddt vrf command.
show lisp ddt vrf vrf-name
Syntax Description
Defaults
None
Command Modes
Global configuration mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to display the LISP information for a VRF instance:
switch(config)# show lisp ddt vrf 1switch(config)#show lisp dynamic-eid
To display the Locator/ID Separation Protocol (LISP) dynamic-endpoint identifiers (EIDs) configured and discovered on a device, use the show lisp dyanmic-eid command.
show lisp dyanmic-eid [summary] [dynamic-eid-name] [detail]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
The displayed output includes the number of roaming dynamic-EIDs configured, associated database-mapping information, and the number of roaming dynamic EIDs.
When you use the summary keyword, a one-line listing appears per discovered dynamic EID. When the dynamic EID name entry is listed, information related to that single entry appears. When you use the detail keyword, a list of discovered roaming EIDs appears.
This command does not require a license.
Examples
This example shows how to display summary information related to all configured and discovered LISP dynamic EIDs:
switch# show lisp dynamic-eidLISP Dynamic EID Information for VRF "default"Dynamic-EID name: DarrelDatabase-mapping EID-prefix: 153.16.19.2/32, registering more-specificsLocator: 173.8.188.25, priority: 1, weight: 50, localLocator: 173.8.188.26, priority: 1, weight: 50, localMap-Server(s): 204.69.200.7Number of roaming dynamic-EIDs discovered: 0switch#show lisp proxy-itr
To display a list of Proxy-ITRs (PITRs) that have been discovered through Map Requests, use the show lisp proxy-itr command.
show lisp proxy-itr [vrf vrf-name]
Syntax Description
vrf vrf-name
(Optional) Specifies the virtual routing and forwarding (VRF) instance with which to clear the locator address of the PITR.
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
Because of the unidirectional nature of data flows for Proxy ITRs (PITRs), an xTR never has a map-cache entry that contains locators for PITRs. However, when an xTR receives a Map Request from a PITR for an endpoint identifier to Routing Locator (EID-to-RLOC) mapping resolution, the locator address of the PITR is saved (separately from the map cache) by an xTR. The number of locators currently cached is eight (8).
The show lisp proxy-itr command displays the list of PITRs that have been discovered through Map Requests. When you use the vrf keyword, all PITR locators associated with this VRF appears.
This command does not require a license.
Examples
This example shows how to display a list of PITRs that have been discovered through Map-Requests:
switch# show lisp proxy-itrDiscovered Proxy-ITRs (PITRs) in VRF "default"10.20.10.60switch#show lisp site
To display configured Locator/ID Separation Protocol (LISP) sites on a Map Server, use the show lisp site command.
show lisp site [{EID | EID-prefix} [[instance-id iid] | site-name] [vrf vrf-name] [detail]
Syntax Description
Defaults
None
Command Modes
Any command mode
Supported User Rolesnetwork-admin
network-operator
vdc-admin
vdc-operatorCommand History
Usage Guidelines
The displayed output indicates whether a site is actively registered.
This command does not require a license.
Examples
This example shows how to display the configured LISP sites on a LISP Map Server:
switch# show lisp siteLISP Site Registration Information for VRF "default"* = truncated IPv6 addressSite Name Last Actively Who last EID-prefixRegistered Registered Registeredcisco-it-xtr 00:00:47 yes 172.16.81.170 2001:db8:110c::/4800:00:18 yes 172.17.81.170 192.168.5.0/24dmm-xtr-1 00:00:56 yes 172.30.156.134 2001:db8:1200::/4800:00:56 yes 172.31.65.94 192.168.10.0/24dmm-xtr-2 00:00:48 yes 172.30.156.23 2001:db8:1203::/48never no -- 192.168.12.0/24switch#This example shows how to display detailed information that is related to a LISP site:
switch# show lisp site dmm-xtr-1LISP Site Registration Information for VRF "default"* = truncated IPv6 addressSite name: "dmm-xtr-1"Description: none configuredAllowed configured locators: anyAllowed EID-prefixes:Configured EID-prefix: 2001:db8:1200::/48, instance-id: 0Currently registered: yesFirst registered: 07:54:01Last registered: 00:00:10Who last registered: 172.30.156.134Routing table tag: 0x00000000Proxy Replying: noWants Map-Notifications: noRegistered TTL: 1440 minutesRegistered locators:Registered locators:172.30.156.134 (up), priority: 1, weight: 50172.31.65.94 (up), priority: 1, weight: 50Registration errors:Authentication failures: 0Allowed locators mismatch: 0Configured EID-prefix: 192.168.10.0/24, instance-id: 0Currently registered: yesFirst registered: 2w0dLast registered: 00:00:36Who last registered: 172.30.156.134Routing table tag: 0x00000000Proxy Replying: noWants Map-Notifications: noRegistered TTL: 1440 minutesRegistered locators:172.30.156.134 (up), priority: 1, weight: 50172.31.65.94 (up), priority: 1, weight: 50Registration errors:Authentication failures: 0Allowed locators mismatch: 0switch#Related Commands
