Cisco IOS cheat sheet for BGP (Border Gateway Protocol) โ the inter-domain routing protocol of the Internet. Covers basic eBGP/iBGP setup, path attributes (local-preference, AS-path prepend, MED, weight), filtering, route-maps, peer groups, and multihomed ISP scenarios.
Basic Configuration
BGP Process and Neighbor Setup
| Command | Description |
|---|---|
| router bgp 65000 | Create BGP instance for AS 65000 |
| neighbor 10.0.2.2 remote-as 65100 | Add BGP neighbor in AS 65100 (eBGP) |
| neighbor 10.0.2.2 password cisco | Set MD5 authentication password (optional) |
| neighbor 10.0.2.2 update-source Loopback0 | Use loopback for peering (loopback-to-loopback iBGP) |
| neighbor 10.0.2.2 ebgp-multihop 3 | Allow up to 3 hops between eBGP peers |
| neighbor 10.0.2.2 next-hop-self | Advertise eBGP-learned routes to iBGP peers with own IP as next-hop |
| network 192.168.2.0 mask 255.255.255.0 | Originate network in BGP (must exist in RIB; use exact prefix, not classful) |
| timers bgp 10 20 | Set keepalive / hold timers (seconds) |
Diagnostics
show / clear
| Command | Description |
|---|---|
| show ip bgp | BGP table โ raw routes received via BGP |
| show ip route bgp | BGP routes installed in the routing table |
| show ip bgp summary | BGP neighbor summary (state, prefixes) |
| show ip bgp neighbor 10.0.1.1 | Detailed info for a specific BGP neighbor |
| clear ip bgp * | Reset all BGP sessions and re-download routes (hard reset; slow for full-view) |
| clear ip bgp <neighbor> out | Re-send own routes to neighbor (soft-reconfiguration, neighbor stays up) |
| clear ip bgp <neighbor> in | Re-download routes from neighbor (soft-reconfiguration) |
Path Attributes and Traffic Engineering
Inbound Path Preference โ Local Preference
Higher local-preference = preferred path for outbound traffic.
Local Preference via Route-Map
| Command | Description |
|---|---|
| route-map FILTER permit 10 | Create route-map FILTER |
| set local-preference 150 | Set local-preference to 150 (default is 100; higher = preferred) |
| neighbor 147.54.76.45 route-map FILTER in | Apply to all routes received from neighbor |
Return Traffic Path โ AS-Path Prepend
Deliberately lengthen the AS-path to make a provider less preferred for inbound traffic.
AS-Path Prepend via Route-Map
| Command | Description |
|---|---|
| route-map SET-ASPATH permit 10 | Create route-map for AS-path manipulation |
| set as-path prepend 64100 64100 64100 64100 | Prepend own AS number 4 times to make path longer (less preferred) |
| neighbor 217.145.14.2 route-map SET-ASPATH out | Apply to routes advertised to this neighbor |
Weight (Cisco-proprietary, local to router)
Higher weight = preferred path. Not advertised to neighbors.
BGP Weight
| Command | Description |
|---|---|
| neighbor 147.54.76.45 weight 100 | Set weight 100 for all routes from neighbor (default is 0) |
| ip prefix-list WEIGHT permit 55.30.30.0/24 | Match specific prefix |
| route-map MAP1 permit 10 | Branch 10: match prefix, set weight 150 |
| match ip address prefix-list WEIGHT | Match specific route in route-map |
| set weight 150 | Prefer this path with higher weight |
| route-map MAP1 permit 20 | Branch 20: all other routes get weight 0 |
| neighbor 50.0.1.1 route-map MAP1 in | Apply route-map to iBGP neighbor |
MED (Multi-Exit Discriminator)
Suggest to an external AS which entry point to use for inbound traffic. Only compared between routes from the same AS.
MED via Route-Map
| Command | Description |
|---|---|
| route-map SET-MED permit 10 | Create route-map for MED |
| set metric 200 | Set MED to 200 (lower = more preferred) |
| neighbor 217.145.14.2 route-map SET-MED out | Advertise MED to this neighbor |
Filtering
AS-Path Access-List
AS-Path Filtering
| Command | Description |
|---|---|
| ip as-path access-list 1 permit ^$ | Match routes originated in our AS only (empty AS-path) |
| ip as-path access-list 1 permit _65030$ | Match routes whose last AS is 65030 (regardless of transit ASes) |
| ip as-path access-list 1 permit ^65020$ | Match routes originating directly from AS 65020 |
| neighbor 217.145.14.2 filter-list 1 out | Apply AS-path ACL to outbound updates for neighbor |
| clear ip bgp * out | Push updated routes to all neighbors |
Prefix-List
Prefix-List Filtering
| Command | Description |
|---|---|
| ip prefix-list ISP permit 0.0.0.0/0 | Accept only default route from ISP |
| ip prefix-list 1 permit 0.0.0.0/0 ge 8 le 24 | Accept prefixes with mask /8โ/24 |
| neighbor 20.0.2.2 prefix-list ISP in | Apply prefix-list to inbound updates from neighbor |
| neighbor 217.145.14.2 prefix-list 1 out | Apply prefix-list to outbound updates |
Route-Map Filtering (combined AS-path + prefix-list)
Combined Route-Map Filter
| Command | Description |
|---|---|
| ip prefix-list default-only permit 0.0.0.0/0 | Match default route only |
| route-map FILTERING permit 10 | Branch 10: match default route from AS 65020 โ set local-pref 150 |
| match ip address prefix-list default-only | Match condition 1 |
| match as-path 10 | Match condition 2 (AS-path ACL 10) |
| set local-preference 150 | Prefer this path |
| route-map FILTERING permit 20 | Branch 20: default from other AS โ keep default local-pref 100 |
| neighbor 172.10.10.1 route-map FILTERING in | Apply to first neighbor |
| neighbor 134.15.15.1 route-map FILTERING in | Apply to second neighbor |
Peer Groups
Reuse the same neighbor policies across multiple peers.
Peer Group Configuration
| Command | Description |
|---|---|
| neighbor ISP peer-group | Create peer group named ISP |
| neighbor ISP filter-list 1 out | Attach filter-list 1 to the group |
| neighbor ISP prefix-list 25 in | Attach prefix-list 25 to the group |
| neighbor ISP route-map FILTER out | Attach route-map FILTER to the group |
| neighbor 172.10.10.1 remote-as 65020 | Define first neighbor |
| neighbor 172.10.10.1 peer-group ISP | Assign first neighbor to peer group |
| neighbor 134.15.15.1 remote-as 65030 | Define second neighbor |
| neighbor 134.15.15.1 peer-group ISP | Assign second neighbor to peer group |
Cisco IOS Command Reference | BGP