Configure BGP
You can configure BGP neighbors and networks on the CLI.
Configure BGP networks and neighbors
-
To enter the BGP configuration mode, enter the following options:
- For Route configuration: 3
- For Configure unicast routing: 1
- For Configure BGP: 3
You'll see the following prompt:
bgp>
-
Open BGP configuration:
bgp>enable
- Open the router configuration for related details:
bgp#configure terminal
-
Enter the BGP router configuration mode:
bgp(config)#router bgp <AS number>
Note
If you haven't already assigned an AS number, the command assigns the number you enter.
-
(Optional) Manually configure the router ID:
bgp(config-router)# bgp router-id <ip address format>
Enter the ID in the IPv4 address format, for example, 1.1.1.1. It doesn't need to be a valid IP address.
By default, the firewall automatically selects the highest IP address of all the configured interfaces as the router ID.
-
To configure a network, do as follows:
-
Specify the network's IP version using one of the following commands:
bgp(config-router)#address-family ipv4 unicast
bgp(config-router)#address-family ipv6 unicast
Note
To change the IP version, exit the address family mode (
exit
), then enter the IP version command you want. -
Enter an IPv4 or IPv6 network:
- IPv4:
bgp(config-router-af)#network <ipv4 address>/<subnet mask>
- IPv6:
bgp(config-router-af)#network <ipv6 address>/<prefix>
Example
network 10.10.10.0/24
network 2008:DB9::/32
- IPv4:
-
(Optional) Don't advertise IPv4 networks to IPv6 neighbors:
bgp(config-router)#address-family ipv4 unicast
bgp(config-router-af)#no neighbor <ipv6 address> activate
Note
By default, the firewall advertises IPv4 networks to all neighbors. Enter the command to make sure these aren't advertised to IPv6 neighbors when you configure an IPv6 neighbor on the CLI.
For web admin console configurations, the firewall automatically adds this command to IPv4 networks.
-
Advertise IPv6 networks to IPv6 neighbors:
bgp(config-router-af)#exit
(If you're in IPv4 mode.)bgp(config-router)#address-family ipv6 unicast
bgp(config-router-af)#neighbor <ipv6 address> activate
Note
By default, the firewall doesn't advertise IPv6 networks to any neighbors. Enter the command to advertise these to IPv6 neighbors when you configure an IPv6 neighbor on the CLI.
For web admin console configurations, the firewall automatically adds this command to IPv6 networks.
-
Exit the address family mode:
exit
-
-
To configure a neighbor, enter the neighbor's IPv4 or IPv6 address and AS number:
bgp(config-router)#neighbor <ip address> remote-as <neighbor's AS number>
-
Check the configuration:
bgp(config-router)#show running-config
If you've used automatic router ID assignment on the web admin console, the ID isn't shown with this command.
-
Save the configuration:
bgp(config-router)#write
Note
You must run the
write
command to save route configurations made through the CLI so they reflect on the web admin console and persist on a firewall or daemon restart. -
Exit router configuration mode:
bgp(config-router)#end
- Exit BGP configuration mode:
bgp#exit
Default settings
When you configure BGP from the web admin console, the firewall automatically applies these default settings.
- To implement these settings when you configure BGP on the CLI, you must enter the commands.
- When you apply the Global configuration settings on the web admin console, the firewall removes your changes to the following default settings:
bgp log-neighbor-changes
andno bgp ebgp-requires-policy
. - The firewall only shows custom values when you run the
show running-config
command. For example, it doesn't show themaximum-paths ibgp
value if it's set to the default value of 16.
Commands
Commands | Description |
---|---|
| The command removes the need for BGP route policies to learn and advertise BGP routes. |
| The firewall logs a message when a neighbour becomes available or unavailable. |
no neighbor <ipv6 address> activate | Stops advertising IPv4 networks to IPv6 neighbors. |
neighbor <ipv6 address> activate | Advertises IPv6 networks to IPv6 neighbors. |