neighbor ttl-security-hops
Syntax
neighbor {<IP-ADDRESS> | <PEER-GROUP-NAME>} ttl-security-hops <HOP-COUNT>
no neighbor {<IP-ADDRESS> | <PEER-GROUP-NAME>} ttl-security-hops <HOP-COUNT>
Description
This command enables BGP to establish connection with external peers residing on networks that are not directly connected. By enabling this feature, the received TTL from a BGP peer is compared with the difference "255 -
hop-count". BGP messages coming with a TTL less than this value are not accepted. BGP peering will not be established if the TTL in the session establishment is received with a lower value. Also, by enabling this feature the router will send BGP packets with TTL value of 255 to the neighbor. For a neighbor, either TTL security or
ebgp-multihop
can be configured, not both together. If there are multiple paths to reach the node, then the hop count should be configured considering the longest route.
The
no
form of this command disables the peer ttl-security-hop feature.
Command context
config-bgp
Parameters
<IP-ADDRESS>
Specifies an IP address.
<PEER-GROUP-NAME>
Specifies a peer group.
<HOP-COUNT>
Specifies the hop count to reach the neighbor for the eBGP session. Range: 1-255.
Authority
Administrators
Examples
switch(config-bgp)# neighbor 1.1.1.1 ttl-security-hops 10 switch(config-bgp)# no neighbor 1.1.1.1 ttl-security-hops
switch(config-bgp)# neighbor pg ttl-security-hops 5 switch(config-bgp)# no neighbor pg ttl-security-hops