Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13746
Views
5
Helpful
4
Replies

no bgp enforce-first-as on Cisco Router

Go to solution
mahesh18
Level 6
Level 6

‎10-31-2015 10:42 AM - edited ‎03-08-2019 02:31 AM

Hi Everyone,

Our Internet router is connected to ISP and running BGP.

Need to know what does below command do?

 no bgp enforce-first-as

Regards

Mahesh

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎10-31-2015 02:21 PM

Hi Mahesh,

By default, Cisco routers deny any updates recived from an eBGP peer that does not list the AS number in the path of an incoming update.  So, "no bgp enforce-first-as" will diable that.

Here is more info from the command reference guide:

http://www.cisco.com/c/en/us/td/docs/ios/iproute_bgp/command/reference/irg_book/irg_bgp1.html#wp1114079

HTH

Reza

View solution in original post

0 Helpful

Go to solution
Masoud Pourshabanian
VIP Alumni
VIP Alumni

‎10-31-2015 03:49 PM

Hello,

BGP peers list their AS number as the first segment in the AS_PATH attribute. Under BGP command you specify a neighbour and its AS number. As an example,

"Neighbor 192.8.7.9 remote-as 64352".

If you apply "bgp enforce-first-as", BGP checks the updates from 192.8.7.9 to make sure AS number 64352 is listed in AS_PATH attribte.

Enabling this command prevents a misconfigured or unauthorized peer from misdirecting traffic.

You will disable this feature If you apply "no bgp enforce-first-as".

Hope it helps,

Masoud

View solution in original post

4 Replies 4

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎10-31-2015 02:21 PM

Hi Mahesh,

By default, Cisco routers deny any updates recived from an eBGP peer that does not list the AS number in the path of an incoming update.  So, "no bgp enforce-first-as" will diable that.

Here is more info from the command reference guide:

http://www.cisco.com/c/en/us/td/docs/ios/iproute_bgp/command/reference/irg_book/irg_bgp1.html#wp1114079

HTH

Reza

0 Helpful

Go to solution
Masoud Pourshabanian
VIP Alumni
VIP Alumni

‎10-31-2015 03:49 PM

Hello,

BGP peers list their AS number as the first segment in the AS_PATH attribute. Under BGP command you specify a neighbour and its AS number. As an example,

"Neighbor 192.8.7.9 remote-as 64352".

If you apply "bgp enforce-first-as", BGP checks the updates from 192.8.7.9 to make sure AS number 64352 is listed in AS_PATH attribte.

Enabling this command prevents a misconfigured or unauthorized peer from misdirecting traffic.

You will disable this feature If you apply "no bgp enforce-first-as".

Hope it helps,

Masoud

Go to solution
dudus20122
Level 1
Level 1
In response to Masoud Pourshabanian

‎01-26-2024 08:27 AM

@Masoud Pourshabanian but how. I am thinking this concept is now invalid where you have to peer with IXP - Internet Exchange Point. IXPs peers with ISPs, CDNs, and SPs suing route servers. and route servers, do not include their ASs in the BGP paths. So, leaving "bgp enforce-first-as" check in place would impact the experience of such provider. 

0 Helpful

Go to solution
mahesh18
Level 6
Level 6

‎10-31-2015 05:44 PM

Many thanks Reza.

Regards

Mahesh

0 Helpful
Customers Also Viewed These Support Documents