LISP Site Configuration Commands

site

To configure a Locator/ID Separation Protocol (LISP) site and enter LISP site configuration mode on a LISP map server, use the site command in LISP configuration mode. To remove the reference to a LISP site, use the no form of this command.

site site-name

no site site-name

Syntax Description

site-name

Locally significant name assigned to a LISP site.

Command Default

By default, no LISP sites are assigned.

Command Modes

LISP configuration (config-router-lisp)

Command History

Release

Modification

15.1(1)XB2

This command was introduced.

Cisco IOS XE Release 2.5.1XB

This command was integrated into Cisco IOS XE Release 2.5.1XB

Cisco IOS XE Release 3.3.0S

This command was modified. Support for this command was removed at the global configuration level and added for LISP configuration mode. Also, the lisp keyword was removed from the command syntax.

15.1(4)M

This command was modified. Support for this command was removed at the global configuration level and added for LISP configuration mode. Also, the lisp keyword was removed from the command syntax.

Usage Guidelines

Before a LISP Egress Tunnel Router (ETR) registers with a map server, the map server must already be configured with certain LISP site attributes that match those of the ETR. At a minimum, this includes the endpoint identifier (EID) prefixes to be registered by the ETR and a shared authentication key. On the ETR, these attributes are configured using the database-mapping , ipv4 etr map-server , and ipv6 etr map-server commands.

When the site command is entered, the referenced LISP site is created and the router is placed in the site configuration mode. In this mode, all attributes associated with the referenced LISP site can be entered.

Examples

The following example shows how to configure a LISP site named ‘Customer-1’ and enters LISP site configuration mode. 


Router(config)# router lisp
Router(config-router-lisp)# site Customer-1

Related Commands

Command

Description

database-mapping

Configures an IPv4 or IPv6 EID-to-RLOC mapping relationship and its associated traffic policy.

ipv4 etr map-server

Configures the IPv4 or IPv6 locator address of the LISP map server to which an ETR should register for its IPv4 EID prefixes.

ipv6 etr map- server

Configures the IPv4 or IPv6 locator address of the LISP map server to which an ETR should register for its IPv6 EID prefixes.

allowed-locator (LISP site)

To configure a list of locators to be verified in a map-register message sent by an Egress Tunnel Router (ETR) when registering to the map server, use the allowed-locator command in Locator/ID Separation Protocol (LISP) site configuration mode. To remove locators from the list, use the no form of this command.

allowed-locator rloc

no allowed-locator rloc

Syntax Description

rloc

IPv4 or IPv6 routing locator (RLOC) allowed within a Map-Registration message.

Command Default

By default, allowable locators are not defined and the map server will accept any locators.

Command Modes

LISP site configuration (config-router-lisp-site)

Command History

Release

Modification

15.1(1)XB2

This command was introduced.

Cisco IOS XE Release 2.5.1XB

This command was integrated into Cisco IOS XE Release 2.5.1XB

Cisco IOS XE Release 3.3.0S

This command was integrated into Cisco IOS XE Release 3.3.0S.

15.1(4)M

This command was integrated into Cisco IOS Release 15.1(4)M.

Usage Guidelines

When a LISP ETR registers with a map server, it sends a map-register message that contains one or more endpoint identifier (EID) prefixes and routing locators that the ETR is configured to use. After verifying the authentication data, the map server checks the presented EID-prefixes against those configured on the map server. If they agree, the map register is accepted and the ETR registration is completed.

The map server default behavior can be further constrained such that the ETR can register only using specific routing locators. To enable this functionality, configure the allowed-locator command in LISP site configuration mode. When the allowed-locator command is used, the map-register message from the ETR must contain the same locators that are listed in the map server LISP site configuration. If the list in the map register does not match the one configured on the map server, the map-register message is not accepted and the ETR is not registered. Up to four IPv4 or IPv6 routing locators (total) can be configured.


Note

When the allowed-locator command is configured, all locators listed on the map server within the LISP site configuration must also appear in the Map-Register message sent by the ETR for it to be accepted.

Examples

The following example shows how to configure the LISP site named Customer-1 and then enter LISP site command mode. The IPv4 address 172.16.1.1 and the IPv6 address 2001:db8:bb::1 are configured as allowable locators for the LISP site Customer-1: 


Router(config-router-lisp)# site Customer-1
Router(config-router-lisp-site)# allowed-locator 172.16.1.1
Router(config-router-lisp-site)# allowed-locator 2001:db8:bb::1

Related Commands

Command

Description

site

Configures a LISP site and enters LISP site configuration mode on a map server.

authentication-key (LISP site)

To configure the password used to create the SHA-1 HMAC hash for authenticating the map-register message sent by an Egress Tunnel Router (ETR) when registering to the map server, use the authentication-key command in Locator/ID Separation Protocol (LISP) site configuration mode. To remove the password, use the no form of this command.

authentication-key {0 | 6 | 7} password

no authentication-key

Syntax Description

0

The key type that indicates that the following SHA-1 password is encoded using a cleartext password.

6

The key type that indicates that the following SHA-1 password is encoded using an AES encrypted key.

7

The key type that indicates that the following SHA-1 password is encoded using a Cisco-encrypted key.

password

The password used to create the SHA-1 HMAC hash when authenticating the map-register message sent by the ETR.

Command Default

By default, no LISP sites authentication key is configured.

Command Modes

LISP site configuration (config-router-lisp-site)

Command History

Release

Modification

15.1(1)XB2

This command was introduced.

Cisco IOS XE Release 2.5.1XB

This command was integrated into Cisco IOS XE Release 2.5.1XB

Cisco IOS XE Release 3.3.0S

This command was integrated into Cisco IOS XE Release 3.3.0S

15.1(4)M

This command was integrated into Cisco IOS Release 15.1(4)M.

Usage Guidelines

Before a LISP ETR registers with a map server, the map server must already be configured with certain LISP site attributes that match those of the ETR, including a shared password that is used to create the SHA-1 HMAC hash that the map server uses to validate the authentication data presented in the Map-Register message. On the ETR, this password is configured with the [ip|ipv6] lisp etr map-server command.

On the map-server, the password is configured as part of the LISP site configuration process. To enter the LISP site password, configure the authentication-key command in LISP site configuration mode. The SHA-1 HMAC password may be entered in unencrypted (cleartext) form or encrypted form. To enter an unencrypted password, specify a key-type value of 0. To enter an AES-encrypted password, specify a key-type value of 6. To enter a Cisco-encrypted password, specify a key-type value of 7.


Caution

Map server authentication keys entered in cleartext form will remain in cleartext form and be displayed in the configuration in cleartext form unless the Cisco IOS Encrypted Preshared Key feature is enabled. The Encrypted Preshared Key feature allows you to securely store plaintext passwords in type 6 (AES encryption) format in NVRAM. To enable this feature, use the key config-key password-encryption and password encryption aes commands. For additional information on the Encrypted Preshared Key feature and its usage see: http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801f2336.shtml .


Caution

If you enable the Encrypted Preshared Key feature and then remove it, all type 6 encrypted keys immediately become unusable because the master key is deleted—type 6 passwords cannot be unencrypted and used by the router. A warning message displays that details this and confirms the master key deletion.


Note

The map server and ETR must be configured with matching passwords for the map-registration process to successfully complete. When a LISP site successfully completes the map-registration process, its attributes will be displayed by the show lisp site command. If the map-registration process is unsuccessful, the site will not be display.

Examples

The following example shows how to configure the LISP site named ‘Customer-1’ and enter the LISP site configuration mode. The shared password s0m3-s3cr3t-k3y is then entered in cleartext form: 


Router(config)# router lisp
Router(config-router-lisp)# site Customer-1
Router(config-router-lisp-site)# authentication-key 0 s0m3-s3cr3t-k3y

Related Commands

Command

Description

ipv4 etr map-server

Configures the IPv4 or IPv6 locator address of the LISP map server to which an ETR should register for its IPv4 EID prefixes.

ipv6 etr map-server

Configures the IPv4 or IPv6 locator address of the LISP map server to which an ETR should register for its IPv6 EID prefixes.

key config-key password-encryption

Enables storage of a type 6 encryption key in private NVRAM.

password encryption aes

Enables a type 6 encrypted preshared key.

show lisp site

Displays registered LISP sites on a map server.

site

Configures a LISP site and enter LISP site configuration mode on a map server.

description (LISP site)

To configure a description for a Locator/ID Separation Protocol (LISP) site, use the description command in LISP site configuration mode. To remove the description for a LISP site, use the no form of this command.

description description

no description

Syntax Description

description

Description associated with the LISP site.

Command Default

By default, no LISP site description is defined.

Command Modes

LISP site configuration (config-router-lisp-site)

Command History

Release

Modification

15.1(1)XB2

This command was introduced.

Cisco IOS XE Release 2.5.1XB

This command was integrated into Cisco IOS XE Release 2.5.1XB

Cisco IOS XE Release 3.3.0S

This command was integrated into Cisco IOS XE Release 3.3.0S

.

15.1(4)M

This command was integrated into Cisco IOS Release 15.1(4)M.

Usage Guidelines

When you enter the site command in a map server, the router enters LISP site configuration mode. In this mode, you can associate a description with the referenced LISP site using the description command. This description is displayed in the output of the show lisp site command.

Examples

The following example shows how to configure the LISP site named ‘Customer-1’ and enter LISP site configuration mode. The description string for Customer-1 is then entered: 


Router(config)# router lisp
Router(config-router-lisp)# site Customer-1
Router(config-router-lisp-site)# description Customer-1 Site Information

Related Commands

Command

Description

show lisp site

Displays registered LISP sites on a map server.

site

Configures a LISP site and enter LISP site configuration mode on a map server.

eid-prefix (LISP site)

To configure a list of endpoint identifier (EID) prefixes that are allowed in a Map-Register message sent by an Egress Tunnel Router (ETR) when registering to the map server, use the eid-prefix command in Locator/ID Separation Protocol (LISP) site configuration mode. To remove the locators, use the no form of this command.

eid-prefix EID-prefix [route-tag tag] [accept-more-specifics]

no eid-prefix EID-prefix [route-tag tag]

Syntax Description

EID-prefix

IPv4 or IPv6 EID prefix associated with the LISP site.

route-tag tag

(Optional) Defines the route tag associated with this EID prefix.

accept-more-specifics

(Optional) Specifies that any EID prefix that is more specific than the EID prefix configured is accepted and tracked.

Command Default

By default, EID-prefixes are not defined for a LISP site.

Command Modes

LISP site configuration (config-router-lisp-site).

Command History

Release

Modification

15.1(1)XB2

This command was introduced.

Cisco IOS XE Release 2.5.1XB

This command was integrated into Cisco IOS XE Release 2.5.1XB.

Cisco IOS XE Release 3.3.0S

This command was integrated into Cisco IOS XE Release 3.3.0S.

15.1(4)M

This command was integrated into Cisco IOS Release 15.1(4)M.

Usage Guidelines

When a LISP ETR registers with a map server, it sends a map-register message that contains, among other things, one or more EID prefixes that the ETR is configured to use. On the ETR, EID prefixes are configured using the database-mapping command. To configure these EID prefixes on the map server, use the eid-prefix command in LISP site configuration mode.

The same EID prefixes must be configured on the map server and the ETR in order for the ETR to be registered, and for these EID prefixes to be advertised by LISP. After verifying the authentication data, the map server compares the EID prefixes within the map-register message against those configured on the map server for the LISP site. If they agree, the map register is accepted and the ETR registration is completed. If the EID-prefixes in the Map-Register message do not match those configured on the map server, the map-register message is not accepted and the ETR is not registered.


Note

A map-register message sent by an ETR contains all of the EID prefixes that the ETR is authoritative for. All of these EID prefixes must be listed on the map server within the LISP site configuration for the map-register message sent by the ETR to be accepted. If the list in the map register does not match the one configured on the map server, the map-register message is not accepted and the ETR is not registered.

When a LISP site successfully completes the map-registration process, its attributes can be displayed by the show lisp site command. If the map-registration process is unsuccessful, the site will not be displayed.

When the route-tag keyword is used, a tag value is associated with the EID prefix being configured. This tag value may be useful for simplifying processes that populate the routing information base (RIB). For example, a route-map policy can be defined to match this tag for Border Gateway Protocol (BGP) redistribution of these EID prefixes into the virtual routing and forwarding (VRF) used by the LISP Alternative Logical Topology (ALT).

Examples

The following example shows how to configure the IPv4 EID-prefix 192.168.1.0/24 and the IPv6 EID-prefix 2001:db8:aa::/48, each with the route-tag 123, for the LISP site Customer-1: 


Router(config)# router lisp
Router(config-router-lisp)# site Customer-1
Router(config-router-lisp-site)# eid-prefix 192.168.1.0/24 route-tag 123
Router(config-router-lisp-site)# eid-prefix 2001:db8:aa::/48 route-tag 123

Related Commands

Command

Description

database-mapping

Configures an IPv6 EID-to-RLOC mapping relationship and its associated traffic policy.

ipv4 etr map-server

Configures the IPv4 or IPv6 locator address of the LISP Map-Server to which an ETR should register for its IPv4 EID prefixes.

ipv6 etr map-server

Configures the IPv4 or IPv6 locator address of the LISP Map-Server to which an ETR should register for its IPv6 EID prefixes.

show lisp site

site

Configures a LISP site and enters LISP site configuration mode on a Map-Server.