DGS-6604
bgp enforce-first-as
CLI Reference Guide
76
bgp enforce-first-as
Use this command to enforce the first AS for the eBGP routes. To disable this
feature, use the no form of this command.
bgp enforce-first-as
no bgp enforce-first-as
Syntax
None
Default
Disabled
Command Mode
Router configuration.
Usage Guideline
This command specifies that any updates received from an external neighbor
that do not have the neighbor’s configured Autonomous System (AS), at the
beginning of the AS path, in the received update must be denied. Enabling this
feature adds to the security of the BGP network by not allowing traffic from
unauthorized systems.
Example
This example shows how to enable the security of the BGP network for
autonomous system 65534. All incoming updates from eBGP peers are
examined to ensure that the first AS number in the AS path is the local AS
number of the transmitting peer:
Switch(config)# router bgp 65534
Switch(config-router)# bgp enforce-first-as