Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

BGP configuration

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

BGP configuration

L2 Linker

I am looking to see the commands to check bgp configuration on palo alto 5050 Software version 8.1.14

 

We have that PA in our organization but i am new and trying to check why i am not able to learn a route 10.104.55.0/24 in BGP in PA 5050

 

I am learning 10.104.55.0/24 in the routing table.

admin@SHA-FWPA01A(active)> show routing route virtual-router XYZ-L3 | match 172.19.197.130
10.104.40.0/22 172.19.197.130 10 A S ae1.985
10.104.55.0/24 172.19.197.130 10 A S ae1.985
10.104.65.0/24 172.19.197.130 10 A S ae1.985
10.104.70.0/24 172.19.197.130 10 A S ae1.985
10.104.71.0/24 172.19.197.130 10 A S ae1.985
10.104.72.0/24 172.19.197.130 10 A S ae1.985
10.104.73.0/24 172.19.197.130 10 A S ae1.985
10.104.74.0/24 172.19.197.130 10 A S ae1.985
10.104.80.0/24 172.19.197.130 10 A S ae1.985
10.104.90.0/24 172.19.197.130 10 A S ae1.985
10.104.110.0/24 172.19.197.130 10 A S ae1.985
10.104.111.0/24 172.19.197.130 10 A S ae1.985
10.104.120.0/24 172.19.197.130 10 A S ae1.985
172.25.90.11/32 172.19.197.130 10 A S ae1.985
172.25.90.12/32 172.19.197.130 10 A S ae1.985
172.25.90.100/32 172.19.197.130 10 A S ae1.985
172.25.90.125/32 172.19.197.130 10 A S ae1.985
172.25.90.126/32 172.19.197.130 10 A S ae1.985
172.25.90.127/32 172.19.197.130 10 A S ae1.985
admin@SHA-FWPA01A(active)>

*********************************

admin@SHA-FWPA01A(active)> show routing fib virtual-router XYZ-L3 | match 172.19.197.130
111874 10.104.40.0/22 172.19.197.130 ug ae1.985 1500
162473 10.104.55.0/24 172.19.197.130 ug ae1.985 1500
111873 10.104.65.0/24 172.19.197.130 ug ae1.985 1500
111863 10.104.70.0/24 172.19.197.130 ug ae1.985 1500
111864 10.104.71.0/24 172.19.197.130 ug ae1.985 1500
111865 10.104.72.0/24 172.19.197.130 ug ae1.985 1500
111866 10.104.73.0/24 172.19.197.130 ug ae1.985 1500
111867 10.104.74.0/24 172.19.197.130 ug ae1.985 1500
111868 10.104.80.0/24 172.19.197.130 ug ae1.985 1500
111869 10.104.90.0/24 172.19.197.130 ug ae1.985 1500
111870 10.104.110.0/24 172.19.197.130 ug ae1.985 1500
111871 10.104.111.0/24 172.19.197.130 ug ae1.985 1500
111872 10.104.120.0/24 172.19.197.130 ug ae1.985 1500
111875 172.25.90.11/32 172.19.197.130 ug ae1.985 1500
111876 172.25.90.12/32 172.19.197.130 ug ae1.985 1500
111880 172.25.90.100/32 172.19.197.130 ug ae1.985 1500
111877 172.25.90.125/32 172.19.197.130 ug ae1.985 1500
111878 172.25.90.126/32 172.19.197.130 ug ae1.985 1500
111879 172.25.90.127/32 172.19.197.130 ug ae1.985 1500
admin@SHA-FWPA01A(active)>
***********************************************
If i check the BGP table 10.104.55.0/24 is not present.
admin@SHA-FWPA01A(active)> show routing protocol bgp loc-rib virtual-router XYZ-L3 | match 10.104
*10.104.0.0/16 172.19.210.66 SHA-CORE 0 100 i/c 7171072 0
*10.104.12.0/22 Local 0 100 igp 0 0
*10.104.24.0/22 Local 0 100 igp 0 0
*10.104.40.0/22 172.19.197.130 Local 0 100 igp 0 0
*10.104.65.0/24 172.19.197.130 Local 0 100 igp 0 0
*10.104.70.0/24 172.19.197.130 Local 0 100 igp 0 0
*10.104.71.0/24 172.19.197.130 Local 0 100 igp 0 0
*10.104.72.0/24 172.19.197.130 Local 0 100 igp 0 0
*10.104.73.0/24 172.19.197.130 Local 0 100 igp 0 0
*10.104.74.0/24 172.19.197.130 Local 0 100 igp 0 0
*10.104.80.0/24 172.19.197.130 Local 0 100 igp 0 0
*10.104.90.0/24 172.19.197.130 Local 0 100 igp 0 0
*10.104.110.0/24 172.19.197.130 Local 0 100 igp 0 0
*10.104.111.0/24 172.19.197.130 Local 0 100 igp 0 0
*10.104.120.0/24 172.19.197.130 Local 0 100 igp 0 0
admin@SHA-FWPA01A(active)>
*****************************************************
admin@SHA-FWPA01A(active)> show routing protocol bgp rib-out virtual-router XYZ-L3 peer SHA-CORE | match 10.104
10.104.12.0/22 172.19.210.68 SHA-CORE 0.0.0.0 advertised no aggregation
10.104.24.0/22 172.19.210.68 SHA-CORE 0.0.0.0 advertised no aggregation
10.104.40.0/22 172.19.210.68 SHA-CORE 0.0.0.0 advertised no aggregation
10.104.65.0/24 172.19.210.68 SHA-CORE 0.0.0.0 advertised no aggregation
10.104.70.0/24 172.19.210.68 SHA-CORE 0.0.0.0 advertised no aggregation
10.104.71.0/24 172.19.210.68 SHA-CORE 0.0.0.0 advertised no aggregation
10.104.72.0/24 172.19.210.68 SHA-CORE 0.0.0.0 advertised no aggregation
10.104.73.0/24 172.19.210.68 SHA-CORE 0.0.0.0 advertised no aggregation
10.104.74.0/24 172.19.210.68 SHA-CORE 0.0.0.0 advertised no aggregation
10.104.80.0/24 172.19.210.68 SHA-CORE 0.0.0.0 advertised no aggregation
10.104.90.0/24 172.19.210.68 SHA-CORE 0.0.0.0 advertised no aggregation
10.104.110.0/24 172.19.210.68 SHA-CORE 0.0.0.0 advertised no aggregation
10.104.111.0/24 172.19.210.68 SHA-CORE 0.0.0.0 advertised no aggregation
10.104.120.0/24 172.19.210.68 SHA-CORE 0.0.0.0 advertised no aggregation
admin@SHA-FWPA01A(active)>

 

 

 

3 REPLIES 3

L6 Presenter

You ask a very general question, so I can give youonly a general answer.

 

If you need seach the command hierarchy document for your version for commands with BGP in them:

 

https://docs.paloaltonetworks.com/pan-os/9-0/cli-reference/pan-os-9-0-cli-ops-command-hierarchy.html

 

 

 

Also from the GUI you can check if everything is correct following:

 

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/networking/bgp/bgp-overview.html

L3 Networker

Hi there,

Looking at your output we can see that all of the prefixes with a next-hop of 172.19.197.130 are static routes. When we look at the output of the BGP RIB we can see that only a subset of the static routes are present (ie, the component prefixes of 172.25.0.0/16 are missing). 

Obviously you must have a redistribution profile in place which selects static routes, however it can't just be filtering on next-hop as you are missing some of the static routes, so it must be filtering on destination prefix. In which case I imagine your 10.104.55.0/24 is not in the list.

Can you share the output of 

 

set cli config-output-format set

configure

show network virtual-router  XYZ-L3 protocol bgp redist-rules 

 

...for each of the redistribution rule names outputted above eg: FOO-01, feed those names into the command below:

 

eg:

show network virtual-router XYZ-L3 protocol redist-profile FOO-01

 

cheers,

Seb.

Hi Seb,

 

Thanks for your reply.

 

I was looking for the command which will tell me the output of the redistribution rules on Palo-Alto.

Well, i did the same but did not get anything

 

admin@MOC2-FWPA01A(active)# show network virtual-router Gannett-L3 protocol bgp redist-rules
[edit]
admin@MOC2-FWPA01A(active)#

 

Further, i checked with someone in my team who has more knowledge on this and then get to know that there is a redistribution profile created which is checked on GUI.

 

once i implemented that i had a success. i have attached a screenshot for the sameCapture.PNG

  • 3630 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!