The remote RPKI server must be configured and the local cache must be updated from the remote
server. BGP RPKI prefix matching should also be enabled. By default, BGP RPKI prefix matching is
disabled.
-
Access global configuration
mode.
device# configure terminal
-
Create a route map instance and
allow a matching pattern.
device(config)# route-map mybgprpkiroutemap1 permit 10
This example creates a route map instance called mybgprpkiroutemap1 and allows a
matching pattern of 10.
-
Configure the route map to match BGP RPKI validated prefixes.
.
device(config-route-map-mybgprpkiroutemap1/permit/10)# match rpki valid
This example configures the route map to match validated RPKI prefixes.
The following example summarizes the commands in
this procedure.
device# configure terminal
device(config)# route-map mybgprpkiroutemap1 permit 10
device(config-route-map-mybgprpkiroutemap1/permit/10)# match rpki valid