Building Your First BGP Lab in Cisco CML

April 8, 2026·10 min read

Contents

Overview
IP Address Plan
Part 1 — Base Configuration
Part 2 — BGP Configuration
Part 3 — Verification
Part 4 — Prefix Filtering with Prefix-Lists
Part 5 — Local Preference (Traffic Engineering)
Part 6 — Failure Testing
Common BGP Lab Mistakes
Lab Extension Ideas

Overview

BGP is the routing protocol that runs the internet — and increasingly, it runs enterprise networks too. Every SD-WAN overlay, every MPLS VPN, every data center fabric uses BGP under the hood. Understanding it at a hands-on level is non-negotiable for a senior network engineer.

This lab builds a 4-router topology in Cisco CML with two Autonomous Systems. You will configure eBGP peering between ASes, iBGP full mesh within an AS, advertise prefixes, apply route-maps and prefix-lists for filtering, and simulate a link failure to verify convergence. By the end you will have a working BGP topology you can extend for more complex scenarios.

Prerequisites: CML running with IOSv or CSR1000v images loaded. If you need help setting up CML first, see the CML setup guide.

IP Address Plan

Interface	IP Address	Purpose
R1 Lo0	1.1.1.1/32	iBGP router-id, iBGP source
R2 Lo0	2.2.2.2/32	iBGP router-id, iBGP source
R1-R2 link	10.0.12.0/30 (R1=.1, R2=.2)	IGP/iBGP underlay AS65001
R2 Gi0/1 (eBGP)	10.0.23.1/30	eBGP peering to R3
R3 Lo0	3.3.3.3/32	iBGP router-id, iBGP source
R4 Lo0	4.4.4.4/32	iBGP router-id
R3 Gi0/0 (eBGP)	10.0.23.2/30	eBGP peering to R2
R3-R4 link	10.0.34.0/30 (R3=.1, R4=.2)	IGP/iBGP underlay AS65002
R1 prefix	172.16.1.0/24	Advertised into BGP from AS65001
R2 prefix	172.16.2.0/24	Advertised into BGP from AS65001
R3 prefix	192.168.1.0/24	Advertised into BGP from AS65002
R4 prefix	192.168.2.0/24	Advertised into BGP from AS65002

Part 1 — Base Configuration

Configure interfaces and OSPF as the IGP underlay within each AS. iBGP peers will use loopbacks as the BGP source, requiring IGP reachability first.

R1 — AS 65001

R1(config)# hostname R1
R1(config)# interface Loopback0
R1(config-if)#  ip address 1.1.1.1 255.255.255.255
R1(config-if)#  exit
R1(config)# interface GigabitEthernet0/0
R1(config-if)#  ip address 10.0.12.1 255.255.255.252
R1(config-if)#  no shutdown
R1(config-if)#  exit
# Advertise prefix
R1(config)# interface Loopback1
R1(config-if)#  ip address 172.16.1.1 255.255.255.0
R1(config-if)#  exit
# OSPF underlay — area 0 covers all AS65001 interfaces
R1(config)# router ospf 1
R1(config-router)#  router-id 1.1.1.1
R1(config-router)#  network 1.1.1.1 0.0.0.0 area 0
R1(config-router)#  network 10.0.12.0 0.0.0.3 area 0
R1(config-router)#  exit

R2 — AS 65001 (eBGP speaker)

R2(config)# hostname R2
R2(config)# interface Loopback0
R2(config-if)#  ip address 2.2.2.2 255.255.255.255
R2(config-if)#  exit
R2(config)# interface GigabitEthernet0/0
R2(config-if)#  ip address 10.0.12.2 255.255.255.252
R2(config-if)#  no shutdown
R2(config-if)#  exit
R2(config)# interface GigabitEthernet0/1
R2(config-if)#  ip address 10.0.23.1 255.255.255.252
R2(config-if)#  no shutdown
R2(config-if)#  exit
R2(config)# interface Loopback1
R2(config-if)#  ip address 172.16.2.1 255.255.255.0
R2(config-if)#  exit
R2(config)# router ospf 1
R2(config-router)#  router-id 2.2.2.2
R2(config-router)#  network 2.2.2.2 0.0.0.0 area 0
R2(config-router)#  network 10.0.12.0 0.0.0.3 area 0
# Do NOT include the eBGP link in OSPF — eBGP is a direct peering

Apply the same pattern to R3 and R4 in AS 65002, using the IP plan above.

Part 2 — BGP Configuration

R1 — iBGP (AS 65001)

R1(config)# router bgp 65001
R1(config-router)#  bgp router-id 1.1.1.1
R1(config-router)#  bgp log-neighbor-changes
# iBGP peer to R2 — use loopbacks, so update-source loopback0
R1(config-router)#  neighbor 2.2.2.2 remote-as 65001
R1(config-router)#  neighbor 2.2.2.2 update-source Loopback0
R1(config-router)#  neighbor 2.2.2.2 next-hop-self
# Advertise R1's prefix — must exist in routing table
R1(config-router)#  network 172.16.1.0 mask 255.255.255.0
R1(config-router)#  exit

R2 — iBGP + eBGP (AS 65001)

R2(config)# router bgp 65001
R2(config-router)#  bgp router-id 2.2.2.2
R2(config-router)#  bgp log-neighbor-changes
# iBGP peer to R1
R2(config-router)#  neighbor 1.1.1.1 remote-as 65001
R2(config-router)#  neighbor 1.1.1.1 update-source Loopback0
R2(config-router)#  neighbor 1.1.1.1 next-hop-self
# eBGP peer to R3 — direct link, no update-source needed
R2(config-router)#  neighbor 10.0.23.2 remote-as 65002
R2(config-router)#  neighbor 10.0.23.2 description R3-eBGP
R2(config-router)#  network 172.16.2.0 mask 255.255.255.0
R2(config-router)#  exit

R3 — iBGP + eBGP (AS 65002)

R3(config)# router bgp 65002
R3(config-router)#  bgp router-id 3.3.3.3
R3(config-router)#  bgp log-neighbor-changes
R3(config-router)#  neighbor 10.0.23.1 remote-as 65001
R3(config-router)#  neighbor 10.0.23.1 description R2-eBGP
R3(config-router)#  neighbor 4.4.4.4 remote-as 65002
R3(config-router)#  neighbor 4.4.4.4 update-source Loopback0
R3(config-router)#  neighbor 4.4.4.4 next-hop-self
R3(config-router)#  network 192.168.1.0 mask 255.255.255.0
R3(config-router)#  exit

Part 3 — Verification

# Check BGP neighbor states — all should show Established
R2# show ip bgp summary
# Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
# 1.1.1.1         4 65001      25      25        8    0    0 00:18:42        1
# 10.0.23.2       4 65002      22      22        8    0    0 00:15:10        2

# Check full BGP table — see all advertised and received prefixes
R2# show ip bgp
# Codes: s suppressed, d damped, h history, * valid, > best, i internal
#    Network          Next Hop            Metric LocPrf Weight Path
# *> 172.16.1.0/24   1.1.1.1                  0    100      0 i
# *> 172.16.2.0/24   0.0.0.0                  0         32768 i
# *> 192.168.1.0/24  10.0.23.2                0             0 65002 i
# *>i192.168.2.0/24  10.0.23.2                0    100      0 65002 i

# Verify specific prefix — see full path attributes
R1# show ip bgp 192.168.1.0/24
# BGP routing table entry for 192.168.1.0/24
# Paths: (1 available, best #1, table default)
# 65002 — AS_PATH shows the path through AS65002

# Verify prefix is in the IP routing table
R1# show ip route bgp
# B  192.168.1.0/24 [200/0] via 2.2.2.2, 00:14:32
# B  192.168.2.0/24 [200/0] via 2.2.2.2, 00:12:11

Part 4 — Prefix Filtering with Prefix-Lists

A core BGP skill is controlling what gets advertised and received. This example blocks 172.16.2.0/24 from being sent to AS65002.

# Create a prefix-list that matches only 172.16.1.0/24
R2(config)# ip prefix-list TO-AS65002 seq 10 permit 172.16.1.0/24
R2(config)# ip prefix-list TO-AS65002 seq 20 deny 0.0.0.0/0 le 32
# The implicit deny at the end blocks everything else

# Apply to the eBGP neighbor outbound
R2(config)# router bgp 65001
R2(config-router)#  neighbor 10.0.23.2 prefix-list TO-AS65002 out
R2(config-router)#  exit

# Force BGP to re-advertise with the new policy
R2# clear ip bgp 10.0.23.2 soft out
# "soft out" = re-sends outbound updates without resetting the session

# Verify on R3 — 172.16.2.0/24 should no longer be in its BGP table
R3# show ip bgp 172.16.2.0/24
# % Network not in table — filter is working

Part 5 — Local Preference (Traffic Engineering)

Local Preference influences which exit point is preferred within an AS. Higher is better (default 100).

# On R2 — set LOCAL_PREF=200 for routes received from AS65002
# This makes R2 the preferred exit from AS65001 toward AS65002
R2(config)# route-map SET-LP-200 permit 10
R2(config-route-map)#  set local-preference 200
R2(config-route-map)#  exit
R2(config)# router bgp 65001
R2(config-router)#  neighbor 10.0.23.2 route-map SET-LP-200 in
R2(config-router)#  exit
R2# clear ip bgp 10.0.23.2 soft in

# Verify — R1 should see LOCAL_PREF 200 for 192.168.x.x prefixes
R1# show ip bgp 192.168.1.0/24
# Local preference: 200

Part 6 — Failure Testing

# Simulate eBGP link failure — shut down R2's eBGP-facing interface
R2(config)# interface GigabitEthernet0/1
R2(config-if)#  shutdown

# Watch BGP session drop on R3
R3# debug ip bgp 10.0.23.1 events
# %BGP-5-ADJCHANGE: neighbor 10.0.23.1 Down Interface flap

# Verify R3 removed the AS65001 prefixes
R3# show ip bgp
# 172.16.x.x prefixes should be gone from the table

# Restore the link
R2(config-if)#  no shutdown
# BGP reconverges automatically — hold timer = 180s default, keepalive = 60s
# Session re-establishes within ~30 seconds of link coming back

# Optional: reduce BGP timers for faster convergence in the lab
R2(config)# router bgp 65001
R2(config-router)#  neighbor 10.0.23.2 timers 10 30
# keepalive=10s, hold=30s — faster detection at cost of more CPU

Common BGP Lab Mistakes

Symptom	Root Cause	Fix
iBGP neighbor stuck in Active	Loopback not reachable via IGP, or update-source missing	Verify OSPF is up between peers; add "neighbor X update-source Loopback0"
Prefix not in BGP table despite "network" command	Prefix must exist in the IP routing table first	Add a connected or static route for the network; or use redistribute connected
iBGP learned routes not forwarded	BGP split horizon — iBGP peers won't re-advertise iBGP routes	Use Route Reflectors or iBGP full mesh; add "next-hop-self" on eBGP speaker
Prefix filtered unexpectedly	Prefix-list or route-map implicit deny	Add explicit "permit any" at end of prefix-list, or use "do show ip bgp neighbor X advertised-routes" to debug
BGP session resets every 3 minutes	Hold timer expiry — keepalives not reaching neighbor	Check for access-lists blocking TCP 179; verify IGP reachability for loopback peers

Lab Extension Ideas

Once this base topology is stable, extend it:

Add a third AS (ISP simulation) and make R2 and R3 dual-homed to it
Configure AS Path prepending on R2 to make AS65001's routes less preferred from the ISP
Add MED attributes to influence inbound traffic from AS65002
Configure a Route Reflector in AS65001 to eliminate the full-mesh iBGP requirement
Enable BFD on the eBGP link for sub-second failure detection