neighbor ttl-security-hops


neighbor {<IP-ADDRESS> | <PEER-GROUP-NAME>} ttl-security-hops <HOP-COUNT>

no neighbor {<IP-ADDRESS> | <PEER-GROUP-NAME>} ttl-security-hops <HOP-COUNT>


This command enables BGP to establish connection with external peers residing on networks that are not directly connected. By enabling this feature, the received TTL from a BGP peer is compared with the difference "255 - hop-count". BGP messages coming with a TTL less than this value are not accepted. BGP peering will not be established if the TTL in the session establishment is received with a lower value. Also, by enabling this feature the router will send BGP packets with TTL value of 255 to the neighbor. For a neighbor, either TTL security or ebgp-multihop can be configured, not both together. If there are multiple paths to reach the node, then the hop count should be configured considering the longest route.

The no form of this command disables the peer ttl-security-hop feature.

Command context




Specifies an IP address.


Specifies a peer group.


Specifies the hop count to reach the neighbor for the eBGP session. Range: 1-255.


Administrators or local user group members with execution rights for this command.


switch(config-bgp)# neighbor ttl-security-hops 10
switch(config-bgp)# no neighbor ttl-security-hops
switch(config-bgp)# neighbor pg ttl-security-hops 5
switch(config-bgp)# no neighbor pg ttl-security-hops