Services are created in the administratively down (shutdown) state. When a
no shutdown command is entered, the service becomes administratively up and then tries to enter the operationally up state. Default administrative states for services and service entities is described below in Special Cases.
The no form of this command places the entity into an administratively enabled state.
This command disables the BGP or RIP instance on the given IP interface. Routes learned from a neighbor that is shutdown are immediately removed from the BGP or RIP database and RTM. If BGP or RIP is globally shutdown, then all RIP group and neighbor interfaces are shutdown operationally. If a BGP or RIP group is shutdown, all member neighbor interfaces are shutdown operationally. If a BGP or RIP neighbor is shutdown, just that neighbor interface is operationally shutdown.
The description command associates a text string with a configuration context to help identify the content in the configuration file.
The no form of this command removes the string from the configuration.
vprn service-id [customer
customer-id] [create]
If the service-id does not exist, a context for the service is created. If the
service-id exists, the context for editing the service is entered.
When a service is created, the customer keyword and
customer-id must be specified and associates the service with a customer. The
customer-id must already exist having been created using the customer command in the service context. When a service is created with a customer association, it is not possible to edit the customer association. The service must be deleted and re-created with a new customer association.
When a service is created, the use of the customer customer-id is optional to navigate into the service configuration context. If attempting to edit a service with the incorrect
customer-id results in an error.
The no form of the command deletes the VPRN service instance with the specified
service-id. The service cannot be deleted until all the IP interfaces and all routing protocol configurations defined within the service ID have been shutdown and deleted.
|
Values
|
service-id: 1 — 2147483648 svc-name: 64 characters maximum
|
aggregate ip-prefix/ip-prefix-length [summary-only] [as-set] [aggregator as-number: ip-address] [community comm-id] [black-hole | indirect ip-address]
The no form of the command removes the aggregate.
To remove the summary-only option, enter the same aggregate command without the
summary-only parameter.
|
Values
|
ipv4-prefix a.b.c.d
ipv6-prefix x:x:x:x:x:x:x:x
x:x:x:x:x:x:d.d.d.d
x: [0 — FFFF]H
d: [0 — 255]D
|
None — The auto-bind type must be explicitly specified.
The no form of the command removes the defined AS from this VPRN context.
The no form of the command removes the Carrier Supporting Carrier capability from a VPRN.
confederation confed-as-num members
as-number [as-number…(up to 15 max)]
The no form of the command deletes the specified member AS from the confederation. When members are not specified in the no statement, the entire list is removed and confederations is disabled. When the last member of the list is removed, confederations is disabled.
The no form of the command disables DNS for this service.
The no form of the command reverts to the default.
The no form of the command reverts to the default.
The no form of the command removes the primary DNS server from the configuration.
no primary-dns — No primary DNS server is configured.
The no form of the command removes the secondary DNS server from the configuration.
no secondary-dns — No secondary DNS server is configured.
The no form of the command removes the tertiary DNS server from the configuration.
no tertiary-dns — No tertiary DNS server is configured.
The no form of the command disables ECMP path sharing. If ECMP is disabled and multiple routes are available at the best preference and equal cost, the newly updated route is used.
export-grt policy-name [policy-name ...(up to 5 max)]
The no form of the command sets the export-limit to a default of five (5).
The no form of the command sets the export-limit to a default of 5.
[no
] allow-local-management
static-route {ip-prefix/prefix-length |
ip-prefix netmask} [preference
preference] [metric
metric] [enable|disable
] grt
[no
] dynamic-topology-discover
The no form of this command disables the feature.
The no form of this command disables the feature.
|
Values
|
be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, cp35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63
|
The no form of the command disables IGMP.
[no
] group-interface
ip-int-name
[no
] group-interface fwd-service
service-id ip-int-name
The no form of the command reverts to the default.
[no
] disable-router-alert-check
The no form of the command disables the router alert check.
The no form of the command removes the value.
The no form of the command
The no form of the command removes the IP address.
The no form of the command disable the IGMP traffic from known hosts only
The no form of the command disables local subnet checking for IGMP.
The no form of the command
The no form of the command removes the IP address.
This command imports a policy to filter IGMP packets. The no form of the command removes the policy association from the IGMP instance.
no import — No import policy specified.
level level-id bw
bandwidth
This command configures the bandwidth for the interface's multicast CAC policy traffic. When disabled (no unconstrained-bw) there will be no checking of bandwidth constraints on the interface level. When enabled and a policy is defined, enforcement is performed. The allocated bandwidth for optional channels should not exceed the
unconstrained-bw minus the
mandatory-bw and the mandatory channels have to stay below the specified value for the
mandatory-bw. After this interface check, the bundle checks are performed.
If the bandwidth value is 0, no mandatory channels are allowed. If
bandwith is not configured, then all mandatory and optional channels are allowed.
If the value of mandatory-bw is equal to the value of
bandwidth, then all the unconstrained bandwidth on a given interface is allocated to mandatory channels configured through multicast CAC policy on that interface and no optional groups (channels) are allowed.
The value of mandatory-bw should always be less than or equal to that of
bandwidth, An attempt to set the value of
mandatory-bw greater than that of
bandwidth, will result in inconsistent value error.
[no
] group
grp-ip-address
The source command is mutually exclusive with the specification of individual sources for the same group.
Use the no form of the command to remove the source from the configuration.
Use the no form of the command to remove the starg entry from the configuration.
The no form of the command removes the values from the configuration.
The no form of the command removes the values from the configuration.
The no form of the command removes the values from the configuration.
The no form of the command reverts to the default.
The no form of the command sets the mode to the default mode of service label per VRF.
If the log-only parameter is not specified and the maximum-routes value is set below the existing number of routes in a VRF, then the offending RIP peer (if applicable) is brought down (but the VPRN instance remains up). BGP peering will remain up but the exceeding BGP routes will not be added to the VRF.
The no form of the command disables any limit on the number of routes within a VRF context. Issue the
no form of the command only when the VPRN instance is shutdown.
If the log-only parameter is not specified and the maximum-routes value is set below the existing number of routes in a VRF, then the offending RIP peer (if applicable) is brought down (but the VPRN instance remains up). BGP peering will remain up but the exceeding BGP routes will not be added to the VRF.
The no form of the command disables any limit on the number of routes within a VRF context. Issue the
no form of the command only when the VPRN instance is shutdown.
The no form of the command disables the limit of multicast routes within a VRF context. Issue the
no form of the command only when the VPRN instance is shutdown.
The no form of the command deletes the specified peer.
Peers are created within the routing instance associated with the context of this command. All configured PTP peers must use the same routing instance.
The no form of the command removes the router ID definition from the given VPRN context.
application dscp-app-name dscp
{dscp-value | dscp-name}
The no form of this command reverts back to the default value.
|
Values
|
ldp, rsvp, bgp, rip, msdp, pim, ospf, igmp, mld, telnet, tftp, ftp, ssh, snmp, snmp-notification, syslog, icmp, traceroute, tacplus, dns, ntp, radius, cflowd, dhcp, bootp, ndis, vrrp, srrp
|
|
Values
|
none, be, ef, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cp9, cs1, cs2, cs3, cs4, cs5, nc1, nc2, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cp11, cp13, cp15, cp17, cp19, cp21, cp23, cp25, cp27, cp29, cp31, cp33, cp35, cp37, cp39, cp41, cp42, cp43, cp44, cp45, cp47, cp49, cp50, cp51, cp52, cp53, cp54, cp55, cp57, cp58, cp59, cp60, cp61, cp62, cp63
|
dscp dscp-name fc
fc-name
The no form of this command removes the DiffServ code point to forwarding class association. The default-action then applies to that code point value.
|
Values
|
be, ef, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cp9, cs1, cs2, cs3, cs4, cs5, nc1, nc2, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cp11, cp13, cp15, cp17, cp19, cp21, cp23, cp25, cp27, cp29, cp31, cp33, cp35, cp37, cp39, cp41, cp42, cp43, cp44, cp45, cp47, cp49, cp50, cp51, cp52, cp53, cp54, cp55, cp57, cp58, cp59, cp60, cp61, cp62, cp63
|
The no form of this command causes the overload state to be cleared.
The no form of the command removes the SNMP community name from the given VPRN context.
[no
] static-route
{ip-prefix/prefix-length | ip-prefix netmask} [preference
preference] [metric
metric] [tag
tag] [community
comm-id] [enable
| disable
] {next-hop
ip-int-name | ip-address [mcast-family
] | ipsec-tunnel
ipsec-tunnel-name} [bfd-enable
| {cpe-check
cpe-ip-address [interval
seconds] [drop-count
count] [log
]}]
[no
] static-route
{ip-prefix/prefix-length | ip-prefix netmask} [preference
preference] [metric
metric] [tag
tag] [community
comm-id] [enable
| disable
] indirect
ip-address [cpe-check
cpe-ip-address [interval
seconds][drop-count
count] [log
]]
[no]
static-route {
ip-prefix/prefix-length |
ip-prefix netmask} [
preference preference] [
metric metric] [
tag tag] [
community comm-id] [
enable |
disable]
black-hole [
mcast-family]
The IP address of the IP interface. The ip-addr portion of the
address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation.
|
Values
|
ipv4-address a.b.c.d (host bits must be 0) ipv6-address x:x:x:x:x:x:x:x[-interface] x:x:x:x:x:x:d.d.d.d[-interface] x: [0..FFFF]H d: [0..255]D interface: 32 characters maximum, mandatory for link local addresses
|
Static routes can be administratively enabled or disabled. Use the disable parameter to disable a static route while maintaining the static route in the configuration. In order to enable a static route, it must be uniquely identified by the IP address, mask, and any other parameter that is required to identify the exact static route.
The next-hop keyword and the
indirect or
black-hole keywords are mutually exclusive. If an identical command is entered (with the exception of either the
indirect or
black-hole parameters), then this static route will be replaced with the newly entered command, and unless specified, the respective defaults for preference and metric will be applied.
The ip-addr configured here can be either on the network side or the access side on this node. This address must be associated with a network directly connected to a network configured on this node.
The configured ip-addr is not directly connected to a network configured on this node. The destination can be reachable via multiple paths. The static route remains valid as long as the address configured as the indirect address remains a valid entry in the routing table. Indirect static routes cannot use an ip-prefix/mask to another indirect static route.
The indirect keyword and the
next-hop or
black-hole keywords are mutually exclusive. If an identical command is entered (with the exception of either the
next-hop or
black-hole parameters), then this static route will be replaced with the newly entered command and unless specified the respective defaults for preference and metric will be applied.
The ip-addr configured can be either on the network or the access side and is normally at least one hop away from this node.
The black-hole keyword is mutually exclusive with either the
next-hop or
indirect keywords. If an identical command is entered, with exception of either the
next-hop or
indirect parameters, then the static route is replaced with the new command, and unless specified, the respective defaults for
preference and
metric are applied.
type [hub |subscriber-split-horizon]
The no form of the command removes all route policy names from the export list.
None —
No routes are exported from the VRF by default.
The no form of the command removes all route policy names from the import list
None —
No routes are accepted into the VRF by default.
vrf-target {ext-community
| export
ext-community | import
ext-community}
Specified vrf-import or
vrf-export policies override the
vrf-target policy.
An extended BGP community in the type:
x:
y format. The value
x can be an integer or IP address. The
type can be the target or origin.
x and
y are 16-bit integers.
The no form of the command returns the value to
never allow AVP hiding.
The no form of the command reverts to the default
never value.
The no form of the command removes the value from the configuration.
[no
] ipcp-subnet-negotiation
group tunnel-group-name [create
]
The no form of the command returns the value to
never allow AVP hiding.
The no form of the command reverts to the default
never value.
The no form of the command removes the value from the configuration.
The no form of the command removes the interval from the configuration.
Enter the no form of the command to maintain a persistent tunnel.
The no form of the command removes the idle timeout from the configuration.
The no form of the command removes thename from the configuration.
The no form of the command removes the value from the configuration.
The no form of the command removes the value from the configuration.
keepalive seconds [hold-up-multiplier
multiplier]
[no
] proxy-authentication
The no form of the command removes the parameter of the configuration and indicates that the value on group level will be taken.
The no form of the command removes the parameter from the configuration and indicates that the value on group level will be taken.
The no form of the command removes the IP address from the tunnel configuration.
The no form of the command removes the preference value from the tunnel configuration.
peer ip-address tag
sync-tag-name
[no
] startup-wait-time
[min
minutes] [sec
seconds]
The no form of the command disables ignore-rapid-commit.
[days days][
hrs hours] [
min minutes] [
sec seconds]
The no form of the command disables the sending of forcerenew messages.
The no form of the command returns the value to the default.
The no form of the command returns the value to the default.
The no form of the command reverts to the default.
The no form of the command returns the value to the default.
custom-option option-number address
ip-address [ip-address...(up to 4 max)] (DHCP only)
custom-option option-number address
ipv6-address [ipv6-address...(up to 4 max)] (DHCP6 only
)
The no form of the removes the option from the configuration.
dns-server ip-address [ip-address...(up to 4 max)](DHCP only
)
dns-server ipv6-address [ipv6-address...(up to 4 max)] (DHCP6 only
)
The no form of the command removes the name from the configuration.
renew-timer [days
days][hrs
hours] [min
minutes] [sec
seconds]
rebind-timer [days
days][hrs
hours] [min
minutes] [sec
seconds]
[days days][
hrs hours] [
min minutes] [
sec seconds]
prefix ipv6-address/prefix-length [failover
{local
|remote
}] [pd
] [wan-host
] [create
]
The no form of the command reverts to the default.
The no form of the command reverts to the default.
The no form of the command removes the time from the configuration.
The no form of the command removes the time from the configuration.
lease-time [days
days] [hrs
hours] [min
minutes] [sec
seconds]
The no form of the command removes the lease time parameters from the configuration.
Specifies the name of the local 7x50 DHCP server pool.
subnet {ip-address/mask | ip-address netmask} [create
]
no subnet {ip-address/mask | ip-address netmask}
address-range start-ip-address end-ip-address [failover {local | remote | access-driven}]
no address-range
start-ip-address end-ip-address
The no form of the command means the subnet is active and new leases can be assigned from it.
[no
] exclude-addresses
start-ip-address [end-ip-address]
The no form of the command removes the address(es) from the configuration.
The no form of the command removes the address from the configuration.
[no
] use-pool-from-client
The no form of the command indicates that the pool selection is specified by the value of
use-gi-address setting.
[no
] auto-discovery
[default | mdt-safi
]
The no form of the command disables MVPN membership auto-discovery through BGP.
The no form of the command reverts it back to the default.
mdt-type {sender-receiver |
sender-only |
receiver-only}
The no version of this command restores the default (sender-receiver).
pim {asm
| ssm
} grp-ip-address
The no form of the command removes the pim context including the statements under the context.
The no form of this command reverts to the default value.
The no form of the command reverts the value to the default.
The no form of the command disables improved assert procedure.
This command enables the context for specifying RSVP P2MP LSP for the provider tunnel. The no form of the command removes the rsvp context including all the statements in the context.
[no
] auto-discovery-disable
This command requires the c-mcast-signaling parameter to be set to PIM.
The no form of the command enables multicast VPN membership auto-discovery through BGP.
data-threshold {c-grp-ip-addr/mask | c-grp-ip-addr netmask} s-pmsi-threshold
The no form of the command removes the values from the configuration.
|
Values
|
c-grp-ip-addr : multicast group address a.b.c.d mask [4..32] netmask : a.b.c.d (network bits all 1 and host bits all 0) s-pmsi-threshold : [1..4294967294](threshold in kbps) c-grp-ipv6-addr : multicast ipv6-address x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d x [0..FFFF]H d [0..255]D prefix-length [1..128]
|
[no
] join-tlv-packing-disable
[no
] pim-asm
{grp-ip-address/mask | grp-ip-address netmask}
pim-ssm {grp-ip-address/mask | grp-ip-address netmask}
umh-pe ip-address standby
ip-address
umh-selection {highest-ip
|hash-based
|tunnel-status
|unicast-rt-pref
}
The no form of the command resets it back to default.
vrf-export {unicast
| policy-name [policy-name...(up to 16 max)]}
vrf-import {unicast
| policy-name [policy-name...(up to 16 max)]}
vrf-target {unicast
| ext-community | export unicast
| ext-community | import unicast
| ext-community}
The no form of the command removes the vrf-target.
An extended BGP community in the type:
x:
y format. The value
x can be an integer or IP address. The
type can be the target or origin.
x and
y are 16-bit integers.
|
Values
|
target:{ip-address: comm-val | 2byte-asnumber:ext-comm-val| 4byte-asnumber:comm-val} ip-address: a.b.c.d comm-val: 0 — 65535 2byte-asnumber: 1 — 65535 4byte-asnumber 0 — 4294967295
|
export {unicast
| ext-community}
An extended BGP community in the type:
x:
y format. The value
x can be an integer or IP address. The
type can be the target or origin.
x and
y are 16-bit integers.
|
Values
|
target:{ip-address: comm-val | 2byte-asnumber:ext-comm-val| 4byte-asnumber:comm-val} ip-address: a.b.c.d comm-val: 0 — 65535 2byte-asnumber: 1 — 65535 4byte-asnumber 0 — 4294967295
|
import {unicast
| ext-community}
An extended BGP community in the type:
x:
y format. The value
x can be an integer or IP address. The
type can be the target or origin.
x and
y are 16-bit integers.
|
Values
|
target:{ip-address: comm-val | 2byte-asnumber:ext-comm-val| 4byte-asnumber:comm-val} ip-address: a.b.c.d comm-val: 0 — 65535 2byte-asnumber: 1 — 65535 4byte-asnumber 0 — 4294967295
|
[no
] authentication-check
When authentication-check is enabled, NTP PDUs are authenticated on receipt. However, mismatches cause a counter to be increased, one counter for type and one for key-id, one for type, value mismatches. These counters are visible in a show command.
The no form of this command allows authentication mismatches to be accepted; the counters however are maintained.
The no form of the command removes the authentication key.
broadcast {interface
ip-int-name} [key-id
key-id] [version
version] [ttl
ttl]
The no form of this command removes the address from the configuration.
[no
] redundant-interface
ip-int-name
address {ip-address/mask | ip-address netmask} [remote-ip
ip-address]
The SDP must already be defined in the config>service>sdp context in order to associate an SDP with a VPRN service. If the
sdp sdp-id is not already configured, an error message is generated. If the
sdp-id does exist, a binding between that
sdp-id and the service is created.
The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router.
No sdp-id is bound to a service.
Several SDPs can be bound to a VPRN service. Each SDP must be destined to a different 7750 SR router. If two
sdp-id bindings terminate on the same 7750 SR, an error occurs and the second SDP binding is rejected.
spoke-sdp sdp-id [:vc-id] vc-type {ether
|ipipe
} [create
]
The SDP must already be defined in the config>service>sdp context in order to associate an SDP with a service. If the
sdp sdp-id is not already configured, an error message is generated. If the
sdp-id does exist, a binding between that
sdp-id and the service is created.
The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router.
The no form of this command disables the use of the hash label.
qos network-policy-id fp-redirect-group
queue-group-name instance
instance-id
|
b
|
a queue-group policer followed by the per-FP ingress shared queues referred to as policer-output-queues if the ingress context of the network IP interface from which the packet is received is redirected to a queue-group (csc-policing). The only exceptions to this behavior are for packets received from a IES/VPRN spoke interface and from an R-VPLS spoke-SPD, which is forwarded to the R-VPLS IP interface. In these two cases, the ingress network shared queue for the packet FC defined in the network-queue policy applied to the ingress of the MDA/FP is used.
|
The no version of this command removes the redirection of the pseudowire to the queue-group.
no filter [ip
ip-filter-id] [ipv6
ipv6-filter-id]
The no form of this command removes any configured filter ID association with the SAP or IP interface. The filter ID itself is not removed from the system unless the scope of the created filter is set to local. To avoid deletion of the filter ID and only break the association with the service object, use scope command within the filter definition to change the scope to local or global. The default scope of a filter is local.
qos network-policy-id port-redirect-group
queue-group-name [instance
instance-id]
The no version of this command removes the redirection of the pseudowire to the queue-group.
This optional parameter specifies that the queue-group-name will be used for all egress forwarding class redirections within the network QoS policy ID. The specified
queue-group-name must exist as a port egress queue group on the port associated with the IP interface.
The interface command, under the context of services, is used to create and maintain IP routing interfaces within VPRN service IDs. The
interface command can be executed in the context of an VPRN service ID. The IP interface created is associated with the service core network routing instance and default routing table. The typical use for IP interfaces created in this manner is for internet access.
Interface names are case sensitive and must be unique within the group of defined IP interfaces defined for config router interface and
config service vprn interface. Interface names must not be in the dotted decimal notation of an IP address. For example, the name “1.1.1.1” is not allowed, but “int-1.1.1.1” is allowed. Show commands for router interfaces use either interface names or the IP addresses. Use unique IP address values and IP address names to maintain clarity. It could be unclear to the user if the same IP address and IP address name values are used. Although not recommended, duplicate interface names can exist in different router instances.
The available IP address space for local subnets and routes is controlled with the config router service-prefix command. The
service-prefix command administers the allowed subnets that can be defined on service IP interfaces. It also controls the prefixes that may be learned or statically defined with the service IP interface as the egress interface. This allows segmenting the IP address space into
config router and
config service domains.
The no form of this command removes IP the interface and all the associated configuration. The interface must be administratively shutdown before issuing the
no interface command.
If ip-int-name already exists within the service ID, the context will be changed to maintain that IP interface. If
ip-int-name already exists within another service ID or is an IP interface defined within the
config router commands, an error will occur and context will not be changed to that IP interface. If
ip-int-name does not exist, the interface is created and context is changed to that interface for further command processing.
[no
] active-cpm-protocols
address ip-address/mask | ip-address netmask} [broadcast
[all-ones
| host-ones
]
The local subnet that the address command defines must be part of the services address space within the routing context using the
config router service-prefix command. The default is to disallow the complete address space to services. Once a portion of the address space is allocated as a service prefix, that portion can be made unavailable for IP interfaces defined within the
config router interface CLI context for network core connectivity with the
exclude option in the
config router service-prefix command.
Use the no form of this command to remove the IP address assignment from the IP interface. When the
no address command is entered, the interface becomes operationally down.
The IP address of the IP interface. The ip-address portion of the
address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).
The forward slash is a parameter delimiter and separates the ip-address portion of the IP address from the mask that defines the scope of the local subnet. No spaces are allowed between the
ip-address, the “
/” and the
mask-length parameter. If a forward slash is not immediately following the
ip-address, a dotted decimal mask must follow the prefix.
The optional broadcast parameter overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is
host-ones which indictates a subnet broadcast address. Use this parameter to change the broadcast address to
all-ones or revert back to a broadcast address of
host-ones.
The all-ones keyword following the
broadcast parameter specifies the broadcast address used by the IP interface for this IP address will be 255.255.255.255, also known as the local broadcast.
The host-ones keyword following the
broadcast parameter specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the
ip-address and the
mask-length or
mask with all the host bits set to binary one. This is the default broadcast address used by an IP interface.
The broadcast parameter within the
address command does not have a negate feature, which is usually used to revert a parameter to the default value. To change the
broadcast type to
host-ones after being changed to
all-ones, the
address command must be executed with the
broadcast parameter defined.
[no
] allow-directed-broadcasts
A directed broadcast is a packet received on a local router interface destined for the subnet broadcast address on another IP interface. The allow-directed-broadcasts command on an IP interface enables or disables the transmission of packets destined to the subnet broadcast address of the egress IP interface.
The no form of this command disables the forwarding of directed broadcasts out of the IP interface.
no allow-directed-broadcasts — Directed broadcasts are dropped.
bfd transmit-interval [receive
receive-interval] [multiplier
multiplier] [echo-receive echo-interval] [type
cpm-np
]
The no form of the command removes BFD from the associated IGP protocol adjacency.
Important notes: On the 7750-SR, the
transmit-interval, receive receive-interval, and echo-receive echo-interval values can only be modified to a value less than 100 when:
|
1.
|
The type cpm-np option is explicitly configured.
|
To remove the type cpm-np option, re-issue the
bfd command without specifying the
type parameter.
cflowd {acl
| interface
} [direction
]
cflowd configuration associated with a filter.
cflowd configuration associated with an IP interface.
The no form of the command removes CPU protection policy association from the interface, resulting in no default rate limiting of control packets.
The configuration of no cpu-protection returns the interface/SAP to the default policies as shown above.
The configuration of no cpu-protection returns the interface/SAP to the default policies as shown above.
no dns [ip-address] [secondary
ip-address]
The no form of the command deletes either the specified primary DNS address, secondary DNS address or both addresses from the IPCP extension peer-ip-address configuration.
The no form of the command deletes the IPCP extension peer-ip-address configuration.
address ipv6-address/mask [eui-64
] [preferred
]
When the eui-64 keyword is specified, a complete IPv6 address from the supplied prefix and 64-bit interface identifier is formed. The 64-bit interface identifier is derived from MAC address on Ethernet interfaces. For interfaces without a MAC address, for example ATM interfaces, the Base MAC address of the chassis is used.
[no
] mac
ieee-mac-address
The no form of this command returns the MAC address of the IP interface to the default value.
The no form of the command removes the association from the configuration.
[no
] proxy-arp-policy
policy-name [policy-name...(up to 5 max)]
If the optional destination parameter is specified and the destination address of an incoming IP packet matches a route with QoS information the packet is classified to the fc and priority associated with that route, overriding the fc and priority/profile determined from the sap-ingress or network qos policy associated with the IP interface. If the destination address of the incoming packet matches a route with no QoS information the fc and priority of the packet remain as determined by the sap-ingress or network QoS policy.
If the optional source parameter is specified and the source address of an incoming IP packet matches a route with QoS information the packet is classified to the fc and priority associated with that route, overriding the fc and priority/profile determined from the sap-ingress or network qos policy associated with the IP interface. If the source address of the incoming packet matches a route with no QoS information the fc and priority of the packet remain as determined by the sap-ingress or network QoS policy.
If neither the optional source or
destination parameter is present, then the default is
destination address matching.
The no form of the command reverts to the default.
secondary {ip-address/mask | ip-address netmask} [broadcast all-ones
| host-ones
] [igp-inhibit
]
The IP address of the IP interface. The ip-address portion of the
address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).
The optional broadcast parameter overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is
host-ones which indictates a subnet broadcast address. Use this parameter to change the broadcast address to
all-ones or revert back to a broadcast address of
host-ones.
The all-ones keyword following the
broadcast parameter specifies the broadcast address used by the IP interface for this IP address will be 255.255.255.255, also known as the local broadcast.
The host-ones keyword following the
broadcast parameter specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the
ip-address and the
mask-length or
mask with all the host bits set to binary one. This is the default used by an IP interface.
The
broadcast parameter within the
address command does not have a negate feature, which is usually used to revert a parameter to the default value. To change the
broadcast type to
host-ones after being changed to
all-ones, the
address command must be executed with the
broadcast parameter defined.
The optional igp-inhibit parameter signals that the given secondary IP interface should not be recognized as a local interface by the running IGP. For OSPF and IS-IS, this means that the specified secondary IP interfaces will not be injected and used as passive interfaces and will not be advertised as internal IP interfaces into the IGP’s link state database. For RIP, this means that these secondary IP interfaces will not source RIP updates.
The no form of this command removes a static ARP entry.
The no form removes the strip-label command.
The no tos-marking-state command is used to restore the trusted state to a network IP interface. This is equivalent to executing the tos-marking-state trusted command.
Specifies that all egress network IP interfaces will remark IP packets received on the network interface according to the egress marking definitions on each network interface.
[no
] allow-unmatching-prefixes
[no
] allow-unmatching-prefixes
The no form of the command disables DHCPv6 relay information options.
The no form of the command disables the sending of interface ID options in the DHCPv6 relay packet
The no form of the command disables the sending of remote ID option in the DHCPv6 relay packet.
[no
] router-advertisements
[no
] managed-configuration
[no
] other-stateful-configuration
[no
] delegated-prefix-length
prefix-length
prefix ipv6-address/prefix-length [pd
] [wan-host
]
[no
] private-retail-subnets
If the retail VPRN is of the type hub, this attribute is mandatory. Then, it will be enabled by default and it will not be possible to deconfigure it.
qos network-policy-id port-redirect-group
queue-group-name egress-instance
instance-id fp- redirect-group
queue-group-name ingress-instance
instance-id
The no form of the command removes the network QoS policy association from the network IP interface, and the QoS policy reverts to the default.
The no form of the command disables unicast RPF (uRPF) Check on this interface.
mode {strict
| loose | strict-no-ecmp
}
The no form of the command reverts to the default (strict) mode.
In loose mode, uRPF checks whether incoming packet has source address with a corresponding prefix in the routing table. However, the loose mode does not check whether the interface expects to receive a packet with a specific source address prefix. This object is valid only when
urpf-check is enabled.
The no form of the command removes the server client type from the configuration.
action {replace
| drop
| keep
}
This command configures the processing required when the SR-Series router receives a DHCP request that already has a Relay Agent Information Option (Option 82) field in the packet.
The no form of this command returns the system to the default value.
Per RFC 3046, DHCP Relay Agent Information Option , section 2.1.1,
Reforwarded DHCP requests, the default is to keep the existing information intact. The exception to this is if the giaddr of the received packet is the same as the ingress address on the router. In that case the packet is dropped and an error is logged.
circuit-id [ascii-tuple
| ifindex
| sap-id
| vlan-ascii-tuple
]
When enabled, the router sends the interface index (If Index) in the circuit-id suboption of the DHCP packet. The If Index of a router interface can be displayed using the command
show>router>interface>detail. This option specifies data that must be unique to the router that is relaying the circuit.
If disabled, the circuit-id suboption of the DHCP packet will be left empty.
The no form of this command returns the system to the default.
The no form of the command disables neighbor resolution.
When the match-circuit-id command is enabled we use this as part of the key to guarantee correctness in our lookup. This is really only needed when we are dealing with an IP aware DSLAM that proxies the client hardware MAC address.
The no form of this command returns the system to the default.
The no form of the command disables the option.
When enabled, the router sends the MAC address of the remote end (typically the DHCP client) in the remote-id suboption of the DHCP packet. This command identifies the host at the other end of the circuit. If disabled, the
remote-id suboption of the DHCP packet will be left empty.
The no form of this command returns the system to the default.
[no
] vendor-specific-option
The no form of the command disables the sending of the MAC address in the Alcatel-Lucent vendor specific suboption of the DHCP relay packet.
The no form of the command disables the feature.
The no form of the command disables the sending.
The no form of the command disables the sending.
The no form of the command disables the sending of the SAP ID in the Alcatel-Lucent vendor specific suboption of the DHCP relay packet.
The no form of the command disables the sending of the service ID in the Alcatel-Lucent vendor specific suboption of the DHCP relay packet.
The no form of the command returns the default value.
The no form of this command reverts to the default setting. The local proxy server will not become operational without a specified emulated server address.
lease-time [days
days] [hrs
hours] [min
minutes] [sec
seconds] [radius-override
]
server server1 [server2...(up to 8 max)]
This command specifies a list of servers where requests will be forwarded. The list of servers can entered as either IP addresses or fully qualified domain names. There must be at least one server specified for DHCP relay to work. If there are multiple servers then the request is forwarded to all of the servers in the list. There can be a maximum of 8 DHCP servers configured.
The flood command is applicable only in the VPLS case. There is a scenario with VPLS where the VPLS node only wants to add Option 82 information to the DHCP request to provider per-subscriber information, but it does not do full DHCP relay. In this case, the server is set to "flood". This means the DHCP request is still a broadcast and is sent through the VPLS domain. A node running at L3 further upstream then can perform the full L3 DHCP relay function.
The no form of the command disables the relaying of plain BOOTP packets.
The no form of the command disables snooping.
According to RFC 3046, DHCP Relay Agent Information Option, a DHCP request where the giaddr is 0.0.0.0 and which contains a Option 82 field in the packet, should be discarded, unless it arrives on a "trusted" circuit.
If trusted mode is enabled on an IP interface, the relay agent (the SR-Series) will modify the request's giaddr to be equal to the ingress interface and forward the request.
The no form of this command returns the system to the default.
The no form of the command disables the use of ARP to determine the destination heardware address
The no form of the command removes the value from the configuration.
[no
] enable-ingress-stats
[no
] enable-mac-accounting
The no form of the command disables MAC accounting functionality on this interface.
If a local node sends an ICMP mask request to the router interface, the mask-reply command configures the router interface to reply to the request.
The no form of this command disables replies to ICMP mask requests on the router interface.
mask-reply — Reply to ICMP mask requests.
The redirects command enables the generation of ICMP redirects on the router interface. The rate at which ICMP redirects is issued can be controlled with the optional
number and
seconds parameters by indicating the maximum number of redirect messages that can be issued on the interface for a given time interval.
The no form of this command disables the generation of icmp redirects on the router interface.
redirects 100 10 — Maximum of 100 redirect messages in 10 seconds.
The no form of this command disables the limiting the rate of TTL expired messages on the router interface.
The unreachables command enables the generation of ICMP destination unreachables on the router interface. The rate at which ICMP unreachables is issued can be controlled with the optional
number and
seconds parameters by indicating the maximum number of destination unreachable messages which can be issued on the interface for a given time interval.
The no form of this command disables the generation of icmp destination unreachable messages on the router interface.
If a local node sends an ICMP mask request to the router interface, the mask-reply command configures the router interface to reply to the request.
The no form of this command disables replies to ICMP mask requests on the router interface.
mask-reply — Reply to ICMP mask requests.
The redirects command enables the generation of ICMP redirects on the router interface. The rate at which ICMP redirects is issued can be controlled with the optional
number and
seconds parameters by indicating the maximum number of redirect messages that can be issued on the interface for a given time interval.
The no form of this command disables the generation of icmp redirects on the router interface.
redirects 100 10 — Maximum of 100 redirect messages in 10 seconds.
The no form of this command disables the limiting the rate of TTL expired messages on the router interface.
The unreachables command enables the generation of ICMP destination unreachables on the router interface. The rate at which ICMP unreachables is issued can be controlled with the optional
number and
seconds parameters by indicating the maximum number of destination unreachable messages which can be issued on the interface for a given time interval.
The no form of this command disables the generation of icmp destination unreachable messages on the router interface.
[no
] router-advertisement
The no form of the command disables all IPv6 interface. However, the
no interface interface-name command disables a specific interface.
[no
] interface
ip-int-name
[no
] managed-configuration
[no
] max-advertisement-interval
seconds
[no
] min-advertisement-interval
seconds
Specify the MTU for the nodes to use to send packets on the link.
[no
] other-stateful-configuration
[no
] prefix
[ipv6-prefix/prefix-length]
[no
] preferred-lifetime
{seconds | infinite
}
The no form of the command disables sending router advertisement messages.
[no
] destination-prefix
ip-prefix/length
[no] address
ipv6-address
The no form of the command removes the value from the configuration.
The no form of the command reverts the default.
The no form of the command reverts the default.
[no
] address
ip-address/mask
pool nat-pool-name [nat-group
nat-group-id type
pool-type [no-allocate
] [create
]
Syntax: ip-prefix/length : ip-prefix a.b.c.d
ip-prefix-length 0 — 32
Use the no form of the command to remove the subscriber interface.
[no
] address
{ip-address/mask|ip-address netmask} [gw-ip-address
ip-address] [populate-host-routes
] [track-srrp
srrp-instance [holdup-time
msecs]]
Defining an SRRP gateway IP address on a subscriber subnet is not optional when the subnet is associated with a group IP interface with SRRP enabled. Enabling SRRP (no shutdown) will fail if one or more subscriber subnets do not have an SRRP gateway IP address defined. Creating a new subscriber subnet without an SRRP gateway IP address defined will fail when the subscriber subnet is associated with a group IP interface with an active SRRP instance. Once SRRP is enabled on a group interface, the SRRP instance will manage the ARP response and routing behavior for all subscriber hosts reachable through the group IP interface.
[no
] allow-unmatching-subnets
[no
] group-interface
ip-int-name
The no form of the command disables the feature.
If an authentication policy is also configured, pppoe-access-method must be set to none in this authentication policy to use the local user database (in that case RADIUS authentication will not be used for PPPoE hosts).
If a local node sends an ICMP mask request to the router interface, the mask-reply command configures the router interface to reply to the request.
The no form of this command disables replies to ICMP mask requests on the router interface.
mask-reply — Reply to ICMP mask requests.
The redirects command enables the generation of ICMP redirects on the router interface. The rate at which ICMP redirects is issued can be controlled with the optional
number and
seconds parameters by indicating the maximum number of redirect messages that can be issued on the interface for a given time interval.
The no form of this command disables the generation of icmp redirects on the router interface.
redirects 100 10 — Maximum of 100 redirect messages in 10 seconds.
The no form of this command disables the limiting the rate of TTL expired messages on the router interface.
The unreachables command enables the generation of ICMP destination unreachables on the router interface. The rate at which ICMP unreachables is issued can be controlled with the optional
number and
seconds parameters by indicating the maximum number of destination unreachable messages which can be issued on the interface for a given time interval.
The no form of this command disables the generation of icmp destination unreachable messages on the router interface.
The no form of the command removes the LAG id from the configuration.
All SAPs must be explicitly created. If no SAPs are created within a service or on an IP interface, a SAP will not exist on that object.
Enter an existing SAP without the create keyword to edit SAP parameters. The SAP is owned by the service in which it was created.
A SAP can only be associated with a single service. A SAP can only be defined on a port that has been configured as an access port using the
config interface port-type port-id mode access command. Channelized TDM ports are always access ports.
If a port is shutdown, all SAPs on that port become operationally down. When a service is shutdown, SAPs for the service are not displayed as operationally down although all traffic traversing the service will be discarded. The operational state of a SAP is relative to the operational state of the port on which the SAP is defined.
The no form of this command deletes the SAP with the specified port. When a SAP is deleted, all configuration parameters for the SAP will also be deleted.
sap ipsec-
id.
private |
public:
tag — This parameter associates an IPSec group SAP with this interface. This is the public side for an IPSec tunnel. Tunnels referencing this IPSec group in the private side may be created if their local IP is in the subnet of the interface subnet and the routing context specified matches with the one of the interface.
The port-id must reference a valid port type. When the
port-id parameter represents SONET/SDH and TDM channels the port ID must include the channel ID. A period “.” separates the physical port from the
channel-id. The port must be configured as an access port.
The no form of the command removes the association.
|
Values
|
dual-homed — the primary dual homed aa-subscriber side service point of an aarp instance, only supported for IES and VPRN SAP and spoke-sdp dual-homed-secondary — One of the secondary dual homed aa-subscriber side service points of an aarp instance, only supported for IES and VPRN SAP and spoke-sdp.
|
The no form of the command removes the association of the policy to the service.
The no form of this command removes the accounting policy association from the SAP, and the acccounting policy reverts to the default.
When the no collect-stats command is issued the statistics are still accumulated by the IOM cards. However, the CPU will not obtain the results and write them to the billing file. If a subsequent
collect-stats command is issued then the counters written to the billing file include all the traffic while the
no collect-stats command was in effect.
cpu-protection policy-id [mac-monitoring] | [eth-cfm-monitoring [aggregate][car]]
The no form of the command removes the association of the CPU protection policy from the associated interface and reverts to the default policy values.
The no form of the command removes the values from the configuration.
This command configures RFC 2684, Multiprotocol Encapsulation over ATM AAL5, encapsulation for an ATM PVCC delimited SAP. This command specifies the data encapsulation for an ATM PVCC delimited SAP. The definition also references the ATM Forum LAN Emulation specification.
Ingress traffic that does not match the configured encapsulation will be dropped.
|
Values
|
aal5snap-routed — Routed encapsulation for LLC encapsulated circuit (LLC/SNAP precedes protocol datagram) as defined in RFC 2684. aal5mux-ip — Routed IP encapsulation for VC multiplexed circuit as defined in RFC 2684. aal5snap-bridged — Bridged encapsulation for LLC encapsulated circuit (LLC/SNAP precedes protocol datagram) as defined in RFC 2684. aal5mux-bridged-eth-nofcs — Bridged IP encapsulation for VC multiplexed circuit as defined in RFC 2684.
|
The no form of the command reverts the traffic descriptor to the default traffic descriptor profile.
The no command disables alarm-cells functionality for a PVCC. When alarm-cells functionality is disabled, a PVCC’s operational status is no longer affected by a PVCC’s OAM state changes due to AIS/RDI processing (note that when alarm-cells is disabled, a PVCC will change operational status to UP due to alarm-cell processing) and RDI cells are not generated as result of the PVCC going into AIS or RDI state. The PVCC’s OAM status, however, will record OAM faults as described above.
The no form of the command sets the value back to the default.
The no form of the command disables anti-spoof filtering on the SAP.
This command enables populating static and dynamic hosts into the system ARP cache. When enabled, the host’s IP address and MAC address are placed in the system ARP cache as a managed entry. Static hosts must be defined on the interface using the host command. Dynamic hosts are enabled on the system through enabling lease-populate in the IP interface DHCP context. In the event that both a static host and a dynamic host share the same IP and MAC address, the system’s ARP cache retains the host information until both the static and dynamic information are removed. Both static and dynamic hosts override static ARP entries. Static ARP entries are marked as inactive when they conflict with static or dynamic hosts and will be repopulated once all static and dynamic host information for the IP address are removed. Since static ARP entries are not possible when static subscriber hosts are defined or when DHCP lease state table population is enabled, conflict between static ARP entries and the arp-populate function is not an issue.
The arp-populate command will fail if an existing static subscriber host on the SAP does not have both MAC and IP addresses specified.
Once arp-populate is enabled, creating a static subscriber host on the SAP without both an IP address and MAC address will fail.
arp-populate can only be enabled on VPRN interfaces supporting Ethernet encapsulation.
Use the no form of the command to disable ARP cache population functions for static and dynamic hosts on the interface. All static and dynamic host information in the systems ARP cache will be removed. Any existing static ARP entries previously inactive due to static or dynamic hosts will be populated in the system ARP cache.
When arp-populate is enabled, the system will not send out ARP Requests for hosts that are not in the ARP cache. Only statically configured and DHCP learned hosts are reachable through an IP interface with arp-populate enabled.
The no form of this command restores
arp-timeout to the default value.
The no form of this command removes the policy name from the group interface configuration.
This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages. The value inserted is set at the SAP level. If no value is set at the SAP level, an empty string is included.
[no
] host
{[ip
ip-address [mac
ieee-address]} [subscriber
sub-ident-string] [sub-profile
sub-profile-name] [sla-profile
sla-profile-name]
no host {[ip
ip-address] [mac
ieee-address]}
Static hosts may exist on the SAP even with anti-spoof and arp-populate (VPRN) features disabled. When enabled, each feature has different requirements for static hosts.
The no form of the command removes a static entry from the system. The specified
ip address and
mac address must match the host’s exact IP and MAC addresses as defined when it was created. When a static host is removed from the SAP, the affect of its removal on the anti-spoof filter, ARP cache or the VPLS forwarding database is also evaluated.
|
•
|
For VPRN SAPs with arp-reply-agent enabled with the optional sub-ident parameter, the static subscriber host’s sub-ident-string is used to determine whether an ARP request received on the SAP is sourced from a host belonging to the same subscriber as the destination host. When both the destination and source hosts from the ARP request are known on the SAP and the subscriber identifications do not match, the ARP request may be forwarded to the rest of the VPRN destinations.
|
If sub-ident is not enabled on the SAP arp-reply-agent, subscriber identification matching is not performed on ARP requests received on the SAP.
The no form of the command disables the use of FRF12 headers.
The no form of the command reverts to the default.
config>service>vprn>if>sap>frame-relay>frf.12
The no form of this command restores the default mode of operation.
The no form of the command removes IPv4 flowspec filtering from an IP interface.
The no form of the command removes IPv6 flowspec filtering from an IP interface.
The no form of the command deletes the backup-destination address from the GRE tunnel configuration.
The no form of the command deletes the delivery-service from the GRE tunnel configuration.
|
Values
|
be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, cp35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63
|
The no form of the command deletes the source address from the GRE tunnel configuration. The tunnel must be administratively shutdown before issuing the
no source command.
The no form of the command deletes the destination address from the GRE tunnel configuration.
This command defines a maximum total rate for all egress queues on a service SAP or multi-service site. The agg-rate-limit command is mutually exclusive with the egress scheduler policy. When an egress scheduler policy is defined, the agg-rate-limit command will fail. If the agg-rate-limit command is specified, an attempt to bind a scheduler-policy to the SAP or multi-service site will fail.
The no form of the command removes the aggregate rate limit from the SAP or multi-service site.
The filter command is used to associate a filter policy with a specified
ip-filter-id with an ingress or egress SAP. The
ip-filter-id must already be defined before the
filter command is executed. If the filter policy does not exist, the operation will fail and an error message returned.
The no form of this command removes any configured filter ID association with the SAP or IP interface. The filter ID itself is not removed from the system unless the scope of the created filter is set to local. To avoid deletion of the filter ID and only break the association with the service object, use
scope command within the filter definition to change the scope to
local or
global. The default scope of a filter is
local.
The no form of the command removes flowspec filtering from an IP interface.
The no form of the command removes flowspec filtering from an IP interface.
[no
] hsmda-queue-override
config>service>vprn>if>sap>egress>hsmda-queue-overider
config>service>vprn>if>sap>egress>hsmda-queue-overider
config>service>vprn>if>sap>egress>hsmda-queue-overider
config>service>vprn>if>sap>egress>hsmda-queue-overider>queue
The no form of the command returns the weight value for the queue to the default value.
config>service>vprn>if>sap>egress>hsmda-queue-overider
config>service>vprn>if>sap>egress>hsmda-queue-overider
The match-qinq-dot1p command allows the top or bottom PBits to be used when evaluating the applied sap-ingress QoS policy’s Dot1P entries. The
top and
bottom keywords specify which position should be evaluated for QinQ encapsulated packets.
The no form of the command restores the default dot1p evaluation behavior for the SAP.
no match-qinq-dot1p - No filtering based on p-bits.
top
or bottom
must be specified to override the default QinQ dot1p behavior.
When enabled (the encapsulation type of the access port where this SAP is defined as qinq), the qinq-mark-top-only command specifies which P-bits/DEI bitto mark during packet egress. When disabled, both set of P-bits/DEI bit are marked. When the enabled, only the P-bits/DEI bit in the top Q-tag are marked.
qos policy-id [port-redirect-group
queue-group-name instance
instance-id]
The no form of this command removes the QoS policy association from the SAP, and the QoS policy reverts to the default.
qos policy-id [shared-queuing
| multipoint-shared
] fp-redirect-group queue-group-name instance instance-id
This keyword specifies that this queue-id is for multipoint forwarded traffic only. This queue-id can only be explicitly mapped to the forwarding class multicast, broadcast, or unknown unicast ingress traffic. Attempting to map forwarding class unicast traffic to a multipoint queue generates an error; no changes are made to the current unicast traffic queue mapping.
A queue must be created as multipoint. The multipoint designator cannot be defined after the queue is created. If an attempt is made to modify the command to include the multipoint keyword, an error is generated and the command will not execute.
The multipoint keyword can be entered in the command line on a pre-existing multipoint queue to edit queue-id parameters.
scheduler-policy scheduler-policy-name
The no form of this command removes the configured ingress or egress scheduler policy from the multi-service customer site. When the policy is removed, the schedulers created due to the policy are removed also making them unavailable for the ingress SAP queues associated with the customer site. Queues that lose their parent scheduler association are deemed to be orphaned and are no longer subject to a virtual scheduler. The SAPs that have ingress queues reliant on the removed schedulers enter into an operational state depicting the orphaned status of one or more queues. When the
no scheduler-policy command is executed, the customer site ingress or egress node will not contain an applied scheduler policy.
The scheduler-policy-name parameter applies an existing scheduler policy that was created in the
config>qos>scheduler-policy scheduler-policy-name context to create the hierarchy of ingress or egress virtual schedulers. The scheduler names defined within the policy are created and made available to any ingress or egress queues created on associated SAPs.
config>service>vprn>if>sap>ipsec-gw>cert
config>service>vprn>if>sap>ipsec-gw>cert
config>service>vprn>if>sap>ipsec-gw>cert
|
Values
|
service-id: 1 — 2147483648 svc-name: Specifies an existing service name up to 64 characters in length.
|
The no form of this command reverts the SAP/network interface to use per-flow, service or link hash as configured for the service/LAG.
This command creates a new customer site or edits an existing customer site with the customer-site-name parameter. A customer site is an anchor point to create an ingress and egress virtual scheduler hierarchy. When a site is created, it must be assigned to a chassis slot or port with the exception of the 7750 SR-1 in which the slot is set to 1. When scheduler policies are defined for ingress and egress, the scheduler names contained in each policy are created according to the parameters defined in the policy. Multi-service customer sites exist for the sole purpose of creating a virtual scheduler hierarchy and making it available to queues on multiple Service Access Points (SAPs).
Each customer site must have a unique name within the context of the customer. If customer-site-name already exists for the customer ID, the CLI context changes to that site name for the purpose of editing the site scheduler policies or assignment. Any modifications made to an existing site will affect all SAPs associated with the site. Changing a scheduler policy association may cause new schedulers to be created and existing queues on the SAPs to no longer be orphaned. Existing schedulers on the site may cease to exist, causing queues relying on that scheduler to be orphaned.
If the customer-site-name does not exist, it is assumed that an attempt is being made to create a site of that name in the customer ID context. The success of the command execution depends on the following:
|
•
|
The customer-site-name is valid.
|
|
•
|
The create keyword is included in the command line syntax (if the system requires it).
|
If the customer-site-name is invalid, a syntax error occurs; the command will not execute and the CLI context will not change.
sla-profile sla-profile-name
route {ip-prefix/length | ip-prefix netmask} [create
]
no route {ip-prefix/length | ip-prefix netmask}
The no form of the command removes the respective route. Per default, there are no managed-routes configured.
config>service>vprn>if>sap>egress>queue-override>queue
config>service>vprn>if>sap>ingress>queue-override>queue
The no form of the command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy. When a specific
adaptation-rule is removed, the default constraints for
rate and
cir apply.
The pir parameter defines the constraints enforced when adapting the PIR rate defined within the
queue queue-id rate command. The
pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the
rate command is not specified, the default applies.
The cir parameter defines the constraints enforced when adapting the CIR rate defined within the
queue queue-id rate command. The
cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the
cir parameter is not specified, the default constraint applies.
|
Values
|
max — The max (maximum) keyword is mutually exclusive with the min and closest options. When max is defined, the operational PIR for the queue will be equal to or less than the administrative rate specified using the rate command.
|
min — The
min (minimum) keyword is mutually exclusive with the
max and
closest options. When
min is defined, the operational PIR for the queue will be equal to or greater than the administrative rate specified using the
rate command.
closest — The
closest parameter is mutually exclusive with the
min and
max parameter. When
closest is defined, the operational PIR for the queue will be the rate closest to the rate specified using the
rate command.
This command configures the average frame overhead to define the average percentage that the offered load to a queue will expand during the frame encapsulation process before sending traffic on-the-wire. While the avg-frame-overhead value may be defined on any queue, it is only used by the system for queues that egress a Sonet or SDH port or channel. Queues operating on egress Ethernet ports automatically calculate the frame encapsulation overhead based on a 20 byte per packet rule (8 bytes for preamble and 12 bytes for Inter-Frame Gap).
The no form of this command restores the average frame overhead parameter for the queue to the default value of 0 percent. When set to 0, the system uses the packet based queue statistics for calculating port scheduler priority bandwidth allocation. If the no avg-frame-overhead command is executed in a queue-override queue id context, the avg-frame-overhead setting for the queue within the sap-egress QoS policy takes effect.
config>service>vprn>if>sap>egress>queue-override>queue
config>service>vprn>if>sap>ingress>queue-override>queue
The no form of this command returns the CBS size to the default value.
config>service>vprn>if>sap>egress>queue-override>queue
config>service>vprn>if>sap>ingress>queue-override>queue
This command can be used to override specific attributes of the specified queue’s high-prio-only parameters. The high-prio-only command configures the percentage of buffer space for the queue, used exclusively by high priority packets.
The defined high-prio-only value cannot be greater than the MBS size of the queue. Attempting to change the MBS to a value smaller than the high priority reserve will generate an error and fail execution. Attempting to set the
high-prio-only value larger than the current MBS size will also result in an error and fail execution.
The no form of this command restores the default high priority reserved size.
The percent parameter is the percentage reserved for high priority traffic on the queue. If a value of 10KBytes is desired, enter the value 10. A value of 0 specifies that none of the MBS of the queue will be reserved for high priority traffic. This does not affect RED slope operation for packets attempting to be queued.
mbs {size-in-kbytes | default
}
config>service>vprn>if>sap>egress>queue-override>queue
The no form of this command returns the MBS size assigned to the queue.
mbs {size-in-kbytes | default
}
config>service>vprn>if>sap>ingress>queue-override>queue
The no form of this command
returns the MBS size assigned to the queue to the value.
rate pir-rate [cir
cir-rate]
config>service>vprn>if>sap>egress>queue-override>queue
config>service>vprn>if>sap>ingress>queue-override>queue
The CIR can be used by the queue’s parent commands cir-level and
cir-weight parameters to define the amount of bandwidth considered to be committed for the child queue during bandwidth allocation by the parent scheduler.
The rate command can be executed at any time, altering the PIR and CIR rates for all queues created through the association of the SAP egress QoS policy with the
queue-id.
The no form of the command returns all queues created with the
queue-id by association with the QoS policy to the default PIR and CIR parameters (
max, 0).
The max default specifies the amount of bandwidth in kilobits per second (thousand bits per second). The
max value is mutually exclusive to the
pir-rate value.
The cir parameter overrides the default administrative CIR used by the queue. When the
rate command is executed, a CIR setting is optional. When the
rate command has not been executed or the
cir parameter is not explicitly specified, the default CIR (0) is assumed.
Fractional values are not allowed and must be given as a positive integer. The
sum keyword specifies that the CIR be used as the summed CIR values of the children schedulers or queues.
config>service>vprn>if>sap>egress>hsmda-queue-overide>queue
The rate command can be executed at any time, altering the PIR rates for all queues created through the association of the SAP egress QoS policy with the
queue-id.
The no form of the command returns all queues created with the
queue-id by association with the QoS policy to the default PIR parameters (
max, 0).
Each scheduler must have a unique name within the context of the scheduler policy; however the same name can be reused in multiple scheduler policies. If scheduler-name already exists within the policy tier level (regardless of the inclusion of the keyword create), the context changes to that scheduler name for the purpose of editing the scheduler parameters. Modifications made to an existing scheduler are executed on all instantiated schedulers created through association with the policy of the edited scheduler. This can cause queues or schedulers to become orphaned (invalid parent association) and adversely affect the ability of the system to enforce service level agreements (SLAs).
If the scheduler-name exists within the policy on a different tier (regardless of the inclusion of the keyword create), an error occurs and the current CLI context will not change.
If the scheduler-name does not exist in this or another tier within the scheduler policy, it is assumed that an attempt is being made to create a scheduler of that name. The success of the command execution is dependent on the following:
|
3.
|
The create keyword is entered with the command if the system is configured to require it (enabled in the environment create command).
|
rate pir-rate [cir
cir-rate]
This command can be used to override specific attributes of the specified scheduler rate. The
rate command defines the maximum bandwidth that the scheduler can offer its child queues or schedulers. The maximum rate is limited to the amount of bandwidth the scheduler can receive from its parent scheduler. If the scheduler has no parent, the maximum rate is assumed to be the amount available to the scheduler. When a parent is associated with the scheduler, the CIR parameter provides the amount of bandwidth to be considered during the parent scheduler’s ‘within CIR’ distribution phase.
When a scheduler is defined without specifying a rate, the default rate is max. If the scheduler is a root scheduler (no parent defined), the default maximum rate must be changed to an explicit value. Without this explicit value, the scheduler will assume that an infinite amount of bandwidth is available and allow all child queues and schedulers to operate at their maximum rates.
The no form of this command returns all queues created with this
queue-id by association with the QoS policy to the default PIR and CIR parameters.
The pir parameter accepts a step multiplier value that specifies the multiplier used to determine the PIR rate at which the queue will operate. A value of 0 to 100000000 or the keyword
max or
sum is accepted. Any other value will result in an error without modifying the current PIR rate.
The cir parameter accepts a step-multiplier value that specifies the multiplier used to determine the CIR rate at which the queue will operate. A value of 0 to 250 or the keyword max is accepted. Any other value will result in an error without modifying the current CIR rate.
The vpls command, within the IP interface context, is used to bind the IP interface to the specified service name.
The system does not attempt to resolve the service name provided until the IP interface is placed into the administratively up state (no shutdown). Once the IP interface is administratively up, the system will scan the available VPLS services that have the allow-ip-int-binding flag set for a VPLS service associated with the name. If the service name is bound to the service name when the IP interface is already in the administratively up state, the system will immediately attempt to resolve the given name.
The no form of the command on the IP interface is used to remove the service name binding from the IP interface. If the service name has been resolved to a VPLS service context and the IP interface has been attached to the VPLS service, the IP interface will also be detached from the VPLS service.
The no form of the command is used to remove the IPv4 routed override filter from the ingress IP interface. When removed, the IPv4 ingress routed packets within a VPLS service attached to the IP interface will use the IPv4 ingress filter applied to the packets virtual port when defined.
The no form of the command removes the sap-egress QoS policy used for reclassification from the egress IP interface. When removed, IP routed packets will not be reclassified on the egress SAPs of the VPLS service attached to the IP interface.
[no
] allow-ip-int-binding
The no form of the command resets the allow-ip-int-binding flag on the VPLS service. If the VPLS service currently has an IP interface from an IES or VPRN service attached, the no allow-ip-int-binding command will fail. Once the allow-ip-int-binding flag is reset on the VPLS service, the configuration and hardware restrictions associated with setting the flag are removed. The port network mode hardware restrictions are also removed.
mep mep-id domain
md-index association
ma-index [direction
{up
| down
}]
no mep mep-id domain
md-index association
ma-index
The no form of the command disables the generation of CCM messages.
The no form of the command removes the priority value from the configuration.
[no
] ccm-padding-size
ccm-padding
oam eth-cfm eth-test mac-address mep
mep-id domain
md-index association
ma-index [priority
priority] [data-length
data-length]
The no form of the command removes the values from the configuration.
accept (SAP Level for Epipe and VPLS)
An SLA profile is a named group of QoS parameters used to define per service QoS for all subscriber hosts common to the same subscriber within a provider service offering. A single SLA profile may define the QoS parameters for multiple subscriber hosts. SLA profiles are maintained in two locations, the subscriber identification policy and the subscriber profile templates. After a subscriber host is associated with an SLA profile name, either the subscriber identification policy used to identify the subscriber or the subscriber profile associated with the subscriber host must contain an SLA profile with that name. If both the subscriber identification policy and the subscriber profile contain the SLA profile name, the SLA profile in the subscriber profile is used.
The no form of the command removes the default SLA profile from the SAP configuration.
This command specifies a default subscriber profile for this SAP. The subscriber profile must be defined prior to associating the profile with a SAP in the config>subscriber-mgmt>sub-profile context.
A subscriber profile defines the aggregate QoS for all hosts within a subscriber context. This is done through the definition of the egress and ingress scheduler policies that govern the aggregate SLA for subscriber using the subscriber profile. Subscriber profiles also allow for specific SLA profile definitions when the default definitions from the subscriber identification policy must be overridden.
The no form of the command removes the default SLA profile from the SAP configuration.
This command configures the maximum number of subscribers for this SAP. It is used in conjunction with the profiled-traffic-only command on single subscriber SAPs and creates a subscriber host which is used to forward non-IP traffic through the single subscriber SAP without the need for SAP queues.
The no form of this command returns the default value.
This command configures non-subscriber traffic profiles. It is used in conjunction with the profiled-traffic-only command on single subscriber SAPs and creates a subscriber host which is used to forward non-IP traffic through the single subscriber SAP without the need for SAP queues.
The no form of the command removes removes the profiles and disables the feature.
|
•
|
For VPRN SAPs with arp-reply-agent enabled with the optional sub-ident parameter, the static subscriber host’s sub-ident-string is used to determine whether an ARP request received on the SAP is sourced from a host belonging to the same subscriber as the destination host. When both the destination and source hosts from the ARP request are known on the SAP and the subscriber identifications do not match, the ARP request may be forwarded to the rest of the VPRN destinations.
|
If sub-ident is not enabled on the SAP arp-reply-agent, subscriber identification matching is not performed on ARP requests received on the SAP.
[no] profiled-traffic-only
The no form of the command disables the command.
This command associates a subscriber identification policy to this SAP. The subscriber identification policy must be defined prior to associating the profile with a SAP in the config>subscriber-mgmt>sub-ident-policy context.
Subscribers are managed by the system through the use of subscriber identification strings. A subscriber identification string uniquely identifies a subscriber. For static hosts, the subscriber identification string is explicitly defined with each static subscriber host.
For dynamic hosts, the subscriber identification string must be derived from the DHCP ACK message sent to the subscriber host. The default value for the string is the content of Option 82 CIRCUIT-ID and REMOTE-ID fields interpreted as an octet string. As an option, the DHCP ACK message may be processed by a subscriber identification policy which has the capability to parse the message into an alternative ASCII or octet string value.
The no form of the command removes the default subscriber identifcation policy from the SAP configuration.
The no form of the command removes an SRRP instance from a group IP interface. Once removed, the group interface ignores ARP requests for the SRRP gateway IP addresses that may exist on subscriber subnets associated with the group IP interface. Then the group interface stops routing using the redundant IP interface associated with the group IP interface and will stop routing with the SRRP gateway MAC address. Ingress packets destined to the SRRP gateway MAC will also be silently discarded. This is the same behavior as a group IP interface that is disabled (shutdown).
The no form of the command removes the explicit SRRP gateway MAC address from the SRRP instance. The SRRP gateway MAC address can only be changed or removed when the SRRP instance is shutdown.
The no form of the command restores the default interval.
The no form of the command can only be executed when the SRRP instance is shutdown. Executing no message-path allows the existing SAP to be used for subscriber management functions. A new message-path SAP must be defined prior to activating the SRRP instance.
[no
] policy
vrrp-policy-id
The no form of the command removes the association with vrrp-policy-id from the SRRP instance.
The no form of the command restores the default base priority to the SRRP instance. If a VRRP policy is associated with the SRRP instance, it will use the default base priority as the basis for any modifications to the SRRP instances in-use priority.
The no form of the command disables sending FIB population packets.
The no form of the command disables sending GARP packets to outer VLANs only.
vrrp virtual-router-id [owner
]
The no form of this command removes the specified VRID from the IP interface. This terminates VRRP participation for the virtual router and deletes all references to the VRID. The VRID does not need to be shutdown in order to remove the virtual router instance.
The authentication-key command, within the
vrrp virtual-router-id context, is used to assign a simple text password authentication key to generate master VRRP advertisement messages and validate received VRRP advertisement messages.
The authentication-key command is one of the few commands not affected by the presence of the
owner keyword. If simple text password authentication is not required, this command is not required. If the command is re-executed with a different password key defined, the new key will be used immediately. If a no
authentication-key command is executed, the password authentication key is restored to the default value. The
authentication-key command may be executed at any time, altering the simple text password used when
authentication-type password authentication method is used by the virtual router instance. The
authentication-type password command does not need to be executed prior to defining the
authentication-key command.
The no form of this command restores the default null string to the value of key.
The key parameter identifies the simple text password used when VRRP Authentication Type 1 is enabled on the virtual router instance. Type 1 uses a string eight octets long that is inserted into all transmitted VRRP advertisement messages and compared against all received VRRP advertisement messages. The authentication data fields are used to transmit the key.
The key parameter is expressed as a string consisting of up to eight alpha-numeric characters. Spaces must be contained in quotation marks ( “ ” ). The quotation marks are not considered part of the string.
Specifies the key is entered in a more complex encrypted form. If the
hash2 parameter is
not used, the less encrypted hash form is assumed.
The authentication-type command, within the
vrrp virtual-router-id context, is used to assign the authentication method to generate master VRRP advertisement messages and validate received VRRP advertisement messages.
NOTE: The authentication management for VRRP closely follows the authentication management format used for IS-IS.
The authentication-type command is one of the commands not affected by the presence of the owner keyword. If authentication is not required, the authenticaton-type command must not be executed. If the command is re-executed with a different authentication type defined, the new type will be used. If the no authentication-type command is executed, authentication is removed and no authentication is performed. The authentication-type command may be executed at any time, altering the authentication method used by the virtual router instance.
The no form of this command removes authentication from the virtual router instance. All VRRP Advertisement messages sent will have the Authentication Type field set to 0 and the Authentication Data fields will contain 0 in all octets. VRRP Advertisement messages received with Authentication Type fields containing a value other than 0 will be discarded.
bfd-enable service-id interface
interface-name dst-ip
ip-address
no bfd-enable service-id interface
interface-name dst-ip
ip-address
The no form of this command removes BFD from the configuration.
|
Values
|
service-id: 1 — 2147483648 svc-name: Specifies an existing service name up to 64 characters in length. No service ID indicates a network interface.
|
[no
] mac
ieee-mac-address
The no form of this command returns the MAC address of the IP interface to the default value.
Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or
aa-bb-cc-dd-ee-ff where
aa,
bb,
cc,
dd,
ee and
ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.
The message-interval command is available in both non-owner and owner vrrp virtual-router-id nodal contexts. If the message-interval command is not executed, the default message interval of 1 second will be used.
The no form of this command restores the default message interval value of 1 second to the virtual router instance.
The ping-reply command is only available in non-owner vrrp virtual-router-id nodal context. If the ping-reply command is not executed, ICMP Echo Requests to the virtual router instance IP addresses will be silently discarded.
The no form of this command restores the default operation of discarding all ICMP Echo Request messages destined to the non-owner virtual router instance IP addresses.
The preempt command is only available in the non-owner vrrp virtual-router-id nodal context. The owner may not be preempted due to the fact that the priority of non-owners can never be higher than the owner. The owner will always preempt all other virtual routers when it is available.
The no form of this command prevents a non-owner virtual router instance from preempting another, less desirable virtual router. Use the preempt command to restore the default mode.
The priority command is only available in the non-owner vrrp virtual-router-id nodal context. The priority of owner virtual router instances is permanently set to 255 and cannot be changed. For non-owner virtual router instances, if the priority command is not executed, the base-priority will be set to 100.
The no form of this command restores the default value of 100 to base-priority.
The ssh-reply command is only available in non-owner vrrp virtual-router-id nodal context. If the ssh-reply command is not executed, SSH packets to the virtual router instance IP addresses will be silently discarded.
The no form of this command restores the default operation of discarding all SSH packets destined to the non-owner virtual router instance IP addresses.
The no form of the command specifies that a standby router should not forward traffic sent to virtual router's MAC address. However, the standby router should forward traffic sent to the standby router’s real MAC address.
The telnet-reply command is only available in non-owner VRRP nodal context. If the telnet-reply command is not executed, Telnet packets to the virtual router instance IP addresses will be silently discarded.
The no form of this command restores the default operation of discarding all Telnet packets destined to the non-owner virtual router instance IP addresses.
This command configures a Protocol Independent Multicast (PIM) instance in the VPRN service. When an PIM instance is created, the protocol is enabled.
PIM is used for multicast routing within the network. Devices in the network can receive the multicast feed requested and non-participating routers can be pruned. The router supports PIM sparse mode (PIM-SM).
The no form of the command deletes the PIM protocol instance removing all associated configuration parameters.
If a manually created interface or modified interface is deleted, the interface will be recreated when the apply-to command is executed. If PIM is not required on a specific interface, then execute a
shutdown command.
The apply-to command is saved first in the PIM configuration structure, all subsequent commands either create new structures or modify the defaults as created by the
apply-to command.
import {join-policy
| register-policy
} [policy-name [.. policy-name] policy-name]
This command specifies the import route policy to be used for determining which routes are accepted from peers. Route policies are configured in the config>router>policy-options context. When an import policy is not specified, BGP routes are accepted by default.
The no form of the command removes the policy association from the IGMP instance.
no import join-policy
no import register-policy
[no
] interface
ip-int-name
The no form of the command deletes the PIM interface configuration for this interface. If the
apply-to command parameter is configured, then the
no interface form must be saved in the configuration to avoid automatic (re)creation after the next
apply-to is executed as part of a reboot.
The shutdown command can be used to disable an interface without removing the configuration for the interface.
The no form of the command reverts to the default.
[no
] bfd-enable [ipv4|ipv6]
The no form of this command removes BFD from the associated IGP protocol adjacency.
The no form of this command reverts to the default value.
The hello-multiplier in conjunction with the
hello-interval determines the holdtime for a PIM neighbor.
The no form of the command disqualifies the router to participate in the bootstrap election.
1 (The router is the least likely to become the designated router.)
By enabling sticky-dr on this interface, it will continue to act as the DR for the LAN even after the old DR comes back up.
The no form of the command disables sticky-dr operation on this interface.
[no
] ipv4-multicast-disable
The no form of the command disables the multicast balancing.
[no
] mc-ecmp-hashing-enabled
The no mc-ecmp-hashing-enabled form of the command means that the use of multiple ECMP paths if enabled at the
config>router or
config>service>vprn context is controlled by the existing implementation and CLI commands
mc-ecmp-balance.
[no
] non-dr-attract-traffic
[no
] anycast
rp-ip-address
The no form of the command removes the anycast instance from the configuration.
[no
] rp-set-peer
ip-address
The no form of the command removes an entry from the list.
The no form of the command disables auto RP.
The no form of this command removes the specified policy names from the configuration.
The no form of this command removes the specified policy names from the configuration.
Use the no form of this command to remove the static RP from the configuration.
The static IP address of the RP. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation.
[no
] address
ipv6-address
Use the no form of this command to remove the static RP from the configuration.
The static IP address of the RP. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation.
The no form of the command removes the anycast instance from the configuration.
The no form of the command removes an entry from the list.
[no
] group-range
{ip-prefix/mask | ip-prefix netmask}
Use the no form of this command to remove the group address or range of group addresses for which this router can be the RP from the configuration.
Use the no form of this command to revert to the default value.
Use the no form of this command to revert to the default value.
The no form of this command removes the static RP entry from the configuration.
[no
] group-prefix
{grp-ip-address/mask | grp-ip-address netmask}
The group-prefix for a static-rp defines a range of multicast-ip-addresses for which a certain RP is applicable.
The no form of the command removes the criterion.
[no
] rpf-table
{rtable-m
| rtable-u
| both
}
The no form of the command disables MLD.
[no
] interface
ip-int-name
The no form of the command deletes the MLD interface. The
shutdown command in the
config>router>mld>interface context can be used to disable an interface without removing the configuration for the interface.
no interface — No interfaces are defined.
[no
] disable-router-alert-check
The no form of the command removes the policy association from the MLD instance.
no import — No import policy specified.
The no form of the command removes the IPv6 address from the configuration.
The source command is mutually exclusive with the specification of individual sources for the same group.
The no form of the command removes the source from the configuration.
Use the no form of the command to remove the starg entry from the configuration.
The no form of the command disables the BGP protocol from the given VPRN service.
The no form of the command used at the global level reverts to default where BGP adds the AS number and router ID to the aggregator path attribute.
The no form of the command used at the group level reverts to the value defined at the group level.
The no form of the command used at the neighbor level reverts to the value defined at the group level.
This command configures the comparison of BGP routes based on the MED attribute. The default behavior of SR-OS (equivalent to the no form of the command) is to only compare two routes on the basis of MED if they have the same neighbor AS (the first non-confed AS in the received AS_PATH attribute). Also by default, a route without a MED attribute is handled the same as though it had a MED attribute with the value 0. The
always-compare-med command without the
strict-as keyword allows MED to be compared even if the paths have a different neighbor AS; in this case, if neither
zero or
infinity is specified, the
zero option is inferred, meaning a route without a MED is handled the same as though it had a MED attribute with the value 0. When the
strict-as keyword is present, MED is only compared between paths from the same neighbor AS, and in this case,
zero or
infinity is mandatory and tells BGP how to interpret paths without a MED attribute.
The no form of the command removes the parameter from the configuration.
This command controls how the BGP decision process compares routes on the basis of MED. When deterministic-med is configured, BGP groups paths that are equal up to the MED comparison step based on neighbor AS, and then compares the best path from each group to arrive at the overall best path. This change to the BGP decision process makes best path selection completely deterministic in all cases. Without
deterministic-med, the overall best path selection is sometimes dependent on the order of the route arrival because of the rule that MED cannot be compared in routes from different neighbor AS.
Specifies the key is entered in a more complex encrypted form. If the
hash2 parameter is
not used, the less encrypted hash form is assumed.
[no
] backup-path
[ipv4
] [ipv6
]
The no form of this command removes BFD from the associated BGP protocol peering.
Route
reflectors are used to reduce the number of IBGP sessions required within an AS. Normally, all BGP speakers within an AS must have a BGP peering with every other BGP speaker in an AS.
A route reflector and its clients form a cluster. Peers that are not part of the cluster are considered to be non-clients.
When a route reflector receives a route, first it must select the best path from all the paths rec
eived. If the route was rec
eived from a non-client peer, then the route reflector sends the route to all clients in the cluster. If the route
came from a client peer, the route reflector sends the route to all non-client peers and to all client peers except the originator.
The no form of the command deletes the cluster ID and effectively disables the Route Reflection for the given group.
The no form of the command used at the global level reverts to the default value.
The
no form of the command used at the group level reverts to the value defined at the global level.
The
no form of the command used at the neighbor level reverts to the value defined at the group level.
This command enables BGP route damping for learned routes which are defined within the route policy. Use damping to reduc
e the number of update messages sent between BGP peers
and reduce the load on
peers without
affecting the route convergence time for stable routes
. Damping parameters are set via route policy definition.
The no form of the command used at the global level disables route damping.
The
no form of the command used at the group level reverts to the value defined at the global level.
The
no form of the command used at the neighbor level reverts to the value defined at the group level.
Half-life: 15 minutes
Max-suppress: 60 minutes
Suppress-threshold: 3000
Reuse-threshold 750
The no form of the command resets the behavior to the default which is to enable the use of 4-byte ASN.
[no
] disable-capability-negotiation
The no form of the command removes this command from the configuration and restores the normal behavior.
[no
] disable-client-reflect
The no form re-enables client reflection of routes.
config>service>vprn>bgp>group
config>service>vprn>bgp>group
>neighbor
[no]
disable-fast-external-failover
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
In order for this command to be effective, the ecmp and
multipath commands for the associated VPRN instance must also be configured to allow for multiple routes to the same destination.
The no form of the command used at the global level reverts to default values.
[no
] enable-peer-tracking
config>service>vprn>bgp>group
config>service>vprn>bgp>group
>neighbor
[no
] stale-routes-time
time
[no
] update-fault-tolerance
This command enables treat-as-withdraw and other similarly non-disruptive approaches for handling a wide range of UPDATE message errors, as long as there are no length errors that prevent all of the NLRI fields from being correctly identified and parsed.
The no form of this command removes all route policy names from the export list.
no export — BGP advertises routes from other BGP routes but does not advertise any routes from other protocols unless directed by an export policy.
family [ipv4
] [ipv6
] [mcast-ipv4
] [flow-ipv6
] [flow-ipv4
]
The no form of the command removes the specified address family from the associated BGP sessions.
The no form of the command disables the validation procedure.
group name [dynamic-peer]
The no form of the command deletes the specified peer group and all configurations associated with the peer group. The group must be shutdown before it can be deleted.
None — No peer groups are defined.
The no form of the command is used to remove the specified neighbor and the entire configuration associated with the neighbor. The neighbor must be administratively
shutdown before attempting to delete it. If the neighbor is not shutdown, the command will not result in any action except a warning message on the console indicating that neighbor is still administratively up.
none — No neighbors are defined.
|
Values
|
ipv4-address : a.b.c.d
ipv6-address : x:x:x:x:x:x:x:x[-interface] x:x:x:x:x:x:d.d.d.d[-interface] x: [0..FFFF]H d: [0..255]D interface: 32 chars maximum, mandatory for link local addresses
|
family [ipv4
] [ipv6
] [mcast-ipv4
]
The no form of the command removes the specified address family from the associated BGP peerings. If an address family is not specified, then reset the supported address family back to the default.
Even though the router OS implementation allows setting the keepalive time separately, the configured
keepalive timer is overridden by the
hold-time value under the following circumstances:
|
2.
|
If the hold-time is set to zero, then the operational value of the keepalive time is set to zero; the configured keepalive time is not changed. This means that the connection with the peer is up permanently and no keepalive packets are sent to the peer.
|
The no form of the command used at the global level reverts to the default value.
The
no form of the command used at the group level reverts to the value defined at the global level.
The
no form of the command used at the neighbor level reverts to the value defined at the group level.
The no form of the command disables the IBGP multipath load balancing feature.
This command specifies the import policies to be used to control routes advertised to BGP neighbors. Route policies are configured in the config>router>policy-options context. When multiple policy names are specified, the policies are evaluated in the order they are specified. A maximum of five (5) policy names can be specified. The first policy that matches is applied.
The no form of this command removes all route policy names from the import list.
no import — BGP accepts all routes from configured BGP neighbors. Import policies can be used to limit or modify the routes accepted and their corresponding parameters and metrics.
This command configures the BGP keepalive timer. A keepalive message is sent every time this timer expires. The seconds parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific value is used.
The keepalive value is generally one-third of the
hold-time interval. Even though the OS implementation allows the
keepalive value and the
hold-time interval to be independently set, under the following circumstances, the configured
keepalive value is overridden by the
hold-time value:
If the specified keepalive value is greater than the configured
hold-time, then the specified value is ignored, and the
keepalive is set to one third of the current
hold-time value.
If the specified hold-time interval is less than the configured
keepalive value, then the
keepalive value is reset to one third of the specified
hold-time interval.
If the hold-time interval is set to zero, then the configured value of the
keepalive value is ignored. This means that the connection with the peer is up permanently and no
keepalive packets are sent to the peer.
The no form of the command used at the global level reverts to the default value.
The
no form of the command used at the group level reverts to the value defined at the global level.
The
no form of the command used at the neighbor level reverts to the value defined at the group level.
Outgoing connections use the local-address as the source of the TCP connection when initiating connections with a peer.
When a local address is not specified, the 7750 SR OS uses the system IP address when communicating with IBGP peers and uses the interface address for directly connected EBGP peers. This command is used at the neighbor level to revert to the value defined under the group level.
The no form of the command removes the configured local-address for BGP.
The
no form of the command used at the group level reverts to the value defined at the global level.
The
no form of the command used at the neighbor level reverts to the value defined at the group level.
local-as as-number [private
] [no-prepend-global-as]
In addition to the global AS number configured for BGP in the config>router>autonomous-system context, a virtual (local) AS number can be configured to support various AS number migration scenarios.The local AS number is added to the to the beginning the as-path attribute ahead of the router’s AS number.
The no form of the command used at the global level will remove any virtual AS number configured.
The
no form of the command used at the group level reverts to the value defined at the global level.
The
no form of the command used at the neighbor level reverts to the value defined at the group level.
The no form of the command at the global level specifies that incoming routes with local-preference set are not overridden and routes arriving without local-preference set are interpreted as if the route had local-preference value of 100.
The no form of the command used at the group level reverts to the value defined at the global level.
The no form of the command used at the neighbor level reverts to the value defined at the group level.
loop-detect {drop-peer
| discard-route
| ignore-loop| off
}
The no form of the command used at the global level reverts to default, which is
loop-detect ignore-loop.
The no form of the command used at the group level reverts to the value defined at the global level.
The no form of the command used at the neighbor level reverts to the value defined at the group level.
The no form of the command used at the global level reverts to default where the MED is not advertised.
The no form of the command used at the group level reverts to the value defined at the global level.
The no form of the command used at the neighbor level reverts to the value defined at the group level.
The no form of the command used at the global level reverts to default.
The no form of the command used at the group level reverts to the value defined at the global level.
The no form of the command used at the neighbor level reverts to the value defined at the group level.
The no form of the command reverts to default values.
The no form of the command is used to convey to the BGP instance that the EBGP peers are directly connected.
The
no form of the command reverts to default values.
1 — EBGP peers are directly connected.
The no form of the command used at the global level reverts to default values.
no multipath — Multipath disabled.
The no form of the command used at the group level allows third-party route advertisements in a multi-access network.
The
no form of the command used at the neighbor level reverts to the value defined at the group level.
The no form of the command used at the group level disables passive mode where BGP actively attempts to connect to its peers.
The no form of the command used at the neighbor level reverts to the value defined at the group level.
The default next-hop resolution policy (when the no policy command is configured) is to use the longest matching active route in RTM that is not a BGP route (unless
use-bgp-routes is configured), an aggregate route or a subscriber management route.
[no
] preference
preference
The no form of the command used at the global level reverts to default value.
The no form of the command used at the group level reverts to the value defined at the global level.
The no form of the command used at the neighbor level reverts to the value defined at the group level.
prefix-limit limit [log-only
] [threshold
percent] [idle-timeout
{minutes | forever
}]
The no form of the command removes the
prefix-limit.
The no form of the command removes this command from the configuration and returns withdrawal processing to the normal behavior.
When the remove-private parameter is set at the global level, it applies to all peers regardless of group or neighbor configuration. When the parameter is set at the group level, it applies to all peers in the group regardless of the neighbor configuration.
The no form of the command used at the global level reverts to default value. The
no form of the command used at the group level reverts to the value defined at the global level. The
no form of the command used at the neighbor level reverts to the value defined at the group level.
The configuration default is no split-horizon, meaning that no effort is taken to prevent a best route from being reflected back to the sending peer.
NOTE: Use of the
split-horizon command may have a detrimental impact on peer and route scaling and therefore operators are encouraged to use it only when absolutely needed.
The no form of the command disables split horizon command which allows the lower level to inherit the setting from an upper level.
[no
] type
{internal
| external
}
This command designates the BGP peer as type internal or external.
The type of internal indicates the peer is an IBGP peer while the type of external indicates that the peer is an EBGP peer.
The no form of the command used at the group level reverts to the default value.
The
no form of the command used at the neighbor level reverts to the value defined at the group level.
[no
] updated-error-handling
config>service>vprn>bgp>group>neighbor
The no form of the command deletes the OSPF protocol instance removing all associated configuration parameters.
no ospf — The OSPF protocol is not enabled.
ospf3 [instance-id] [router-id]
The no form of the command deletes the OSPFv3 protocol instance, removing all associated configuration parameters.
instance-id — Specify the instance ID for the OSPFv3 instance being created or modified. The instance ID must match the specified range based on the address family. For ipv6-unicast, the instance id must be between 0 and 31. For ipv4-unicast the instance id must be between 64-95.
This command creates the context to configure an OSPF area. An area is a collection of network segments within an AS that have been administratively grouped together. The area ID can be specified in dotted decimal notation or as a 32-bit decimal integer.
The no form of the command deletes the specified area from the configuration. Deleting the area also removes the OSPF configuration of all the interfaces, virtual-links, sham-links, and address-ranges etc., that are currently assigned to this area.
no area — No OSPF areas are defined.
area-range ip-prefix/prefix-length [advertise
| not-advertise
]
area-range ipv6-prefix/prefix-length [advertise
| not-advertise
]
The no form of the command deletes the range (non) advertisement.
no area-range — No range of addresses are defined.
In the NSSA context, the
option specifies that the range applies to external routes (via type-7 LSAs) learned within the NSSA when the routes are advertised to other areas as type-5 LSAs.
The no form of this command removes this option.
[no
] interface
ip-int-name [secondary]
The no form of the command deletes the OSPF interface configuration for this interface. The
shutdown command in the
config>router>ospf>interface context can be used to disable an interface without removing the configuration for the interface.
no interface — No OSPF interfaces are defined.
The no form of the command disables advertising point-to-point interfaces as subnet routes meaning they are advertised as host routes.
advertise-subnet — Advertises point-to-point interfaces as subnet routes.
This command configures the password used by the OSPF interface or virtual-link to send and receive OSPF protocol packets on the interface when simple password authentication is configured.
The no form of the command removes the authentication key.
no authentication-key — No authentication key is defined.
Specifies the key is entered in a more complex encrypted form. If the
hash2 parameter is
not used, the less encrypted hash form is assumed.
Both simple password and
message-digest authentication are supported.
The no form of the command disables authentication on the interface.
no authentication — No authentication is enabled on an interface.
The no form of this command removes BFD from the associated IGP protocol adjacency.
The no form of the command reverts to the default value.
If the dead-interval configured applies to an interface, then all nodes on the subnet must have the same dead interval.
If the dead-interval configured applies to a virtual link, then the interval on both termination points of the virtual link must have the same dead interval.
Sham-link — If the
dead-interval configured applies to a sham-link, then the interval on both endpoints of the sham-link must have the same dead interval
.
When graceful-restart is enabled, the router can be a helper (meaning that the router is helping a neighbor to restart) or be a restarting router or both. The 7750 SR OS supports only helper mode. This facilitates the graceful restart of neighbors but will not act as a restarting router (meaning that the 7750 SR OS will not help the neighbors to restart).
The no helper-disable command enables helper support and is the default when graceful-restart is enabled.
The no form of the command enables the OSPF or OSPF3 router to follow the normal proceedure to determine whether to set the DN bit.
import policy-name [ policy-name...(up to 5 max)]
Reducing the interval, in combination with an appropriate reduction in the associated dead-interval, allows for faster detection of link and/or router failures at the cost of higher processing costs.
The no form of this command reverts to the default value.
hello-interval 10 — A 10-second hello interval.
If the hello-interval configured applies to an interface, then all nodes on the subnet must have the same hello interval.
If the hello-interval configured applies to a virtual link, then the interval on both termination points of the virtual link must have the same hello interval.
The no form of the command reverts to the default value.
point-to-point — If the physical interface is SONET.
broadcast — If the physical interface is Ethernet or unknown.
[no
] loopfree-alternate-exclude
The no form of this command re-instates the default value for this command.
The no form of this command disables OSPF LSA filtering (normal operation).
The no form of the command disables the submission of routes into the multicast RTM.
The no form of the command removes the message digest key identified by the
key-id.
The keyid is expressed as a decimal integer.
The MD5 key. The key can be any alphanumeric string up to 16 characters in length.
The no form of the command deletes the manually configured interface metric, so the interface uses the computed metric based on the
reference-bandwidth command setting and the speed of the underlying link.
no metric — The metric is based on
reference-bandwidth setting and the link speed.
Use the no form of this command to revert to default.
no mtu — Uses the value derived from the MTU configured in the
config>port context.
By default, only interface addresses that are configured for OSPF will be advertised as OSPF interfaces. The passive parameter allows an interface to be advertised as an OSPF interface without running the OSPF protocol.
The no form of the command removes the passive property from the OSPF interface.
Service interfaces defined in config>router>service-prefix are passive.
The no form of the command reverts the interface priority to the default value.
The no form of this command reverts to the default interval.
The no form of this command reverts to the default delay time.
The no form of the command reverts to the default.
[no
] loopfree-alternate-exclude
The no form of the command includes the OSPF area in LFA calculations.
The no form of the command removes the NSSA designation and configuration context from the area.
no nssa — The OSPF area is not an NSSA.
The no form of the command disables origination of a default route.
no originate-default-route — A default route is not originated.
[no
] redistribute-external
The no form of the command disables the default behavior to automatically redistribute external routes into the NSSA area from the NSSA ABR.
redistribute-external — External routes are redistributed into the NSSA.
The no form of the command disables sending summary route advertisements and, for stub areas, only the default route is advertised by the ABR.
summaries — Summary routes are advertised by the ABR into the stub area or NSSA.
The no form of the command removes the stub designation and configuration context from the area.
no stub — The area is not configured as a stub area.
The no form of the command reverts to the default value.
[no
] virtual-link
router-id transit-area area-id
The router-id specified in this command must be associated with the virtual neighbor. The transit area cannot be a stub area or a Not So Stubby Area (NSSA).
The no form of the command deletes the virtual link.
The no form of the command enables the post-RFC1583 method of summary and external route calculation.
compatible-rfc1583 — RFC1583 compliance is enabled.
export policy-name [policy-name…]
The no form of the command removes all policies from the configuration.
no export — No export route policies specified.
The limit value specifies the maximum number of non-default AS-external-LSA entries that can be stored in the link-state database (LSDB). Placing a limit on the non-default AS-external-LSAs in the LSDB protects the router from receiving an excessive number of external routes that consume excessive memory or CPU resources. If the number of routes reach or exceed the
limit, the table is in an overflow state.
When in an overflow state, the router will not originate any new AS-external-LSAs. In fact, it withdraws all the self-originated non-default external LSAs.
The interval specifies the amount of time to wait after an overflow state before regenerating and processing non-default AS-external-LSAs. The waiting period acts like a dampening period preventing the router from continuously running Shortest Path First (SPF) calculations caused by the excessive number of non-default AS-external LSAs.
The external-db-overflow must be set identically on all routers attached to any regular OSPF area. OSPF stub areas and not-so-stubby areas (NSSAs) are excluded.
The no form of the command disables limiting the number of non-default AS-external-LSA entries.
no external-db-overflow — No limit on non-default AS-external-LSA entries.
The no form of the command reverts to the default value.
external-preference 150 — OSPF external routes have a default preference of 150.
The no form of this command disables the LFA computation by IGP SPF.
If the overload command is encountered during the execution of an
overload-on-boot command then this command takes precedence. This could occur as a result of a saved configuration file where both parameters are saved. When the file is saved by the system the
overload-on-boot command is saved after the
overload command.
Use the no form of this command to return to the default. When the
no overload command is executed, the overload state is terminated regardless the reason the protocol entered overload state.
[no
] overload-include-stub
The no overload command does not affect the
overload-on-boot function.
The no form of the command removes the overload-on-boot functionality from the configuration.
The no form of the command reverts to the default value.
preference 10 — OSPF internal routes have a preference of 10.
The default reference-bandwidth is
100,000,000 Kbps or 100 Gbps, so the default auto-cost metrics for various link speeds are as as follows:
The reference-bandwidth command assigns a default cost to the interface based on the interface speed. To override this default cost on a particular interface, use the
metric metric command in the
config>router>ospf>area>interface ip-int-name context.
The no form of the command reverts the reference-bandwidth to the default value.
reference-bandwidth 100000000 — Reference bandwidth of 100 Gbps.
spf-wait max-spf-wait [spf-initial-wait [spf-second-wait]]
This command defines the maximum interval between two consecutive SPF calculations in milliseconds. Timers that determine when to initiate the first, second, and subsequent SPF calculations after a topology change occurs can be controlled with this command. Subsequent SPF runs (if required) will occur at exponentially increasing intervals of the spf-second-wait interval. For example, if the
spf-second-wait interval is 1000, then the next SPF will run after 2000 milliseconds, and then next SPF will run after 4000 milliseconds, etc., until it reaches the
spf-wait value. The SPF interval will stay at the
spf-wait value until there are no more SPF runs scheduled in that interval. After a full interval without any SPF runs, the SPF interval will drop back to
spf-initial-wait.
Use the no form of this command to return to the default.
[no
] unicast-import-disable
vpn-domain [type {0005
| 0105
| 0205
| 8005
}] id
id
Use the no form of this command to return to the default.
lsa-generate max-lsa-wait [lsa-initial-wait [lsa-second-wait]]
Use the no form of this command to return to the default.
The no form of the command disables the RIP protocol from the given VPRN IP interface.
The no form of the command removes the authentication password from the configuration and disables authentication.
no authentication-key — Authentication is disabled and the authentication password is empty.
Specifies the key is entered in a more complex encrypted form. If the
hash2 parameter is
not used, the less encrypted hash form is assumed.
The no form of the command removes the authentication type from the configuration and effectively disables authentication.
The no form of the command disables this check and allows the receipt of RIP messages even if the mandatory zero fields are non-zero.
The split-horizon disable command enables split horizon without poison reverse. This allows the routes to be re-advertised on interfaces other than the interface that learned the route, with the advertised metric equaling an increment of the metric-in value.
The no form of the command disables split horizon command which allows the lower level to inherit the setting from an upper level.
The no form of the command removes all route policy names from the export list.
The no form of the command removes the parameters from the configuration.
The no form of the command removes all route policy names from the import list.
The no form of the command resets the maximum number of routes back to the default of 25.
The no form of the command reverts the
metric value back to the default.
The no form of the command removes the command from the config and resets the metric-in value back to the default.
The no form of the command resets the
preference to the default.
receive {both
| none
| version-1
| version-2
}
If both or
version-2 is specified, the RIP instance listens for and accepts packets sent to the broadcast and multicast (224.0.0.9) addresses.
If version-1 is specified, the router only listens for and accepts packets sent to the broadcast address.
The no form of the command resets the type of messages accepted to both.
no receive — Accepts both formats.
send {broadcast
| multicast
| none
| version-1
| both
}
If version-1 is specified, the router only listens for and accepts packets sent to the broadcast address.
The no form of this command resets the type of messages sent back to the default value.
no send — Sends RIPv2 to the broadcast address.
The no form of the command resets all timers to their default values of 30, 180, and 120 seconds respectively.
The no form of the command deletes the RIP neighbor interface group. Deleting the group will also remove the RIP configuration of all the neighbor interfaces currently assigned to this group.
no group — No group of RIP neighbor interfaces defined
[no
] neighbor
ip-int-name
The no form of the command deletes the RIP interface configuration for this interface. The
shutdown command in the
config>router>rip>group group-name>
neighbor ip-int-name context can be used to disable an
interface without removing the configuration for the interface.
no neighbor — No RIP interfaces defined
local-ip {ip-prefix/prefix-length | ip-prefix netmask | any
}
Only one entry is necessary to describe a potential flow. The local-ip and
remote-ip commands can be defined only once. The system will evaluate the local IP as the source IP when traffic is examined in the direction of VPN to the tunnel and as the destination IP when traffic flows from the tunnel to the VPN. The remote IP will be evaluated as the source IP when traffic flows from the tunnel to the VPN when traffic flows from the VPN to the tunnel.
remote-ip ip-prefix/prefix-length | ip-prefix netmask | any
}
Only one entry is necessary to describe a potential flow. The local-ip and
remote-ip commands can be defined only once. The system will evaluate the local IP as the source IP when traffic is examined in the direction of VPN to the tunnel and as the destination IP when traffic flows from the tunnel to the VPN. The remote IP will be evaluated as the source IP when traffic flows from the tunnel to the VPN when traffic flows from the VPN to the tunnel.
[no
] address
{ip-address/mask | ip-address netmasks}
The no form of the command returns the default value.
tunnel ipsec-tunnel-name [create
]
[no
] bfd-enable service
service-id interface
interface-name dst-ip
ip-address
The no form of the command disables the automatic attempts to establish a phase 1 exchange.
[no]
local-id type {
ipv4 <
v4address> |
fqdn <
fqdn-value>}
transform transform-id [transform-id...(up to 4 max)]
|
Values
|
service-id: 1 — 2147483648 svc-name: Specifies an existing service name up to 64 characters in length.
|
security-association security-entry-id authentication-key
authentication-key encryption-key
encryption-key spi
spi transform
transform-id direction
{inbound
| outbound
}
{32 |
64 |
128 |
256 |
512}
This command configures an IPSec security policy. The policy may then be associated with tunnels defined in the same context.
tms-interface interface-name [create
] [off-ramp-vprn
off-ramp-svc] [mgmt-vprn
mgmt-svc]
The no form of the command removes the interface name from the configuration.
address {ip-address/mask|ip-address netmask}
The no form of the command removes the IP address information from the interface configuration.
The no form of the command removes the description from the interface configuration.
The no form of the command removes the IP address information from the interface configuration.
[no
] tms-egress-filter
filter-name
The no form of the command removes the filter from the interface configuration.
The no form of the command removes the password.
server server-name [create
] [purpose
{[accounting
][authentication
]}]
The no form of the command disables caching.
key packet-type {accept
|request
} attribute-type
attribute-type [vendor-id
vendor-id]
The no form of the command removes the parameters from the configuration.
timeout [hrs
hours] [min
minutes] [sec
seconds]
The no form of the command reverts to the default.
The no form of the command reverts to the default.
The no form of the command removes the policy from the configuration.
The no form of the command removes the policy from the configuration.
[no
] interface
ip-int-name
load-balance-key vendor vendor-id [vendor-id...(up to 5 max)] attribute-type
attribute-type [attribute-type...(up to 5 max)]
Specifies the key is entered in a more complex encrypted form. If the
hash2 parameter is not used, the less encrypted
hash form is assumed.
[no
] send-accounting-response
The no form of the command disables the accounting response messages.
username [1..32] prefix-string
[128 chars max] [accounting-server-policy
policy-name] [authentication-server-policy
policy-name]
The no form of the comand removes the associations from the configuration.
server server-name [address
ip-address] [secret
key ] [hash
|hash2
] [port
port] [create
]
The no form of the command removes the parameters from the configuration.
Specifies the key is entered in a more complex encrypted form. If the
hash2 parameter is not used, the less encrypted
hash form is assumed.
The no form of the command removes the script policy from the configuration.
The no form of this command removes configuration under wpp.
portal name address
ip-address [create
]
The no form of this command removes configuration under WPP.
[no
] restore-disconnected
