Threat Management Service Commands

For feedback and comments:

documentation.feedback@alcatel-lucent.com

Threat Management Service Commands

•

Card Commands

•

MDA Commands

•

Threat Management Service Interface Commands

•

Policy Commands

Generic Commands

description

Syntax

description long-description-string

no description

Context

config>service>vprn>tms-if

Description

This command configures a description for the interface.

The no form of the command removes the description from the interface configuration.

shutdown

Syntax

[no] shutdown

Context

config>service>ies>tms-if

config>service>vprn>tms-if

Description

This command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command.

The shutdown command administratively disables an entity. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Card Commands

card

Syntax

card slot-number

no card slot-number

card slot-number

Context

config

Description

This mandatory command enables access to the chassis card Input/Output Control Forwarding Module (IOM/CFM), slot, MCM and MDA CLI context.

The no form of this command removes the card from the configuration. All associated ports, services, and MDAs must be shutdown.

Default

No cards are configured.

Parameters

slot-number

The slot number of the card in the chassis.

Values

1 — 10 depending on chassis model.

SR-12: slot-number = 1 — 10

MDA Commands

mda

Syntax

mda mda-slot

no mda mda-slot

Context

config>card

Description

This mandatory command enables access to a card’s MDA CLI context to configure MDAs.

Default

No MDA slots are configured by default.

Parameters

mda-slot

The MDA slot number to be configured. Slots are numbered 1 and 2. On vertically oriented slots, the top MDA slot is number 1, and the bottom MDA slot is number 2. On horizontally oriented slots, the left MDA is number 1, and the right MDA slot is number 2. For 7750 SR-c12/4 systems, MDAs may not be provisioned before MCMs are configured for the same slot. MCMs are not required for CMA provisioning.

Values

1, 2

mda-type

Syntax

mda-type mda-type

no mda-type

Context

config>card>mda

Description

This mandatory command provisions a specific MDA type to the device configuration for the slot. The MDA can be preprovisioned but an MDA must be provisioned before ports can be configured. Ports can be configured once the MDA is properly provisioned.

The no form of this command deletes the MDA from the configuration. The MDA must be administratively shut down before it can be deleted from the configuration.

Default

No MDA/CMA types are configured for any slots by default.

Parameters

mda-type

The type of MDA selected for the slot postion.

Values

isa-tms

Threat Management Service Interface Commands

ies

Syntax

ies service-id customer customer-id [vpn vpn-id] [create]

no ies service-id

Context

config>service

Description

This command creates or edits an IES service instance.

The ies command is used to create or maintain an Internet Enhanced Service (IES). If the service-id does not exist, a context for the service is created. If the service-id exists, the context for editing the service is entered.

IES services allow the creation of customer facing IP interfaces in the same routing instance used for service network core routing connectivity. IES services require that the IP addressing scheme used by the subscriber must be unique between it and other addressing schemes used by the provider and potentially the entire Internet.

While IES is part of the routing domain, the usable IP address space may be limited. This allows a portion of the service provider address space to be set aside for service IP provisioning, becoming administered by a separate but subordinate address authority. This feature is defined using the config router service-prefix command.

IP interfaces defined within the context of an IES service ID must have a SAP created as the access point to the subscriber network. This allows a combination of bridging and IP routing for redundancy purposes.

When a service is created, the customer keyword and customer-id must be specified and associates the service with a customer. The customer-id must already exist having been created using the customer command in the service context. Once a service has been created with a customer association, it is not possible to edit the customer association. The service must be deleted and recreated with a new customer association.

Once a service is created, the use of the customer customer-id is optional for navigating into the service configuration context. Attempting to edit a service with the incorrect customer-id specified will result in an error.

Multiple IES services are created to separate customer owned IP interfaces. More than one IES service may be created for a single customer ID. More than one IP interface may be created within a single IES service ID. All IP interfaces created within an IES service ID belongs to the same customer.

By default, no IES service instances exist until they are explicitly created.

The no form of this command deletes the IES service instance with the specified service-id. The service cannot be deleted until all the IP interfaces defined within the service ID have been shutdown and deleted.

Parameters

service-id

The unique service identification number or string identifying the service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number used for every 7750 SR, 7450 ESS and 7710 SR on which this service is defined.

Values

service-id: 1 — 2147483648
svc-name: 64 characters maximum

customer

customer customer-id

Specifies the customer ID number to be associated with the service. This parameter is required on service creation and optional for service editing or deleting.

Values

1 — 2147483647

vpn vpn-id

Specifies the VPN ID number which allows you to identify virtual private networks (VPNs) by a VPN identification number.

Values

1 — 2147483647

Default

null (0)

tms-interface

Syntax

tms-interface interface-name [create] [off-ramp-vprn off-ramp-svc] [mgmt-vprn mgmt-svc]

no tms-interface interface-name

Context

config>service>vprn

Description

This command configure a Threat Managment Service interface.

The no form of the command removes the interface name from the configuration.

Parameters

interface-name

Specifies the interface name up to 22 characters in length.

create

Keyword used to create the interface name. The create keyword requirement can be enabled/disabled in the environment>create context.

off-ramp-vprn off-ramp-svc

Identifies the off-ramp VPRN name or number.

mgmt-vprn mgmt-svc

Identifies the management VPRN name or number.

address

Syntax

address {ip-address/mask|ip-address netmask}

no address

Context

config>service>vprn>tms-if

Description

This command assigns an IP address/IP subnet/broadcast address to the TMS instance for communications between Arbor CP collectors/managers and the TMS instance operating within the Service Router.

The no form of the command removes the IP address information from the interface configuration.

Parameters

ip-address/mask ip-address netmask

Specifies IP address information.

Values

<ip-address[/mask]> ip-address a.b.c.d
mask 32
<netmask> a.b.c.d (all 1 bits)

ipv6

Syntax

[no] ipv6

Context

config>service>vprn>tms-if

Description

This command configures IPv6 for a threat-management service interface.

The no form of the command removes the IP address information from the interface configuration.

password

Syntax

password [password]

no password

Context

config>service>vprn>tms-if

Description

This command configures a password for the user.

The no form of the command removes the password.

Parameters

password

Specifies the password for the TMS configuration.

Values

<password> key1<delim>value1 key2<delim>value2 ...
<delim> is one of the following:
'=' value is unencrypted and remain unencrypted
':' value is unencrypted and to be encrypted
'%' value is encrypted and remain encrypted

port

Syntax

port mda-id

no port

Context

config>service>vprn>tms-if

Description

This command specifies a chassis slot and MDA to bind the interface to a physical port.

The no form of the command removes the MDA ID from the interface configuration.

Parameters

mda-id

Specifies the chassis slot and MDA.

Values

<slot>/<mda> slot [1..10]
mda [1..2]

Policy Commands

protocol

Syntax

protocol {protocol} [all | instance instance]

no protocol

Context

config>router>policy-options>policy-statement>entry>from

Description

This command configures a routing protocol as a match criterion for a route policy statement entry. This command is used for both import and export policies depending how it is used.

If no protocol criterion is specified, any protocol is considered a match.

The no form of the command removes the protocol match criterion.

Default

no protocol — Matches any protocol.

Parameters

protocol

The protocol name to match on.

Values

direct, static, bgp, isis, ospf, rip, aggregate, bgp-vpn, igmp, pim, ospf3, ldp, sub-mgmt, mld, managed, vpn-leak, tms, nat

instance

The OSPF or IS-IS instance.

Values

1 — 31

all

OSPF- or ISIS-only keyword.