filter commands
configure
— filter
— apply-groups reference
— apply-groups-exclude reference
— dhcp-filter number
— apply-groups reference
— apply-groups-exclude reference
— default-action
— drop
— description description
— entry number
— action
— drop
— apply-groups reference
— apply-groups-exclude reference
— option
— absent
— match
— exact boolean
— hex string
— invert boolean
— string string
— number number
— present
— dhcp6-filter number
— apply-groups reference
— apply-groups-exclude reference
— default-action
— drop
— description description
— entry number
— action
— drop
— apply-groups reference
— apply-groups-exclude reference
— option
— absent
— match
— exact boolean
— hex string
— invert boolean
— string string
— number number
— present
— ip-exception filter-name
— apply-groups reference
— apply-groups-exclude reference
— description description
— entry number
— apply-groups reference
— apply-groups-exclude reference
— description description
— match
— dst-ip
— address (ipv4-prefix-with-host-bits | ipv4-address)
— mask ipv4-address
— dst-port
— eq number
— gt number
— lt number
— range
— end number
— start number
— icmp
— code number
— type number
— protocol (number | keyword)
— src-ip
— address (ipv4-prefix-with-host-bits | ipv4-address)
— mask ipv4-address
— src-port
— eq number
— gt number
— lt number
— range
— end number
— start number
— filter-id number
— ip-filter filter-name
— apply-groups reference
— apply-groups-exclude reference
— chain-to-system-filter boolean
— default-action keyword
— description description
— embed
— filter reference offset number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— entry number
— action
— accept
— apply-groups reference
— apply-groups-exclude reference
— drop
— drop-when
— extracted-traffic
— packet-length
— eq number
— gt number
— lt number
— range
— end number
— start number
— ttl
— eq number
— gt number
— lt number
— range
— end number
— start number
— forward
— next-hop
— nh-ip
— address ipv4-address
— indirect boolean
— nh-ip-vrf
— address ipv4-address
— indirect boolean
— router-instance string
— redirect-policy reference
— router-instance string
— ignore-match
— nat
— nat-policy reference
— rate-limit
— packet-length
— eq number
— gt number
— lt number
— range
— end number
— start number
— pir (number | keyword)
— policer reference
— ttl
— eq number
— gt number
— lt number
— range
— end number
— start number
— reassemble
— secondary
— apply-groups reference
— apply-groups-exclude reference
— forward
— next-hop
— nh-ip-vrf
— address ipv4-address
— indirect boolean
— router-instance string
— tcp-mss-adjust
— apply-groups reference
— apply-groups-exclude reference
— description description
— log reference
— match
— dscp keyword
— dst-ip
— address (ipv4-prefix-with-host-bits | ipv4-address)
— ip-prefix-list reference
— mask ipv4-address
— dst-port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— fragment keyword
— icmp
— code number
— type number
— ip
— address (ipv4-prefix-with-host-bits | ipv4-address)
— ip-prefix-list reference
— mask ipv4-address
— ip-option
— mask number
— type number
— multiple-option boolean
— option-present boolean
— port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— protocol (number | keyword)
— protocol-list reference
— src-ip
— address (ipv4-prefix-with-host-bits | ipv4-address)
— ip-prefix-list reference
— mask ipv4-address
— src-port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— src-route-option boolean
— tcp-established
— tcp-flags
— ack boolean
— cwr boolean
— ece boolean
— fin boolean
— ns boolean
— psh boolean
— rst boolean
— syn boolean
— urg boolean
— pbr-down-action-override keyword
— sticky-dest (number | keyword)
— filter-id number
— scope keyword
— ipv6-exception filter-name
— apply-groups reference
— apply-groups-exclude reference
— description description
— entry number
— apply-groups reference
— apply-groups-exclude reference
— description description
— match
— dst-ip
— address (ipv6-prefix-with-host-bits | ipv6-address)
— ipv6-prefix-list reference
— mask ipv6-address
— dst-port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— icmp
— code number
— type number
— next-header (number | keyword)
— port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— src-ip
— address (ipv6-prefix-with-host-bits | ipv6-address)
— ipv6-prefix-list reference
— mask ipv6-address
— src-port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— filter-id number
— ipv6-filter filter-name
— apply-groups reference
— apply-groups-exclude reference
— chain-to-system-filter boolean
— default-action keyword
— description description
— embed
— filter reference offset number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— entry number
— action
— accept
— apply-groups reference
— apply-groups-exclude reference
— drop
— drop-when
— extracted-traffic
— hop-limit
— eq number
— gt number
— lt number
— range
— end number
— start number
— payload-length
— eq number
— gt number
— lt number
— range
— end number
— start number
— forward
— next-hop
— nh-ip
— address ipv6-address
— indirect boolean
— nh-ip-vrf
— address ipv6-address
— indirect boolean
— router-instance string
— redirect-policy reference
— router-instance string
— ignore-match
— rate-limit
— hop-limit
— eq number
— gt number
— lt number
— range
— end number
— start number
— payload-length
— eq number
— gt number
— lt number
— range
— end number
— start number
— pir (number | keyword)
— policer reference
— secondary
— apply-groups reference
— apply-groups-exclude reference
— forward
— next-hop
— nh-ip-vrf
— address ipv6-address
— indirect boolean
— router-instance string
— tcp-mss-adjust
— apply-groups reference
— apply-groups-exclude reference
— description description
— log reference
— match
— dscp keyword
— dst-ip
— address (ipv6-prefix-with-host-bits | ipv6-address)
— ipv6-prefix-list reference
— mask ipv6-address
— dst-port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— extension-header
— ah boolean
— esp boolean
— hop-by-hop boolean
— routing-type0 boolean
— flow-label
— mask number
— value number
— fragment keyword
— icmp
— code number
— type number
— ip
— address (ipv6-prefix-with-host-bits | ipv6-address)
— ipv6-prefix-list reference
— mask ipv6-address
— next-header (number | keyword)
— next-header-list reference
— port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— src-ip
— address (ipv6-prefix-with-host-bits | ipv6-address)
— ipv6-prefix-list reference
— mask ipv6-address
— src-port
— eq number
— gt number
— lt number
— port-list reference
— range
— end number
— start number
— tcp-established
— tcp-flags
— ack boolean
— cwr boolean
— ece boolean
— fin boolean
— ns boolean
— psh boolean
— rst boolean
— syn boolean
— urg boolean
— pbr-down-action-override keyword
— sticky-dest (number | keyword)
— filter-id number
— scope keyword
— log number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— description description-or-empty
— destination
— memory
— max-entries number
— stop-on-full boolean
— syslog
— name reference
— summary
— admin-state keyword
— summary-crit keyword
— match-list
— apply-groups reference
— apply-groups-exclude reference
— ip-prefix-list named-item
— apply-groups reference
— apply-groups-exclude reference
— apply-path
— bgp-peers number
— apply-groups reference
— apply-groups-exclude reference
— group regular-expression-not-all-spaces
— neighbor regular-expression-not-all-spaces
— router-instance string
— description description
— prefix ipv4-prefix
— prefix-exclude ipv4-prefix
— ipv6-prefix-list named-item
— apply-groups reference
— apply-groups-exclude reference
— apply-path
— bgp-peers number
— apply-groups reference
— apply-groups-exclude reference
— group regular-expression-not-all-spaces
— neighbor regular-expression-not-all-spaces
— router-instance string
— description description
— prefix ipv6-prefix
— prefix-exclude ipv6-prefix
— port-list named-item
— apply-groups reference
— apply-groups-exclude reference
— description description
— port number
— range start number end number
— protocol-list named-item
— apply-groups reference
— apply-groups-exclude reference
— description description
— protocol (number | keyword)
— md-auto-id
— filter-id-range
— apply-groups reference
— apply-groups-exclude reference
— end number
— start number
— policer named-item
— apply-groups reference
— apply-groups-exclude reference
— description description
— mbs (number | keyword)
— pir number
— scope keyword
— redirect-policy named-item
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— description description
— destination (ipv4-address-no-zone | ipv6-address-no-zone)
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— description description
— ping-test
— apply-groups reference
— apply-groups-exclude reference
— drop-count number
— hold-down number
— interval number
— source-address (ipv4-address-no-zone | ipv6-address-no-zone)
— timeout number
— priority number
— unicast-rt-test
— notify-dest-change boolean
— router-instance string
— sticky-dest (number | keyword)
— redirect-policy-binding named-item
— apply-groups reference
— apply-groups-exclude reference
— binding-operator keyword
— redirect-policy reference
— apply-groups reference
— apply-groups-exclude reference
— destination reference
— system-filter
— apply-groups reference
— apply-groups-exclude reference
— ip reference
— ipv6 reference
filter command descriptions
filter
dhcp-filter [filter-id] number
| Synopsis | Enter the dhcp-filter list instance | |
| Context | configure filter dhcp-filter number | |
| Tree | dhcp-filter | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[filter-id] number
| Synopsis | Unique DHCP filter policy ID | |
| Context | configure filter dhcp-filter number | |
| Tree | dhcp-filter | |
| Range | 1 to 65535 | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
default-action
| Synopsis | Enable the default-action context | |
| Context | configure filter dhcp-filter number default-action | |
| Tree | default-action | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
drop
| Synopsis | DHCP host creation when the filter entry is matched | |
| Context | configure filter dhcp-filter number default-action drop | |
| Tree | drop | |
Notes | The following elements are part of a mandatory choice: bypass-host-creation or drop. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
description description
| Synopsis | Text description | |
| Context | configure filter dhcp-filter number description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
entry [entry-id] number
| Synopsis | Enter the entry list instance | |
| Context | configure filter dhcp-filter number entry number | |
| Tree | entry | |
| Max. instances | 10 | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
[entry-id] number
| Synopsis | DHCP filter entry ID | |
| Context | configure filter dhcp-filter number entry number | |
| Tree | entry | |
| Range | 1 to 65535 | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
action
| Synopsis | Enable the action context | |
| Context | configure filter dhcp-filter number entry number action | |
| Tree | action | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
drop
option
| Synopsis | Enable the option context | |
| Context | configure filter dhcp-filter number entry number option | |
| Tree | option | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
absent
match
exact boolean
hex string
invert boolean
string string
number number
present
dhcp6-filter [filter-id] number
| Synopsis | Enter the dhcp6-filter list instance | |
| Context | configure filter dhcp6-filter number | |
| Tree | dhcp6-filter | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[filter-id] number
| Synopsis | Unique DHCP filter policy ID | |
| Context | configure filter dhcp6-filter number | |
| Tree | dhcp6-filter | |
| Range | 1 to 65535 | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
default-action
| Synopsis | Enable the default-action context | |
| Context | configure filter dhcp6-filter number default-action | |
| Tree | default-action | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
drop
| Synopsis | Drop DHCPv6 message (do not process) | |
| Context | configure filter dhcp6-filter number default-action drop | |
| Tree | drop | |
Notes | The following elements are part of a mandatory choice: bypass-host-creation or drop. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
description description
| Synopsis | Text description | |
| Context | configure filter dhcp6-filter number description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
entry [entry-id] number
| Synopsis | Enter the entry list instance | |
| Context | configure filter dhcp6-filter number entry number | |
| Tree | entry | |
| Max. instances | 10 | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
[entry-id] number
| Synopsis | DHCP filter entry ID | |
| Context | configure filter dhcp6-filter number entry number | |
| Tree | entry | |
| Range | 1 to 65535 | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
action
| Synopsis | Enable the action context | |
| Context | configure filter dhcp6-filter number entry number action | |
| Tree | action | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
drop
option
| Synopsis | Enable the option context | |
| Context | configure filter dhcp6-filter number entry number option | |
| Tree | option | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
absent
match
exact boolean
hex string
invert boolean
string string
number number
present
ip-exception [filter-name] filter-name
| Synopsis | Enter the ip-exception list instance | |
| Context | configure filter ip-exception filter-name | |
| Tree | ip-exception | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[filter-name] filter-name
| Synopsis | Filter name | |
| Context | configure filter ip-exception filter-name | |
| Tree | ip-exception | |
| String length | 1 to 64 | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
description description
| Synopsis | Text description | |
| Context | configure filter ip-exception filter-name description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
entry [entry-id] number
| Synopsis | Enter the entry list instance | |
| Context | configure filter ip-exception filter-name entry number | |
| Tree | entry | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[entry-id] number
| Synopsis | ID for a match criterion and the corresponding action | |
| Context | configure filter ip-exception filter-name entry number | |
| Tree | entry | |
| Range | 1 to 2097151 | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
description description
| Synopsis | Text description | |
| Context | configure filter ip-exception filter-name entry number description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
match
| Synopsis | Enter the match context | |
| Context | configure filter ip-exception filter-name entry number match | |
| Tree | match | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
dst-ip
address (ipv4-prefix-with-host-bits | ipv4-address)
mask ipv4-address
dst-port
eq number
gt number
lt number
range
end number
start number
icmp
code number
| Synopsis | ICMP code value to match | |
| Context | configure filter ip-exception filter-name entry number match icmp code number | |
| Tree | code | |
Description | This command specifies the ICMP code value that must be present to match. The system matches on ICMP code or ICMP type, or on both values. An entry containing Layer 4 non-zero match criteria does not match non initial (second, third, and so on) fragments of a fragmented packet because only the first fragment contains the Layer 4 information. Similarly, an entry containing an ICMP code value of 0 match criterion may match non initial fragments when the Layer 4 header is not present in a packet fragment and other match criteria are also met. | |
| Range | 0 to 255 | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
type number
| Synopsis | ICMP type value to match | |
| Context | configure filter ip-exception filter-name entry number match icmp type number | |
| Tree | type | |
Description | This command specifies the ICMP type value that must be present to match. The system matches on ICMP code or ICMP type, or on both values. An entry containing Layer 4 non-zero match criteria does not match non initial (second, third, and so on) fragments of a fragmented packet because only the first fragment contains the Layer 4 information. Similarly, an entry containing an ICMP type value of 0 match criterion may match non initial fragments when the Layer 4 header is not present in a packet fragment and other match criteria are also met. | |
| Range | 0 to 255 | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
protocol (number | keyword)
src-ip
address (ipv4-prefix-with-host-bits | ipv4-address)
mask ipv4-address
src-port
eq number
gt number
lt number
range
end number
start number
filter-id number
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Filter ID | |
| Context | configure filter ip-exception filter-name filter-id number | |
| Tree | filter-id | |
| Range | 1 to 65535 | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 | |
ip-filter [filter-name] filter-name
[filter-name] filter-name
chain-to-system-filter boolean
| Synopsis | Chain filter policy to the active IPvX system filter policy | |
| Context | configure filter ip-filter filter-name chain-to-system-filter boolean | |
| Tree | chain-to-system-filter | |
| Default | false | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
default-action keyword
| Synopsis | Action for packets that do not match any entry | |
| Context | configure filter ip-filter filter-name default-action keyword | |
| Tree | default-action | |
| Options | ||
| Default | drop | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
description description
| Synopsis | Text description | |
| Context | configure filter ip-filter filter-name description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
embed
| Synopsis | Enter the embed context | |
| Context | configure filter ip-filter filter-name embed | |
| Tree | embed | |
Description | Commands in this context configure filter policy embedding. A previously defined IPv4 embedded filter policy or Hybrid OpenFlow switch instance can be embedded into an exclusive, template, or system filter policy at the specified offset value. Rules derived from BGP FlowSpec can also be embedded into template filter policies only. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
filter [name] reference offset number
| Synopsis | Enter the filter list instance | |
| Context | configure filter ip-filter filter-name embed filter reference offset number | |
| Tree | filter | |
Description | Commands in this context embed a previously defined IPv4 filter policy into the filter policy at the specified offset value. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[name] reference
offset number
| Synopsis | Offset of the embedded filter policy | |
| Context | configure filter ip-filter filter-name embed filter reference offset number | |
| Tree | filter | |
Description | This command configures the offset of the embedded filter policy. The embedded filter entry X has an entry X + offset in the embedding filter. | |
| Range | 0 to 2097150 | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
admin-state keyword
| Synopsis | Administrative state of the embedded filter | |
| Context | configure filter ip-filter filter-name embed filter reference offset number admin-state keyword | |
| Tree | admin-state | |
| Options | ||
| Default | enable | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
entry [entry-id] number
[entry-id] number
action
accept
| Synopsis | Accept regular routing to forward a matching packet | |
| Context | configure filter ip-filter filter-name entry number action accept | |
| Tree | accept | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
drop
| Synopsis | Drop a packet matching this entry | |
| Context | configure filter ip-filter filter-name entry number action drop | |
| Tree | drop | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
drop-when
extracted-traffic
| Synopsis | Drop traffic extracted to CPM | |
| Context | configure filter ip-filter filter-name entry number action drop-when extracted-traffic | |
| Tree | extracted-traffic | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
packet-length
| Synopsis | Enable the packet-length context | |
| Context | configure filter ip-filter filter-name entry number action drop-when packet-length | |
| Tree | packet-length | |
Notes | The following elements are part of a choice: packet-length or ttl. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
eq number
gt number
lt number
range
end number
start number
ttl
eq number
gt number
lt number
range
| Synopsis | Enable the range context | |
| Context | configure filter ip-filter filter-name entry number action drop-when ttl range | |
| Tree | range | |
Description | This command in this context specify an inclusive range. When range is used, the start of the range (the first value entered) must be smaller than the end of the range (the second value entered). | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
end number
start number
forward
| Synopsis | Enter the forward context | |
| Context | configure filter ip-filter filter-name entry number action forward | |
| Tree | forward | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
next-hop
| Synopsis | Enable the next-hop context | |
| Context | configure filter ip-filter filter-name entry number action forward next-hop | |
| Tree | next-hop | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, srv6-policy, or vprn-target. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
nh-ip
address ipv4-address
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | IPv4 address of next hop to forward matching packets | |
| Context | configure filter ip-filter filter-name entry number action forward next-hop nh-ip address ipv4-address | |
| Tree | address | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 | |
indirect boolean
nh-ip-vrf
address ipv4-address
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | IPv4 address of next hop to forward matching packets | |
| Context | configure filter ip-filter filter-name entry number action forward next-hop nh-ip-vrf address ipv4-address | |
| Tree | address | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 | |
indirect boolean
router-instance string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Routing context for route lookup for forwarding packets | |
| Context | configure filter ip-filter filter-name entry number action forward next-hop nh-ip-vrf router-instance string | |
| Tree | router-instance | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 | |
redirect-policy reference
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Next hop or forward next hop router that forwards a packet that matches this entry | |
| Context | configure filter ip-filter filter-name entry number action forward redirect-policy reference | |
| Tree | redirect-policy | |
Reference | configure filter redirect-policy named-item | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, srv6-policy, or vprn-target. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 | |
router-instance string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Router name or VPRN service name | |
| Context | configure filter ip-filter filter-name entry number action forward router-instance string | |
| Tree | router-instance | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, srv6-policy, or vprn-target. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 | |
ignore-match
| Synopsis | Ignore match criteria for the entry | |
| Context | configure filter ip-filter filter-name entry number action ignore-match | |
| Tree | ignore-match | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
nat
| Synopsis | Enable the nat context | |
| Context | configure filter ip-filter filter-name entry number action nat | |
| Tree | nat | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
nat-policy reference
|
WARNING: Modifying this element clears ISA state, such as flow state, for the new value to take effect. | ||
| Synopsis | NAT policy name when action is NAT | |
| Context | configure filter ip-filter filter-name entry number action nat nat-policy reference | |
| Tree | nat-policy | |
Reference | configure service nat nat-policy external-named-item | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 | |
rate-limit
| Synopsis | Enable the rate-limit context | |
| Context | configure filter ip-filter filter-name entry number action rate-limit | |
| Tree | rate-limit | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
packet-length
| Synopsis | Enable the packet-length context | |
| Context | configure filter ip-filter filter-name entry number action rate-limit packet-length | |
| Tree | packet-length | |
Notes | The following elements are part of a choice: packet-length or ttl. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
eq number
| Synopsis | Exact match criterion for the length | |
| Context | configure filter ip-filter filter-name entry number action rate-limit packet-length eq number | |
| Tree | eq | |
| Range | 0 to 65535 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
gt number
| Synopsis | Greater than match criterion for the length | |
| Context | configure filter ip-filter filter-name entry number action rate-limit packet-length gt number | |
| Tree | gt | |
| Range | 0 to 65534 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
lt number
| Synopsis | Less than match criterion for the length | |
| Context | configure filter ip-filter filter-name entry number action rate-limit packet-length lt number | |
| Tree | lt | |
| Range | 1 to 65535 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
range
| Synopsis | Enable the range context | |
| Context | configure filter ip-filter filter-name entry number action rate-limit packet-length range | |
| Tree | range | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
end number
| Synopsis | Upper bound of the length range | |
| Context | configure filter ip-filter filter-name entry number action rate-limit packet-length range end number | |
| Tree | end | |
| Range | 1 to 65535 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
start number
| Synopsis | Lower bound of the length range | |
| Context | configure filter ip-filter filter-name entry number action rate-limit packet-length range start number | |
| Tree | start | |
| Range | 0 to 65534 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
pir (number | keyword)
| Synopsis | Peak information rate | |
| Context | configure filter ip-filter filter-name entry number action rate-limit pir (number | keyword) | |
| Tree | pir | |
| Range | 0 to 2000000000 | |
| Units | kilobps | |
| Options | ||
|
Notes | The following elements are part of a mandatory choice: pir, policer, or pps-pir. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
policer reference
ttl
eq number
gt number
lt number
range
| Synopsis | Enable the range context | |
| Context | configure filter ip-filter filter-name entry number action rate-limit ttl range | |
| Tree | range | |
Description | This command in this context specify an inclusive range. When range is used, the start of the range (the first value entered) must be smaller than the end of the range (the second value entered). | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
end number
start number
reassemble
| Synopsis | Forward matching packets to reassembly function | |
| Context | configure filter ip-filter filter-name entry number action reassemble | |
| Tree | reassemble | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
secondary
forward
next-hop
nh-ip-vrf
address ipv4-address
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | IPv4 address of next hop to forward matching packets | |
| Context | configure filter ip-filter filter-name entry number action secondary forward next-hop nh-ip-vrf address ipv4-address | |
| Tree | address | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 | |
indirect boolean
router-instance string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Routing context for route lookup for forwarding packets | |
| Context | configure filter ip-filter filter-name entry number action secondary forward next-hop nh-ip-vrf router-instance string | |
| Tree | router-instance | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 | |
tcp-mss-adjust
| Synopsis | Adjust MSS option of TCP matching packets to configured value of tcp-mss in router interface context | |
| Context | configure filter ip-filter filter-name entry number action tcp-mss-adjust | |
| Tree | tcp-mss-adjust | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, gtp-local-breakout, http-redirect, ignore-match, nat, reassemble, or tcp-mss-adjust. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
description description
| Synopsis | Text description | |
| Context | configure filter ip-filter filter-name entry number description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
log reference
match
| Synopsis | Enter the match context | |
| Context | configure filter ip-filter filter-name entry number match | |
| Tree | match | |
Description | Commands in this context configure match criteria for the filter entry. When the match criteria are satisfied, the action associated with the match criteria is executed. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
dscp keyword
dst-ip
| Synopsis | Enter the dst-ip context | |
| Context | configure filter ip-filter filter-name entry number match dst-ip | |
| Tree | dst-ip | |
Description | Commands in this context configure a destination address range that is used by filter policy match criteria. | |
Notes | The following elements are part of a choice: ip or (dst-ip and src-ip). | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
address (ipv4-prefix-with-host-bits | ipv4-address)
| Synopsis | IPv4 address used as the match criterion | |
| Context | configure filter ip-filter filter-name entry number match dst-ip address (ipv4-prefix-with-host-bits | ipv4-address) | |
| Tree | address | |
Notes | The following elements are part of a choice: (address and mask) or ip-prefix-list. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ip-prefix-list reference
| Synopsis | IPv4 address prefix list used as match criterion | |
| Context | configure filter ip-filter filter-name entry number match dst-ip ip-prefix-list reference | |
| Tree | ip-prefix-list | |
Reference | configure filter match-list ip-prefix-list named-item | |
Notes | The following elements are part of a choice: (address and mask) or ip-prefix-list. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
mask ipv4-address
dst-port
| Synopsis | Enter the dst-port context | |
| Context | configure filter ip-filter filter-name entry number match dst-port | |
| Tree | dst-port | |
Description | Commands in this context configure match criteria for the destination port. | |
Notes | The following elements are part of a choice: port or (dst-port and src-port). | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
eq number
gt number
lt number
port-list reference
| Synopsis | Name of the port list as the match criterion | |
| Context | configure filter ip-filter filter-name entry number match dst-port port-list reference | |
| Tree | port-list | |
Reference | configure filter match-list port-list named-item | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
range
end number
start number
fragment keyword
icmp
code number
| Synopsis | ICMP code value to match | |
| Context | configure filter ip-filter filter-name entry number match icmp code number | |
| Tree | code | |
Description | This command specifies the ICMP code value that must be present to match. The system matches on ICMP code or ICMP type, or on both values. An entry containing Layer 4 non-zero match criteria does not match non initial (second, third, and so on) fragments of a fragmented packet because only the first fragment contains the Layer 4 information. Similarly, an entry containing an ICMP code value of 0 match criterion may match non initial fragments when the Layer 4 header is not present in a packet fragment and other match criteria are also met. | |
| Range | 0 to 255 | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
type number
| Synopsis | ICMP type value to match | |
| Context | configure filter ip-filter filter-name entry number match icmp type number | |
| Tree | type | |
Description | This command specifies the ICMP type value that must be present to match. The system matches on ICMP code or ICMP type, or on both values. An entry containing Layer 4 non-zero match criteria does not match non initial (second, third, and so on) fragments of a fragmented packet because only the first fragment contains the Layer 4 information. Similarly, an entry containing an ICMP type value of 0 match criterion may match non initial fragments when the Layer 4 header is not present in a packet fragment and other match criteria are also met. | |
| Range | 0 to 255 | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
ip
address (ipv4-prefix-with-host-bits | ipv4-address)
| Synopsis | IPv4 address used as the match criterion | |
| Context | configure filter ip-filter filter-name entry number match ip address (ipv4-prefix-with-host-bits | ipv4-address) | |
| Tree | address | |
Notes | The following elements are part of a choice: (address and mask) or ip-prefix-list. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ip-prefix-list reference
| Synopsis | IPv4 address prefix list used as match criterion | |
| Context | configure filter ip-filter filter-name entry number match ip ip-prefix-list reference | |
| Tree | ip-prefix-list | |
Reference | configure filter match-list ip-prefix-list named-item | |
Notes | The following elements are part of a choice: (address and mask) or ip-prefix-list. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
mask ipv4-address
ip-option
| Synopsis | Enable the ip-option context | |
| Context | configure filter ip-filter filter-name entry number match ip-option | |
| Tree | ip-option | |
Description | Commands in this context configure matching packets with a specific IP option, or a range of IP options, in the first option of the IP header as an IP filter match criterion. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
mask number
| Synopsis | Mask used with the IP option value in the packet header | |
| Context | configure filter ip-filter filter-name entry number match ip-option mask number | |
| Tree | mask | |
Description | This command specifies an optional value that can be used when specifying a range of option numbers to use as the match criteria. | |
| Range | 1 to 255 | |
| Default | 255 | |
| Introduced | 25.3.R2 | |
Platforms |
7705 SAR Gen 2 |
type number
| Synopsis | IP option to match | |
| Context | configure filter ip-filter filter-name entry number match ip-option type number | |
| Tree | type | |
Description | This command specifies the 8-bit option type in decimal integer, binary, or hexadecimal format. The mask is applied as an AND to the option byte, and the result is compared with the option value. The decimal value entered for the match should be a combined value of the 8-bit option type field and not only the option number. For example, to match IP packets that contain the Router Alert option (option number = 20), enter the option type of 148 (10010100). | |
| Range | 0 to 255 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
multiple-option boolean
| Synopsis | Match based on presence of multiple options in header | |
| Context | configure filter ip-filter filter-name entry number match multiple-option boolean | |
| Tree | multiple-option | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
option-present boolean
| Synopsis | Match on any IP option present in the packet | |
| Context | configure filter ip-filter filter-name entry number match option-present boolean | |
| Tree | option-present | |
Description | When configured to true, the router matches on IP packets that contain any IP option in the IP header. An option field of zero is considered as no option present. When configured to false, the router matches on IP packets that do not have an IP option present in the IP header. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
port
eq number
gt number
lt number
port-list reference
| Synopsis | Name of the port list as the match criterion | |
| Context | configure filter ip-filter filter-name entry number match port port-list reference | |
| Tree | port-list | |
Reference | configure filter match-list port-list named-item | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
range
end number
start number
protocol (number | keyword)
| Synopsis | IP protocol identifier as a match criterion | |
| Context | configure filter ip-filter filter-name entry number match protocol (number | keyword) | |
| Tree | protocol | |
| Range | 0 to 255 | |
| Options | ||
Notes |
The following elements are part of a choice: protocol or protocol-list. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
protocol-list reference
| Synopsis | Name of the protocol list as a match criterion | |
| Context | configure filter ip-filter filter-name entry number match protocol-list reference | |
| Tree | protocol-list | |
Reference | configure filter match-list protocol-list named-item | |
Notes | The following elements are part of a choice: protocol or protocol-list. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
src-ip
| Synopsis | Enter the src-ip context | |
| Context | configure filter ip-filter filter-name entry number match src-ip | |
| Tree | src-ip | |
Description | Commands in this context configure a source address range that is used by filter policy match criteria. | |
Notes | The following elements are part of a choice: ip or (dst-ip and src-ip). | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
address (ipv4-prefix-with-host-bits | ipv4-address)
| Synopsis | IPv4 address used as the match criterion | |
| Context | configure filter ip-filter filter-name entry number match src-ip address (ipv4-prefix-with-host-bits | ipv4-address) | |
| Tree | address | |
Notes | The following elements are part of a choice: (address and mask) or ip-prefix-list. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ip-prefix-list reference
| Synopsis | IPv4 address prefix list used as match criterion | |
| Context | configure filter ip-filter filter-name entry number match src-ip ip-prefix-list reference | |
| Tree | ip-prefix-list | |
Reference | configure filter match-list ip-prefix-list named-item | |
Notes | The following elements are part of a choice: (address and mask) or ip-prefix-list. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
mask ipv4-address
src-port
| Synopsis | Enter the src-port context | |
| Context | configure filter ip-filter filter-name entry number match src-port | |
| Tree | src-port | |
Description | Commands in this context configure match criteria for the source port. | |
Notes | The following elements are part of a choice: port or (dst-port and src-port). | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
eq number
gt number
lt number
port-list reference
| Synopsis | Name of the port list as the match criterion | |
| Context | configure filter ip-filter filter-name entry number match src-port port-list reference | |
| Tree | port-list | |
Reference | configure filter match-list port-list named-item | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
range
end number
start number
src-route-option boolean
| Synopsis | Match based on presence of source route option | |
| Context | configure filter ip-filter filter-name entry number match src-route-option boolean | |
| Tree | src-route-option | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
tcp-established
| Synopsis | Use ACK or RST status in TCP header as match criterion | |
| Context | configure filter ip-filter filter-name entry number match tcp-established | |
| Tree | tcp-established | |
Description | When configured to true, a match occurs when the ACK or the RST TCP flag bit is set in the TCP header of an IP packet. | |
Notes | The following elements are part of a choice: tcp-established or tcp-flags. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
tcp-flags
| Synopsis | Enter the tcp-flags context | |
| Context | configure filter ip-filter filter-name entry number match tcp-flags | |
| Tree | tcp-flags | |
Description | Commands in this context configure the use of TCP flags as the IP filter match. | |
Notes | The following elements are part of a choice: tcp-established or tcp-flags. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ack boolean
| Synopsis | Use ACK TCP bit status in TCP header as match criterion | |
| Context | configure filter ip-filter filter-name entry number match tcp-flags ack boolean | |
| Tree | ack | |
Description | When configured to true, a match occurs when the ACK TCP flag bit, defined in RFC 793, is set in the TCP header of an IP packet. When configured to false, a match occurs when the ACK TCP flag bit is not set in the TCP header of an IP packet. When unconfigured, the system does not use the TCP flag as a match criterion. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
cwr boolean
| Synopsis | Use CWR TCP bit status in TCP header as match criterion | |
| Context | configure filter ip-filter filter-name entry number match tcp-flags cwr boolean | |
| Tree | cwr | |
Description | When configured to true, a match occurs when the Congestion Window Reduced (CWR) TCP flag bit, defined in RFC 3168, is set in the TCP header of an IP packet. When configured to false, a match occurs when the CWR TCP flag bit is not set in the TCP header of an IP packet. When unconfigured, the system does not use the TCP flag as a match criterion. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ece boolean
| Synopsis | Use ECE TCP bit status in TCP header as match criterion | |
| Context | configure filter ip-filter filter-name entry number match tcp-flags ece boolean | |
| Tree | ece | |
Description | When configured to true, a match occurs when the ECN-Echo (ECE) TCP flag bit, defined in RFC 3168, is set in the TCP header of an IP packet. When configured to false, a match occurs when the ECE TCP flag bit is not set in the TCP header of an IP packet. When unconfigured, the system does not use the TCP flag as a match criterion. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
fin boolean
| Synopsis | Use FIN TCP bit status in TCP header as match criterion | |
| Context | configure filter ip-filter filter-name entry number match tcp-flags fin boolean | |
| Tree | fin | |
Description | When configured to true, a match occurs when the FIN TCP flag bit is set in the TCP header of an IP packet. When configured to false, a match occurs when the FIN TCP flag bit, defined in RFC 793, is not set in the TCP header of an IP packet. When unconfigured, the system does not use the TCP flag as a match criterion. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ns boolean
| Synopsis | Use NS TCP bit status in TCP header as match criterion | |
| Context | configure filter ip-filter filter-name entry number match tcp-flags ns boolean | |
| Tree | ns | |
Description | When configured to true, a match occurs when the Nonce Sum (NS) TCP flag bit, defined in RFC 3540, is set in the TCP header of an IP packet. When configured to false, a match occurs when the NS TCP flag bit is not set in the TCP header of an IP packet. When unconfigured, the system does not use the TCP flag as a match criterion. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
psh boolean
| Synopsis | Use PSH TCP bit status in TCP header as match criterion | |
| Context | configure filter ip-filter filter-name entry number match tcp-flags psh boolean | |
| Tree | psh | |
Description | When configured to true, a match occurs when the Push (PSH) TCP flag bit is set in the TCP header of an IP packet. When configured to false, a match occurs when the Push (PSH) TCP flag bit is not set in the TCP header of an IP packet. When unconfigured, the system does not use the TCP flag as a match criterion. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
rst boolean
| Synopsis | Use RST TCP bit status in TCP header as match criterion | |
| Context | configure filter ip-filter filter-name entry number match tcp-flags rst boolean | |
| Tree | rst | |
Description | When configured to true, a match occurs when the RST TCP flag bit is set in the TCP header of an IP packet. When configured to false, a match occurs when the RST TCP flag bit is not set in the TCP header of an IP packet. When unconfigured, the system does not use the TCP flag as a match criterion. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
syn boolean
| Synopsis | Use SYN TCP bit status in TCP header as match criterion | |
| Context | configure filter ip-filter filter-name entry number match tcp-flags syn boolean | |
| Tree | syn | |
Description | When configured to true, a match occurs when the Synchronize (SYN) TCP flag bit is set in the TCP header of an IP packet. When configured to false, a match occurs when the SYN TCP flag bit is not set in the TCP header of an IP packet. When unconfigured, the system does not use the TCP flag as a match criterion. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
urg boolean
| Synopsis | Use URG TCP bit status in TCP header as match criterion | |
| Context | configure filter ip-filter filter-name entry number match tcp-flags urg boolean | |
| Tree | urg | |
Description | When configured to true, a match occurs when the Urgent (URG) TCP flag bit is set in the TCP header of an IP packet. When configured to false, a match occurs when the URG TCP flag bit is not set in the TCP header of an IP packet. When unconfigured, the system does not use the TCP flag as a match criterion. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
pbr-down-action-override keyword
| Synopsis | Action when PBR or PBF target for this entry is not available | |
| Context | configure filter ip-filter filter-name entry number pbr-down-action-override keyword | |
| Tree | pbr-down-action-override | |
| Options | ||
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
sticky-dest (number | keyword)
| Synopsis | Time before action with available PBR or PBF destination and highest priority | |
| Context | configure filter ip-filter filter-name entry number sticky-dest (number | keyword) | |
| Tree | sticky-dest | |
| Range | 0 to 65535 | |
| Units | seconds | |
| Options | ||
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
filter-id number
scope keyword
| Synopsis | Scope of the filter definition | |
| Context | configure filter ip-filter filter-name scope keyword | |
| Tree | scope | |
Description | This command configures the filter policy scope. If the scope of the policy is template and is applied to one or more services or network interfaces, the scope cannot be changed. | |
| Options | ||
| Default | template | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
ipv6-exception [filter-name] filter-name
| Synopsis | Enter the ipv6-exception list instance | |
| Context | configure filter ipv6-exception filter-name | |
| Tree | ipv6-exception | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[filter-name] filter-name
| Synopsis | Filter name | |
| Context | configure filter ipv6-exception filter-name | |
| Tree | ipv6-exception | |
| String length | 1 to 64 | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
description description
| Synopsis | Text description | |
| Context | configure filter ipv6-exception filter-name description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
entry [entry-id] number
| Synopsis | Enter the entry list instance | |
| Context | configure filter ipv6-exception filter-name entry number | |
| Tree | entry | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[entry-id] number
| Synopsis | ID for a match criterion and the corresponding action | |
| Context | configure filter ipv6-exception filter-name entry number | |
| Tree | entry | |
| Range | 1 to 2097151 | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
description description
| Synopsis | Text description | |
| Context | configure filter ipv6-exception filter-name entry number description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
match
| Synopsis | Enter the match context | |
| Context | configure filter ipv6-exception filter-name entry number match | |
| Tree | match | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
dst-ip
address (ipv6-prefix-with-host-bits | ipv6-address)
| Synopsis | IPv6 address used as the match criterion | |
| Context | configure filter ipv6-exception filter-name entry number match dst-ip address (ipv6-prefix-with-host-bits | ipv6-address) | |
| Tree | address | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ipv6-prefix-list reference
| Synopsis | IPv6 address prefix list used as match criterion | |
| Context | configure filter ipv6-exception filter-name entry number match dst-ip ipv6-prefix-list reference | |
| Tree | ipv6-prefix-list | |
Reference | configure filter match-list ipv6-prefix-list named-item | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
mask ipv6-address
dst-port
| Synopsis | Enter the dst-port context | |
| Context | configure filter ipv6-exception filter-name entry number match dst-port | |
| Tree | dst-port | |
Description | Commands in this context configure match criteria for the destination port. | |
Notes | The following elements are part of a choice: port or (dst-port and src-port). | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
eq number
gt number
lt number
port-list reference
| Synopsis | Name of the port list as the match criterion | |
| Context | configure filter ipv6-exception filter-name entry number match dst-port port-list reference | |
| Tree | port-list | |
Reference | configure filter match-list port-list named-item | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
range
end number
start number
icmp
code number
| Synopsis | ICMPv6 code value to match | |
| Context | configure filter ipv6-exception filter-name entry number match icmp code number | |
| Tree | code | |
Description | This command specifies the ICMPv6 code value that must be present to match. The system matches on ICMP code or ICMP type, or on both values. An entry containing Layer 4 non-zero match criteria does not match non initial (second, third, and so on) fragments of a fragmented packet because only the first fragment contains the Layer 4 information. Similarly, an entry containing an ICMP code value of 0 match criterion may match non-initial fragments when the Layer 4 header is not present in a packet fragment and other match criteria are also met. | |
| Range | 0 to 255 | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
type number
| Synopsis | ICMPv6 type value to match | |
| Context | configure filter ipv6-exception filter-name entry number match icmp type number | |
| Tree | type | |
Description | This command specifies the ICMPv6 type value that must be present to match. The system matches on ICMP code or ICMP type, or on both values. An entry containing Layer 4 non-zero match criteria does not match non initial (second, third, and so on) fragments of a fragmented packet because only the first fragment contains the Layer 4 information. Similarly, an entry containing an ICMP type value of 0 match criterion may match non initial fragments when the Layer 4 header is not present in a packet fragment and other match criteria are also met. | |
| Range | 0 to 255 | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
next-header (number | keyword)
| Synopsis | IP protocol to match | |
| Context | configure filter ipv6-exception filter-name entry number match next-header (number | keyword) | |
| Tree | next-header | |
| Range | 0 to 255 | |
| Options | ||
| Introduced | 25.3.R2 | |
Platforms |
7705 SAR Gen 2 |
port
eq number
gt number
lt number
port-list reference
| Synopsis | Name of the port list as the match criterion | |
| Context | configure filter ipv6-exception filter-name entry number match port port-list reference | |
| Tree | port-list | |
Reference | configure filter match-list port-list named-item | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
range
end number
start number
src-ip
address (ipv6-prefix-with-host-bits | ipv6-address)
| Synopsis | IPv6 address used as the match criterion | |
| Context | configure filter ipv6-exception filter-name entry number match src-ip address (ipv6-prefix-with-host-bits | ipv6-address) | |
| Tree | address | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ipv6-prefix-list reference
| Synopsis | IPv6 address prefix list used as match criterion | |
| Context | configure filter ipv6-exception filter-name entry number match src-ip ipv6-prefix-list reference | |
| Tree | ipv6-prefix-list | |
Reference | configure filter match-list ipv6-prefix-list named-item | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
mask ipv6-address
src-port
| Synopsis | Enter the src-port context | |
| Context | configure filter ipv6-exception filter-name entry number match src-port | |
| Tree | src-port | |
Description | Commands in this context configure match criteria for the source port. | |
Notes | The following elements are part of a choice: port or (dst-port and src-port). | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
eq number
gt number
lt number
port-list reference
| Synopsis | Name of the port list as the match criterion | |
| Context | configure filter ipv6-exception filter-name entry number match src-port port-list reference | |
| Tree | port-list | |
Reference | configure filter match-list port-list named-item | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
range
end number
start number
filter-id number
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Filter ID | |
| Context | configure filter ipv6-exception filter-name filter-id number | |
| Tree | filter-id | |
| Range | 1 to 65535 | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 | |
ipv6-filter [filter-name] filter-name
| Synopsis | Enter the ipv6-filter list instance | |
| Context | configure filter ipv6-filter filter-name | |
| Tree | ipv6-filter | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[filter-name] filter-name
| Synopsis | Filter name | |
| Context | configure filter ipv6-filter filter-name | |
| Tree | ipv6-filter | |
| String length | 1 to 64 | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
chain-to-system-filter boolean
| Synopsis | Chain filter policy to the active IPvX system filter policy | |
| Context | configure filter ipv6-filter filter-name chain-to-system-filter boolean | |
| Tree | chain-to-system-filter | |
| Default | false | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
default-action keyword
| Synopsis | Action for packets that do not match any entry | |
| Context | configure filter ipv6-filter filter-name default-action keyword | |
| Tree | default-action | |
| Options | ||
| Default | drop | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
description description
| Synopsis | Text description | |
| Context | configure filter ipv6-filter filter-name description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
embed
| Synopsis | Enter the embed context | |
| Context | configure filter ipv6-filter filter-name embed | |
| Tree | embed | |
Description | Commands in this context configure filter policy embedding. A previously defined IPv6 embedded filter policy or Hybrid OpenFlow switch instance can be embedded into an exclusive, template, or system filter policy at the specified offset value. Rules derived from BGP FlowSpec can also be embedded into template filter policies only. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
filter [name] reference offset number
| Synopsis | Enter the filter list instance | |
| Context | configure filter ipv6-filter filter-name embed filter reference offset number | |
| Tree | filter | |
Description | Commands in this context embed a previously defined IPv6 filter policy into the filter policy at the specified offset value. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[name] reference
| Synopsis | IPv6 policy to be embedded in the filter | |
| Context | configure filter ipv6-filter filter-name embed filter reference offset number | |
| Tree | filter | |
Reference | configure filter ipv6-filter filter-name | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
offset number
| Synopsis | Offset of the embedded filter policy | |
| Context | configure filter ipv6-filter filter-name embed filter reference offset number | |
| Tree | filter | |
Description | This command configures the offset of the embedded filter policy. The embedded filter entry X has an entry X + offset in the embedding filter. | |
| Range | 0 to 2097150 | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
admin-state keyword
| Synopsis | Administrative state of the embedded filter | |
| Context | configure filter ipv6-filter filter-name embed filter reference offset number admin-state keyword | |
| Tree | admin-state | |
| Options | ||
| Default | enable | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
entry [entry-id] number
| Synopsis | Enter the entry list instance | |
| Context | configure filter ipv6-filter filter-name entry number | |
| Tree | entry | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[entry-id] number
| Synopsis | ID for a match criterion and the corresponding action | |
| Context | configure filter ipv6-filter filter-name entry number | |
| Tree | entry | |
| Range | 1 to 2097151 | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
action
| Synopsis | Enable the action context | |
| Context | configure filter ipv6-filter filter-name entry number action | |
| Tree | action | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
accept
| Synopsis | Accept regular routing to forward a matching packet | |
| Context | configure filter ipv6-filter filter-name entry number action accept | |
| Tree | accept | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, http-redirect, ignore-match, nat, or tcp-mss-adjust. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
drop
| Synopsis | Drop a packet matching this entry | |
| Context | configure filter ipv6-filter filter-name entry number action drop | |
| Tree | drop | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, http-redirect, ignore-match, nat, or tcp-mss-adjust. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
drop-when
extracted-traffic
| Synopsis | Drop traffic extracted to CPM | |
| Context | configure filter ipv6-filter filter-name entry number action drop-when extracted-traffic | |
| Tree | extracted-traffic | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
hop-limit
eq number
gt number
lt number
range
| Synopsis | Enable the range context | |
| Context | configure filter ipv6-filter filter-name entry number action drop-when hop-limit range | |
| Tree | range | |
Description | This command in this context specify an inclusive range. When range is used, the start of the range (the first value entered) must be smaller than the end of the range (the second value entered). | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
end number
start number
payload-length
| Synopsis | Enable the payload-length context | |
| Context | configure filter ipv6-filter filter-name entry number action drop-when payload-length | |
| Tree | payload-length | |
Notes | The following elements are part of a choice: hop-limit or payload-length. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
eq number
| Synopsis | Exact match criterion for the length | |
| Context | configure filter ipv6-filter filter-name entry number action drop-when payload-length eq number | |
| Tree | eq | |
| Range | 0 to 65535 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
gt number
| Synopsis | Greater than match criterion for the length | |
| Context | configure filter ipv6-filter filter-name entry number action drop-when payload-length gt number | |
| Tree | gt | |
| Range | 0 to 65534 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
lt number
| Synopsis | Less than match criterion for the length | |
| Context | configure filter ipv6-filter filter-name entry number action drop-when payload-length lt number | |
| Tree | lt | |
| Range | 1 to 65535 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
range
| Synopsis | Enable the range context | |
| Context | configure filter ipv6-filter filter-name entry number action drop-when payload-length range | |
| Tree | range | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
end number
| Synopsis | Upper bound of the length range | |
| Context | configure filter ipv6-filter filter-name entry number action drop-when payload-length range end number | |
| Tree | end | |
| Range | 1 to 65535 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
start number
| Synopsis | Lower bound of the length range | |
| Context | configure filter ipv6-filter filter-name entry number action drop-when payload-length range start number | |
| Tree | start | |
| Range | 0 to 65534 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
forward
| Synopsis | Enter the forward context | |
| Context | configure filter ipv6-filter filter-name entry number action forward | |
| Tree | forward | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, http-redirect, ignore-match, nat, or tcp-mss-adjust. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
next-hop
| Synopsis | Enable the next-hop context | |
| Context | configure filter ipv6-filter filter-name entry number action forward next-hop | |
| Tree | next-hop | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, srv6-policy, or vprn-target. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
nh-ip
address ipv6-address
| Synopsis | IPv6 address of next hop to forward matching packets | |
| Context | configure filter ipv6-filter filter-name entry number action forward next-hop nh-ip address ipv6-address | |
| Tree | address | |
Description | This command specifies the IPv6 address of a direct or indirect next hop to which matching packets are forwarded. | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
indirect boolean
nh-ip-vrf
address ipv6-address
| Synopsis | IPv6 address of next hop to forward matching packets | |
| Context | configure filter ipv6-filter filter-name entry number action forward next-hop nh-ip-vrf address ipv6-address | |
| Tree | address | |
Description | This command specifies the IPv6 address of a direct or indirect next hop to which matching packets are forwarded. | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
indirect boolean
router-instance string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Routing context for route lookup for forwarding packets | |
| Context | configure filter ipv6-filter filter-name entry number action forward next-hop nh-ip-vrf router-instance string | |
| Tree | router-instance | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 | |
redirect-policy reference
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Next hop or forward next hop router that forwards a packet that matches this entry | |
| Context | configure filter ipv6-filter filter-name entry number action forward redirect-policy reference | |
| Tree | redirect-policy | |
Reference | configure filter redirect-policy named-item | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, srv6-policy, or vprn-target. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 | |
router-instance string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Router name or VPRN service name | |
| Context | configure filter ipv6-filter filter-name entry number action forward router-instance string | |
| Tree | router-instance | |
Notes | The following elements are part of a choice: bonding-connection, esi-l2, esi-l3, gre-tunnel, lsp, mpls-policy, next-hop, redirect-policy, router-instance, sap, sdp, srte-policy, srv6-policy, or vprn-target. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 | |
ignore-match
| Synopsis | Ignore match criteria for the entry | |
| Context | configure filter ipv6-filter filter-name entry number action ignore-match | |
| Tree | ignore-match | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, http-redirect, ignore-match, nat, or tcp-mss-adjust. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
rate-limit
| Synopsis | Enable the rate-limit context | |
| Context | configure filter ipv6-filter filter-name entry number action rate-limit | |
| Tree | rate-limit | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
hop-limit
| Synopsis | Enable the hop-limit context | |
| Context | configure filter ipv6-filter filter-name entry number action rate-limit hop-limit | |
| Tree | hop-limit | |
Notes | The following elements are part of a choice: hop-limit or payload-length. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
eq number
| Synopsis | Equal to condition match value | |
| Context | configure filter ipv6-filter filter-name entry number action rate-limit hop-limit eq number | |
| Tree | eq | |
| Range | 0 to 255 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
gt number
| Synopsis | Greater than condition match value | |
| Context | configure filter ipv6-filter filter-name entry number action rate-limit hop-limit gt number | |
| Tree | gt | |
| Range | 0 to 254 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
lt number
| Synopsis | Less than condition match value | |
| Context | configure filter ipv6-filter filter-name entry number action rate-limit hop-limit lt number | |
| Tree | lt | |
| Range | 1 to 255 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
range
| Synopsis | Enable the range context | |
| Context | configure filter ipv6-filter filter-name entry number action rate-limit hop-limit range | |
| Tree | range | |
Description | This command in this context specify an inclusive range. When range is used, the start of the range (the first value entered) must be smaller than the end of the range (the second value entered). | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
end number
| Synopsis | Upper bound of the range | |
| Context | configure filter ipv6-filter filter-name entry number action rate-limit hop-limit range end number | |
| Tree | end | |
| Range | 1 to 255 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
start number
| Synopsis | Lower bound of the range | |
| Context | configure filter ipv6-filter filter-name entry number action rate-limit hop-limit range start number | |
| Tree | start | |
| Range | 0 to 254 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
payload-length
| Synopsis | Enable the payload-length context | |
| Context | configure filter ipv6-filter filter-name entry number action rate-limit payload-length | |
| Tree | payload-length | |
Notes | The following elements are part of a choice: hop-limit or payload-length. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
eq number
| Synopsis | Exact match criterion for the length | |
| Context | configure filter ipv6-filter filter-name entry number action rate-limit payload-length eq number | |
| Tree | eq | |
| Range | 0 to 65535 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
gt number
| Synopsis | Greater than match criterion for the length | |
| Context | configure filter ipv6-filter filter-name entry number action rate-limit payload-length gt number | |
| Tree | gt | |
| Range | 0 to 65534 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
lt number
| Synopsis | Less than match criterion for the length | |
| Context | configure filter ipv6-filter filter-name entry number action rate-limit payload-length lt number | |
| Tree | lt | |
| Range | 1 to 65535 | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
range
| Synopsis | Enable the range context | |
| Context | configure filter ipv6-filter filter-name entry number action rate-limit payload-length range | |
| Tree | range | |
Notes | The following elements are part of a mandatory choice: eq, gt, lt, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
end number
| Synopsis | Upper bound of the length range | |
| Context | configure filter ipv6-filter filter-name entry number action rate-limit payload-length range end number | |
| Tree | end | |
| Range | 1 to 65535 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
start number
| Synopsis | Lower bound of the length range | |
| Context | configure filter ipv6-filter filter-name entry number action rate-limit payload-length range start number | |
| Tree | start | |
| Range | 0 to 65534 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
pir (number | keyword)
| Synopsis | Peak information rate | |
| Context | configure filter ipv6-filter filter-name entry number action rate-limit pir (number | keyword) | |
| Tree | pir | |
| Range | 0 to 2000000000 | |
| Units | kilobps | |
| Options | ||
|
Notes | The following elements are part of a mandatory choice: pir, policer, or pps-pir. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
policer reference
| Synopsis | Policer name to use for rate limiting traffic | |
| Context | configure filter ipv6-filter filter-name entry number action rate-limit policer reference | |
| Tree | policer | |
Reference | ||
Notes | The following elements are part of a mandatory choice: pir, policer, or pps-pir. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
secondary
forward
next-hop
nh-ip-vrf
address ipv6-address
| Synopsis | IPv6 address of next hop to forward matching packets | |
| Context | configure filter ipv6-filter filter-name entry number action secondary forward next-hop nh-ip-vrf address ipv6-address | |
| Tree | address | |
Description | This command specifies the IPv6 address of a direct or indirect next hop to which matching packets are forwarded. | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
indirect boolean
router-instance string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Routing context for route lookup for forwarding packets | |
| Context | configure filter ipv6-filter filter-name entry number action secondary forward next-hop nh-ip-vrf router-instance string | |
| Tree | router-instance | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 | |
tcp-mss-adjust
| Synopsis | Adjust MSS option of TCP matching packets to configured value of tcp-mss in router interface context | |
| Context | configure filter ipv6-filter filter-name entry number action tcp-mss-adjust | |
| Tree | tcp-mss-adjust | |
Notes | The following elements are part of a mandatory choice: accept, drop, forward, http-redirect, ignore-match, nat, or tcp-mss-adjust. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
description description
| Synopsis | Text description | |
| Context | configure filter ipv6-filter filter-name entry number description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
log reference
match
| Synopsis | Enter the match context | |
| Context | configure filter ipv6-filter filter-name entry number match | |
| Tree | match | |
Description | Commands in this context provide match criteria for the filter entry. When the match criteria are satisfied, the action associated with the match criteria is executed. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
dscp keyword
dst-ip
| Synopsis | Enter the dst-ip context | |
| Context | configure filter ipv6-filter filter-name entry number match dst-ip | |
| Tree | dst-ip | |
Description | Commands in this context configure a destination address range that is used by filter policy match criteria. | |
Notes | The following elements are part of a choice: ip or (dst-ip and src-ip). | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
address (ipv6-prefix-with-host-bits | ipv6-address)
| Synopsis | IPv6 address used as the match criterion | |
| Context | configure filter ipv6-filter filter-name entry number match dst-ip address (ipv6-prefix-with-host-bits | ipv6-address) | |
| Tree | address | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ipv6-prefix-list reference
| Synopsis | IPv6 address prefix list used as match criterion | |
| Context | configure filter ipv6-filter filter-name entry number match dst-ip ipv6-prefix-list reference | |
| Tree | ipv6-prefix-list | |
Reference | configure filter match-list ipv6-prefix-list named-item | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
mask ipv6-address
dst-port
| Synopsis | Enter the dst-port context | |
| Context | configure filter ipv6-filter filter-name entry number match dst-port | |
| Tree | dst-port | |
Description | Commands in this context configure match criteria for the destination port. | |
Notes | The following elements are part of a choice: port or (dst-port and src-port). | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
eq number
gt number
lt number
port-list reference
| Synopsis | Name of the port list as the match criterion | |
| Context | configure filter ipv6-filter filter-name entry number match dst-port port-list reference | |
| Tree | port-list | |
Reference | configure filter match-list port-list named-item | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
range
end number
start number
extension-header
| Synopsis | Enter the extension-header context | |
| Context | configure filter ipv6-filter filter-name entry number match extension-header | |
| Tree | extension-header | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ah boolean
| Synopsis | Match a packet as per the existence of an AH Extension Header | |
| Context | configure filter ipv6-filter filter-name entry number match extension-header ah boolean | |
| Tree | ah | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
esp boolean
| Synopsis | Match a packet as per the existence of an Encapsulation security payload extension header | |
| Context | configure filter ipv6-filter filter-name entry number match extension-header esp boolean | |
| Tree | esp | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
hop-by-hop boolean
| Synopsis | Match on Hop-by-Hop Options Extension Header existence | |
| Context | configure filter ipv6-filter filter-name entry number match extension-header hop-by-hop boolean | |
| Tree | hop-by-hop | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
routing-type0 boolean
| Synopsis | Match a packet as per the existence of a routing Extension Header | |
| Context | configure filter ipv6-filter filter-name entry number match extension-header routing-type0 boolean | |
| Tree | routing-type0 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
flow-label
| Synopsis | Enable the flow-label context | |
| Context | configure filter ipv6-filter filter-name entry number match flow-label | |
| Tree | flow-label | |
Description | Commands in this context configure the flow label and optional mask match condition. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
mask number
| Synopsis | Flow label mask for the IPv6 filter entry | |
| Context | configure filter ipv6-filter filter-name entry number match flow-label mask number | |
| Tree | mask | |
Description | This command specifies the IPv6 address mask for the flow label filter entry. This value can be expressed in decimal, hexadecimal, or binary format. | |
| Range | 1 to 1048575 | |
| Default | 1048575 | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
value number
| Synopsis | Flow label as a match criterion | |
| Context | configure filter ipv6-filter filter-name entry number match flow-label value number | |
| Tree | value | |
Description | This command specifies the flow label to use as a match criterion. This value can be expressed in decimal, hexadecimal, or binary format. | |
| Range | 0 to 1048575 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
fragment keyword
icmp
code number
| Synopsis | ICMPv6 code value to match | |
| Context | configure filter ipv6-filter filter-name entry number match icmp code number | |
| Tree | code | |
Description | This command specifies the ICMPv6 code value that must be present to match. The system matches on ICMP code or ICMP type, or on both values. An entry containing Layer 4 non-zero match criteria does not match non initial (second, third, and so on) fragments of a fragmented packet because only the first fragment contains the Layer 4 information. Similarly, an entry containing an ICMP code value of 0 match criterion may match non-initial fragments when the Layer 4 header is not present in a packet fragment and other match criteria are also met. | |
| Range | 0 to 255 | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
type number
| Synopsis | ICMPv6 type value to match | |
| Context | configure filter ipv6-filter filter-name entry number match icmp type number | |
| Tree | type | |
Description | This command specifies the ICMPv6 type value that must be present to match. The system matches on ICMP code or ICMP type, or on both values. An entry containing Layer 4 non-zero match criteria does not match non initial (second, third, and so on) fragments of a fragmented packet because only the first fragment contains the Layer 4 information. Similarly, an entry containing an ICMP type value of 0 match criterion may match non initial fragments when the Layer 4 header is not present in a packet fragment and other match criteria are also met. | |
| Range | 0 to 255 | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
ip
address (ipv6-prefix-with-host-bits | ipv6-address)
| Synopsis | IPv6 address used as the match criterion | |
| Context | configure filter ipv6-filter filter-name entry number match ip address (ipv6-prefix-with-host-bits | ipv6-address) | |
| Tree | address | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ipv6-prefix-list reference
| Synopsis | IPv6 address prefix list used as match criterion | |
| Context | configure filter ipv6-filter filter-name entry number match ip ipv6-prefix-list reference | |
| Tree | ipv6-prefix-list | |
Reference | configure filter match-list ipv6-prefix-list named-item | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
mask ipv6-address
next-header (number | keyword)
| Synopsis | IP protocol to match | |
| Context | configure filter ipv6-filter filter-name entry number match next-header (number | keyword) | |
| Tree | next-header | |
| Range | 0 to 255 | |
| Options | ||
Notes |
The following elements are part of a choice: next-header or next-header-list. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
next-header-list reference
| Synopsis | Name of the protocol list as a match criterion | |
| Context | configure filter ipv6-filter filter-name entry number match next-header-list reference | |
| Tree | next-header-list | |
Reference | configure filter match-list protocol-list named-item | |
Notes | The following elements are part of a choice: next-header or next-header-list. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
port
eq number
gt number
lt number
port-list reference
| Synopsis | Name of the port list as the match criterion | |
| Context | configure filter ipv6-filter filter-name entry number match port port-list reference | |
| Tree | port-list | |
Reference | configure filter match-list port-list named-item | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
range
end number
start number
src-ip
| Synopsis | Enter the src-ip context | |
| Context | configure filter ipv6-filter filter-name entry number match src-ip | |
| Tree | src-ip | |
Description | Commands in this context configure a source address range that is used by filter policy match criteria. | |
Notes | The following elements are part of a choice: ip or (dst-ip and src-ip). | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
address (ipv6-prefix-with-host-bits | ipv6-address)
| Synopsis | IPv6 address used as the match criterion | |
| Context | configure filter ipv6-filter filter-name entry number match src-ip address (ipv6-prefix-with-host-bits | ipv6-address) | |
| Tree | address | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ipv6-prefix-list reference
| Synopsis | IPv6 address prefix list used as match criterion | |
| Context | configure filter ipv6-filter filter-name entry number match src-ip ipv6-prefix-list reference | |
| Tree | ipv6-prefix-list | |
Reference | configure filter match-list ipv6-prefix-list named-item | |
Notes | The following elements are part of a choice: (address and mask) or ipv6-prefix-list. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
mask ipv6-address
src-port
| Synopsis | Enter the src-port context | |
| Context | configure filter ipv6-filter filter-name entry number match src-port | |
| Tree | src-port | |
Description | Commands in this context configure match criteria for the source port. | |
Notes | The following elements are part of a choice: port or (dst-port and src-port). | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
eq number
gt number
lt number
port-list reference
| Synopsis | Name of the port list as the match criterion | |
| Context | configure filter ipv6-filter filter-name entry number match src-port port-list reference | |
| Tree | port-list | |
Reference | configure filter match-list port-list named-item | |
Notes | The following elements are part of a choice: eq, gt, lt, port-list, or range. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
range
end number
start number
tcp-established
| Synopsis | Use ACK or RST status in TCP header as match criterion | |
| Context | configure filter ipv6-filter filter-name entry number match tcp-established | |
| Tree | tcp-established | |
Description | When configured to true, a match occurs when the ACK or the RST TCP flag bit is set in the TCP header of an IP packet. | |
Notes | The following elements are part of a choice: tcp-established or tcp-flags. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
tcp-flags
| Synopsis | Enter the tcp-flags context | |
| Context | configure filter ipv6-filter filter-name entry number match tcp-flags | |
| Tree | tcp-flags | |
Description | Commands in this context configure the use of TCP flags as the IP filter match. | |
Notes | The following elements are part of a choice: tcp-established or tcp-flags. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ack boolean
| Synopsis | Use ACK TCP bit status in TCP header as match criterion | |
| Context | configure filter ipv6-filter filter-name entry number match tcp-flags ack boolean | |
| Tree | ack | |
Description | When configured to true, a match occurs when the ACK TCP flag bit, defined in RFC 793, is set in the TCP header of an IP packet. When configured to false, a match occurs when the ACK TCP flag bit is not set in the TCP header of an IP packet. When unconfigured, the system does not use the TCP flag as a match criterion. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
cwr boolean
| Synopsis | Use CWR TCP bit status in TCP header as match criterion | |
| Context | configure filter ipv6-filter filter-name entry number match tcp-flags cwr boolean | |
| Tree | cwr | |
Description | When configured to true, a match occurs when the Congestion Window Reduced (CWR) TCP flag bit, defined in RFC 3168, is set in the TCP header of an IP packet. When configured to false, a match occurs when the CWR TCP flag bit is not set in the TCP header of an IP packet. When unconfigured, the system does not use the TCP flag as a match criterion. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ece boolean
| Synopsis | Use ECE TCP bit status in TCP header as match criterion | |
| Context | configure filter ipv6-filter filter-name entry number match tcp-flags ece boolean | |
| Tree | ece | |
Description | When configured to true, a match occurs when the ECN-Echo (ECE) TCP flag bit, defined in RFC 3168, is set in the TCP header of an IP packet. When configured to false, a match occurs when the ECE TCP flag bit is not set in the TCP header of an IP packet. When unconfigured, the system does not use the TCP flag as a match criterion. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
fin boolean
| Synopsis | Use FIN TCP bit status in TCP header as match criterion | |
| Context | configure filter ipv6-filter filter-name entry number match tcp-flags fin boolean | |
| Tree | fin | |
Description | When configured to true, a match occurs when the FIN TCP flag bit is set in the TCP header of an IP packet. When configured to false, a match occurs when the FIN TCP flag bit, defined in RFC 793, is not set in the TCP header of an IP packet. When unconfigured, the system does not use the TCP flag as a match criterion. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ns boolean
| Synopsis | Use NS TCP bit status in TCP header as match criterion | |
| Context | configure filter ipv6-filter filter-name entry number match tcp-flags ns boolean | |
| Tree | ns | |
Description | When configured to true, a match occurs when the Nonce Sum (NS) TCP flag bit, defined in RFC 3540, is set in the TCP header of an IP packet. When configured to false, a match occurs when the NS TCP flag bit is not set in the TCP header of an IP packet. When unconfigured, the system does not use the TCP flag as a match criterion. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
psh boolean
| Synopsis | Use PSH TCP bit status in TCP header as match criterion | |
| Context | configure filter ipv6-filter filter-name entry number match tcp-flags psh boolean | |
| Tree | psh | |
Description | When configured to true, a match occurs when the Push (PSH) TCP flag bit is set in the TCP header of an IP packet. When configured to false, a match occurs when the Push (PSH) TCP flag bit is not set in the TCP header of an IP packet. When unconfigured, the system does not use the TCP flag as a match criterion. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
rst boolean
| Synopsis | Use RST TCP bit status in TCP header as match criterion | |
| Context | configure filter ipv6-filter filter-name entry number match tcp-flags rst boolean | |
| Tree | rst | |
Description | When configured to true, a match occurs when the RST TCP flag bit is set in the TCP header of an IP packet. When configured to false, a match occurs when the RST TCP flag bit is not set in the TCP header of an IP packet. When unconfigured, the system does not use the TCP flag as a match criterion. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
syn boolean
| Synopsis | Use SYN TCP bit status in TCP header as match criterion | |
| Context | configure filter ipv6-filter filter-name entry number match tcp-flags syn boolean | |
| Tree | syn | |
Description | When configured to true, a match occurs when the Synchronize (SYN) TCP flag bit is set in the TCP header of an IP packet. When configured to false, a match occurs when the SYN TCP flag bit is not set in the TCP header of an IP packet. When unconfigured, the system does not use the TCP flag as a match criterion. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
urg boolean
| Synopsis | Use URG TCP bit status in TCP header as match criterion | |
| Context | configure filter ipv6-filter filter-name entry number match tcp-flags urg boolean | |
| Tree | urg | |
Description | When configured to true, a match occurs when the Urgent (URG) TCP flag bit is set in the TCP header of an IP packet. When configured to false, a match occurs when the URG TCP flag bit is not set in the TCP header of an IP packet. When unconfigured, the system does not use the TCP flag as a match criterion. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
pbr-down-action-override keyword
| Synopsis | Action when PBR or PBF target for this entry is not available | |
| Context | configure filter ipv6-filter filter-name entry number pbr-down-action-override keyword | |
| Tree | pbr-down-action-override | |
| Options | ||
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
sticky-dest (number | keyword)
| Synopsis | Time before action with available PBR or PBF destination and highest priority | |
| Context | configure filter ipv6-filter filter-name entry number sticky-dest (number | keyword) | |
| Tree | sticky-dest | |
| Range | 0 to 65535 | |
| Units | seconds | |
| Options | ||
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
filter-id number
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | IPv6 filter identifier | |
| Context | configure filter ipv6-filter filter-name filter-id number | |
| Tree | filter-id | |
| Range | 1 to 65535 | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 | |
scope keyword
| Synopsis | Scope of the filter definition | |
| Context | configure filter ipv6-filter filter-name scope keyword | |
| Tree | scope | |
Description | This command configures the filter policy scope. If the scope of the policy is template and is applied to one or more services or network interfaces, the scope cannot be changed. | |
| Options | ||
| Default | template | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
log [log-id] number
[log-id] number
admin-state keyword
| Synopsis | Administrative state of filter logging | |
| Context | configure filter log number admin-state keyword | |
| Tree | admin-state | |
| Options | ||
| Default | enable | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
description description-or-empty
| Synopsis | Text description | |
| Context | configure filter log number description description-or-empty | |
| Tree | description | |
| String length | 0 to 80 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
destination
| Synopsis | Enter the destination context | |
| Context | configure filter log number destination | |
| Tree | destination | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
memory
| Synopsis | Enter the memory context | |
| Context | configure filter log number destination memory | |
| Tree | memory | |
Notes | The following elements are part of a choice: memory or syslog. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
max-entries number
| Synopsis | Maximum number of memory entries that the log can store | |
| Context | configure filter log number destination memory max-entries number | |
| Tree | max-entries | |
| Range | 1 to 50000 | |
| Default | 1000 | |
| Introduced | 25.3.R2 | |
Platforms |
7705 SAR Gen 2 |
stop-on-full boolean
| Synopsis | Stop logging when maximum number of memory entries is reached or wrap-around is used | |
| Context | configure filter log number destination memory stop-on-full boolean | |
| Tree | stop-on-full | |
| Default | false | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
syslog
| Synopsis | Enter the syslog context | |
| Context | configure filter log number destination syslog | |
| Tree | syslog | |
Notes | The following elements are part of a choice: memory or syslog. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
name reference
summary
admin-state keyword
| Synopsis | Administrative state of filter log summarization | |
| Context | configure filter log number destination syslog summary admin-state keyword | |
| Tree | admin-state | |
| Options | ||
| Default | disable | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
summary-crit keyword
| Synopsis | Summary for filter log entries | |
| Context | configure filter log number destination syslog summary summary-crit keyword | |
| Tree | summary-crit | |
| Options | ||
| Default | src-addr | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
match-list
| Synopsis | Enter the match-list context | |
| Context | configure filter match-list | |
| Tree | match-list | |
Description | Commands in this context configure match lists to be used in filter policies (IOM/FP and CPM). | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ip-prefix-list [prefix-list-name] named-item
| Synopsis | Enter the ip-prefix-list list instance | |
| Context | configure filter match-list ip-prefix-list named-item | |
| Tree | ip-prefix-list | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[prefix-list-name] named-item
| Synopsis | IP prefix list name | |
| Context | configure filter match-list ip-prefix-list named-item | |
| Tree | ip-prefix-list | |
| String length | 1 to 32 | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
apply-path
| Synopsis | Enter the apply-path context | |
| Context | configure filter match-list ip-prefix-list named-item apply-path | |
| Tree | apply-path | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
bgp-peers [criterion-index] number
| Synopsis | Enter the bgp-peers list instance | |
| Context | configure filter match-list ip-prefix-list named-item apply-path bgp-peers number | |
| Tree | bgp-peers | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[criterion-index] number
| Synopsis | BGP peers auto-generation configuration index | |
| Context | configure filter match-list ip-prefix-list named-item apply-path bgp-peers number | |
| Tree | bgp-peers | |
| Range | 1 to 255 | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
group regular-expression-not-all-spaces
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Regular expression to match against the base router BGP instance group configuration | |
| Context | configure filter match-list ip-prefix-list named-item apply-path bgp-peers number group regular-expression-not-all-spaces | |
| Tree | group | |
| String length | 1 to 255 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 | |
neighbor regular-expression-not-all-spaces
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Regular expression to match against the base router BGP instance neighbor configuration | |
| Context | configure filter match-list ip-prefix-list named-item apply-path bgp-peers number neighbor regular-expression-not-all-spaces | |
| Tree | neighbor | |
| String length | 1 to 255 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 | |
router-instance string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Target routing instance | |
| Context | configure filter match-list ip-prefix-list named-item apply-path bgp-peers number router-instance string | |
| Tree | router-instance | |
| Default | Base | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 | |
description description
| Synopsis | Text description | |
| Context | configure filter match-list ip-prefix-list named-item description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
prefix [ip-prefix] ipv4-prefix
| Synopsis | Add a list entry for prefix | |
| Context | configure filter match-list ip-prefix-list named-item prefix ipv4-prefix | |
| Tree | prefix | |
Description | Commands in this context add IPv4 prefixes to the prefix match list. Prefixes can overlap IPv4 address space. An IPv4 prefix addition is blocked if resource exhaustion is detected anywhere in the system due to filter policies that use the prefix list. | |
| Max. instances | 8192 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[ip-prefix] ipv4-prefix
| Synopsis | IPv4 prefix to be added to the prefix list | |
| Context | configure filter match-list ip-prefix-list named-item prefix ipv4-prefix | |
| Tree | prefix | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
prefix-exclude [ip-prefix] ipv4-prefix
| Synopsis | Add a list entry for prefix-exclude | |
| Context | configure filter match-list ip-prefix-list named-item prefix-exclude ipv4-prefix | |
| Tree | prefix-exclude | |
Description | Commands in this context exclude IPv4 prefixes from the prefix match list. This command is mutually exclusive with the apply-path command. | |
| Max. instances | 512 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[ip-prefix] ipv4-prefix
| Synopsis | IPv4 prefix to be added to the prefix list | |
| Context | configure filter match-list ip-prefix-list named-item prefix-exclude ipv4-prefix | |
| Tree | prefix-exclude | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ipv6-prefix-list [prefix-list-name] named-item
| Synopsis | Enter the ipv6-prefix-list list instance | |
| Context | configure filter match-list ipv6-prefix-list named-item | |
| Tree | ipv6-prefix-list | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[prefix-list-name] named-item
| Synopsis | IP prefix list name | |
| Context | configure filter match-list ipv6-prefix-list named-item | |
| Tree | ipv6-prefix-list | |
| String length | 1 to 32 | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
apply-path
| Synopsis | Enter the apply-path context | |
| Context | configure filter match-list ipv6-prefix-list named-item apply-path | |
| Tree | apply-path | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
bgp-peers [criterion-index] number
| Synopsis | Enter the bgp-peers list instance | |
| Context | configure filter match-list ipv6-prefix-list named-item apply-path bgp-peers number | |
| Tree | bgp-peers | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[criterion-index] number
| Synopsis | BGP peers auto-generation configuration index | |
| Context | configure filter match-list ipv6-prefix-list named-item apply-path bgp-peers number | |
| Tree | bgp-peers | |
| Range | 1 to 255 | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
group regular-expression-not-all-spaces
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Regular expression to match against the base router BGP instance group configuration | |
| Context | configure filter match-list ipv6-prefix-list named-item apply-path bgp-peers number group regular-expression-not-all-spaces | |
| Tree | group | |
| String length | 1 to 255 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 | |
neighbor regular-expression-not-all-spaces
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Regular expression to match against the base router BGP instance neighbor configuration | |
| Context | configure filter match-list ipv6-prefix-list named-item apply-path bgp-peers number neighbor regular-expression-not-all-spaces | |
| Tree | neighbor | |
| String length | 1 to 255 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 | |
router-instance string
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Target routing instance | |
| Context | configure filter match-list ipv6-prefix-list named-item apply-path bgp-peers number router-instance string | |
| Tree | router-instance | |
| Default | Base | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 | |
description description
| Synopsis | Text description | |
| Context | configure filter match-list ipv6-prefix-list named-item description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
prefix [ipv6-prefix] ipv6-prefix
| Synopsis | Add a list entry for prefix | |
| Context | configure filter match-list ipv6-prefix-list named-item prefix ipv6-prefix | |
| Tree | prefix | |
| Max. instances | 8192 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[ipv6-prefix] ipv6-prefix
| Synopsis | IPv6 prefix to be added to the prefix list | |
| Context | configure filter match-list ipv6-prefix-list named-item prefix ipv6-prefix | |
| Tree | prefix | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
prefix-exclude [ipv6-prefix] ipv6-prefix
| Synopsis | Add a list entry for prefix-exclude | |
| Context | configure filter match-list ipv6-prefix-list named-item prefix-exclude ipv6-prefix | |
| Tree | prefix-exclude | |
Description | Commands in this context exclude IPv6 prefixes from the prefix match list. This command is mutually exclusive with the apply-path command. | |
| Max. instances | 512 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[ipv6-prefix] ipv6-prefix
| Synopsis | IPv6 prefix to be added to the prefix list | |
| Context | configure filter match-list ipv6-prefix-list named-item prefix-exclude ipv6-prefix | |
| Tree | prefix-exclude | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
port-list [port-list-name] named-item
| Synopsis | Enter the port-list list instance | |
| Context | configure filter match-list port-list named-item | |
| Tree | port-list | |
| Max. instances | 5120 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[port-list-name] named-item
| Synopsis | Port list name | |
| Context | configure filter match-list port-list named-item | |
| Tree | port-list | |
Description | This command specifies the port list name. If special characters are used (#, $, spaces, and so on), the string must be enclosed within double quotes. | |
| String length | 1 to 32 | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
description description
| Synopsis | Text description | |
| Context | configure filter match-list port-list named-item description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
port [value] number
| Synopsis | Add a list entry for port | |
| Context | configure filter match-list port-list named-item port number | |
| Tree | port | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[value] number
| Synopsis | Port value | |
| Context | configure filter match-list port-list named-item port number | |
| Tree | port | |
| Range | 0 to 65535 | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
range start number end number
start number
end number
protocol-list [protocol-list-name] named-item
| Synopsis | Enter the protocol-list list instance | |
| Context | configure filter match-list protocol-list named-item | |
| Tree | protocol-list | |
| Max. instances | 512 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[protocol-list-name] named-item
| Synopsis | Protocol list name | |
| Context | configure filter match-list protocol-list named-item | |
| Tree | protocol-list | |
| String length | 1 to 32 | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
description description
| Synopsis | Text description | |
| Context | configure filter match-list protocol-list named-item description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
protocol [protocol-id] (number | keyword)
| Synopsis | Add a list entry for protocol | |
| Context | configure filter match-list protocol-list named-item protocol (number | keyword) | |
| Tree | protocol | |
| Max. instances | 32 | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
[protocol-id] (number | keyword)
| Synopsis | IP protocol identifier | |
| Context | configure filter match-list protocol-list named-item protocol (number | keyword) | |
| Tree | protocol | |
| Range | 0 to 255 | |
| Options | ||
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
md-auto-id
| Synopsis | Enter the md-auto-id context | |
| Context | configure filter md-auto-id | |
| Tree | md-auto-id | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
filter-id-range
| Synopsis | Enable the filter-id-range context | |
| Context | configure filter md-auto-id filter-id-range | |
| Tree | filter-id-range | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
end number
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Upper bound of the ID range | |
| Context | configure filter md-auto-id filter-id-range end number | |
| Tree | end | |
| Range | 1 to 65535 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 | |
start number
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Lower bound of the ID range | |
| Context | configure filter md-auto-id filter-id-range start number | |
| Tree | start | |
| Range | 1 to 65535 | |
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 | |
policer [policer-name] named-item
[policer-name] named-item
description description
| Synopsis | Text description | |
| Context | configure filter policer named-item description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
mbs (number | keyword)
pir number
scope keyword
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Policer scope | |
| Context | configure filter policer named-item scope keyword | |
| Tree | scope | |
Description | This command configures the scope for the policer object. When the system scope is configured, it creates an instance of the policer for each direction immediately after the policer is configured and shares the instance with all filter entries that reference that policer name applied in the same direction. When the filter scope is configured, it configures the policer instance to be shared by rate-limit entries that are part of the same filter policy and are applied in the same direction. | |
| Options | filter – Policer shared by entries in same filter policer system – Single policer shared by the system | |
| Default | filter | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 | |
redirect-policy [redirect-policy-name] named-item
| Synopsis | Enter the redirect-policy list instance | |
| Context | configure filter redirect-policy named-item | |
| Tree | redirect-policy | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[redirect-policy-name] named-item
| Synopsis | Redirect policy name | |
| Context | configure filter redirect-policy named-item | |
| Tree | redirect-policy | |
Description | This command specifies the redirect policy name. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. | |
| String length | 1 to 32 | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
admin-state keyword
| Synopsis | Administrative state of the redirect policy | |
| Context | configure filter redirect-policy named-item admin-state keyword | |
| Tree | admin-state | |
| Options | ||
| Default | disable | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
description description
| Synopsis | Text description | |
| Context | configure filter redirect-policy named-item description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
destination [destination-address] (ipv4-address-no-zone | ipv6-address-no-zone)
| Synopsis | Enter the destination list instance | |
| Context | configure filter redirect-policy named-item destination (ipv4-address-no-zone | ipv6-address-no-zone) | |
| Tree | destination | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[destination-address] (ipv4-address-no-zone | ipv6-address-no-zone)
| Synopsis | IP address and type of destination | |
| Context | configure filter redirect-policy named-item destination (ipv4-address-no-zone | ipv6-address-no-zone) | |
| Tree | destination | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
admin-state keyword
| Synopsis | Administrative state of the destination | |
| Context | configure filter redirect-policy named-item destination (ipv4-address-no-zone | ipv6-address-no-zone) admin-state keyword | |
| Tree | admin-state | |
| Options | ||
| Default | disable | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
description description
| Synopsis | Text description | |
| Context | configure filter redirect-policy named-item destination (ipv4-address-no-zone | ipv6-address-no-zone) description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ping-test
| Synopsis | Enable the ping-test context | |
| Context | configure filter redirect-policy named-item destination (ipv4-address-no-zone | ipv6-address-no-zone) ping-test | |
| Tree | ping-test | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
drop-count number
| Synopsis | Number of consecutive requests that fail before destination is declared unreachable | |
| Context | configure filter redirect-policy named-item destination (ipv4-address-no-zone | ipv6-address-no-zone) ping-test drop-count number | |
| Tree | drop-count | |
| Range | 1 to 60 | |
| Default | 3 | |
| Introduced | 25.3.R2 | |
Platforms |
7705 SAR Gen 2 |
hold-down number
| Synopsis | Time for the system to be held down if this test has marked it unreachable | |
| Context | configure filter redirect-policy named-item destination (ipv4-address-no-zone | ipv6-address-no-zone) ping-test hold-down number | |
| Tree | hold-down | |
| Range | 0 to 86400 | |
| Units | seconds | |
| Default | 0 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
interval number
| Synopsis | Time between consecutive requests which are sent to the far end host | |
| Context | configure filter redirect-policy named-item destination (ipv4-address-no-zone | ipv6-address-no-zone) ping-test interval number | |
| Tree | interval | |
| Range | 1 to 60 | |
| Units | seconds | |
| Default | 1 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
source-address (ipv4-address-no-zone | ipv6-address-no-zone)
| Synopsis | Source address to use in the IP packet of the ping test | |
| Context | configure filter redirect-policy named-item destination (ipv4-address-no-zone | ipv6-address-no-zone) ping-test source-address (ipv4-address-no-zone | ipv6-address-no-zone) | |
| Tree | source-address | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
timeout number
| Synopsis | Time required to receive a response from the far end host | |
| Context | configure filter redirect-policy named-item destination (ipv4-address-no-zone | ipv6-address-no-zone) ping-test timeout number | |
| Tree | timeout | |
| Range | 1 to 60 | |
| Units | seconds | |
| Default | 1 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
priority number
| Synopsis | Priority for this destination | |
| Context | configure filter redirect-policy named-item destination (ipv4-address-no-zone | ipv6-address-no-zone) priority number | |
| Tree | priority | |
| Range | 1 to 255 | |
| Default | 100 | |
| Introduced | 25.3.R2 | |
Platforms |
7705 SAR Gen 2 |
unicast-rt-test
| Synopsis | Enable the unicast-rt-test context | |
| Context | configure filter redirect-policy named-item destination (ipv4-address-no-zone | ipv6-address-no-zone) unicast-rt-test | |
| Tree | unicast-rt-test | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
notify-dest-change boolean
| Synopsis | Send notifications when the active destination changes | |
| Context | configure filter redirect-policy named-item notify-dest-change boolean | |
| Tree | notify-dest-change | |
Description | When configured to true, notifications (such as Log and SNMP) are sent when the active destination of a redirect policy changes. No notification is sent when there are no more active destinations (as this scenario is covered by another notification). When configured to false, the notification generation is disabled. | |
| Default | false | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
router-instance string
| Synopsis | Routing context to use for route lookup | |
| Context | configure filter redirect-policy named-item router-instance string | |
| Tree | router-instance | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
sticky-dest (number | keyword)
| Synopsis | Time required by system before applying the current best destination as active destination | |
| Context | configure filter redirect-policy named-item sticky-dest (number | keyword) | |
| Tree | sticky-dest | |
| Range | 0 to 65535 | |
| Units | seconds | |
| Options | ||
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
redirect-policy-binding [binding-name] named-item
| Synopsis | Enter the redirect-policy-binding list instance | |
| Context | configure filter redirect-policy-binding named-item | |
| Tree | redirect-policy-binding | |
| Max. instances | 16 | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
[binding-name] named-item
| Synopsis | Binding name | |
| Context | configure filter redirect-policy-binding named-item | |
| Tree | redirect-policy-binding | |
| String length | 1 to 32 | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
binding-operator keyword
| Synopsis | Logical operator used to obtain the master test result | |
| Context | configure filter redirect-policy-binding named-item binding-operator keyword | |
| Tree | binding-operator | |
Description | This command configures the logical operator to use with the destinations' test results to obtain the master test result (the redirect policy binding test result). | |
| Options | ||
| Default | and | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
redirect-policy [redirect-policy-name] reference
| Synopsis | Enter the redirect-policy list instance | |
| Context | configure filter redirect-policy-binding named-item redirect-policy reference | |
| Tree | redirect-policy | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[redirect-policy-name] reference
| Synopsis | Redirect policy name | |
| Context | configure filter redirect-policy-binding named-item redirect-policy reference | |
| Tree | redirect-policy | |
Reference | configure filter redirect-policy named-item | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
destination [destination-address] reference
| Synopsis | Add a list entry for destination | |
| Context | configure filter redirect-policy-binding named-item redirect-policy reference destination reference | |
| Tree | destination | |
| Min. instances | 1 | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
[destination-address] reference
| Synopsis | IP address of redirect policy destination to binding | |
| Context | configure filter redirect-policy-binding named-item redirect-policy reference destination reference | |
| Tree | destination | |
Reference | configure filter redirect-policy named-item destination (ipv4-address-no-zone | ipv6-address-no-zone) | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
system-filter
| Synopsis | Enter the system-filter context | |
| Context | configure filter system-filter | |
| Tree | system-filter | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ip [ip-filter] reference
| Synopsis | Add a list entry for ip | |
| Context | configure filter system-filter ip reference | |
| Tree | ip | |
| Max. instances | 1 | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
[ip-filter] reference
ipv6 [ipv6-filter] reference
| Synopsis | Add a list entry for ipv6 | |
| Context | configure filter system-filter ipv6 reference | |
| Tree | ipv6 | |
| Max. instances | 1 | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
[ipv6-filter] reference
| Synopsis | Active IPv6 system filter policy | |
| Context | configure filter system-filter ipv6 reference | |
| Tree | ipv6 | |
Reference | configure filter ipv6-filter filter-name | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |