isa commands
configure
— isa
— apply-groups reference
— apply-groups-exclude reference
— nat-group number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— description description
— log
— suppress-lsn-events boolean
— suppress-lsn-sub-blocks-free boolean
— mda slot-mda
— redundancy
— active-mda-limit number
— intra-chassis
— active-standby
— tunnel-group number
— admin-state keyword
— apply-groups reference
— apply-groups-exclude reference
— backup slot-mda
— description description
— ipsec-responder-only boolean
— isa-scale-mode keyword
— multi-active
— active-isa-number number
— isa slot-mda
— member-pool reference
— primary slot-mda
— reassembly
— max-wait-time number
— stats-collection
— isa-dp-cpu-usage boolean
— tunnel-member-pool named-item
— apply-groups reference
— apply-groups-exclude reference
— description description
— isa slot-mda
isa command descriptions
isa
nat-group [id] number
[id] number
admin-state keyword
| Synopsis | Administrative state of the NAT group | |
| Context | configure isa nat-group number admin-state keyword | |
| Tree | admin-state | |
| Options | ||
| Default | disable | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
description description
| Synopsis | Text description | |
| Context | configure isa nat-group number description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
log
suppress-lsn-events boolean
| Synopsis | Suppress LSN events when RADIUS accounting is enabled | |
| Context | configure isa nat-group number log suppress-lsn-events boolean | |
| Tree | suppress-lsn-events | |
| Default | true | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
suppress-lsn-sub-blocks-free boolean
| Synopsis | Suppress LSN Free block and NAT pool block notification | |
| Context | configure isa nat-group number log suppress-lsn-sub-blocks-free boolean | |
| Tree | suppress-lsn-sub-blocks-free | |
| Default | false | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
mda [mda-id] slot-mda
[mda-id] slot-mda
redundancy
| Synopsis | Enter the redundancy context | |
| Context | configure isa nat-group number redundancy | |
| Tree | redundancy | |
Description | Commands in this context configure intra-chassis redundancy mode for the NAT group. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
active-mda-limit number
|
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
WARNING: Modifying this element clears ISA state, such as flow state, for the new value to take effect. | ||
| Synopsis | Number of active ESA-VM or ISA members in the NAT group | |
| Context | configure isa nat-group number redundancy active-mda-limit number | |
| Tree | active-mda-limit | |
Description | This command configures the number of active ESA-VM or ISA members in a NAT group. The system automatically selects which ESA-VMs or ISAs are active. In active/standby (A/S) redundancy mode, the correlation between ESA-VM or ISA members is direct, meaning each ESA-VM or ISA equates to one member. In active/active (A/A) redundancy mode, an individual ESA-VM or ISA may be associated with multiple members. For A/S redundancy, any surplus ESA-VMs or ISAs beyond the configured active threshold automatically transition to standby. These standby units remain idle until an active unit fails, at which point a standby unit takes over, handling traffic from only one failed active unit. This setup allows for the configuration of multiple standby units to provide resilience against several concurrent failures. In A/A redundancy, the combination of this command and the failed-mda-limit command guides the distribution of resources among ESA-VMs or ISAs, essentially defining how the members are structured. In both A/S and A/A modes, the system strives to maintain the configured number of active members as outlined by the active MDA limit, drawing from the pool of available spare resources to compensate for any failures. If the actual number of active members drops below this limit because of a lack of available spares, the NAT group status changes to degraded. In this state, traffic intended for the missing ESA-VM or ISA members (up to the active MDA limit) is blackholed. In Layer 2-aware NAT this condition can be circumvented where traffic can bypass NAT altogether and be directly routed within the internal network that may have an alternate path to a backup NAT system. | |
| Range | 1 to 28 | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 | |
intra-chassis
| Synopsis | Enter the intra-chassis context | |
| Context | configure isa nat-group number redundancy intra-chassis | |
| Tree | intra-chassis | |
Notes | The following elements are part of a choice: inter-chassis or intra-chassis. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
active-standby
|
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
WARNING: Modifying this element clears ISA state, such as flow state, for the new value to take effect. | ||
| Synopsis | Active-standby intra-chassis NAT redundancy model | |
| Context | configure isa nat-group number redundancy intra-chassis active-standby | |
| Tree | active-standby | |
Notes | The following elements are part of a choice: active-active, active-standby, or l2aware-bypass. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 | |
tunnel-group [id] number
| Synopsis | Enter the tunnel-group list instance | |
| Context | configure isa tunnel-group number | |
| Tree | tunnel-group | |
Description | Commands in this context create or edit a tunnel group. A tunnel group is a set of one or more MS-ISAs that support the origination and termination of IPsec and IP/GRE tunnels. On a VSR, the isa-scale-mode command must be specified, which defines the maximum number of tunnels on each ISA. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[id] number
| Synopsis | Tunnel group ID | |
| Context | configure isa tunnel-group number | |
| Tree | tunnel-group | |
| Range | 1 to 64 | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
admin-state keyword
| Synopsis | Administrative state of the ISA tunnel group | |
| Context | configure isa tunnel-group number admin-state keyword | |
| Tree | admin-state | |
| Options | ||
| Default | disable | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
backup slot-mda
| Synopsis | IPsec module configured in the slot to the IPsec group | |
| Context | configure isa tunnel-group number backup slot-mda | |
| Tree | backup | |
Notes | The following elements are part of a choice: multi-active or (backup and primary). | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
description description
| Synopsis | Text description | |
| Context | configure isa tunnel-group number description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
ipsec-responder-only boolean
|
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
| Synopsis | Act as an IKE responder except upon MC-IPsec switchover | |
| Context | configure isa tunnel-group number ipsec-responder-only boolean | |
| Tree | ipsec-responder-only | |
| Default | false | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 | |
isa-scale-mode keyword
|
WARNING: Modifying this element recreates the parent element automatically for the new value to take effect. | ||
| Synopsis | Tunnel limit on each ISA for the tunnel group | |
| Context | configure isa tunnel-group number isa-scale-mode keyword | |
| Tree | isa-scale-mode | |
| Options | ||
Notes | This element is mandatory. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 | |
multi-active
| Synopsis | Enable the multi-active context | |
| Context | configure isa tunnel-group number multi-active | |
| Tree | multi-active | |
Notes | The following elements are part of a choice: multi-active or (backup and primary). | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
active-isa-number number
|
WARNING: Modifying this element toggles the admin-state of the parent element automatically for the new value to take effect. | ||
| Synopsis | Number of active MS-ISAs in the tunnel group | |
| Context | configure isa tunnel-group number multi-active active-isa-number number | |
| Tree | active-isa-number | |
| Range | 1 to 16 | |
| Default | 1 | |
| Introduced | 25.3.R2 | |
Platforms |
7705 SAR Gen 2 | |
isa [isa-id] slot-mda
| Synopsis | Add a list entry for isa | |
| Context | configure isa tunnel-group number multi-active isa slot-mda | |
| Tree | isa | |
Notes | The following elements are part of a choice: esa, isa, or member-pool. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[isa-id] slot-mda
| Synopsis | ISA ID associated with the tunnel member pool | |
| Context | configure isa tunnel-group number multi-active isa slot-mda | |
| Tree | isa | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
member-pool reference
| Synopsis | Tunnel-member pool name | |
| Context | configure isa tunnel-group number multi-active member-pool reference | |
| Tree | member-pool | |
Reference | configure isa tunnel-member-pool named-item | |
Notes | The following elements are part of a choice: esa, isa, or member-pool. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
primary slot-mda
| Synopsis | Primary ISA IPsec module assigned for the tunnel group | |
| Context | configure isa tunnel-group number primary slot-mda | |
| Tree | primary | |
Notes | The following elements are part of a choice: multi-active or (backup and primary). | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
reassembly
| Synopsis | Enter the reassembly context | |
| Context | configure isa tunnel-group number reassembly | |
| Tree | reassembly | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
max-wait-time number
| Synopsis | Maximum time to receive fragments for packet reassembly | |
| Context | configure isa tunnel-group number reassembly max-wait-time number | |
| Tree | max-wait-time | |
| Range | 1 to 5000 | |
| Units | milliseconds | |
| Introduced | 25.3.R2 | |
Platforms |
7705 SAR Gen 2 |
stats-collection
| Synopsis | Enter the stats-collection context | |
| Context | configure isa tunnel-group number stats-collection | |
| Tree | stats-collection | |
Description | Commands in this context configure the ISA statistics collection. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
isa-dp-cpu-usage boolean
| Synopsis | Collect statistics used to derive ISA DP CPU usage | |
| Context | configure isa tunnel-group number stats-collection isa-dp-cpu-usage boolean | |
| Tree | isa-dp-cpu-usage | |
Description | When configured to true, this command collects statistics used to derive ISA CPU DP usage and impacts the ISA performance. When configured to false, statistics are not collected. | |
| Default | false | |
| Introduced | 25.3.R2 | |
|
Platforms | 7705 SAR Gen 2 |
tunnel-member-pool [name] named-item
| Synopsis | Enter the tunnel-member-pool list instance | |
| Context | configure isa tunnel-member-pool named-item | |
| Tree | tunnel-member-pool | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[name] named-item
| Synopsis | ISA tunnel-member pool name | |
| Context | configure isa tunnel-member-pool named-item | |
| Tree | tunnel-member-pool | |
| String length | 1 to 32 | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
description description
| Synopsis | Text description | |
| Context | configure isa tunnel-member-pool named-item description description | |
| Tree | description | |
| String length | 1 to 80 | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
isa [isa-id] slot-mda
| Synopsis | Add a list entry for isa | |
| Context | configure isa tunnel-member-pool named-item isa slot-mda | |
| Tree | isa | |
| Max. instances | 16 | |
Notes | The following elements are part of a choice: esa or isa. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |
[isa-id] slot-mda
| Synopsis | ISA ID associated with the tunnel member pool | |
| Context | configure isa tunnel-member-pool named-item isa slot-mda | |
| Tree | isa | |
Notes | This element is part of a list key. | |
| Introduced | 25.3.R2 | |
Platforms | 7705 SAR Gen 2 |