f Commands

facility

Syntax

facility syslog-facility

no facility

Context

[Tree] (config>service>vprn>log>syslog facility)

Full Context

configure service vprn log syslog facility

Description

This command configures the facility code for messages sent to the syslog target host.

Multiple syslog IDs can be created with the same target host but each syslog ID can only have one facility code. If multiple facility codes are entered, the last facility-code entered overwrites the previous facility-code.

If multiple facilities need to be generated for a single syslog target host, then multiple log-id entries must be created, each with its own filter criteria to select the events to be sent to the syslog target host with a given facility code.

The no form of this command reverts to the default value.

Default

local7 — Syslog entries are sent with the local7 facility code.

Parameters

syslog-facility

Specifies syslog facility name represents a specific numeric facility code. The code should be entered in accordance with the syslog RFC. However, the software does not validate if the facility code configured is appropriate for the event type being sent to the syslog target host.

Values

kernel, user, mail, systemd, auth, syslogd, printer, netnews, uucp, cron, authpriv, ftp, ntp, logaudit, logalert, cron2, local0, local1, local2, local3, local4, local5, local6, local7

Valid responses per RFC 3164, The BSD syslog Protocol, are listed in Syslog Facility Codes.

Table 1. Syslog Facility Codes
Numerical Code	Facility Code
0	kernel
1	user
2	mail
3	systemd
4	auth
5	syslogd
6	printer
7	net-news
8	uucp
9	cron
10	auth-priv
11	ftp
12	ntp
13	log-audit
14	log-alert
15	cron2
16	local0
17	local1
18	local2
19	local3
20	local4
21	local5
22	local6
23	local7

Values: 0 to 23

Platforms

7705 SAR Gen 2

facility

Syntax

facility syslog-facility

no facility

Context

[Tree] (config>log>syslog facility)

Full Context

configure log syslog facility

Description

This command configures the facility code for messages sent to the syslog target host.

Multiple syslog IDs can be created with the same target host but each syslog ID can only have one facility code. If multiple facility codes are entered, the last facility-code entered overwrites the previous facility-code.

If multiple facilities need to be generated for a single syslog target host, then multiple log-id entries must be created, each with its own filter criteria to select the events to be sent to the syslog target host with a given facility code.

The no form of this command reverts to the default value.

Default

facility local7

Parameters

syslog-facility

Specifies a syslog facility name which represents a specific numeric facility code. The code must be entered in accordance with the syslog RFC. However, the software does not validate if the facility code configured is appropriate for the event type being sent to the syslog target host.

Values

kernel, user, mail, systemd, auth, syslogd, printer, netnews, uucp, cron, authpriv, ftp, ntp, logaudit, logalert, cron2, local0, local1, local2, local3, local4, local5, local6, local7

Valid responses per RFC 3164, The BSD syslog Protocol, are listed in Syslog Protocol Valid Responses.

Table 2. Syslog Protocol Valid Responses
Numerical Code	Facility Code
0	kernel
1	user
2	mail
3	systemd
4	auth
5	syslogd
6	printer
7	net-news
8	uucp
9	cron
10	auth-priv
11	ftp
12	ntp
13	log-audit
14	log-alert
15	cron2
16	local0
17	local1
18	local2
19	local3
20	local4
21	local5
22	local6
23	local7

Platforms

7705 SAR Gen 2

fail-on-error

Syntax

[no] fail-on-error

Context

[Tree] (config>card fail-on-error)

Full Context

configure card fail-on-error

Description

This command controls the behavior of the card when any one of a specific set of card level errors is encountered in the system. When the fail-on-error command is enabled, and any one (or more) of the specific errors is detected, then the Operational State of the card is set to Failed. This Failed state will persist until the clear card command is issued (reset) or the card is removed and re-inserted (re-seat). If the condition persists after re-seating the card, then Nokia support should be contacted for further investigation.

Enabling fail-on-error is only recommended when the network is designed to be able to route traffic around a failed card (redundant cards, nodes or other paths exist).

The list of specific errors includes:

CHASSIS event ID# 2063 – tmnxEqCardPChipMemoryEvent
CHASSIS event ID# 2076 – tmnxEqCardPChipCamEvent
CHASSIS event ID# 2059 – tmnxEqCardPChipError (for ingress Ethernet only)
CHASSIS event ID# 2098 – tmnxEqCardQChipBufMemoryEvent
CHASSIS event ID# 2099 – tmnxEqCardQChipStatsMemoryEvent
CHASSIS event ID# 2101 – tmnxEqCardQChipIntMemoryEvent
CHASSIS event ID# 2103 – tmnxEqCardChipIfCellEvent

On platforms without independent IOM/IMM and CPM cards, the node is rebooted if fail-on-error is enabled and one of the card level errors is encountered.

The tmnxEqCardPChipError is only considered as a trigger for card fail-on-error for ingress FCS errors (not egress FCS errors), and only for Ethernet MDAs or IMMs.

Note that upon the detection of the event/error in the system, the reporting of the event (logs) and the fail-on-error behavior of the card are independent. Log event control configuration will determine whether the events are reported in logs (or SNMP traps, and so on) and the fail-on-error configuration will determine the behavior of the card. This implies that the card can be configured to fail-on-error even if the events are suppressed (some may be suppressed in the system by default). In order to facilitate post-failure analysis, Nokia recommends that you enable the reporting of the specific events/errors (configure log event-control) when fail-on-error is enabled.

Default

no fail-on-error

Platforms

7705 SAR Gen 2

fail-on-error

Syntax

[no] fail-on-error

Context

[Tree] (config>card>mda fail-on-error)

Full Context

configure card mda fail-on-error

Description

This command enables the fail-on-error feature. If an MDA is experiencing too many Egress XPL Errors, this feature causes the MDA to fail. This can force an APS switchover or traffic re-route. The purpose of this feature is to avoid situations where traffic is forced to use a physical link that suffers from errors but is still technically operational.

The feature uses values configured in the config>card>mda>egress-xpl context. When this feature is enabled on a MDA, if window consecutive minutes pass in which the MDA experiences more than threshold Egress XPL Errors per minute, then the MDA will be put in the failed state.

The no form of this command disables the feature on the MDA.

Platforms

7705 SAR Gen 2

failed-threshold

Syntax

failed-threshold [1 to 1000]

failed-threshold all

Context

[Tree] (config>service>vpls>site failed-threshold)

Full Context

configure service vpls site failed-threshold

Description

This command defines the number of objects should be down for the site to be declared down. Both administrative and operational status must be evaluated and if at least one is down, the related object is declared down.

Default

failed-threshold all

Parameters

1 to 1000: Specifies the threshold for the site to be declared down.

Platforms

7705 SAR Gen 2

failover

Syntax

failover

Context

[Tree] (config>service>vprn>dhcp>server>pool failover)

[Tree] (config>router>dhcp6>server>pool failover)

[Tree] (config>router>dhcp>server>pool failover)

[Tree] (config>service>vprn>dhcp6>server failover)

[Tree] (config>service>vprn>dhcp6>server>pool failover)

[Tree] (config>router>dhcp6>server failover)

[Tree] (config>service>vprn>dhcp>server failover)

[Tree] (config>router>dhcp>server failover)

Full Context

configure service vprn dhcp local-dhcp-server pool failover

configure router dhcp6 local-dhcp-server pool failover

configure router dhcp local-dhcp-server pool failover

configure service vprn dhcp6 local-dhcp-server failover

configure service vprn dhcp6 local-dhcp-server pool failover

configure router dhcp6 local-dhcp-server failover

configure service vprn dhcp local-dhcp-server failover

configure router dhcp local-dhcp-server failover

Description

Commands in this context configure failover parameters.

Platforms

7705 SAR Gen 2

fallback-path-computation-method

Syntax

fallback-path-computation-method {none | local-cspf}

no fallback-path-computation-method

Context

[Tree] (config>router>mpls>lsp fallback-path-computation-method)

[Tree] (config>router>mpls>lsp-template fallback-path-computation-method)

Full Context

configure router mpls lsp fallback-path-computation-method

configure router mpls lsp-template fallback-path-computation-method

Description

This command specifies the fallback path computation method used if all configured PCEs are down or the signaling overload and the redelegation timer has expired. This method is used regardless of whether the LSP is PCE-controlled and PCE-computed, or just PCE-computed.

The no form of this command removes the fallback path computation method used.

Default

fallback-path-computation-method none

Parameters

none: Specifies to fall back to using the named path for RSVP-TE LSPs.

local-cspf: Specifies to fall back to using local CSPF computation.

Platforms

7705 SAR Gen 2

family

Syntax

family family

Context

[Tree] (config>service>vprn>bgp>convergence family)

Full Context

configure service vprn bgp convergence family

Description

This command specifies the convergence family used for route convergence.

Parameters

family

Specifies the convergence family used for route convergence

Values: ipv4, ipv6

Platforms

7705 SAR Gen 2

family

Syntax

[no] family {ipv4 | ipv6 | label-ipv4 | flow-ipv4 | flow-ipv6}

Context

[Tree] (config>service>vprn>bgp>group>graceful-restart>long-lived family)

[Tree] (config>service>vprn>bgp>graceful-restart>long-lived family)

[Tree] (config>service>vprn>bgp>group>neighbor>graceful-restart>long-lived family)

Full Context

configure service vprn bgp group graceful-restart long-lived family

configure service vprn bgp graceful-restart long-lived family

configure service vprn bgp group neighbor graceful-restart long-lived family

Description

This command configures family-specific LLGR parameters for BGP peers.

Default

no family

Parameters

ipv4: Specifies the IPv4 family.

ipv6: Specifies the IPv6 family.

label-ipv4: Specifies the label IPv4 family.

flow-ipv4: Specifies the flow IPv4 family.

flow-ipv6: Specifies the flow IPv6 family.

Platforms

7705 SAR Gen 2

family

Syntax

family [ipv4] [label-ipv4] [ipv6] [mcast-ipv4] [ flow-ipv4] [mcast-ipv6] [ flow-ipv6]

no family

Context

[Tree] (config>service>vprn>bgp family)

[Tree] (config>service>vprn>bgp>group>neighbor family)

[Tree] (config>service>vprn>bgp>group family)

Full Context

configure service vprn bgp family

configure service vprn bgp group neighbor family

configure service vprn bgp group family

Description

This command configures the set of BGP address families (AFI plus SAFI) to be supported by the applicable VPRN BGP sessions.

The no form of this command restores the default, which is equivalent to configuring unlabeled IPv4 unicast routes (AFI 1, SAFI 1) only.

Default

no family

Parameters

ipv4: Keyword to advertise support for the IPv4 unicast (unlabeled) address family.

label-ipv4: Keyword to advertise support for the IPv4 unicast (labeled) address family.

ipv6: Keyword to advertise support for the IPv6 unicast (unlabeled) address family.

mcast-ipv4: Keyword to advertise support for the IPv4 multicast SAFI address family.

flow-ipv4: Keyword to advertise support for the IPv4 FlowSpec address family.

mcast-ipv6: Keyword to advertise support for the IPv6 multicast SAFI address family.

flow-ipv6: Keyword to advertise support for the IPv6 FlowSpec address family.

Platforms

7705 SAR Gen 2

family

Syntax

family [ipv4 | ipv6]

Context

[Tree] (config>router>mpls>lsp-template family)

Full Context

configure router mpls lsp-template family

Description

This command specifies if the lsp-template is for use in IPv4 or IPv6 SR-TE LSP.

This command is optional in a IPv4 SR-TE auto-LSP but must be set to ipv6 value in a IPv6 SR-TE auto-LSP. By default, this command is set to ipv4 value for backward compatibility.

When establishing both IPv4 and IPv6 SR-TE mesh auto-LSPs with the same parameters and constraints, a separate LSP template of type mesh-p2p-srte must be configured for each address family with the family CLI leaf set to the IPv4 or IPv6 value. SR-TE one-hop auto-LSPs can only be established for either IPv4 or IPv6 family, but not both. The family leaf in the LSP template of type one-hop-p2p-srte should be set to the desired IP family value.

The no form of this command reverts to the default value.

Default

family ipv4

Parameters

ipv4: Specifies the lsp-template is for use in IPv4 SR-TE LSP.

ipv6: Specifies the lsp-template is for use in IPv6 SR-TE LSP.

Platforms

7705 SAR Gen 2

family

Syntax

family family

Context

[Tree] (config>router>bgp>convergence family)

Full Context

configure router bgp convergence family

Description

This command configures the IP family used for route convergence.

Parameters

family

Specifies the convergence family.

Values: ipv4, ipv6, vpn-ipv4, vpn-ipv6, label-ipv4, label-ipv6

Platforms

7705 SAR Gen 2

family

Syntax

family [ipv4] [label-ipv4] [vpn-ipv4] [ipv6] [ label-ipv6] [vpn-ipv6] [ mcast-ipv4] [ l2-vpn] [mvpn-ipv4] [mvpn-ipv6] [mdt-safi] [ ms-pw] [flow-ipv4] [flow-ipv6] [route-target] [ mcast-vpn-ipv4] [evpn] [bgp-ls] [mcast-ipv6] [mcast-vpn-ipv6] [sr-policy-ipv4] [sr-policy-ipv6] [flow-vpn-ipv4] [flow-vpn-ipv6]

no family

Context

[Tree] (config>router>bgp family)

[Tree] (config>router>bgp>group>neighbor family)

[Tree] (config>router>bgp>group family)

Full Context

configure router bgp family

configure router bgp group neighbor family

configure router bgp group family

Description

This command configures the set of BGP address families (AFI/SAFI) to be supported by the base router BGP sessions.

The no form of this command restores the default, which corresponds to unlabeled IPv4 unicast routes (AFI 1, SAFI 1) only.

Default

family ipv4

Parameters

ipv4: Keyword to advertise MP-BGP support for the IPv4 unicast (unlabeled) address family.

label-ipv4: Keyword to advertise MP-BGP support for the IPv4 unicast (labeled) address family.

vpn-ipv4: Keyword to advertise MP-BGP support for the IPv4 VPN (SAFI 128) address family.

ipv6: Keyword to advertise MP-BGP support for the IPv6 unicast (unlabeled) address family.

label-ipv6: Keyword to advertise MP-BGP support for the IPv6 unicast (labeled) address family.

vpn-ipv6: Keyword to advertise MP-BGP support for the IPv6 VPN (SAFI 128) address family.

mcast-ipv4: Keyword to advertise MP-BGP support for the IPv4 multicast SAFI address family.

l2-vpn: Keyword to advertise MP-BGP support for the L2 VPN address family.

mvpn-ipv4: Keyword to advertise MP-BGP support for the IPv4 multicast VPN address family.

mvpn-ipv6: Keyword to advertise MP-BGP support for the IPv6 multicast VPN address family.

mdt-safi: Keyword to advertise MP-BGP support for the MDT SAFI address family.

ms-pw: Keyword to advertise MP-BGP support for the multi-segment pseudowire address family.

flow-ipv4: Keyword to advertise MP-BGP support for the IPv4 FlowSpec address family.

flow-ipv6: Keyword to advertise MP-BGP support for the IPv6 FlowSpec address family.

route-target: Keyword to advertise MP-BGP support for RT constraint routes.

mcast-vpn-ipv4: Keyword to advertise MP-BGP support for the IPv4 VPN multicast (SAFI 129) address family.

evpn: Keyword to advertise MP-BGP support for the EVPN address family.

bgp-ls: Keyword to advertise MP-BGP support for the BGP-LS address family.

mcast-ipv6: Keyword to advertise MP-BGP support for the IPv6 multicast SAFI address family.

mcast-vpn-ipv6: Keyword to advertise MP-BGP support for the IPv6 multicast routes from a VPRN over the provider network. This family is only applicable in the base BGP routing context.

sr-policy-ipv4: Keyword to advertise MP-BGP support for AFI1/SAFI73 IP address families for BGP routes that encode a segment-routing policy to an IPv4 destination.

sr-policy-ipv6: Keyword to advertise MP-BGP support for AF12/SAF173 IP address families for BGP routes that encode a segment-routing policy to an IPv6 destination.

flow-vpn-ipv4: Keyword to advertise support for the FlowSpec-VPN IPv4 address family (AFI 1, SAFI 134).

flow-vpn-ipv6: Keyword to advertise support for the FlowSpec-VPN IPv6 address family (AFI 2, SAFI 134).

Platforms

7705 SAR Gen 2

family

Syntax

[no] family {ipv4 | ipv6 | label-ipv4 | label-ipv6 | vpn-ipv4 | vpn-ipv6 | l2-vpn | route-target | flow-ipv4 | flow-ipv6 | flow-vpn-ipv4 | flow-vpn-ipv6}

Context

[Tree] (config>router>bgp>group>neighbor>graceful-restart>long-lived family)

[Tree] (config>router>bgp>graceful-restart>long-lived family)

[Tree] (config>router>bgp>group>graceful-restart>long-lived family)

Full Context

configure router bgp group neighbor graceful-restart long-lived family

configure router bgp graceful-restart long-lived family

configure router bgp group graceful-restart long-lived family

Description

This command configures family-specific LLGR parameters for BGP peers.

The no form of this command deletes the context.

Default

no family

Parameters

ipv4: Keyword to specify the IPv4 family.

ipv6: Keyword to specify the IPv6 family.

label-ipv4: Keyword to specify the label IPv4 family.

label-ipv6: Keyword to specify the label IPv6 family.

vpn-ipv4: Keyword to specify the VPN IPv4 family.

vpn-ipv6: Keyword to specify the VPN IPv6 family.

l2-vpn: Keyword to specify the Layer 2 VPN family.

route-target: Keyword to specify the route target family.

flow-ipv4: Keyword to specify the flow IPv4 family.

flow-ipv6: Keyword to specify the flow IPv6 family.

flow-vpn-ipv4: Keyword to specify the FlowSpec-VPN IPv4 address family.

flow-vpn-ipv6: Keyword to specify the FlowSpec-VPN IPv6 address family.

Platforms

7705 SAR Gen 2

family

Syntax

family {label-ipv4 | label-ipv6 | vpn}

Context

[Tree] (config>router>bgp>next-hop-resolution>labeled-routes>transport-tunnel family)

Full Context

configure router bgp next-hop-resolution labeled-routes transport-tunnel family

Description

This command configures the address family context for configuring next-hop resolution of BGP label routes.

Parameters

label-ipv4: Enters the context for configuring next-hop-resolution options for labeled-unicast IPv4 routes.

label-ipv6: Enters the context for configuring next-hop-resolution options for labeled-unicast IPv6 routes.

vpn: Enters the context for configuring next-hop-resolution options for VPN-IPv4 and VPN-IPv6 routes when they are not imported into any VPRN service.

Platforms

7705 SAR Gen 2

family

Syntax

family {ipv4 | ipv6}

Context

[Tree] (config>router>bgp>next-hop-res>shortcut-tunnel family)

Full Context

configure router bgp next-hop-resolution shortcut-tunnel family

Description

This command creates the context to configure next-hop resolution of unlabeled IPv4 or unlabeled IPv6 routes by certain tunnel types in the tunnel table.

Parameters

ipv4: Specifies that the configuration applies to unlabeled IPv4 BGP routes.

ipv6: Specifies that the configuration applies to unlabeled IPv6 BGP routes.

Platforms

7705 SAR Gen 2

family

Syntax

family {ipv4 | ipv6 | srv4 | srv6}

Context

[Tree] (config>router>isis>igp-shortcut>tunnel-next-hop family)

Full Context

configure router isis igp-shortcut tunnel-next-hop family

Description

Commands in this context configure the resolution of IGP IPv4 and IGP IPv6 prefix families, as well as SR-ISIS IPv4 and SR-ISIS IPv6 tunnel families using IGP shortcuts.

Parameters

ipv4: Selects the IPv4 address family.

ipv6: Selects the IPv6 address family.

srv4: Selects the SR-ISIS IPv4 tunnel family.

srv6: Selects the SR-ISIS IPv6 tunnel family.

Platforms

7705 SAR Gen 2

family

Syntax

family {ipv4 | ipv6}

no family

Context

[Tree] (config>router>isis>segment-routing>adjacency-set family)

Full Context

configure router isis segment-routing adjacency-set family

Description

This command specifies the address family of an adjacency set in IS-IS.

The no form of this command reverts to the default.

Default

family ipv4

Parameters

ipv4: Specifies a family of IPv4.

ipv6: Specifies a family of IPv6.

Platforms

7705 SAR Gen 2

family

Syntax

family {ipv4 | srv4}

Context

[Tree] (config>router>ospf>igp-shortcut>tunnel-next-hop family)

Full Context

configure router ospf igp-shortcut tunnel-next-hop family

Description

Commands in this context configure the resolution of the IGP IPv4 prefix family or SR-OSPF IPv4 tunnel using IGP shortcuts.

Parameters

ipv4: Selects the IPv4 address family.

srv4: Selects the SR-OSPF IPv4 tunnel family.

Platforms

7705 SAR Gen 2

family

Syntax

family ipv6

Context

[Tree] (config>router>ospf3>igp-shortcut>tunnel-next-hop family)

Full Context

configure router ospf3 igp-shortcut tunnel-next-hop family

Description

Commands in this context configure the resolution of the IGP IPv6 prefix family using IGP shortcuts.

Parameters

ipv6: Selects the IPv6 address family.

Platforms

7705 SAR Gen 2

family

Syntax

family [ipv4] [label-ipv4] [vpn-ipv4] [ipv6] [ label-ipv6] [vpn-ipv6] [ mcast-ipv4] [ l2-vpn] [mvpn-ipv4] [mvpn-ipv6] [mdt-safi] [ ms-pw] [flow-ipv4] [flow-ipv6] [route-target] [ mcast-vpn-ipv4] [evpn] [bgp-ls] [mcast-ipv6] [mcast-vpn-ipv6] [sr-policy-ipv4] [sr-policy-ipv6] [ flow-vpn-ipv4] [flow-vpn-ipv6]

no family

Context

[Tree] (config>router>policy-options>policy-statement>entry>from family)

Full Context

configure router policy-options policy-statement entry from family

Description

This command specifies address families as matching conditions.

The no form of the command configures the router to use the default value.

Default

no family

Parameters

ipv4: Keyword to match routes belonging to the IPv4 unicast (unlabeled) address family.

label-ipv4: Keyword to match routes belonging to the IPv4 unicast (labeled) address family.

vpn-ipv4: Keyword to match routes belonging to the IPv4 VPN (SAFI 128) address family.

ipv6: Keyword to match routes belonging to the IPv6 unicast (unlabeled) address family.

label-ipv6: Keyword to match routes belonging to the IPv6 unicast (labeled) address family.

vpn-ipv6: Keyword to match routes belonging to the IPv6 VPN (SAFI 128) address family.

mcast-ipv4: Keyword to match routes belonging to the IPv4 multicast SAFI address family.

l2-vpn: Keyword to match routes belonging to the L2 VPN address family.

mvpn-ipv4: Keyword to match routes belonging to the IPv4 multicast VPN address family.

mvpn-ipv6: Keyword to match routes belonging to the IPv6 multicast VPN address family.

mdt-safi: Keyword to match routes belonging to the MDT SAFI address family.

ms-pw: Keyword to match routes belonging to the multi-segment pseudowire address family.

flow-ipv4: Keyword to match routes belonging to the IPv4 FlowSpec address family.

flow-ipv6: Keyword to match routes belonging to the IPv6 FlowSpec address family.

route-target: Keyword to match routes belonging to the address family for RT constrain routes.

mcast-vpn-ipv4: Keyword to match routes belonging to the IPv4 VPN multicast (SAFI 129) address family.

evpn: Keyword to match routes belonging to the EVPN address family.

bgp-ls: Keyword to advertise the BGP-LS address family to the associated BGP neighbors.

mcast-ipv6: Keyword to match routes belonging to the IPv6 multicast SAFI address family.

mcast-vpn-ipv6: Keyword to match routes belonging to the IPv6 multicast routes from a VPRN over the provider network. This family is only applicable in the base BGP routing context.

sr-policy-ipv4: Keyword to match routes belonging to the segment routing policy IPv4 address family (AFI1/SAFI73).

sr-policy-ipv6: Keyword to match routes belonging to the segment routing policy IPv6 address family (AFI2/SAFI73).

flow-vpn-ipv4: Keyword to match routes belonging to the FlowSpec-VPN IPv4 address family (AFI 1, SAFI 134).

flow-vpn-ipv6: Keyword to match routes belonging to the FlowSpec-VPN IPv6 address family (AFI 2, SAFI 134).

Platforms

7705 SAR Gen 2

far-end

Syntax

far-end ip-address [vc-id vc-id] [{ing-svc-label ingress-vc-label| tldp}] [icb]

no far-end ip-address

Context

[Tree] (config>mirror>mirror-dest>remote-source far-end)

Full Context

configure mirror mirror-dest remote-source far-end

Description

This command is used on a destination router in a remote mirroring solution. See the description for the remote-source command for additional information.

When using L2TPv3, MPLS-TP or LDP IPv6 LSP SDPs in the remote mirroring solution, the destination node should be configured with remote-src>spoke-sdp entries. For all other types of SDPs, remote-source>far-end entries are used.

Up to 50 far-end entries can be specified.

The no form of this command removes the IP address from the remote source configuration.

Parameters

ip-address

Specifies the service IP address (system IP address) of the remote device sending mirrored traffic to this mirror destination service. If 0.0.0.0 is specified, any remote is allowed to send to this service.

Values: 1.0.0.1 to 223.255.255.254

vc-id: Specifies the virtual circuit identifier of the remote source. For mirror services, the vc-id defaults to the service-id. However, if the vc-id is being used by another service a unique vc-id is required to create an SDP binding. For this purpose the mirror service SDP bindings accepts vc-ids. This VC ID must match the VC ID used on the spoke SDP that is configured on the source router.

ingress-vc-label

Specifies the ingress service label for mirrored service traffic on the far end device for manually configured mirror service labels.

The defined ing-svc-label is entered into the ingress service label table which causes ingress packet with that service label to be handled by this mirror destination service.

The specified ing-svc-label must not have been used for any other service ID and must match the egress service label being used on the spoke SDP that is configured on the source router. It must be within the range specified for manually configured service labels defined on this router. It may be reused for other far end addresses on this mirror-dest-service-id.

Values: 2048 to 18431

tldp: Specifies that the label is obtained through signaling via the LDP.

icb: Specifies that the remote source is an inter-chassis backup SDP binding.

Platforms

7705 SAR Gen 2

far-end

Syntax

far-end node-id node-id [global-id global-id]

far-end [ip-address | ipv6-address]

no far-end ip-address | ipv6-address

Context

[Tree] (config>service>sdp far-end)

Full Context

configure service sdp far-end

Description

This command configures the system IP address of the far-end destination router for the service destination point (SDP) that is the termination point for a service.

The far-end IP address must be explicitly configured. The destination IP address must be that of an SR OS and for a GRE SDP it must match the system IP address of the far end router.

If the SDP uses GRE for the destination encapsulation, the IP address is checked against other GRE SDPs to verify uniqueness. If the IP address is not unique within the configured GRE SDPs, an error is generated and the IP address is not associated with the SDP. The local device may not know whether the IP address is actually a system IP interface address on the far-end device.

If the SDP uses MPLS encapsulation, the far-end address is used to check LSP names when added to the SDP. If the " to IP address” defined within the LSP configuration does not exactly match the SDP far-end address, the LSP will not be added to the SDP and an error will be generated. Alternatively, an SDP that uses MPLS can have an MPLS-TP node with an MPLS-TP node-id and (optionally) a global ID. In this case, the SDP must use an MPLS-TP LSP and the SDP signaling parameter must be set to off.

An SDP cannot be administratively enabled until a far-end ip-address or MPLS-TP node-id is defined. The SDP is operational when it is administratively enabled ( no shutdown) and the far-end ip-address is contained in the IGP routing table as a host route. OSPF ABRs should not summarize host routes between areas. This can cause SDPs to become operationally down. Static host routes (direct and indirect) can be defined in the local device to alleviate this issue.

On a tunnel configured as SDP with delivery type of eth-gre-bridged, this command designates L2oGRE tunnel end points. This is the only configuration option allowed for this type of SDP.

The no form of this command removes the currently configured destination IP address for the SDP. The ip-address parameter is not specified and will generate an error if used in the no far-end command. The SDP must be administratively disabled using the config service sdp shutdown command before the no far-end command can be executed. Removing the far-end IP address will cause all lsp-name associations with the SDP to be removed.

Parameters

far-end: Specifies the far-end termination point for the GRE tunnel.

ip-address | ipv6-address: Specifies a IPv4 or IPv6 address of the far-end SR OS for the SDP in dotted decimal notation.

node-id: Specifies the MPLS-TP Node ID of the far-end system for the SDP, either in dotted decimal notation (a.b.c.d) or an unsigned 32-bit integer (1 to 4294967295). This parameter is mandatory for an SDP using an MPLS-TP LSP.

global-id: Specifies a MPLS-TP Global ID of the far-end system for the SDP, in an unsigned 32-bit integer (0 to 4294967295). This parameter is optional for an SDP using an MPLS-TP LSP. If not entered, a default value for the Global ID of '0’ is used. A global ID of '0’ indicates that the far-end node is in the same domain as the local node. The user must explicitly configure a Global ID if its value is non-zero.

Platforms

7705 SAR Gen 2

fast-leave

Syntax

[no] fast-leave

Context

[Tree] (config>service>vpls>sap>mld-snooping fast-leave)

[Tree] (config>service>vpls>sap>igmp-snooping fast-leave)

[Tree] (config>service>vpls>spoke-sdp>igmp-snooping fast-leave)

[Tree] (config>service>vpls>spoke-sdp>mld-snooping fast-leave)

[Tree] (config>service>vpls>mesh-sdp>mld-snooping fast-leave)

[Tree] (config>service>vpls>mesh-sdp>igmp-snooping fast-leave)

Full Context

configure service vpls sap mld-snooping fast-leave

configure service vpls sap igmp-snooping fast-leave

configure service vpls spoke-sdp igmp-snooping fast-leave

configure service vpls spoke-sdp mld-snooping fast-leave

configure service vpls mesh-sdp mld-snooping fast-leave

configure service vpls mesh-sdp igmp-snooping fast-leave

Description

This command enables fast leave.

When IGMP fast leave processing is enabled, the 7705 SAR Gen 2 immediately removes a SAP or SDP from the IP multicast group when it detects an IGMP leave message on that SAP or SDP. Fast leave processing allows the switch to remove a SAP or SDP that sends a leave message from the forwarding table without first sending out group-specific queries to the SAP or SDP, which speeds up the process of changing channels.

Fast leave should only be enabled when there is a single receiver present on the SAP or SDP.

When fast leave is enabled, the configured last-member-query-interval value is ignored.

Default

no fast-leave

Platforms

7705 SAR Gen 2

fast-leave

Syntax

[no] fast-leave

Context

[Tree] (config>service>pw-template>igmp-snooping fast-leave)

Full Context

configure service pw-template igmp-snooping fast-leave

Description

This command enables fast leave.

When IGMP fast leave processing is enabled, the 7705 SAR Gen 2 will immediately remove a SAP or SDP from the IP multicast group when it detects an IGMP leave on that SAP or SDP. Fast leave processing allows the switch to remove a SAP or SDP that sends a leave from the forwarding table without first sending out group-specific queries to the SAP or SDP, and thus speeds up the process of changing channels (zapping).

Fast leave should only be enabled when there is a single receiver present on the SAP or SDP.

When fast leave is enabled, the configured last-member-query-interval value is ignored.

Default

no fast-leave

Platforms

7705 SAR Gen 2

fast-reroute

Syntax

fast-reroute [backup-sr-tunnel]

no fast-reroute

Context

[Tree] (config>router>ldp fast-reroute)

Full Context

configure router ldp fast-reroute

Description

This command enables LDP Fast-Reroute (FRR) procedures. When enabled, LDP uses both the primary next-hop and LFA next-hop, when available, for resolving the next-hop of an LDP FEC against the corresponding prefix in the routing table. This will result in LDP programming a primary NHLFE and a backup NHLFE into the forwarding engine for each next-hop of a FEC prefix for the purpose of forwarding packets over the LDP FEC.

When any of the following events occurs, LDP instructs in the fast path the forwarding engines to enable the backup NHLFE for each FEC next-hop impacted by this event:

An LDP interface goes operationally down, or is admin shutdown.
An LDP session to a peer went down as the result of the Hello or Keep-Alive timer expiring.
The TCP connection used by a link LDP session to a peer went down, due say to next-hop tracking of the LDP transport address in RTM, which brings down the LDP session.
A BFD session, enabled on a T-LDP session to a peer, times-out and as a result the link LDP session to the same peer and which uses the same TCP connection as the T-LDP session goes also down.
A BFD session enabled on the LDP interface to a directly connected peer, times out and brings down the link LDP session to this peer.

The tunnel-down-dump-time option or the label-withdrawal-delay option, when enabled, does not cause the corresponding timer to be activated for a FEC as long as a backup NHLFE is still available.

Because LDP can detect the loss of a neighbor/next-hop independently, it is possible that it switches to the LFA next-hop while IGP is still using the primary next-hop. Also, when the interface for the previous primary next-hop is restored, IGP may re-converge before LDP completed the FEC exchange with it neighbor over that interface. This may cause LDP to de-program the LFA next-hop from the FEC and blackhole traffic. In order to avoid this situation, it is recommended to enable IGP-LDP synchronization on the LDP interface.

When the SPF computation determines there is more than one primary next-hop for a prefix, it will not program any LFA next-hop in RTM. Thus, the LDP FEC will resolve to the multiple primary next-hops that provide the required protection.

The backup-sr-tunnel option enables the use of SR tunnel, as a remote LFA or TI-LFA backup tunnel next-hop by an LDP FEC.

As a pre-requisite, the user must enable the stitching of LDP and SR in the LDP-to-SR direction. That is because the LSR must perform the stitching of the LDP ILM to SR tunnel when the primary LDP next-hop of the FEC fails. Thus LDP must listen to SR tunnels programmed by the IGP in TTM but the mapping server feature is not required.

Assuming the following:

the backup-sr-tunnel option is enabled in LDP
the {loopfree-alternates remote-lfa} and/or the {loopfree-alternates ti-lfa} option is enabled in the IGP instance
LDP was able to resolve the primary next-hop of the LDP FEC in RTM

IGP SPF will run both the base LFA and the TI-LFA algorithms and if it does not find a backup next-hop for a prefix of an LDP FEC, it will also run the remote LFA algorithm. If IGP finds a TI-LFA or a remote LFA tunnel next-hop, LDP programs the primary next-hop of the FEC using a LDP NHLFE and programs the LFA backup next-hop using a LDP NHLFE pointing to the SR tunnel endpoint. Note that the LDP packet is not "tunneled” over the SR tunnel. The LDP label is actually stitched to the segment routing label stack. LDP points both the LDP ILM and the LTN to the backup LDP NHLFE which itself uses the SR tunnel endpoint.

The behavior of the feature is thus similar to the LDP-to-SR stitching feature, except the behavior is augmented to allow the stitching of an LDP ILM/LTN to a SR tunnel also when the primary LDP next-hop of the FEC fails.

If the LDP FEC primary next-hop failed and LDP has pre-programmed a remote LFA or TI-LFA next-hop with a LDP backup NHLFE pointing to SR tunnel, the LDP ILM/LTN switches to it. Note that if for some reason the failure impacted only the LDP tunnel primary next-hop but not the SR tunnel primary next-hop, the LDP backup NHLFE will effectively point to the primary next-hop of the SR tunnel and traffic of the LDP ILM/LTN will follow this path instead of the TI-LFA or remote LFA next-hop of the SR tunnel until the latter is activated.

This feature is limited to IPv4 /32 prefixes in both LDP and SR.

The no form of this command disables the use of SR tunnels as backups for LDP FECs and disables LDP FRR.

Default

no fast-reroute

Platforms

7705 SAR Gen 2

fast-reroute

Syntax

fast-reroute frr-method

no fast-reroute

Context

[Tree] (config>router>mpls>lsp fast-reroute)

[Tree] (config>router>mpls>lsp-template fast-reroute)

Full Context

configure router mpls lsp fast-reroute

configure router mpls lsp-template fast-reroute

Description

This command creates a pre-computed detour LSP from each node in the path of the LSP. In case of failure of a link or LSP between two nodes, traffic is immediately rerouted on the pre-computed detour LSP, thus avoiding packet-loss.

When fast-reroute is enabled, each node along the path of the LSP tries to establish a detour LSP as follows:

Each upstream node sets up a detour LSP that avoids only the immediate downstream node, and merges back on to the actual path of the LSP as soon as possible.

If it is not possible to set up a detour LSP that avoids the immediate downstream node, a detour can be set up to the downstream node on a different interface.
The detour LSP may take one or more hops (see config>router>mpls>lsp hop-limit, config>router>mpls>lsp>primary-p2mp-instance hop-limit) before merging back on to the main LSP path.
When the upstream node detects a downstream link or node failure, the ingress router switches traffic to a standby path if one was set up for the LSP.

Fast reroute is available only for the primary path. No configuration is required on the transit hops of the LSP. The ingress router will signal all intermediate routers using RSVP to set up their detours. TE must be enabled for fast-reroute to work.

If an LSP is configured with fast-reroute frr-method specified but does not enable CSPF, then global revertive will not be available for the LSP to recover.

The no form of the fast-reroute command removes the detour LSP from each node on the primary path. This command will also remove configuration information about the hop-limit and the bandwidth for the detour routes.

The no form of fast-reroute hop-limit command reverts to the default value.

Note:

A one-to-one detour backup LSP cannot be used at the PLR for ABR node protection. As a result, a PLR node does not signal a one-to-one detour LSP for ABR protection. In addition, the ABR node rejects a Path message that it has received from a third-party implementation configured with a detour object and a loose ERO next-hop. The Path message is rejected regardless of whether the cspf-on-loose-hop command is enabled on the node. When the router transits ABR for the detour path, the router rejects the signaling of an inter-area detour backup LSP.

Default

no fast-reroute — When fast-reroute is specified, the default fast-reroute method is one-to-one.

Parameters

frr-method

Configures the fast-reroute method.

Values: one-to-one — In the one-to-one technique, a label switched path is established which intersects the original LSP somewhere downstream of the point of link or node failure. For each LSP which is backed up, a separate backup LSP is established.

Values

facility — This option, sometimes called many-to-one, takes advantage of the MPLS label stack. Instead of creating a separate LSP for every backed-up LSP, a single LSP is created which serves to backup up a set of LSPs. This LSP tunnel is called a bypass tunnel.

The bypass tunnel must intersect the path of the original LSP(s) somewhere downstream of the point of local repair (PLR). Naturally, this constrains the set of LSPs being backed-up through that bypass tunnel to those that pass through a common downstream node. All LSPs which pass through the PLR and through this common node which do not also use the facilities involved in the bypass tunnel are candidates for this set of LSPs.

Platforms

7705 SAR Gen 2

fc

Syntax

fc fc-name class-type ct-number

no fc fc-name

Context

[Tree] (config>router>rsvp>diffserv-te fc)

Full Context

configure router rsvp diffserv-te fc

Description

This command maps one or more system forwarding classes to a Diff-Serv Class Type (CT). The default mapping is shown in Forwarding Classes Mapping.

Table 3. Forwarding Classes Mapping
FC ID	FC Name	FC Designation	Class Type (CT)
7	Network Control	NC	7
6	High-1	H1	6
5	Expedited	EF	5
4	High-2	H2	4
3	Low-1	L1	3
2	Assured	AF	2
1	Low-2	L2	1
0	Best Effort	BE	0

The no form of this command reverts to the default mapping for the forwarding class name.

Parameters

class-type ct-number

The Diff-Serv Class Type number. One or more system forwarding classes can be mapped to a CT.

Values: 0 to 7

Platforms

7705 SAR Gen 2

fc

Syntax

fc fc-name

no fc

Context

[Tree] (config>mirror>mirror-dest fc)

Full Context

configure mirror mirror-dest fc

Description

This command specifies a forwarding class for all mirrored packets transmitted to the destination SAP or SDP overriding the default (be) forwarding class. All packets are sent with the same class of service to minimize out-of-sequence issues. The mirrored packet does not inherit the forwarding class of the original packet.

When the destination is on a SAP, a single egress queue is created that pulls buffers from the buffer pool associated with the fc-name.

When the destination is on an SDP, the fc-name defines the DiffServ-based egress queue that is used to reach the destination. The fc-name also defines the encoded forwarding class of the encapsulation.

The FC configuration also affects how mirrored packets are treated at the ingress queuing point on the line cards. One ingress queue is used per mirror destination (service) and that is an expedited queue if the configured FC is expedited (one of nc, h1, ef or h2). The ingress mirror queues have no CIR, but a line-rate PIR.

The no form of this command reverts the mirror-dest service ID forwarding class to the default forwarding class.

Default

The best effort (be) forwarding class is associated with the mirror-dest service ID.

Parameters

fc-name

The name of the forwarding class with which to associate mirrored service traffic. The forwarding class name must already be defined within the system. If the fc-name does not exist, an error is returned and the fc command has no effect. If the fc-name does exist, the forwarding class associated with fc-name overrides the default forwarding class.

Values: be, l2, af, l1, h2, ef, h1, nc

Platforms

7705 SAR Gen 2

fc

Syntax

fc fc-name

no fc

Context

[Tree] (config>saa>test>type-multi-line>lsp-ping fc)

[Tree] (config>saa>test>type-multi-line>lsp-ping>sr-policy fc)

Full Context

configure saa test type-multi-line lsp-ping fc

configure saa test type-multi-line lsp-ping sr-policy fc

Description

This command specifies the FC and profile parameters that are used to indicate the forwarding class and profile of the MPLS echo request packet.

The no form of this command reverts to the default value.

Default

fc be

Parameters

fc-name

Specifies the forwarding class name.

Values: be, l2, af, l1, h2, ef, h1, nc

Default: be

Platforms

7705 SAR Gen 2

fc

Syntax

fc fc-name

no fc

Context

[Tree] (config>oam-pm>session>ip fc)

Full Context

configure oam-pm session ip fc

Description

This command sets the forwarding class designation for TWAMP Light packets that are sent through the node and exposed to the various QoS functions on the network element.

The no form of this command restores the default value.

Default

fc be

Parameters

fc-name

Specifies the forwarding class name.

Values: be, l2, af, l1, h2, ef, h1, nc

Default: be

Platforms

7705 SAR Gen 2

fc

Syntax

fc fc-name [create]

no fc fc-name

Context

[Tree] (config>qos>sap-ingress fc)

Full Context

configure qos sap-ingress fc

Description

The fc command creates a class or subclass instance of the forwarding class fc-name. When the fc-name is created, classification actions can be applied and the subclass can be used in match classification criteria. Attempting to use an undefined subclass in a classification command will result in an execution error and the command will fail.

The no form of this command removes all the explicit queue mappings for fc-name forwarding types. The queue mappings revert to the default queues for fc-name. To successfully remove a subclass, all associations with the subclass in the classification commands within the policy must first be removed or diverted to another forwarding class or subclass.

Parameters

fc-name

The parameter subclass-name is optional and must be defined using a dot separated notation with a preceding valid system-wide forwarding class name. Creating a subclass follows normal naming conventions. Up to sixteen ASCII characters may be used. If the same sub-name is used with two or more forwarding class names, each is considered a different instance of subclass. A subclass must always be specified with its preceding forwarding class name. When a forwarding class is created or specified without the optional subclass, the parent forwarding class is assumed.

Within the SAP ingress QoS policy, up to 56 subclasses may be created. Each of the 56 subclasses may be created within any of the eight parental forwarding classes. When the limit of 56 is reached, any further subclass creations will fail and the subclass will not exist.

Successfully creating a subclass places the CLI within the context of the subclass for further subclass parameter definitions. Within the subclass context, commands may be executed that define subclass priority (within the parent forwarding class queue mapping), subclass color aware profile settings, subclass in-profile and out-of-profile precedence or DSCP markings.

The subclass-name parameter is optional and used with the fc-name parameter to define a pre-existing subclass. The fc-name and subclass-name parameters must be separated by a period (.). If subclass-name does not exist in the context of fc-name, an error will occur. If subclass-name is removed using the no fc fc-name.subclass-name force command, the default-fc command will automatically drop the subclass-name and only use fc-name (the parent forwarding class for the subclass) as the forwarding class.

Values


fc:	class[.subclass]
		class: be, l2, af, l1, h2, ef, h1, nc
		subclass: 29 characters max

create: Required parameter when creating a SAP QoS ingress policy forwarding class.

Platforms

7705 SAR Gen 2

fc

Syntax

fc fc-name [create]

no fc fc-name

Context

[Tree] (config>qos>sap-egress fc)

Full Context

configure qos sap-egress fc

Description

The fc fc-name node within the SAP egress QoS policy is used to contain the explicitly defined queue mapping and dot1p marking commands for fc-name. When the mapping for fc-name points to the default queue and the dot1p marking is not defined, the node for fc-name is not displayed in the show configuration or save configuration output unless the detail option is specified.

The no form of this command removes the explicit queue mapping and dot1p marking commands for fc-name. The queue mapping reverts to the default queue for fc-name and the dot1p marking (if appropriate) uses the default of 0.

Default

no fc

Parameters

fc-name

This parameter specifies that the forwarding class queue mapping or dot1p marking is to be edited. The value given for fc-name must be one of the predefined forwarding classes in the system.

Values: be, l2, af, l1, h2, ef, h1, nc

Platforms

7705 SAR Gen 2

fc

Syntax

fc fc-name

no fc

Context

[Tree] (config>qos>network>ingress fc)

Full Context

configure qos network ingress fc

Description

This command is used to enter the CLI node to configure QoS parameters for the specified forwarding class. The fc command overrides the default parameters for that forwarding class from the values defined in the network default policy.

The no form of this command removes the forwarding class name configuration. The forwarding class reverts to the parameters defined in the default network policy.

Parameters

fc-name

The case-sensitive, system-defined forwarding class name for which policy entries will be created.

Values: be, l2, af, l1, h2, ef, h1, nc

Platforms

7705 SAR Gen 2

fc

Syntax

fc fc-name

no fc

Context

[Tree] (config>qos>network>egress fc)

Full Context

configure qos network egress fc

Description

This command is used to enter the CLI node to configure QoS parameters for the specified forwarding class. The FC name represents a CLI parent node that contains parameters describing the egress marking criteria of packets flowing through it. This command overrides the default parameters for that forwarding class from the values defined in the network default policy. It can also be used to redirect packets to a policer or queue in a network egress queue group instance.

The no form of this command removes the forwarding class name configuration. The forwarding class reverts to the parameters defined in the default network policy.

Parameters

fc-name

The case-sensitive, system-defined forwarding class name for which policy entries will be created.

Values: be, l2, af, l1, h2, ef, h1, nc

Platforms

7705 SAR Gen 2

fc

Syntax

fc fc-name [create]

no fc fc-name

Context

[Tree] (config>qos>network-queue fc)

Full Context

configure qos network-queue fc

Description

The fc command is used to enter the forwarding class mapping context for the given fc-name. Each forwarding class maps by default to queues 1 (unicast) and 9 (multipoint).

Parameters

fc-name

A valid forwarding class must be specified as fc-name when the fc command is executed. When the fc fc-name command is successfully executed, the system will enter the specified forwarding class context where the queue queue-id command may be executed.

Values: be, l2, af, l1, h2, ef, h1, nc

create: Required parameter when creating an FC node.

Platforms

7705 SAR Gen 2

fc

Syntax

fc fc-name [create]

no fc fc-name

Context

[Tree] (cfg>qos>qgrps>egr>qgrp fc)

Full Context

configure qos queue-group-templates egress queue-group fc

Description

The fc command is used to enter the forwarding class mapping context for the given fc-name. Each forwarding class has a default mapping depending on the egress queue group template. The system-created policer-output-queue template contains queues 1 and 2 by default with queue 1 being best-effort and queue 2 expedited. Forwarding classes be, l1, af and l2 all map to queue 1 by default. Forwarding classes h1, ef, h2 and nc all map to queue 2 by default. More queues may be created within the policer-output-queues template and the default forwarding classes may be changed to any defined queue within the template.

When all other user-defined egress queue group templates are created, only queue 1 (best-effort) exists and all forwarding classes are mapped to that queue. Other queues may be created and the forwarding classes may be changed to any defined queue within the template.

Besides the default mappings within the templates, the egress queue group template forwarding class queue mappings operate the same as the forwarding class mappings in a sap-egress QoS policy.

The template forwarding class mappings are the default mechanism for mapping egress policed traffic to a queue within an egress port queue group associated with the template. If a queue-id is explicitly specified in the QoS policy forwarding class policer mapping, and that queue exists within the queue group, the template forwarding class mapping is ignored.

Egress policed subscriber traffic works in a slightly different way. The subscriber and subscriber host support destination and organization strings are used to identify the egress port queue group. In this instance, the forwarding class mappings are always used and any queue overrides in the QoS policy are ignored. If neither string exists for the subscriber host, the egress queue group queue-id can be derived from either the QoS policy policer mapping or the template forwarding class queue mappings.

The no form of this command is used to return the specified forwarding class to its default template queue mapping.

Parameters

fc-name

A valid forwarding class must be specified as fc-name when the fc command is executed. When the fc fc-name command is successfully executed, the system will enter the specified forwarding class context where the queue queue-id command may be executed.

Values: be, l1, af, l2, h1, ef, h2, nc

Platforms

7705 SAR Gen 2

fdb-table-high-wmark

Syntax

[no] fdb-table-high-wmarkhigh-water-mark

Context

[Tree] (config>service>template>vpls-template fdb-table-high-wmark)

[Tree] (config>service>vpls fdb-table-high-wmark)

Full Context

configure service template vpls-template fdb-table-high-wmark

configure service vpls fdb-table-high-wmark

Description

This command specifies the value to send logs and traps when the threshold is reached.

The no form of this command reverts to the default value.

Default

fdb-table-high-wmark 95

Parameters

high-water-mark

Specifies the value as a percentage.

Values: 0 to 100

Platforms

7705 SAR Gen 2

fdb-table-low-wmark

Syntax

[no] fdb-table-low-wmarklow-water-mark

Context

[Tree] (config>service>template>vpls-template fdb-table-low-wmark)

[Tree] (config>service>vpls fdb-table-low-wmark)

Full Context

configure service template vpls-template fdb-table-low-wmark

configure service vpls fdb-table-low-wmark

Description

This command specifies the value to send logs and traps when the threshold is reached.

The no form of this command reverts to the default value.

Default

fdb-table-low-wmark 90

Parameters

low-water-mark

Specifies the value as a percentage.

Values: 0 to 100

Platforms

7705 SAR Gen 2

fdb-table-size

Syntax

fdb-table-size table-size

no fdb-table-size [table-size]

Context

[Tree] (config>service>vpls fdb-table-size)

[Tree] (config>service>template>vpls-template fdb-table-size)

Full Context

configure service vpls fdb-table-size

configure service template vpls-template fdb-table-size

Description

This command specifies the maximum number of MAC entries in the forwarding database (FDB) for the VPLS instance on this node.

The fdb-table-size specifies the maximum number of forwarding database entries for both learned and static MAC addresses for the VPLS instance.

The no form of this command returns the maximum FDB table size to default.

Default

fdb-table-size 250

Parameters

table-size

Specifies the number of entries permitted in the forwarding database for this VPLS instance.

Values: 7705 SAR Gen 2: 1 to 32767

Platforms

7705 SAR Gen 2

fdb-table-size

Syntax

fdb-table-size table-size

no fdb-table-size

Context

[Tree] (config>service>system fdb-table-size)

Full Context

configure service system fdb-table-size

Description

This command configures the maximum system FDB table size, which is dependent on the chassis type. CPMs with at least 16 GB of memory are required when exceeding 500k MAC addresses in a system. The table size cannot be reduced below its default value, which is also chassis-dependent.

The maximum system FDB table size also limits the maximum FDB table size of any card within the system.

The no version of this command sets the table size to its default.

The command default depends on the chassis type and available memory.

Parameters

table-size

Specifies the maximum system FDB table size.

Values: 32767 to 32767

Platforms

7705 SAR Gen 2

fec-limit

Syntax

fec-limit limit [log-only] [threshold percentage]

no fec-limit

Context

[Tree] (config>router>ldp>session-params>peer fec-limit)

Full Context

configure router ldp session-parameters peer fec-limit

Description

This command configures a limit on the number of FECs which an LSR will accept from a given peer and add into the LDP label database. The limit applies to the aggregate count of all FEC types including service FEC. Once the limit is reached, any FEC received will be released back to the peer. This behavior is different from the per-peer import policy which will still accept the FEC into the label database but will not resolve it.

When the FEC limit for a peer is reached, the LSR performs the following actions:

Generates a trap and a syslog message.
Generates a LDP notification message with the LSR overload status TLV, for each LDP FEC type including service FEC, to this peer only if this peer advertised support for the LSR overload sub-TLV via the LSR Overload Protection Capability TLV at session initialization.
Releases, with LDP Status Code of "No_Label_Resources", any new FEC, including service FEC, from this peer which exceeds the limit.

If a legitimate FEC is released back to a peer, while the FEC limit was exceeded, the user must have a means to replay that FEC back to the router LSR once the condition clears. This is done automatically if the peer is an SR OS-based router and supports the LDP overload status TLV ( SR OS 11.0R5 and higher). Third-party peer implementations must support the LDP overload status TLV or provide a manual command to replay the FEC.

The threshold option allows to set a threshold value when a trap and an syslog message are generated as a warning to the user in addition to when the limit is reached. The default value for the threshold when not configured is 90%.

The log-only option causes a trap and syslog message to be generated when reaching the threshold and limit. However, LDP labels are not released back to the peer.

If the user decreases the limit value such that it is lower than the current number of FECs accepted from the peer, the LDP LSR raises the trap for exceeding the limit. In addition, it will set overload for peers which signaled support for LDP overload protection capability TLV. However, no existing resolved FECs from the peer which does not support the overload protection capability TLV should be de-programmed or released.

A different trap is released when crossing the threshold in the upward direction, when reaching the FEC limit, and when crossing the threshold in the downward direction. However the same trap will not be generated more often than 2 minutes apart if the number of FECs oscillates around the threshold or the FEC limit.

Default

no fec-limit

Parameters

limit: Specifies the aggregate count of FECs of all types which can be accepted from this LDP peer.

log-only: Specifies that only a trap and syslog message are generated when reaching the threshold and limit. However, LDP labels are not released back to the peer.

percentage: Specifies the threshold value (as a percentage) that triggers a warning syslog message and trap to be sent.

Platforms

7705 SAR Gen 2

fec-originate

Syntax

fec-originate ip-prefix/mask [advertised-label in-label] [swap-label out-label] interface interface-name

fec-originate ip-prefix/mask [advertised-label in-label] next-hop ip-address [swap-label out-label]

fec-originate ip-prefix/mask [advertised-label in-label] next-hop ip-address [swap-label out-label] interface interface-name

fec-originate ip-prefix/mask [advertised-label in-label] pop

no fec-originate ip-prefix/mask interface interface-name

no fec-originate ip-prefix/mask next-hop ip-address

no fec-originate ip-prefix/mask next-hop ip-address interface interface-name

no fec-originate ip-prefix/mask pop

Context

[Tree] (config>router>ldp fec-originate)

Full Context

configure router ldp fec-originate

Description

This command defines a way to originate a FEC (with a swap action) for which the LSR is not egress, or to originate a FEC (with a pop action) for which the LSR is egress.

Parameters

ip-prefix/mask

Specifies information for the specified IP prefix and mask length.

Values


ipv4-prefix - a.b.c.d
ipv4-prefix-le - [0..32]
ipv6-prefix	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x - [0..FFFF]H
	d - [0..255]D
	ipv6-prefix-le - [0..128]

next-hop: Specifies the IP address of the next hop of the prefix.

advertised-label: Specifies the label advertised to the upstream peer. If not configured, then the label advertised should be from the label pool. If the configured static label is not available then the IP prefix is not advertised.

out-label

Specifies the LSR to swap the label. If configured, then the LSR should swap the label with the configured swap-label. If not configured, then the default action is pop if the next-hop parameter is not defined.

The next-hop, advertised-label, swap-label parameters are all optional. If next-hop is configured but no swap label specified, it will be a swap with label 3, such as, pop and forward to the next-hop. If the next-hop and swap-label are configured, then it is a regular swap. If no parameters are specified, a pop and route is performed.

Values: 16 to 1048575

in-label

Specifies the number of labels to send to the peer associated with this FEC.

Values: 32 to 1023

pop: Specifies to pop the label and transmit without the label.

interface interface-name: Specifies the name of the interface the label for the originated FEC is swapped to. For an unnumbered interface, this parameter is mandatory since there is no address for the next-hop. For a numbered interface, it is optional.

Platforms

7705 SAR Gen 2

fec-type-capability

Syntax

fec-type-capability

Context

[Tree] (config>router>ldp>if-params>if>ipv4 fec-type-capability)

[Tree] (config>router>ldp>if-params>if>ipv6 fec-type-capability)

[Tree] (config>router>ldp>session-params>peer fec-type-capability)

Full Context

configure router ldp interface-parameters interface ipv4 fec-type-capability

configure router ldp interface-parameters interface ipv6 fec-type-capability

configure router ldp session-parameters peer fec-type-capability

Description

This command enables or disables the advertisement of a FEC type on a given LDP session or Hello adjacency to a peer.

Platforms

7705 SAR Gen 2

fec129-cisco-interop

Syntax

[no] fec129-cisco-interop

Context

[Tree] (config>router>ldp>session-params>peer fec129-cisco-interop)

Full Context

configure router ldp session-parameters peer fec129-cisco-interop

Description

This command specifies whether LDP will provide translation between non-compliant FEC 129 formats of Cisco. Peer LDP sessions must be manually configured towards the non-compliant Cisco PEs.

When enabled, Cisco non-compliant format will be used to send and interpret received label release messages that is the FEC129 SAII and TAII fields will be reversed.

When the disabled, Cisco non-compliant format will not be used or supported. Peer address has to be the peer LSR-ID address.

The no form of this command returns the default.

Default

no fec129-cisco-interop

Platforms

7705 SAR Gen 2

fib-priority

Syntax

fib-priority {high | standard}

Context

[Tree] (config>service>vprn fib-priority)

Full Context

configure service vprn fib-priority

Description

This command specifies the FIB priority for VPRN BGP routes.

Parameters

high: Specifies high FIB priority for VPRN.

standard: Specifies standard FIB priority for VPRN.

Platforms

7705 SAR Gen 2

fib-priority

Syntax

fib-priority {high | standard}

Context

[Tree] (config>router fib-priority)

Full Context

configure router fib-priority

Description

This command specifies the FIB priority for VPRN BGP routes.

Default

fib-priority standard

Parameters

high: Specifies the high FIB priority.

standard: Specifies the standard FIB priority.

Platforms

7705 SAR Gen 2

fib-telemetry

Syntax

[no] fib-telemetry

Context

[Tree] (config>router fib-telemetry)

Full Context

configure router fib-telemetry

Description

This command enables the collection of extra state information related to the forwarding table state of certain IP routes, TTM tunnels, and MPLS LFIB entries. This extra state can be retrieved by gNMI telemetry subscriptions targeted to the following YANG paths:

/state/router/route-fib
/state/router/tunnel-fib
/state/router/label-fib

If this command is not configured, no information is displayed by the following show commands:

show>router>fib-telemetry>route
show>router>fib-telemetry>tunnel

The no form of this command disables the collection of this extra state.

Default

no fib-telemetry

Platforms

7705 SAR Gen 2

file

Syntax

file

Context

[Tree] (file)

Full Context

file

Description

Specifies the context to enter and perform file system operations. When entering the file context, the prompt changes to reflect the present working directory. Navigating the file system with the cd .. command results in a changed prompt.

The exit all command leaves the file system/file operation context and returns to the operational root CLI context. The state of the present working directory is maintained for the CLI session. Entering the file command returns the cursor to the working directory where the exit command was issued.

Platforms

7705 SAR Gen 2

file-id

Syntax

[no] file-id file-id [ name file-policy-name]

Context

[Tree] (config>log file-id)

Full Context

configure log file-id

Description

This command creates the context to configure a file policy that is used as the destination for an event log or billing (accounting) file.

This command defines the file location and characteristics that are to be used as the destination for a log event message stream or accounting/billing information. The file defined in this context is subsequently specified in the to command under log-id or accounting-policy to direct specific logging or billing source streams to the file destination.

A file policy can only be assigned to either one log-id or one accounting-policy. It cannot be reused for multiple instances. A file policy and associated file definition must exist for each log and billing file that must be stored in the file system.

A file is created when the file policy defined in this command is selected as the destination type for a specific log or accounting record. Log files are collected in a "log” directory. Accounting files are collected in an "act” directory.

The file names for a log are created by the system as summarized in Log File Names.

Table 4. Log File Names
File Type	File Name
Log File	logllff-timestamp
Accounting File	actaaff-timestamp

Where:

ll is the log-id
aa is the accounting policy-id
ff is the file-id
The timestamp is the actual timestamp when the file is created. The format for the timestamp is yyyymmdd-hhmmss where:
- yyyy is the year (for example, 2006)
- mm is the month number (for example, 12 for December)
- dd is the day of the month (for example, 03 for the 3rd of the month)
- hh is the hour of the day in 24 hour format (for example, 04 for 4 a.m.)
- mm is the minutes (for example, 30 for 30 minutes past the hour)
- ss is the number of seconds (for example, 14 for 14 seconds)
The accounting file is compressed and has a gz extension.

When initialized, each file contains:

The log-id description.
The time the file was opened.
The reason the file was created.
If the event log file was closed properly, the sequence number of the last event stored on the log is recorded.

If the process of writing to a log file fails (for example, the compact flash card is full) and if a backup location is not specified or fails, the log file will not become operational even if the compact flash card is replaced. Enter either a clear log command or a shutdown/no shutdown command to reinitialize the file.

If the primary location fails (for example, the compact flash card fills up during the write process), a trap is sent and logging continues to the specified backup location. This can result in truncated files in different locations.

The no form of this command removes the file policy from the configuration. A file policy can only be removed from the configuration if the policy is not the designated output for a log destination. The actual log or accounting file remain on the file system when a file policy is deleted.

Parameters

file-id

The file identification number for the file policy, expressed as a decimal integer.

Values: 1 to 99

name file-policy-name: Configures an optional file policy name, up to 64 characters, that can be used to refer to the file policy after it is created. If the name begins with a numerical digit (from 1 to 9), the name is a number from 1 to 99.

Platforms

7705 SAR Gen 2

file-storage-control

Syntax

file-storage-control

Context

[Tree] (config>log file-storage-control)

Full Context

configure log file-storage-control

Description

Commands in this context configure the total size limit of log and accounting files on each storage device on the active CPM.

Platforms

7705 SAR Gen 2

file-transmission-profile

Syntax

file-transmission-profile name [create]

no file-transmission-profile

Context

[Tree] (config>system file-transmission-profile)

Full Context

configure system file-transmission-profile

Description

This command creates a new file transmission profile or enters the configuration context of an existing file-transmission-profile.

The file-transmission-profile context defines transport parameters for protocol such as HTTP, include routing instance, source address, timeout value, and so on.

The no form of the command removes the profile name from the configuration.

Default

no file-transmission-profile

Parameters

name: Specifies the file transmission profile name, up to 32 characters.

create: Keyword used to create the transmission profile. The create keyword requirement can be enabled/disabled in the environment>create context.

Platforms

7705 SAR Gen 2

file-transmission-profile

Syntax

file-transmission-profile profile-name

no file-transmission-profile

Context

[Tree] (config>system>security>pki>ca-prof>auto-crl-update>crl-urls>url-entry file-transmission-profile)

Full Context

configure system security pki ca-profile auto-crl-update crl-urls url-entry file-transmission-profile

Description

This command specifies the file-transmission-profile for the url-entry. When the system downloads a CRL from the configured URL in the url-entry it will use the transportation parameter configured in the file-transmission-profile. auto-crl-update supports Base/Management/VPRN routing instance. vpls-management is not supported. In case of VPRN, the HTTP server port can only be 80 or 8080.

The no form of this command removes the specified profile name.

Default

no file-transmission-profile

Parameters

profile-name: Specifies the name of the file transmission profile to be matched up to 32 characters. The profile name is configured in the config>system>file-transmission-profile context.

Platforms

7705 SAR Gen 2

file-url

Syntax

file-url file-url

no file-url

Context

[Tree] (config>mirror>mirror-dest>pcap file-url)

Full Context

configure mirror mirror-dest pcap file-url

Description

This command specifies a file URL for the FTP or TFTP server, including the filename for packet capture transfer. After the file URL is entered, the system attempts to establish a connection and creates a file using the filename specified. The command prompt displays an error and rejects the file URL if the session establishment fails, if write privilege to remote server fails, or if the session experiences a sudden termination. If the FTP or TFTP server is unreachable, the command prompt is halted for further input until the retires are timed out after 24 seconds (after four attempts of about six seconds each). This command overwrites any file on the FTP or TFTP server with the same filename.

The no form of this command removes the file-url instance and stops the packet capture and file transfer session.

Parameters

file-url

Specifies the URL for the file to direct the search.

Values

[local-url | remote-url]

where:

local-url — [cflash-id/] [file-path]

180 chars max, including cflash-id

directory length 99 chars max each
remote-url — [{ftp://| tftp://} login:pswd@remote-locn/][ file-path]

180 chars max

directory length 99 chars max each

where: remote-locn — [hostname | ipv4-address | ipv6-address]


ipv4-address	a.b.c.d
ipv6-address	x:x:x:x:x:x:x:x[-interface]
	x:x:x:x:x:x:d.d.d.d[-interface]
	x - [0..FFFF]H
	d - [0..255]D
	interface - 32 chars max, for link
	local addresses
cflash-id	cf1:\| cf1-A:\| cf1-B:\| cf2:\| cf2-A:\| cf2-B:\| cf3:\| cf3-A:\| cf3-B:

Platforms

7705 SAR Gen 2

filter

Syntax

filter ip ip-filter-id

filter ipv6 ipv6-filter-id

no filter [ip ip-filter-id] [ ipv6 ipv6-filter-id]

Context

[Tree] (config>service>vprn>nw-if>egress filter)

[Tree] (config>service>vprn>if>spoke-sdp>ingress filter)

[Tree] (config>service>vprn>if>spoke-sdp>egress filter)

Full Context

configure service vprn network-interface egress filter

configure service vprn interface spoke-sdp ingress filter

configure service vprn interface spoke-sdp egress filter

Description

This command associates an IP filter policy with an ingress or egress Service Access Point (SAP) or IP interface. An IP filter policy can be associated with spoke SDPs. Filter policies control the forwarding and dropping of packets based on IP or MAC matching criteria.

The filter command is used to associate a filter policy with a specified ip-filter-id with an ingress or egress SAP. The ip-filter-id must already be defined before the filter command is executed. If the filter policy does not exist, the operation fails and an error message returned.

In general, filters applied to SAPs (ingress or egress) apply to all packets on the SAP. One exception is non-IP packets are not applied to IP match criteria, so the default action in the filter policy applies to these packets.

The no form of this command removes any configured filter ID association with the SAP or IP interface. The filter ID itself is not removed from the system unless the scope of the created filter is set to local. To avoid deletion of the filter ID and only break the association with the service object, use scope command within the filter definition to change the scope to local or global. The default scope of a filter is local.

Parameters

ip ip-filter-id

Specifies IP filter policy. The filter ID must already exist within the created IP filters.

Values: 1 to 65535

Platforms

7705 SAR Gen 2

filter

Syntax

filter ip ip-filter-id

filter ipv6 ipv6-filter-id

filter mac mac-filter-id

no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]

Context

[Tree] (config>service>ies>if>sap>egress filter)

[Tree] (config>service>ies>if>sap>ingress filter)

Full Context

configure service ies interface sap egress filter

configure service ies interface sap ingress filter

Description

This command associates a filter policy with an ingress or egress Service Access Point (SAP). Filter policies control the forwarding and dropping of packets based on the matching criteria. MAC filters are only allowed on Epipe and Virtual Private LAN Service (VPLS) SAPs.

The filter command is used to associate a filter policy with a specified ip-filter-id or ipv6-filter-id with an ingress or egress SAP. The filter policy must already be defined before the filter command is executed. If the filter policy does not exist, the operation fails and an error message returned.

In general, filters applied to SAPs (ingress or egress) apply to all packets on the SAP. One exception is non-IP packets are not applied to the match criteria, so the default action in the filter policy applies to these packets.

The no form of this command removes any configured filter ID association with the SAP. The filter ID itself is not removed from the system unless the scope of the created filter is set to local. To avoid deletion of the filter ID and only break the association with the service object, use scope command within the filter definition to change the scope to local or global. The default scope of a filter is local.

Parameters

ip ip-filter-id

Specifies the ID for the IP filter policy and corresponds to a previously created IP filter policy in the config>filter>ip-filter context.

Values: 1 to 65535

ipv6 ipv6-filter-id

Specifies the IPv6 filter policy. The filter ID must already exist within the created IPv6 filters.

Values: 1 to 65535

mac mac-filter-id

Specifies the MAC filter policy. The specified filter ID must already exist within the created MAC filters. The filter policy must already exist within the created MAC filters.

Values: 1 to 65535

Platforms

7705 SAR Gen 2

filter

Syntax

filter ip ip-filter-id

filter ipv6 ipv6-filter-id

filter mac mac-filter-id

no filter [ip ip-filter-id] [mac mac-filter-id] [ipv6ipv6-filter-id]

Context

[Tree] (config>service>vpls>sap>ingress filter)

[Tree] (config>service>vpls>spoke-sdp>egress filter)

[Tree] (config>service>vpls>sap>egress filter)

[Tree] (config>service>vpls>spoke-sdp>ingress filter)

[Tree] (config>service>vpls>mesh-sdp>ingress filter)

[Tree] (config>service>vpls>mesh-sdp>egress filter)

Full Context

configure service vpls sap ingress filter

configure service vpls spoke-sdp egress filter

configure service vpls sap egress filter

configure service vpls spoke-sdp ingress filter

configure service vpls mesh-sdp ingress filter

configure service vpls mesh-sdp egress filter

Description

This command associates an IP filter policy or MAC filter policy with an ingress or egress Service Access Point (SAP) or IP interface.

Filter policies control the forwarding and dropping of packets based on IP or MAC matching criteria. There are two types of filter policies: IP and MAC. Only one type may be applied to a SAP at a time.

The filter command is used to associate a filter policy with a specified filter ID with an ingress or egress SAP. The filter ID must already be defined before the filter command is executed. If the filter policy does not exist, the operation will fail and an error message returned.

In general, filters applied to SAPs (ingress or egress) apply to all packets on the SAP. One exception is non-IP packets are not applied to IP match criteria, so the default action in the filter policy applies to these packets.

The no form of this command removes any configured filter ID association with the SAP or IP interface. The filter ID itself is not removed from the system unless the scope of the created filter is set to local. To avoid deletion of the filter ID and only break the association with the service object, use scope command within the filter definition to change the scope to local or global. The default scope of a filter is local.

Parameters

ip ip-filter-id

Specifies IP filter policy. The filter ID must already exist within the created IP filters.

Values: 1 to 65535

ipv6 ipv6-filter-id

Specifies the IPv6 filter policy. The filter ID must already exist within the created IPv6 filters.

Values: 1 to 65535

mac mac-filter-id

Specifies the MAC filter policy. The specified filter ID must already exist within the created MAC filters. The filter policy must already exist within the created MAC filters.

Values: 1 to 65535

Platforms

7705 SAR Gen 2

filter

Syntax

filter [ip ip-filter-id]

filter [ipv6 ipv6-filter-id]

filter [mac mac-filter-id]

no filter [ip ip-filter-id]

no filter [ipv6 ipv6-filter-id]

no filter [mac mac-filter-id]

Context

[Tree] (config>service>epipe>sap>ingress filter)

[Tree] (config>service>epipe>spoke-sdp>ingress filter)

[Tree] (config>service>epipe>spoke-sdp>egress filter)

[Tree] (config>service>epipe>sap>egress filter)

Full Context

configure service epipe sap ingress filter

configure service epipe spoke-sdp ingress filter

configure service epipe spoke-sdp egress filter

configure service epipe sap egress filter

Description

This command associates an IP filter policy with an ingress or egress Service Access Point (SAP) or IP interface.

Filter policies control the forwarding and dropping of packets based on IP matching criteria. Only one filter can be applied to a SAP at a time.

The filter command is used to associate a filter policy with a specified filter-id with an ingress or egress SAP. The filter-id must already be defined before the filter command is executed. If the filter policy does not exist, the operation will fail and an error message returned.

IP filters apply only to RFC 2427-routed IP packets. Frames that do not contain IP packets will not be subject to the filter and will always be passed, even if the filter's default action is to drop.

The no form of this command removes any configured filter ID association with the SAP or IP interface. The filter ID itself is not removed from the system unless the scope of the created filter is set to local. To avoid deletion of the filter ID and only break the association with the service object, use scope command within the filter definition to change the scope to local or global. The default scope of a filter is local.

IPv6 filters are only supported by the 7705 SAR Gen 2 but are not supported on a Layer 2 SAP that is configured with QoS MAC criteria. Also, MAC filters are not supported on a Layer 2 SAP that is configured with QoS IPv6 criteria.

Parameters

ip-filter-id

Specifies IP filter policy. The filter ID must already exist within the created IP filters.

Values: 1 to 65535

ipv6-filter-id

Specifies the IPv6 filter policy. The filter ID must already exist within the created IPv6 filters.

Values: 1 to 65535

mac-filter-id

Specifies the MAC filter policy. The specified filter ID must already exist within the created MAC filters. The filter policy must already exist within the created MAC filters.

Values: 1 to 65535

Platforms

7705 SAR Gen 2

filter

Syntax

filter ip ip-filter-id

filter ipv6 ipv6-filter-id

no filter

Context

[Tree] (config>service>ies>if>spoke-sdp>ingress filter)

[Tree] (config>service>ies>if>spoke-sdp>egress filter)

Full Context

configure service ies interface spoke-sdp ingress filter

configure service ies interface spoke-sdp egress filter

Description

This command associates an IP filter policy filter policy with an ingress or egress spoke SDP.

Filter policies control the forwarding and dropping of packets based on matching criteria.

MAC filters are only allowed on Epipe and Virtual Private LAN Service (VPLS) SAPs.

The filter command is used to associate a filter policy with a specified ip-filter-id with an ingress or egress spoke SDP. The ip-filter-id must already be defined in the config>filter context before the filter command is executed. If the filter policy does not exist, the operation fails and an error message returned.

In general, filters applied to SAPs or spoke SDPs (ingress or egress) apply to all packets on the SAP or spoke SDPs. One exception is non-IP packets are not applied to IP match criteria, so the default action in the filter policy applies to these packets.

The no form of this command removes any configured filter ID association with the SAP or IP interface. The filter ID itself is not removed from the system unless the scope of the created filter is set to local. To avoid deletion of the filter ID and only break the association with the service object, use scope command within the filter definition to change the scope to local or global. The default scope of a filter is local.

Parameters

ip: Keyword indicating the filter policy is an IP filter.

ip-filter-id: The filter name acts as the ID for the IP filter policy. Allowed values are an integer in the range of 1 and 65535 that corresponds to a previously created IP filter policy. The filter ID must already exist within the created IP filters.

Platforms

7705 SAR Gen 2

filter

Syntax

filter ip ip-filter-id

filter ipv6 ipv6-filter-id

no filter [ip ip-filter-id] [ ipv6 ipv6-filter-id]

Context

[Tree] (config>service>vprn>if>sap>egress filter)

[Tree] (config>service>vprn>if>sap>ingress filter)

Full Context

configure service vprn interface sap egress filter

configure service vprn interface sap ingress filter

Description

This command associates an IP filter policy with an ingress or egress Service Access Point (SAP) or IP interface. Filter policies control the forwarding and dropping of packets based on IP matching criteria.

The filter command is used to associate a filter policy with a specified filter ID with an ingress or egress SAP. The filter ID must already be defined before the filter command is executed. If the filter policy does not exist, the operation fails and an error message returned.

In general, filters applied to SAPs (ingress or egress) apply to all packets on the SAP. One exception is non-IP packets are not applied to IP match criteria, so the default action in the filter policy applies to these packets.

The no form of this command removes any configured filter ID association with the SAP or IP interface. The filter ID itself is not removed from the system unless the scope of the created filter is set to local. To avoid deletion of the filter ID and only break the association with the service object, use scope command within the filter definition to change the scope to local or global. The default scope of a filter is local.

Parameters

ip ip-filter-id

Specifies IP filter policy. The filter ID must already exist within the created IP filters.

Values

ip-filter-id: 1 to 65535

name: up to 64 characters

ipv6 ipv6-filter-id

Specifies IPv6 filter policy. The filter ID must already exist within the created IP filters.

Values

ip-filter-id: 1 to 65535

name: up to 64 characters

Platforms

7705 SAR Gen 2

filter

Syntax

filter filter-id [name filter-name]

no filter filter-id

Context

[Tree] (config>service>vprn>log filter)

[Tree] (config>service>vprn>log>log-id filter)

Full Context

configure service vprn log filter

configure service vprn log log-id filter

Description

This command creates a context for an event filter. An event filter specifies whether to forward or drop an event or trap based on the match criteria.

Filters are configured in the filter filter-id context and then applied to a log in the log-id log-id context. Only events for the configured log source streams destined to the log ID where the filter is applied are filtered.

Changes made to an existing filter using any of the sub-commands are immediately applied to the destinations where the filter is applied.

By default, no event filters are defined. Event filters must be explicitly configured.

The no form of this command removes the filter association from log IDs, which causes those logs to forward all events.

Default

No event filters are defined.

Parameters

filter-id

Specifies the unique filter ID.

Values: 1 to 1500

name filter-name: Configures an optional filter name, up to 64 characters, that can be used to refer to the filter after it is created.

Platforms

7705 SAR Gen 2

filter

Syntax

filter ip ip-filter-id

filter ipv6 ipv6-filter-id

no filter [ip ip-filter-id] [ ipv6 ipv6-filter-id]

Context

[Tree] (config>service>vprn>network>ingress filter)

Full Context

configure service vprn network ingress filter

Description

This command configures a network ingress filter for IPv4 or IPv6 traffic arriving over explicitly defined spokes or auto-bind network interfaces for the VPRN service.

The no form of this command removes an IPv4, IPv6, or both filters.

Default

no filter

Parameters

ip-filter-id/ipv6-filter-id

Specifies an existing IP/IPv6 filter policy of a scope template.

Values

1 to 65535, name

name: 64 characters maximum

Platforms

7705 SAR Gen 2

filter

Syntax

filter ip ip-filter-id

no filter

Context

[Tree] (config>service>vprn>ipmirrorif>spoke-sdp>ingress filter)

Full Context

configure service vprn ip-mirror-interface spoke-sdp ingress filter

Description

This command places a filter on the IP mirror interface spoke SDP. It is recommended to configure this filter with a PBR filter to redirect the mirror traffic to the proper egress interface.

The no form of this command removes the filter ID from the configuration.

Parameters

ip-filter-id

Specifies the IP filter ID.

Values: 1 to 65525 or a name, up to 64 characters.

Platforms

7705 SAR Gen 2

filter

Syntax

filter ip ip-filter-id

filter ipv6 ipv6-filter-id

no filter [ipip-filter-id] [ ipv6 ipv6-filter-id]

Context

[Tree] (config>router>if>egress filter)

[Tree] (config>router>if>ingress filter)

Full Context

configure router interface egress filter

configure router interface ingress filter

Description

This command associates an IP filter policy with an IP interface.

Filter policies control packet forwarding and dropping based on IP match criteria.

The ip-filter-id must have been preconfigured before this filter command is executed. If the filter ID does not exist, an error occurs.

Only one filter ID can be specified.

The no form of this command removes the filter policy association with the IP interface.

Default

no filter

Parameters

ip-filter-id

The filter name acts as the ID for the IP filter policy expressed as a decimal integer. The filter policy must already exist within the config>filter>ip context.

Values: 1 to 16384

ipv6-filter-id

The filter name acts as the ID for the IPv6 filter policy expressed as a decimal integer. The filter policy must already exist within the config>filter>ipv6 context.

Values: 1 to 65535

Platforms

7705 SAR Gen 2

filter

Syntax

filter ip ip-filter-id

filter ipv6 ipv6-filter-id

filter mac mac-filter-id

no filter [ip ip-filter-id] [mac mac-filter-id] [ipv6ipv6-filter-id]

Context

[Tree] (config>service>pw-template>ingress filter)

[Tree] (config>service>pw-template>egress filter)

Full Context

configure service pw-template ingress filter

configure service pw-template egress filter

Description

This command associates an IP filter policy or MAC filter policy on egress or ingress. Filter policies control the forwarding and dropping of packets based on IP or MAC matching criteria. There are two types of filter policies: IP and MAC. Only one type may be applied to a SAP at a time.

The filter command is used to associate a filter policy with a specified filter ID with an ingress or egress SAP. The filter ID must already be defined before the filter command is executed. If the filter policy does not exist, the operation will fail and an error message returned.

This command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic). The filter-name command can be used in all configuration modes.

This command is mutually exclusive with the filter-name command. Only one or the other can be configured.

The no form of this command removes any configured filter ID association with the SAP or IP interface. The filter ID itself is not removed from the system unless the scope of the created filter is set to local. To avoid deletion of the filter ID and only break the association with the service object, use scope command within the filter definition to change the scope to local or global. The default scope of a filter is local.

Parameters

ip-filter-id

Specifies the IP filter policy.

Values: 1 to 65535

ipv6-filter-id

Specifies the IPv6 filter policy.

Values: 1 to 65535

mac-filter-id

Specifies the MAC filter policy.

Values: 1 to 65535

Platforms

7705 SAR Gen 2

filter

Syntax

filter filter-id [name filter-name]

no filter filter-id

Context

[Tree] (config>log filter)

Full Context

configure log filter

Description

This command creates a context for an event filter. An event filter specifies whether to forward or drop an event or trap based on the match criteria.

Filters are configured in the filter filter-id context and then applied to a log in the log-id log-id context. Only events for the configured log source streams destined to the log ID where the filter is applied are filtered.

Changes made to an existing filter using any of the sub-commands are immediately applied to the destinations where the filter is applied.

By default, no event filters are defined. Event filters must be explicitly configured.

The no form of this command removes the filter association from log IDs, which causes those logs to forward all events.

Parameters

filter-id

Specifies the unique filter ID.

Values: 1 to 1500

name filter-name: Configures an optional filter name, up to 64 characters, that can be used to refer to the filter after it is created.

Platforms

7705 SAR Gen 2

filter

Syntax

filter filter-id

no filter

Context

[Tree] (config>log>log-id filter)

Full Context

configure log log-id filter

Description

This command adds an event filter policy with the log destination.

The filter command is optional. If an event filter is not configured, all events, alarms and traps generated by the source stream will be forwarded to the destination.

An event filter policy defines (limits) the events that are forwarded to the destination configured in the log-id. The event filter policy can also be used to select the alarms and traps to be forwarded to a destination snmp-trap-group.

The application of filters for debug messages is limited to application and subject only.

Accounting records cannot be filtered using the filter command.

Only one filter ID can be configured per log destination.

The no form of this command removes the specified event filter from the log-id.

Parameters

filter-id

Specifies the event filter policy ID is used to associate the filter with the log-id configuration. The event filter policy ID must already be defined in config>log>filter filter-id.

Values: 1 to 1000

Platforms

7705 SAR Gen 2

filter-id-range

Syntax

filter-id-range start filter-id end filter-id

no filter-id-range

Context

[Tree] (config>filter>md-auto-id filter-id-range)

Full Context

configure filter md-auto-id filter-id-range

Description

This command specifies the range of IDs used by SR OS to automatically assign an ID to filters that are created in model-driven interfaces without an ID explicitly specified by the user or client.

A filter created with an explicitly-specified ID cannot use an ID in this range. In classic CLI and SNMP, the ID range cannot be changed while objects exist inside the previous or new range. In MD interfaces, the range can be changed, which causes any previously existing objects in the previous ID range to be deleted and re-created using a new ID in the new range.

The no form of this command removes the range values.

See the config>filter md-auto-id command for further details.

Default

no filter-id-range

Parameters

start filter-id

Specifies the lower value of the ID range. The value must be less than or equal to the end value.

Values: 1 to 2147483647

end filter-id

Specifies the upper value of the ID range. The value must be greater than or equal to the start value.

Values: 1 to 2147483647

Platforms

7705 SAR Gen 2

filter-name

Syntax

[no] filter-name

Context

[Tree] (config>service>template>vpls-sap-template>ingress filter-name)

[Tree] (config>service>template>vpls-sap-template>egress filter-name)

Full Context

configure service template vpls-sap-template ingress filter-name

configure service template vpls-sap-template egress filter-name

Description

Commands in this context configure filter parameters.

Platforms

7705 SAR Gen 2

filter-name

Syntax

filter-name ip ip-name

filter-name ipv6 ipv6-name

filter-name mac mac-name

no filter-name [ip] [ipv6] [mac]

Context

[Tree] (config>service>pw-template>ingress filter-name)

[Tree] (config>service>pw-template>egress filter-name)

Full Context

configure service pw-template ingress filter-name

configure service pw-template egress filter-name

Description

This command associates an IP filter policy or MAC filter policy on egress or ingress. Filter policies control the forwarding and dropping of packets based on IP or MAC matching criteria. There are two types of filter policies: IP and MAC. Only one type may be applied to a SAP at a time.

The filter-name command is used to associate a filter policy with a specified filter name with an ingress or egress SAP. The filter name must already be defined before the filter-name command is executed. If the filter policy does not exist, the operation will fail and an error message returned.

This command is mutually exclusive with the filter command. Only one or the other can be configured.

The no form of this command removes any configured filter name association with the SAP or IP interface. The filter name itself is not removed from the system unless the scope of the created filter is set to local. To avoid deletion of the filter name and only break the association with the service object, use scope command within the filter definition to change the scope to local or global. The default scope of a filter is local.

Parameters

ip-name: Specifies the IP filter policy. The filter name must already exist within the created IP filters, up to 64 characters.

ipv6-name: Specifies the IPv6 filter policy. The filter name must already exist within the created IPv6 filters, up to 64 characters.

mac-name: Specifies the MAC filter policy. The specified filter name must already exist within the created MAC filters. The filter policy must already exist within the created MAC filters, up to 64 characters.

Platforms

7705 SAR Gen 2

filtering

Syntax

filtering filtering-mode

no filtering

Context

[Tree] (config>service>nat>nat-policy filtering)

Full Context

configure service nat nat-policy filtering

Description

This command configures the filtering of the NAT or residential firewall policy.

Default

filtering endpoint-independent

Parameters

filtering-mode

Specifies the method used to filter the inbound traffic.

Values: address-and-port-dependent, endpoint-independent

Platforms

7705 SAR Gen 2

flags-tlv

Syntax

[no] flags-tlv

Context

[Tree] (config>router>fad>flex-algo flags-tlv)

Full Context

configure router flexible-algorithm-definitions flex-algo flags-tlv

Description

This command advertises the FAD Flags TLV to provide additional context on how the router must run a constrained SPF (cSPF). The IETF definition includes only the M-flag for use in the FAD Flags TLV. When it is set, the M-flag specifies the use of a Flex-Algorithm specific prefix metric. The M-flag is important for inter-area or inter-domain routing support with Flex-Algorithms.

When a router advertises a FAD, it is optional to advertise the FAD Flags TLV. However, when a FAD that includes the FAD Flags TLV is received, then the router must decode the flags before participating in the Flex-Algorithm.

By default, the following considerations apply to the FAD Flags TLV.

SR OS sets the M-flag and advertises the FAD Flags TLV.
When a FAD Flags TLV is received, SR OS decodes the flags and modifies the cSPF computation based upon the M-flag status.

The no form of this command prevents the advertisement of the FAD Flags TLV within a FAD.

Default

flags-tlv

Platforms

7705 SAR Gen 2

flex-algo

Syntax

flex-algo flex-algo

no flex-algo

Context

[Tree] (config>router>static-route-entry>indirect>tunnel-next-hop flex-algo)

Full Context

configure router static-route-entry indirect tunnel-next-hop flex-algo

Description

This command instructs the tunnel towards the indirect static-route next-hop to use the specified flexible algorithm.

It is assumed that the router using this command is participating in the flexible algorithm. This command instructs the router to lookup the indirect next-hop using flexible algorithm tunnels. If flexible algorithm aware tunnel to the indirect next-hop does not exist, then the static-route is not activated.

The expected outcome of this command is that when the router receives an IP payload packet, that it is steered towards the indirect next-hop using a flexible algorithm aware segment-routing tunnel if such tunnel exists. If such tunnel does not exist, then the route is not active, and the received IP packet will be dropped, if no other Longest Prefix Match (LPM) route exists.

If the flex-algo parameter is specified, the resolution filter can only use matching flexible algorithm-aware segment routing tunnels created by flexible algorithm-aware routing protocols (for example, SR IS-IS).

The no form of this command disables flexible algorithm-aware indirect next-hop resolution.

Default

no flex-algo

Parameters

flex-algo

Configures or deconfigures tunnel-next-hop flexible algorithm for resolving indirect static-route-entry.

Values: 128 to 255

Platforms

7705 SAR Gen 2

flex-algo

Syntax

flex-algo fad-name [create]

no flex-algo fad-name

Context

[Tree] (config>router>fad flex-algo)

Full Context

configure router flexible-algorithm-definitions flex-algo

Description

This command configures the definition context for a Flexible Algorithm Definition (FAD). Parameters, including the FAD priority, metric type, links to construct a flexible algorithm topology graph, and a description of the algorithm. Up to 256 local FADs can be configured on a router.

The FAD configuration parameters are grouped using the fad-name as the reference anchor. When an IGP is configured to use and advertise a local configured FAD, the fad-name is used as the reference anchor.

The no form of this command deletes the configured parameters and removes the defined FAD.

Default

no flex-algo

Parameters

fad-name: Specifies the name of the flexible algorithm, up to 32 characters, that is used as reference anchor for the configured parameters.

create: Specifies the mandatory keyword to create a router instance.

Platforms

7705 SAR Gen 2

flex-algo

Syntax

[no] flex-algoflex-algo

Context

[Tree] (config>router>isis>flex-algos flex-algo)

Full Context

configure router isis flexible-algorithms flex-algo

Description

This command enters the configuration context for an IS-IS flexible algorithm.

A maximum of seven unique flexible algorithms can be configured on a router across all configured IS-IS instances. In each IS-IS flexible algorithm configuration context, the IS-IS instance participation can be either enabled or disabled, and it configures the advertising of a locally-configured flexible algorithm definition.

When flexible algorithm is enabled in an IS-IS instance, it is enabled for all levels (Level 1 and Level 2) within the IS-IS instance.

The no form of this command removes the IS-IS flexible algorithm configuration context.

Default

no flex-algo

Parameters

flex-algo

Specifies the number of the IS-IS flexible algorithm.

Values: 128 to 255

Platforms

7705 SAR Gen 2

flex-algo

Syntax

[no] flex-algoflex-algo-id

Context

[Tree] (config>router>ospf>flex-algos flex-algo)

Full Context

configure router ospf flexible-algorithms flex-algo

Description

This command enters the configuration context for an OSPFv2 flexible algorithm.

A maximum of seven unique flexible algorithms can be configured on a router across all configured OSPFv2 instances. The supported flexible algorithms are in the range of 128 to 255. In each OSPF flexible algorithm configuration context, the OSPFv2 instance participation can be either enabled or disabled, and it configures the advertising of a locally-configured flexible algorithm definition.

When flexible algorithm is enabled in an OSPF instance, it is enabled for all areas within the OSPF instance.

The no form of this command removes the OSPF flexible algorithm configuration context.

Default

no flex-algo

Parameters

flex-algo-id

Specifies the OSPF flexible algorithm number.

Values: 128 to 255

Platforms

7705 SAR Gen 2

flex-algo

Syntax

[no] flex-algoflex-algo-id

Context

[Tree] (config>router>ospf>area>if flex-algo)

Full Context

configure router ospf area interface flex-algo

Description

This command enters the OSPFv2 flexible algorithms configuration context on the interface.

The no form of this command removes the OSPF flexible algorithm configuration context.

Default

no flex-algo

Parameters

flex-algo-id

Specifies the number of the OSPF flexible algorithm.

Values: 128 to 255

Platforms

7705 SAR Gen 2

flex-algo

Syntax

flex-algo flex-algo-id | param-name

no flex-algo

Context

[Tree] (config>router>policy-options>policy-statement>entry>action flex-algo)

[Tree] (config>router>policy-options>policy-statement>default-action flex-algo)

Full Context

configure router policy-options policy-statement entry action flex-algo

configure router policy-options policy-statement default-action flex-algo

Description

This command configures the Flex-Algorithm for use in the BGP next-hop autobind operation in a BGP import policy. A Flex-Algorithm aware autobind of the BGP next-hop is enabled when the route is matched by the policy statement entry.

Note:

Flex-Algorithm aware next-hop lookup is supported for unicast BGP, VPRN, and BGP-LU.
This command is not supported for multicast address families.

The no form of this command removes the Flex-Algorithm aware next-hop lookup.

Default

no flex-algo

Parameters

flex-algo-id

Specifies the flexible algorithm forwarding path.

Values: 128 to 255

param-name: Specifies the parameter name, up to 32 characters, that starts and ends with an at-sign (@) symbol.

Platforms

7705 SAR Gen 2

flex-algo

Syntax

flex-algo flex-algo-id

no flex-algo

Context

[Tree] (config>oam-pm>session>ip>tunnel>mpls>sr-isis flex-algo)

[Tree] (config>oam-pm>session>ip>tunnel>mpls>sr-ospf flex-algo)

Full Context

configure oam-pm session ip tunnel mpls sr-isis flex-algo

configure oam-pm session ip tunnel mpls sr-ospf flex-algo

Description

This command configures the flexible algorithm to tunnel IP packets for session tests.

The no form of this command disables the flexible algorithm to tunnel IP packets.

Default

no flex-algo

Parameters

flex-algo-id

Specifies the flexible algorithm ID.

Values: 128 to 255

Platforms

7705 SAR Gen 2

flexible-algorithm-definitions

Syntax

flexible-algorithm-definitions

Context

[Tree] (config>router flexible-algorithm-definitions)

Full Context

configure router flexible-algorithm-definitions

Description

Commands in this context locally configure algorithm definitions.

Platforms

7705 SAR Gen 2

flexible-algorithms

Syntax

flexible-algorithms

Context

[Tree] (config>router>isis flexible-algorithms)

Full Context

configure router isis flexible-algorithms

Description

Commands in this context configure the IS-IS parameters for flexible algorithm participation.

Platforms

7705 SAR Gen 2

flexible-algorithms

Syntax

flexible-algorithms

Context

[Tree] (config>router>ospf flexible-algorithms)

Full Context

configure router ospf flexible-algorithms

Description

Commands in this context configure the OSPFv2 parameters for flexible algorithm participation.

Platforms

7705 SAR Gen 2

flood-garp-and-unknown-req

Syntax

[no] flood-garp-and-unknown-req

Context

[Tree] (config>service>ies>if>vpls>evpn>arp flood-garp-and-unknown-req)

[Tree] (config>service>vprn>if>vpls>evpn>arp flood-garp-and-unknown-req)

Full Context

configure service ies interface vpls evpn arp flood-garp-and-unknown-req

configure service vprn interface vpls evpn arp flood-garp-and-unknown-req

Description

This command controls whether CPM-originated ARP frames are flooded in the R-VPLS service. Any frames that are data path flooded, such as the ARP messages received on a SAP, are flooded regardless of the command.

The no form of this command disables flooding GARP and unknown requests.

Default

flood-garp-and-unknown-req

Platforms

7705 SAR Gen 2

flow-label

Syntax

flow-label flow-label [mask]

no flow-label

Context

[Tree] (config>filter>ipv6-filter>entry>match flow-label)

Full Context

configure filter ipv6-filter entry match flow-label

Description

This command configures the flow-label and optional mask match condition.

The no form of the command reverts to the default.

Default

no flow-label

Parameters

flow-label

Specifies the flow label to be used as a match criterion. Value can be expressed as a decimal integer, as well as in hexadecimal or binary format. The following value shows decimal integer format only.

Values: 0 to 1048575

mask

Specifies the flow label mask value for this policy IPv6 Filter entry. Value can be expressed as a decimal integer, as well as in hexadecimal or binary format. The following value shows decimal integer format only.

Values: 0 to 1048575

Platforms

7705 SAR Gen 2

flow-label

Syntax

flow-label value

no flow-label

Context

[Tree] (config>system>security>mgmt-access-filter>ipv6-filter>entry flow-label)

Full Context

configure system security management-access-filter ipv6-filter entry flow-label

Description

This command configures flow label match conditions. Flow labeling enables the labeling of packets belonging to particular traffic flows for which the sender requests special handling, such as non-default quality of service or real-time service.

Parameters

value

Specifies the flow identifier in an IPv6 packet header that can be used to discriminate traffic flows (See RFC 3595, Textual Conventions for IPv6 Flow Label.)

Values: 0 to 1048575

Platforms

7705 SAR Gen 2

flr-threshold

Syntax

flr-threshold percentage

no flr-threshold

Context

[Tree] (config>oam-pm>session>ip>twamp-light>loss flr-threshold)

Full Context

configure oam-pm session ip twamp-light loss flr-threshold

Description

This command defines the frame loss threshold used to determine whether the delta-t is available or unavailable. An individual delta-t with a frame loss threshold equal to or higher than the configured threshold is marked unavailable. An individual delta-t with a frame loss threshold lower than the configured threshold is marked as available.

The no form of this command restores the default value of 50%.

Default

flr-threshold 50

Parameters

percentage

Specifies the percentage of the threshold.

Values: 0 to 100

Default: 50

Platforms

7705 SAR Gen 2

force-l2pt-boundary

Syntax

force-l2pt-boundary [cdp] [dtp] [pagp] [ stp] [udld] [vtp]

no force-l2pt-boundary

Context

[Tree] (config>service>vpls>sap force-l2pt-boundary)

Full Context

configure service vpls sap force-l2pt-boundary

Description

Enabling force-l2pt-boundary will force all SAPs managed by the specified m-vpls instance on the corresponding port to have l2pt-termination enabled. This command is applicable only to SAPs created under m-vpls regardless of the flavor of STP currently active. It is not applicable to spoke-SDPs.

The execution of this command will fail as soon as at least one of the currently managed SAPs (all SAPs falling within the specified managed-vlan-range) does not have l2pt-termination enabled regardless of its admin/operational status.

If force-l2pt-boundary is enabled on a specified m-vpls SAP, all newly created SAPs falling into the specified managed-vlan-range will have l2pt-termination enabled per default.

Extending or adding new range into a managed-vlan-range declaration will fail as soon as there is at least one SAPs falling into the specified vlan-range does not have l2pt-termination enabled.

Disabling l2pt-termination on currently managed SAPs will fail as soon as the force-l2pt-boundary is enabled under corresponding m-vpls SAP.

Parameters

cdp: Specifies the Cisco discovery protocol

dtp: Specifies the dynamic trunking protocol

pagp: Specifies the port aggregation protocol

stp: Specifies all spanning tree protocols: stp, rstp, mstp, pvst (default)

udld: Specifies unidirectional link detection

vtp: Specifies the virtual trunk protocol

Platforms

7705 SAR Gen 2

force-renews

Syntax

[no] force-renews

Context

[Tree] (config>router>dhcp>server force-renews)

Full Context

configure router dhcp local-dhcp-server force-renews

Description

This command enables the sending of sending FORCERENEW messages for DHCP.

The no form of this command disables the sending of FORCERENEW messages.

Platforms

7705 SAR Gen 2

force-switchover

Syntax

force-switchover [now]

Context

[Tree] (admin>redundancy force-switchover)

Full Context

admin redundancy force-switchover

Description

This command forces a switchover to the standby CPM card. The primary CPM reloads its software image and becomes the secondary CPM.

Parameters

now: Forces the switchover to the redundant CPM card immediately.

Platforms

7705 SAR Gen 2

force-vlan-vc-forwarding

Syntax

[no] force-vlan-vc-forwarding

Context

[Tree] (config>service>vpls>bgp-evpn>mpls force-vlan-vc-forwarding)

[Tree] (config>service>epipe>bgp-evpn>mpls force-vlan-vc-forwarding)

Full Context

configure service vpls bgp-evpn mpls force-vlan-vc-forwarding

configure service epipe bgp-evpn mpls force-vlan-vc-forwarding

Description

This command enables the system to preserve the VLAN ID and 802.1p bits of the service-delimiting qtag in a new tag, which is sent in the customer frame to the EVPN destinations.

If this configuration is used in conjunction with the sap ingress vlan-translation command, the configured translated VLAN ID is the VLAN ID sent to the EVPN destinations, instead of the service-delimiting tag VLAN ID. If the ingress SAP or SDP binding is null-encapsulated, the output VLAN ID and p-bits are zero.

The no form of this command does not preserve the VLAN ID and 802.1p bits of the service-delimiting qtag.

Default

no force-vlan-vc-forwarding

Platforms

7705 SAR Gen 2

force-vlan-vc-forwarding

Syntax

[no] force-vlan-vc-forwarding

Context

[Tree] (config>service>epipe>spoke-sdp force-vlan-vc-forwarding)

[Tree] (config>service>vpls>spoke-sdp force-vlan-vc-forwarding)

[Tree] (config>service>vpls>mesh-sdp force-vlan-vc-forwarding)

Full Context

configure service epipe spoke-sdp force-vlan-vc-forwarding

configure service vpls spoke-sdp force-vlan-vc-forwarding

configure service vpls mesh-sdp force-vlan-vc-forwarding

Description

This command forces vc-vlan-type forwarding in the datapath for spoke and mesh SDPs which have either vc-type. This command is not allowed on vlan-vc-type SDPs.

The no version of this command sets default behavior.

Default

no force-vlan-vc-forwarding

Platforms

7705 SAR Gen 2

format

Syntax

format [cflash-id] [reliable]

Context

[Tree] (file format)

Full Context

file format

Description

This command formats the compact flash. The compact flash must be shut down before starting the format.

Parameters

cflash-id

Specifies the compact flash type.

Values: cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

reliable: Enables the reliance file system and disables the default DoS file system. This option is valid only on compact flashes 1 and 2.

Platforms

7705 SAR Gen 2

forward

Syntax

forward

forward bonding-connection connection-id

IPv4: forward esi esi sf-ip ip-address vas-interface interface-name router router-instance

IPv6: forward esi esi sf-ip ipv6-address vas-interface interface-name router router-instance

IPv4: forward esi esi sf-ip ip-address vas-interface interface-name router service-name service-name

IPv6: forward esi esi sf-ip ipv6-address vas-interface interface-name router service-name service-name

forward esi esi service-id vpls-service-id

forward gre-tunnel gre-tunnel-name

forward lsp lsp-name

IPv4: forward mpls-policy ip-address

IPv6: forward mpls-policy ipv6-address

IPv4: forward next-hop ip-address

IPv6: forward next-hop ipv6-address

IPv4: forward next-hop ip-address router router-instance

IPv6: forward next-hop ipv6-address router router-instance

IPv4: forward next-hop ip-address router service-name service-name

IPv6: forward next-hop ipv6-address router service-name service-name

IPv4: forward next-hop indirect ip-address

IPv6: forward next-hop indirect ipv6-address

IPv4: forward next-hop indirect ip-address router router-instance

IPv6: forward next-hop indirect ipv6-address router router-instance

IPv4: forward next-hop indirect ip-address router service-name service-name

IPv6: forward next-hop indirect ipv6-address router service-name service-name

forward redirect-policy policy-name

forward router router-instance

forward router service-name service-name

forward sap sap-id

forward sdp sdp-id:vc-id

IPv4: forward srte-policy ip-address color color-id

IPv6: forward srte-policy ipv6-address color color-id

IPv4: forward srv6-policy ipv6-address color color-id service-sid ipv6-address

IPv6: forward srv6-policy ipv6-address color color-id service-sid ipv6-address

IPv4: forward vprn-target bgp-nh ip-address router router-instance [adv-prefixip-address/mask] [ lsp lsp-name]

IPv6: forward vprn-target bgp-nh ip-address router router-instance [adv-prefixipv6-address/prefix-length] [ lsp lsp-name]

IPv4: forward vprn-target bgp-nh ip-address router service-name service-name [adv-prefixip-address/mask] [ lsp lsp-name]

IPv6: forward vprn-target bgp-nh ip-address router service-name service-name [adv-prefixipv6-address/prefix-length] [ lsp lsp-name]

Context

[Tree] (config>filter>ip-filter>entry>action forward)

[Tree] (config>filter>ipv6-filter>entry>action forward)

Full Context

configure filter ip-filter entry action forward

configure filter ipv6-filter entry action forward

Description

This command sets the context for specific forward commands to be performed.

Parameters

connection-id

Specifies that the packet should be forwarded over the specified connection (specified by the connection ID under the bonding group interface), if that connect is available. Outside of a bonding egress context, the behavior of this filter is undefined.

Values: 1, 2

esi service-id: Specifies that the packet matching the entry is forwarded to an ESI-identified first appliance in Nuage service chain using EVPN-resolved VXLAN tunnel in the specified VPLS service.

esi sf-ip vas-interface router: Specifies that the packet matching the entry is forwarded to ESI/SF-IP identified first appliance in Nuage service chain using EVPN-resolved VXLAN tunnel over the configured VAS interface in the specified VPRN service.

gre-tunnel-name: Specifies the GRE tunnel name up to 32 characters.

lsp: Specifies that the packet matching the entry is forwarded using the specified lsp.

mpls-policy: Specifies the redirection of the traffic to the programed instance of the MPLS FP specified by its endpoint IPv4 or IPv6 address. The behavior results in a simple forward if no policy exists, if no instance is programmed, and if the policy or instance is administratively down.

next-hop: Specifies that the packet matching the entry is forwarded in the routing context of the incoming interface using direct or indirect IPv4 address in the routing lookup.

next-hop router: Specifies that the packet matching the entry is forwarded in the configured routing context using direct or indirect IPv4 address in the routing lookup.

redirect-policy: Specifies that the packet matching the entry is forwarded using forward next-hop or forward next hop router and the IP address of destination selected by the configured redirect policy. If no destination is selected, packets are subject to action forward.

router: Specifies that the packet matching the entry is routed in the configured routing instance and not in the incoming interface routing instance.

sap: Specifies that the packet matching the entry is forwarded using the configured SAP.

sdp: Specifies that the packet matching the entry is forwarded using the configured SDP.

srte-policy: Specifies the redirection of the traffic to the programed instance of the SR-TE policy specified by its endpoint IPv4 address or IPv6 address and color. The behavior results in a simple forward if no policy exists, if no instance is programmed, and if the policy or instance is administratively down.

color-id

Specifies the color identifier of the specified SR-TE policy.

Values: 0 to 4294967295

vprn-target: Specifies that the packet matching the entry is redirected towards a designated BGP next-hop ( bgp-nh). The user may specify an LSP (lsp lsp-name) to use towards that next-hop. If no LSP is specified, the system will automatically select one. The user must specify the routing context ( router {router-instance | service-name service-name}) in which the system will perform the lookups in order to derive the proper VPRN service label. The user may specify an advertised prefix route ( adv-prefix ip-address/prefix-length). This is needed in case label per VRF is not the label allocation method configured at the BGP peer.

esi: Specifies a 10-byte Ethernet Segment Identifier.

ip-address/mask

Specifies an IPv4 advertised route in the CIDR notation. The IPv4 address is in dotted decimal notation.

Values

ip-address a.b.c.d (host bits must be 0)

mask: 0 to 32

ipv6-address/prefix-length

Specifies an IPv6 advertised route in the CIDR notation.

Values

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)
x:x:x:x:x:x:d.d.d.d, where "x” is [0..FFFF]H, and "d” is [0..255]

prefix-length: 0 to 128

bgp-nh ip-address

Specifies the IPv4 address (in dotted decimal notation) of the target BGP next-hop.

Values: ip-address d.d.d.d

ipv6-address: Specifies the IPv6 address of a direct or indirect next hop to forward matching packets or of the service SID to use with the SRv6 policy.

interface-name: Specifies the (maximum 32-character) name of an egress R-VPLS IP interface used to forward the packets using ESI redirect for VPRN/IES service.

lsp-name: Specifies an existing RSVP-TE, MPLS-TP, or SR-TE LSP that supports LSP redirect.

policy-name: Specifies an IPv4 redirect policy configured in the config>filter>redirect-policy context.

sap-id: Specifies an existing VPLS Ethernet SAP.

sdp-id:vc-id: Specifies an existing VPLS SDP.

router-instance: Specifies "Base” or an existing VPRN service ID. For the forward vprn-target bgp-nh command, router-instance must specify an existing VPRN service ID.

service-name: Specifies an existing VPRN service name.

vpls-service-id: Specifies an existing VPLS service ID or service name.

Platforms

7705 SAR Gen 2

forward-6in4

Syntax

[no] forward-6in4

Context

[Tree] (config>system>ip forward-6in4)

Full Context

configure system ip forward-6in4

Description

This command enables forwarding of IPv6 traffic encapsulated in an IPv4 transport sent to the system IP address.

The no form of this command disables this option and returns the system to the default behavior.

Default

no forward-6in4

Platforms

7705 SAR Gen 2

forward-delay

Syntax

forward-delay forward-delay

no forward-delay [forward-delay]

Context

[Tree] (config>service>template>vpls-template>stp forward-delay)

[Tree] (config>service>vpls>stp forward-delay)

Full Context

configure service template vpls-template stp forward-delay

configure service vpls stp forward-delay

Description

RSTP, as defined in the IEEE 802.1D-2004 standards, will normally transition to the forwarding state via a handshaking mechanism (rapid transition), without any waiting times. If handshaking fails (foe example, on shared links, see below), the system falls back to the timer-based mechanism defined in the original STP (802.1D-1998) standard.

A shared link is a link with more than two nodes (for example, a shared 10/100BaseT segment). The port-type command is used to configure a link as point-to-point or shared.

For timer-based transitions, the 802.1D-2004 standard defines an internal variable forward-delay, which is used in calculating the default number of seconds that a SAP or spoke-SDP spends in the discarding and learning states when transitioning to the forwarding state.

The value of the forward-delay variable depends on the STP operating mode of the VPLS instance:

in rstp or mstp mode, but only when the SAP or spoke-SDP has not fallen back to legacy STP operation, the value configured by the hello-time command is used;
in all other situations, the value configured by the forward-delay command is used.

Default

forward-delay 15

Parameters

seconds

The forward delay timer for the STP instance in seconds

Values: 4 to 30

Platforms

7705 SAR Gen 2

forward-ip-over-gre

Syntax

[no] forward-ip-over-gre

Context

[Tree] (config>system>ip forward-ip-over-gre)

Full Context

configure system ip forward-ip-over-gre

Description

This command enables forwarding of IP traffic encapsulated in a GRE over IPv4 transport sent to the system IP address.

The no form of this command disables this option and returns the system to the default behavior.

Default

no forward-ip-over-gre

Platforms

7705 SAR Gen 2

forward-ipv4-packets

Syntax

[no] forward-ipv4-packets

Context

[Tree] (config>service>vprn>if>ipv6 forward-ipv4-packets)

Full Context

configure service vprn interface ipv6 forward-ipv4-packets

Description

This command allows an IPv6-only interface (with no configured IPv4 addresses) to be used for forwarding transit and locally originating and terminating IPv4 packets.

The interface will report that its IPv4 oper-state is up if its IPv6 oper-state is up. Be aware that not all protocols will observe the interface as up from an IPv4 perspective. This command is mostly intended to support BGP routing use cases. Refer to RFC 5549, Advertising IPv4 Network Layer Reachability Information with an IPv6 Next Hop, for further information.

The no form of this command restores the default behavior and prevents the interface from forwarding IPv4 packets if it has no configured IPv4 subnets.

Platforms

7705 SAR Gen 2

forward-ipv4-packets

Syntax

[no] forward-ipv4-packets

Context

[Tree] (config>router>if>ipv6 forward-ipv4-packets)

Full Context

configure router interface ipv6 forward-ipv4-packets

Description

This command allows an IPv6-only interface (with no configured IPv4 addresses) to be used for forwarding transit and locally originating and terminating IPv4 packets.

The interface reports that its IPv4 operational state is up if its IPv6 operational state is up. Be aware that not all protocols observe the interface as up from an IPv4 perspective. This command is mostly intended to support BGP routing use cases. Refer to RFC 5549, Advertising IPv4 Network Layer Reachability Information with an IPv6 Next Hop, for further information.

The no form of this command restores the default behavior and prevents the interface from forwarding IPv4 packets if it has no configured IPv4 subnets.

Default

no forward-ipv4-packets

Platforms

7705 SAR Gen 2

forwarding

Syntax

forwarding limit

no forwarding

Context

[Tree] (config>service>nat>nat-policy>port-limits forwarding)

Full Context

configure service nat nat-policy port-limits forwarding

Description

This command configures the maximum number of port forwarding entries.

Default

no forwarding

Parameters

limit

Specifies the maximum number of port forwarding entries per subscriber.

Values: 1 to 64

Platforms

7705 SAR Gen 2

forwarding

Syntax

forwarding {next-hop ip-address | interface interface-name | bypass-routing}

no forwarding

Context

[Tree] (config>oam-pm>session>ip forwarding)

Full Context

configure oam-pm session ip forwarding

Description

This command influences the forwarding decision of the TWAMP Light packet. When this command is used, only one of the forwarding options can be enabled at any time.

The no form of this command removes the options and enables the default forwarding logic.

Parameters

ip-address

Specifies the IP address of the next hop on the path.

Values


ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x:	[0 to FFFF]H
	d:	[0 to 255]D

interface-name: Specifies the name, up to 32 characters, to refer to the interface from which the packet is sent. The name must already exist in the config>router>interface context or within the appropriate config>service context.

bypass-routing: Specifies to send the packet to a host on a directly attached network, bypassing the routing table.

Platforms

7705 SAR Gen 2

forwarding-bits-set

Syntax

forwarding-bits-set {all | non-fwd}

no forwarding-bits-set

Context

[Tree] (config>service>vprn>bgp>group>graceful-restart>long-lived forwarding-bits-set)

[Tree] (config>service>vprn>bgp>group>neighbor>graceful-restart>long-lived forwarding-bits-set)

[Tree] (config>service>vprn>bgp>graceful-restart>long-lived forwarding-bits-set)

Full Context

configure service vprn bgp group graceful-restart long-lived forwarding-bits-set

configure service vprn bgp group neighbor graceful-restart long-lived forwarding-bits-set

configure service vprn bgp graceful-restart long-lived forwarding-bits-set

Description

This command determines the setting of the F bits in the GR and LLGR capabilities advertised by the router. When the F bit is set for an AFI/SAFI, it indicates that the advertising router was able to preserve forwarding state for the routes of that AFI/SAFI across the last restart. If a router restarts and does not set F=1, then when the session with a peer is re-established, the peer immediately deletes all LLGR stale routes it was preserving on behalf of the restarting router for the corresponding AFI/SAFI.

This command allows the F bits for all advertised AFI/SAFI to be set to 1, or only the F bits for non-forwarding AFI/SAFI to be set to 1. Non-forwarding AFI/SAFI are the following configuration-related address families: L2-VPN, route-target, flow-IPv4, and flow-IPv6.

Default

no forwarding-bits-set

Parameters

all: Specifies that the F bit for all AFI/SAFI should be set to 1.

non-fwd: Specifies that the F bit for only non-forwarding AFI/SAFI should be set to 1. These AFI/SAFI correspond to the following families: L2-VPN, route-target, flow-IPv4, and flow-IPv6.

Platforms

7705 SAR Gen 2

forwarding-bits-set

Syntax

forwarding-bits-set {all | non-fwd}

no forwarding-bits-set

Context

[Tree] (config>router>bgp>graceful-restart>long-lived forwarding-bits-set)

[Tree] (config>router>bgp>group>graceful-restart>long-lived forwarding-bits-set)

[Tree] (config>router>bgp>group>neighbor>graceful-restart>long-lived forwarding-bits-set)

Full Context

configure router bgp graceful-restart long-lived forwarding-bits-set

configure router bgp group graceful-restart long-lived forwarding-bits-set

configure router bgp group neighbor graceful-restart long-lived forwarding-bits-set

Description

This command determines the setting of the F bits in the GR and LLGR capabilities advertised by the router. When the F bit is set for an AFI/SAFI, it indicates that the advertising router was able to preserve forwarding state for the routes of that AFI/SAFI across the last restart. If a router restarts and does not set F=1, then when the session with a peer re-establishes the peer immediately deletes all LLGR stale routes it was preserving on behalf of the restarting router for the corresponding AFI/SAFI.

This command allows the F bits for all advertised AFI/SAFI to be set to 1, or only the F bits for non-forwarding AFI/SAFI to be set to 1. Non-forwarding AFI/SAFI are the following configuration-related address families: L2-VPN, route-target, flow-IPv4, and flow-IPv6.

Default

no forwarding-bits-set

Parameters

all: Specifies that the F bit for all AFI/SAFI should be set to 1.

non-fwd: Specifies that the F bit for only non-forwarding AFI/SAFI should be set to 1. These AFI/SAFI correspond to the following families: L2-VPN, route-target, flow-IPv4, and flow-IPv6.

Platforms

7705 SAR Gen 2

forwarding-policies

Syntax

[no] forwarding-policies

Context

[Tree] (config>router>mpls forwarding-policies)

Full Context

configure router mpls forwarding-policies

Description

Commands in this context configure an MPLS forwarding policy.

The no form of this command deletes all policies from the forwarding policy database.

Platforms

7705 SAR Gen 2

forwarding-policy

Syntax

[no] forwarding-policy name

Context

[Tree] (config>router>mpls>fwd-policies forwarding-policy)

Full Context

configure router mpls forwarding-policies forwarding-policy

Description

This command creates an MPLS forwarding policy.

There are two types of MPLS forwarding policy:

endpoint policy
label-binding policy

The endpoint policy allows the user to forward unlabeled packets over a set of user-defined direct (with option to push a label stack) or indirect next hops. Routes are bound to an endpoint policy when their next hop matches the endpoint address of the policy.

The label-binding policy provides the same capability for labeled packets. In this case, labeled packets matching the ILM of the policy binding label are forwarded over the set of next hops of the policy.

The data model of a forwarding policy represents each pair of {primary next hop, backup next hop} as a group and models the ECMP set as the set of Next-Hop Groups (NHGs). Flows of prefixes can be switched on a per-NHG basis from the primary next hop, when it fails, to the backup next hop without disturbing the flows forwarded over the other NHGs of the policy. The same can be performed when reverting back from a backup next hop to the restored primary next hop of the same NHG.

The MPLS forwarding policy supports two types of NHGs on a per policy basis:

An NHG of resolution type indirect supported with the label-binding policy and in which forwarding over the primary/backup next hop is modeled as a swap operation from the binding label to an implicit-null label over multiple outgoing interfaces (multiple NHLFEs) corresponding to the resolved next hops of the indirect route.

Within a given NHG, the primary next hop is the preferred active path in the absence of any failure of the NHG of resolution type indirect.

The forwarding database tracks the primary or backup next hop in the routing table. A route delete of the primary indirect next hop causes the CPM to program the backup indirect next hop in the data path.

A route modify to the indirect primary or backup next hop causes the CPM to update the resolved next hops and to update the data path if it is the active indirect next hop.

When the primary indirect next hop is restored and is added back into the routing table, CPM waits for an amount of time equal to the user-programmed revert timer before updating the data path. However, if the backup indirect next hop fails while the timer is running, CPM updates the data path immediately.
An NHG of resolution type direct is modeled as follows:
- For a label-binding policy, forwarding over the primary or backup next hop is modeled as a swap operation from the binding label to the configured label stack or to an implicit-null label (if the pushed-labels command not configured) over a single outgoing interface to the next hop.
- For an endpoint policy, forwarding over the primary or backup next hop is modeled as a push operation from the binding label to the configured label stack or to an implicit-null label (if the pushed-labels command not configured) over a single outgoing interface to the next hop.
- The labels configured by the pushed-labels command are not validated.
Within a given NHG, the primary next hop is the preferred active path in the absence of any failure of the NHG of resolution type direct.

The NHG supports uniform failover. The forwarding policy database assigns a Protect-Group ID (PG-ID) to each of the primary next hop and the backup next hop and programs both of them in data path. A failure of the active path switches traffic to the other path following the uniform failover procedures.

The forwarding database tracks the primary or backup next hop in the routing table. A route delete of the primary/backup direct next hop causes CPM to send the corresponding PG-ID switch to the data path.

A route modify to the direct primary or backup next hop causes CPM to update the MPLS forwarding database and to update the data path since both next hops are programmed.

When the primary direct next hop is restored and is added back into the routing table, CPM waits for an amount of time equal to the user programmed revert timer before activating it and updating the data path. However, if the backup direct next hop fails while the timer is running, CPM activates it and updates the data path immediately. The latter failover to the restored primary next hop is performed using the uniform failover procedure.

The forwarding policy database activates the best endpoint policy among the named policies sharing the same value of the endpoint parameter by selecting the lowest preference value policy. This policy is then programmed into the TTM and into the tunnel table in data path. If this policy goes down, then the forwarding policy database performs a re-evaluation and activates the named policy with the next lowest preference value for the same endpoint value. If a more preferred policy comes back up, the forwarding policy database reverts to it and activates it.

The forwarding policy database similarly activates the best label-binding policy among the named policies sharing the same binding label by selecting the lowest preference value policy. This policy is then programmed into the label FIB table in data path. If this policy goes down, then the forwarding policy database performs a re-evaluation and activates the names policy with the next lowest preference value for the same binding label value. If a more preferred policy comes back up, the forwarding policy database reverts to it and activates it.

Ingress statistics can be enabled as is associated with binding label, that is the ILM of the forwarding policy, and provides aggregate packet and byte counters for packets matching the binding label.

The no form of the command deletes the named MPLS forwarding policy.

Parameters

name: Specifies the name of the MPLS forwarding policy, up to 64 characters.

Platforms

7705 SAR Gen 2

fp

Syntax

fp [fp-number]

Context

[Tree] (config>card fp)

Full Context

configure card fp

Description

This command enables access to the configuration of the forwarding planes on a card.

The default forwarding plane is 1. When entering the FP node, if the forwarding plane number is omitted, the system will assume forwarding plane number 1.

Commands can only be configured under card>fp if the hardware that the FP resides on (either a card or an XMA) is provisioned. Conversely, all commands under card>fp of the corresponding FPs are automatically removed when that hardware is unprovisioned.

Parameters

fp-number

Specifies that the FP number parameter is optional following the fp command.

Values: 1 to 8

Default: fp 1

Platforms

7705 SAR Gen 2

fp-redirect-group

Syntax

fp-redirect-group policer-type policer-id

no fp-redirect-group policer-type

Context

[Tree] (config>qos>network>ingress>fc fp-redirect-group)

Full Context

configure qos network ingress fc fp-redirect-group

Description

This command is used to redirect the FC of a broadcast packet received in a VPLS service over a PW or network IP interface to an ingress forwarding plane queue-group.

It defines the mapping of an FC to a policer-id and redirects the lookup of the policer of the same ID in some ingress forwarding plane queue-group instance. However, the queue-group name and instance are explicitly provided only at the time the network QoS policy is applied to the ingress context of a spoke or mesh SDP or a network IP interface.

The broadcast-policer statement is ignored when the network QoS policy is applied to any object other than a VPLS spoke or mesh SDP or a network IP interface.

The no form of this command removes the redirection of the FC.

Parameters

policer-type

The policer type to be used. The policer-type is ignored when the network QoS policy is applied to any object other than a VPLS spoke or mesh SDP or a network IP interface.

Values: broadcast-policer | mcast-policer | policer | unknown-policer

policer-id

The specified policer-id must exist within the queue-group template applied to the ingress context of the forwarding plane.

Values: 1 to 32

Platforms

7705 SAR Gen 2

frag-required

Syntax

[no] frag-required

Context

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>icmp-generation frag-required)

[Tree] (config>service>vprn>if>sap>ipsec-tunnel>icmp-generation frag-required)

[Tree] (config>service>ies>if>sap>ip-tunnel>icmp-generation frag-required)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>icmp-generation frag-required)

[Tree] (config>router>if>ipsec>ipsec-tunnel>icmp-generation frag-required)

[Tree] (config>ipsec>tnl-temp>icmp-generation frag-required)

[Tree] (config>service>vprn>if>sap>ip-tunnel>icmp-generation frag-required)

Full Context

configure service vprn interface ipsec ipsec-tunnel icmp-generation frag-required

configure service vprn interface sap ipsec-tunnel icmp-generation frag-required

configure service ies interface sap ip-tunnel icmp-generation frag-required

configure service ies interface ipsec ipsec-tunnel icmp-generation frag-required

configure router interface ipsec ipsec-tunnel icmp-generation frag-required

configure ipsec tunnel-template icmp-generation frag-required

configure service vprn interface sap ip-tunnel icmp-generation frag-required

Description

Commands in this context configure ICMP Fragmentation Required parameters.

The no form of this command disables sending the ICMP messages.

Platforms

7705 SAR Gen 2

fragment

Syntax

fragment {true | false}

no fragment

Context

[Tree] (config>qos>sap-ingress>ip-criteria>entry>match fragment)

[Tree] (config>qos>sap-egress>ip-criteria>entry>match fragment)

Full Context

configure qos sap-ingress ip-criteria entry match fragment

configure qos sap-egress ip-criteria entry match fragment

Description

This command configures fragmented or non-fragmented IP packets as a SAP QoS policy match criterion.

The no form of this command removes the match criterion and matches all packets regardless of whether they are fragmented or not.

Default

no fragment

Parameters

true: Configures a match on all fragmented IP packets. A match will occur for all packets that have either the MF (more fragment) bit set or have the Fragment Offset field of the IP header set to a non-zero value.

false: Configures a match on all non-fragmented IP packets. Non-fragmented IP packets are packets that have the MF bit set to zero and have the Fragment Offset field also set to zero.

Platforms

7705 SAR Gen 2

fragment

Syntax

fragment {true | false | first-only | non-first-only}

no fragment

Context

[Tree] (config>qos>sap-ingress>ipv6-criteria>entry>match fragment)

Full Context

configure qos sap-ingress ipv6-criteria entry match fragment

Description

This command configures fragmented or non-fragmented IPv6 packets as a SAP ingress QoS policy match criterion.

The no form of this command removes the match criterion and matches all packets regardless of whether they are fragmented or not.

Default

no fragment

Parameters

true: Specifies to match on all fragmented IPv6 packets. A match will occur for all packets that contain an IPv6 Fragmentation Extension Header.

false: Specifies to match on all non-fragmented IP packets. Non-fragmented IPv6 packets are packets that do not contain an IPv6 Fragmentation Extension Header.

first-only: Matches if a packet is an initial fragment of the fragmented IPv6 packet.

non-first-only: Matches if a packet is a non-initial fragment of the fragmented IPv6 packet.

Platforms

7705 SAR Gen 2

fragment

Syntax

fragment {true | false}

no fragment

Context

[Tree] (config>qos>network>ingress>ip-criteria>entry>match fragment)

[Tree] (config>qos>network>egress>ip-criteria>entry>match fragment)

Full Context

configure qos network ingress ip-criteria entry match fragment

configure qos network egress ip-criteria entry match fragment

Description

This command configures fragmented or non-fragmented IP packets as a network QoS policy match criterion.

The no form of this command removes the match criterion and matches all packets regardless of whether they are fragmented or not.

Parameters

true: Configures a match on all fragmented IP packets. A match will occur for all packets that have either the MF (more fragment) bit set or have the Fragment Offset field of the IP header set to a non-zero value.

false: Configures a match on all non-fragmented IP packets. Non-fragmented IP packets are packets that have the MF bit set to zero and have the Fragment Offset field also set to zero.

Platforms

7705 SAR Gen 2

fragment

Syntax

fragment {true | false | first-only | non-first-only}

no fragment

Context

[Tree] (config>qos>network>egress>ipv6-criteria>entry>match fragment)

[Tree] (config>qos>network>ingress>ipv6-criteria>entry>match fragment)

Full Context

configure qos network egress ipv6-criteria entry match fragment

configure qos network ingress ipv6-criteria entry match fragment

Description

This command configures fragmented or non-fragmented IPv6 packets as a network QoS policy match criterion.

The no form of this command removes the match criterion and matches all packets regardless of whether they are fragmented or not.

Parameters

true: Specifies to match on all fragmented IPv6 packets. A match will occur for all packets that contain an IPv6 Fragmentation Extension Header.

false: Specifies to match on all non-fragmented IP packets. Non-fragmented IPv6 packets are packets that do not contain an IPv6 Fragmentation Extension Header.

first-only: Matches if a packet is an initial fragment of the fragmented IPv6 packet.

non-first-only: Matches if a packet is a non-initial fragment of the fragmented IPv6 packet.

Platforms

7705 SAR Gen 2

fragment

Syntax

fragment {true | false | first-only | non-first-only}

no fragment

Context

[Tree] (config>filter>ipv6-filter>entry>match fragment)

[Tree] (config>filter>ip-filter>entry>match fragment)

Full Context

configure filter ipv6-filter entry match fragment

configure filter ip-filter entry match fragment

Description

This command specifies match criterion for fragmented packets.

Matches can be based on the presence of a fragmented packet (or otherwise) on the ingress or egress interface.

Matches can also be based on the presence of the first fragment of a packet, or on the presence of a fragment that is not the first fragment on the ingress interface.

The no form of the command removes the match criterion.

Default

no fragment

Parameters

true: Specifies to match on all fragmented packets.

false: Specifies to match on all non-fragmented packets.

first-only: Matches if a packet is an initial fragment of a fragmented packet.

non-first-only: Matches if a packet is a non-initial fragment of a fragmented packet.

Platforms

7705 SAR Gen 2

frame-based-accounting

Syntax

[no] frame-based-accounting

Context

[Tree] (config>qos>scheduler-policy frame-based-accounting)

Full Context

configure qos scheduler-policy frame-based-accounting

Description

The frame-based-accounting command is used to enable frame-based accounting for both the children queues parented to the scheduling policy and for the schedulers within the scheduler policy.

When frame-based accounting is enabled on the policy, all queues associated with the scheduler (through the parent command on each queue) will have their rate and CIR values interpreted as frame-based values. When shaping, the queues will include the 12-byte Inter-Frame Gap (IFG) and 8 byte preamble for each packet scheduled out the queue. The profiling CIR threshold will also include the 20-byte frame encapsulation overhead. Statistics associated with the queue do not include the frame encapsulation overhead.

The scheduler policy’s scheduler rate and CIR values will be interpreted as frame-based values.

The configuration of parent-location and frame-based-accounting in a scheduler policy is mutually exclusive to ensure consistency between the different scheduling levels. Packet byte offset settings are not included in the applied rate when frame-based accounting is configured; however, the offsets are applied to the statistics.

The no form of this command is used to return all schedulers within the policy and queues associated with the policy to the default packet-based accounting mode. If frame-based-accounting is not currently enabled for the scheduling policy, the no frame-based-accounting command has no effect.

Platforms

7705 SAR Gen 2

framed-ip-addr

Syntax

[no] framed-ip-addr

Context

[Tree] (config>ipsec>rad-acct-plcy>include framed-ip-addr)

Full Context

configure ipsec radius-accounting-policy include-radius-attribute framed-ip-addr

Description

This command enables the inclusion of the framed-ip-addr attribute.

Default

no framed-ip-addr

Platforms

7705 SAR Gen 2

framed-ipv6-prefix

Syntax

[no] framed-ipv6-prefix

Context

[Tree] (config>ipsec>rad-acct-plcy>include framed-ipv6-prefix)

Full Context

configure ipsec radius-accounting-policy include-radius-attribute framed-ipv6-prefix

Description

This command enables the inclusion of the framed-ipv6-prefix attribute.

Default

no framed-ipv6-prefix

Platforms

7705 SAR Gen 2

frequency

Syntax

frequency frequency

no frequency

Context

[Tree] (config>port>dwdm frequency)

Full Context

configure port dwdm frequency

Description

This command configures the center frequency to use for a tunable DWDM optical interface. It replaces the configure>port>dwdm>channel command (used prior to Release 22.2.R1). The frequency command supports any frequency in the C band, but the actual operating frequency is dependent on the installed optic module.

Provisioning rules

The provisioned MDA type must have DWDM tunable optics (for example, p1-100g-tun-b) or the MDA must support the option of tunable DWDM optic modules. The following provisioning rules apply:

The DWDM frequency must set to a non-zero value before the port is set to no shutdown.
The port must be shutdown before changing the DWDM frequency.
The port must be a physical port to set the DWDM frequency.

Default

frequency 0

Parameters

frequency

Specifies the frequency in MHz.

Values: 0, 191100000 to 196150000

Platforms

7705 SAR Gen 2

from

Syntax

from [main] [security] [change] [debug-trace]

no from

Context

[Tree] (config>service>vprn>log>log-id from)

Full Context

configure service vprn log log-id from

Description

This command selects the source stream to be sent to a log destination.

One or more source streams must be specified. The source of the data stream must be identified using the from command before you can configure the destination using the to command. The from command can identify multiple source streams in a single statement (for example: from main change debug-trace).

Only one from command may be entered for a single log-id. If multiple from commands are configured, then the last command entered overwrites the previous from command.

The no form of this command removes all previously configured source streams.

Default

No source stream is configured.

Parameters

main: Instructs all events in the main event stream to be sent to the destination defined in the to command for this destination log-id. The main event stream contains the events that are not explicitly directed to any other event stream. To limit the events forwarded to the destination, configure filters using the filter command.

security: Instructs all events in the security event stream to be sent to the destination defined in the to command for this destination log-id. The security event stream contains all events that pertain to attempts to breach system security. To limit the events forwarded to the destination, configure filters using the filter command.

change: Instructs all events in the user activity stream to be sent to the destination configured in the to command for this destination log-id. The change event stream contains all events that directly affect the configuration or operation of this node. To limit the events forwarded to the change stream destination, configure filters using the filter command.

debug-trace: Instructs all events in the debug-trace event stream to be sent to the destination defined in the to command for this destination log-id. The debug-trace event stream contains all events that pertain to trace or other debugging information. To limit the events forwarded to the destination, configure filters using the filter command.

Platforms

7705 SAR Gen 2

from

Syntax

from ip-address

Context

[Tree] (config>router>mpls>lsp-template from)

[Tree] (config>router>mpls>lsp from)

Full Context

configure router mpls lsp-template from

configure router mpls lsp from

Description

This optional command specifies the IP address of the ingress router for the LSP. When this command is not specified, the system IP address is used. IP addresses that are not defined in the system are allowed. If an invalid IP address is entered, LSP bring-up fails and an error is logged.

If an interface IP address is specified as the from address, and the egress interface of the LSP nexthop IP address is a different interface, the LSP is not signaled. As the egress interface changes due to changes in the routing topology, it is recommended to set the from IP address to the system IP address or to the address of a loopback interface to ensure the LSP recovers.

Only one from address can be configured.

Default

The system IP address

Parameters

ip-address

Specifies the IP address of the ingress router. This can be either the interface, the system or a loopback interface IP address. If the IP address is local, the LSP must egress through that local interface which ensures local strictness. When the LSP type is sr-te, then an IPv6 address can be used.

Values

ipv4-address — a.b.c.d

ipv6-address — x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x — 0 to FFFF (hexadecimal)

d — 0 to 255 (decimal)

Platforms

7705 SAR Gen 2

from

Syntax

from {[main] [security] [change] [debug-trace]}

no from

Context

[Tree] (config>log>log-id from)

Full Context

configure log log-id from

Description

This command selects the source stream to be sent to a log destination.

One or more source streams must be specified. The source of the data stream must be identified using the from command before you can configure the destination using the to command. The from command can identify multiple source streams in a single statement (for example: from main change debug-trace).

Only one from command may be entered for a single log-id. If multiple from commands are configured, then the last command entered overwrites the previous from command.

The no form of this command removes all previously configured source streams.

Parameters

main: Instructs all events in the main event stream to be sent to the destination defined in the to command for this destination log-id. The main event stream contains the events that are not explicitly directed to any other event stream. To limit the events forwarded to the destination, configure filters using the filter command.

security: Instructs all events in the security event stream to be sent to the destination defined in the to command for this destination log-id. The security stream contains all events that affect attempts to breach system security such as failed login attempts, attempts to access MIB tables to which the user is not granted access or attempts to enter a branch of the CLI to which access has not been granted. To limit the events forwarded to the destination, configure filters using the filter command.

change: Instructs all events in the user activity stream to be sent to the destination configured in the to command for this destination log-id. The change event stream contains all events that directly affect the configuration or operation of this node. To limit the events forwarded to the change stream destination, configure filters using the filter command.

debug-trace: Instructs all debug-trace messages in the debug stream to be sent to the destination configured in the to command for this destination log-id. Filters applied to debug messages are limited to application and subject.

Platforms

7705 SAR Gen 2

from

Syntax

[no] from

Context

[Tree] (config>router>policy-options>policy-statement>entry from)

Full Context

configure router policy-options policy-statement entry from

Description

This command creates the context to configure policy match criteria based on a route’s source or the protocol from which the route is received.

If no condition is specified, all route sources are considered to match.

The no form of this command deletes the source match criteria for the route policy statement entry.

Platforms

7705 SAR Gen 2

from

Syntax

from ipv4-address

no from

Context

[Tree] (config>oam-pm>session>ip>tunnel>mpls>rsvp-te-auto from)

Full Context

configure oam-pm session ip tunnel mpls rsvp-te-auto from

Description

This command configures the headend of the RSVP LSP. Configure the following three commands to identify an RSVP-TE Auto LSP: from, to, and lsp-template. When all three of these values are configured, the specific RSVP LSP can be identified and the test packets can be carried across the tunnel

The no form of this command removes the IPv4 address.

Parameters

ipv4-address

Specifies an IPv4 address.

Values: ipv4-address: a.b.c.d (host bits must be 0)

Platforms

7705 SAR Gen 2

frr

Syntax

frr [detail]

no frr

Context

[Tree] (debug>router>mpls>event frr)

Full Context

debug router mpls event frr

Description

This command debugs fast re-route events.

The no form of the command disables the debugging.

Parameters

detail: Displays detailed information about re-route events.

Platforms

7705 SAR Gen 2

frr-object

Syntax

[no] frr-object

Context

[Tree] (config>router>mpls frr-object)

Full Context

configure router mpls frr-object

Description

This command specifies whether fast reroute for LSPs using the facility bypass method is signaled with or without the fast reroute object using the one-to-one keyword. The value is ignored if fast reroute is disabled for the LSP or if the LSP is using one-to-one Backup.

Default

frr-object — Specifies the value is by default inherited by all LSPs.

Platforms

7705 SAR Gen 2

fsm-state-changes

Syntax

[no] fsm-state-changes

Context

[Tree] (debug>service>id>stp fsm-state-changes)

Full Context

debug service id stp fsm-state-changes

Description

This command enables STP debugging for FSM state changes.

The no form of the command disables debugging.

Platforms

7705 SAR Gen 2

fsm-timers

Syntax

[no] fsm-timers

Context

[Tree] (debug>service>id>stp fsm-timers)

Full Context

debug service id stp fsm-timers

Description

This command enables STP debugging for FSM timer changes.

The no form of the command disables debugging.

Platforms

7705 SAR Gen 2

ftp

Syntax

ftp

Context

[Tree] (config>system>login-control ftp)

Full Context

configure system login-control ftp

Description

This command creates the context to configure FTP login control parameters.

Platforms

7705 SAR Gen 2

ftp-server

Syntax

[no] ftp-server

Context

[Tree] (config>system>security ftp-server)

Full Context

configure system security ftp-server

Description

This command enables FTP servers running on the system.

FTP servers are disabled by default. At system startup, only SSH servers are enabled.

The no form of this command disables FTP servers running on the system.

Platforms

7705 SAR Gen 2