g Commands

Context

[Tree] (config>service>vpls>proxy-arp garp-flood-evpn)

Full Context

configure service vpls proxy-arp garp-flood-evpn

Description

This command controls whether the system floods GARP-requests and GARP-replies to the EVPN. The GARPs impacted by this command are identified by the sender's IP being equal to the target's IP and the MAC DA being broadcast.

The no form of the command only floods to local SAPs or binds but not to EVPN destinations.

Disabling this command is only recommended in networks where CEs are routers that are directly connected to the PEs. Networks using aggregation switches between the host/routers and the PEs should flood GARP messages in the EVPN to ensure that the remote caches are updated and the BGP does not miss the advertisement of these entries.

Default

garp-flood-evpn

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>ipsec gateway)

Full Context

debug ipsec gateway

Description

This command enables debugging for dynamic IPsec tunnels that terminate on the specified IPsec gateway.

The tunnel to be debugged can be specified by either its source address or source subnet. If a subnet is specified, the system will enable debugging for all tunnels with source addresses in the specified subnet.

Parameters

name

Specifies the name of the IPsec gateway up to 32 characters.

ip-address:port

Specifies the tunnel IP address of the remote peer and, optionally, the remote UDP port of IKE.

nat-ip:port

Specifies the inside IP address of the NAT tunnel and, optionally, the port.

detail

Specifies to display detailed debug information.

no-dpd-debug

Specifies to stop logging IKEv1 and IKEv2 DPD events during debug in order to produce less noise.

ip-prefix/ip-prefix-length

Specifies the subnet of the peer’s tunnel address.

display-keys

Specifies the IKE-SA and CHILD-SA keys for inclusion in the debug output.

Platforms

7705 SAR Gen 2

Context

[Tree] (admin>certificate gen-keypair)

Full Context

admin certificate gen-keypair

Description

This command generates RSA, DSA, or ECDSA private key or public key pairs at the specified location.

Parameters

url-string

Specifies the path of the key file.

Values

url-string	<local-url> [up to 99 characters]
local-url	<cflash-id>/<file-path>
cflash-id	cf1: | cf2: | cf3:

curve

Generates an ECDSA key with a specified curve.

Values

secp256r1, secp384r1, secp521r1

key-size

Specifies the key size in bits.

Values

512 to 8192

Default

2048

type

Specifies the type of key.

Values

rsa, dsa

Default

rsa

Platforms

7705 SAR Gen 2

Context

[Tree] (admin>certificate gen-local-cert-req)

Full Context

admin certificate gen-local-cert-req

Description

This command generates a PKCS#10 formatted certificate request by using a local existing key pair file.

Parameters

url-string

Specifies the name of the keyfile in cf3:\system-pki\key that is used to generate a certificate request.

Values

url-string	<local-url> [up to 99 characters]
local-url	<cflash-id>/<file-path>
cflash-id	cf1: | cf2: | cf3:

subject-dn

Specifies the distinguish name that is used as the subject in a certificate request, including:

• C-Country

• ST-State

• O-Organization name

• OU-Organization Unit name

• CN-common name

This parameter is formatted as a text string including any of the above attributes. The attribute and its value is linked by using "=”, and ",” is used to separate different attributes.

For example: C=US,ST=CA,O=ALU,CN=SR12

Values

attr1=val1,attr2=val2... where: attrN={C| ST| O| OU| CN}, 256 chars max

domain-name

Specifies a domain name string can be specified and included as the dNSName in the Subject Alternative Name extension of the certificate request.

ip-address

Specifies an IPv4 address string can be specified and included as the ipAddress in the Subject Alternative Name extension of the certificate request.

cert-req-file-url

Specifies the certificate URL. This URL could be either a local CF card path and filename to save the certificate request; or an FTP URL to upload the certificate request.

hash-algorithm

Specifies the hash algorithm to be used in a certificate request.

Values

sha1, sha224, sha256, sha384, sha512

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>snmp general-port)

Full Context

configure system snmp general-port

Description

This command configures the port number used to receive SNMP request messages and send replies.

For the port used for SNMP notifications, configure the configure log snmp-trap-group trap-target port command.

The no form of the command reverts to the default value.

Default

general-port 161

Parameters

port-number

Specifies the port number used to send SNMP traffic other than traps.

Values

1 to 65535

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>static-route-entry>black-hole generate-icmp)

Full Context

configure service vprn static-route-entry black-hole generate-icmp

Description

This optional command causes the ICMP unreachable messages to be sent when received packets match the associated static route. By default, the ICMP unreachable messages for those types of static routes are not generated.

This command can only be associated with a static route that has a black-hole next-hop

The no form of this command removes the black-hole next-hop from static route configuration.

Default

no generate-icmp

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>static-route-entry>black-hole generate-icmp)

Full Context

configure router static-route-entry black-hole generate-icmp

Description

This optional command causes the ICMP unreachable messages to be sent when received packets match the associated static route. By default, the ICMP unreachable messages for those types of static routes are not generated.

This command can only be associated with a static route that has a blackhole next-hop

The no form of this command removes the black-hole nexthop from the static route configuration.

Default

no generate-icmp

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>network-element-discovery generate-traps)

Full Context

configure system network-element-discovery generate-traps

Description

This command configures whether traps are generated every time a node is updated, added, or removed from the OSPF opaque database (using LSA type 10 opaque update).

The no form of causes traps to not be generated for database changes.

Platforms

7705 SAR Gen 2

Context

[Tree] (configure>system>security>profile>netconf>base-op-authorization get)

Full Context

configure system security profile netconf base-op-authorization get

Description

This command enables the NETCONF <get> RPC.

The no form of this command disables the RPC.

Default

no get

Platforms

7705 SAR Gen 2

Context

[Tree] (configure>system>security>profile>netconf>base-op-authorization get-config)

Full Context

configure system security profile netconf base-op-authorization get-config

Description

This command enables the NETCONF <get-config> RPC.

The no form of this command disables the RPC.

Default

no get-config

Platforms

7705 SAR Gen 2

Context

[Tree] (configure>system>security>profile>netconf>base-op-authorization get-data)

Full Context

configure system security profile netconf base-op-authorization get-data

Description

This command enables the NETCONF <get-data> RPC.

The no form of this command disables the RPC.

Default

no get-data

Platforms

7705 SAR Gen 2

Context

[Tree] (configure>system>security>profile>netconf>base-op-authorization get-schema)

Full Context

configure system security profile netconf base-op-authorization get-schema

Description

This command enables the NETCONF <get-schema> RPC.

The no form of this command disables the RPC.

Default

no get-schema

Platforms

7705 SAR Gen 2

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host gi-address)

Full Context

configure subscriber-mgmt local-user-db ipoe host gi-address

Description

This command allows selection of GI addresses based on the host entry in LUDB.

The gi-address must be a valid address (associated with an interface) within the routing context that received the DHCP message on the access side.

The no form of this command reverts to the default.

Parameters

ip-address

Specifies the IPv4 gi-address.

Values

a.b.c.d

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>if>dhcp gi-address)

[Tree] (config>service>ies>if>dhcp gi-address)

Full Context

configure service vprn interface dhcp gi-address

configure service ies interface dhcp gi-address

Description

This command configures the gateway interface address for the DHCP relay. A subscriber interface can include multiple group interfaces with multiple SAPs. The GI address is needed, when the router functions as a DHCP relay, to distinguish between the different subscriber interfaces and potentially between the group interfaces defined.

By default, the GI address used in the relayed DHCP packet is the primary IP address of a normal IES interface. Specifying the GI address allows the user to choose a secondary address. For group interfaces a GI address must be specified under the group interface DHCP context or subscriber-interface DHCP context in order for DHCP to function.

The no form of this command reverts to the default.

Parameters

ip-address

Specifies the host IP address to be used for DHCP relay packets.

Values

a.b.c.d

src-ip-address

Specifies that this GI address is to be the source IP address for DHCP relay packets. This parameter is not applicable for PPPoE DHCP client messages (dhcp client-applications ppp).

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if>sap>ipsec-gw>dhcp gi-address)

[Tree] (config>service>vprn>if>sap>ipsec-gw>dhcp gi-address)

Full Context

configure service ies interface sap ipsec-gw dhcp gi-address

configure service vprn interface sap ipsec-gw dhcp gi-address

Description

This command specifies the gateway IP address of the DHCPv4 packets sent by the system. IPsec DHCP Relay uses only the gi-address configuration found under the IPsec gateway and does not take into account gi-address with src-ip-addr configuration below other interfaces.

Default

no gi-address

Parameters

ip-address

Specifies the host IP address to be used for DHCP relay packets.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>if>dhcp gi-address)

Full Context

configure router interface dhcp gi-address

Description

This command configures the gateway interface address for the DHCP relay. The GI address is needed, when the router functions as a DHCP relay, to distinguish between the different subscriber interfaces and potentially between the group interfaces defined.

Default

no gi-address

Parameters

ip-address

Specifies the host IP address to be used for DHCP relay packets.

src-ip-addr

Uses the GI address as the source IP.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>login-control>login-scripts global)

Full Context

configure system login-control login-scripts global

Description

This command enables an operator to define a common CLI script that executes when any user logs into a CLI session. This login exec script is executed when any user (authenticated by any means including local user database, TACACS+, or RADIUS) opens a CLI session. This allows a user, for example, to define a common set of CLI aliases that are made available on the router for all users. This global login exec script is executed before any user-specific login exec files that may be configured.

This CLI script executes in the context of the user who opens the CLI session. Any commands in the script that the user is not authorized to execute will fail.

The no form of this command disables the execution of a global login-script.

Default

no global

Parameters

file-url

The path or directory name.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>management-interface>ops global-timeouts)

Full Context

configure system management-interface operations global-timeouts

Description

Commands in this context configure system timeout parameters for operational commands.

Timeout parameters provide default system-level control for various types of operational commands in model-driven interfaces. The timeout values are used when specific execution and retention timeouts are not requested for a specific operation.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>policy-options global-variables)

Full Context

configure router policy-options global-variables

Description

This command enables the global-variables configuration context.

The no form of this command removes all global variables.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>grpc gnmi)

Full Context

configure system grpc gnmi

Description

Commands in this context configure a gNMI service on gRPC.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnmi-capabilities)

Full Context

configure system security profile grpc rpc-authorization gnmi-capabilities

Description

This command permits the use of Capability RPC for a user associated with the given format.

The no form of this command reverts to the default value.

Default

gnmi-capabilities permit

Parameters

permit

Specifies that the use of the Capability RPC is permitted.

deny

Specifies that the use of the Capability RPC is denied.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnmi-get)

Full Context

configure system security profile grpc rpc-authorization gnmi-get

Description

This command permits the use of Get RPC.

The no form of this command reverts to the default value.

Default

gnmi-get permit

Parameters

permit

Specifies that the use of the Get RPC is permitted.

deny

Specifies that the use of the Get RPC is denied.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnmi-set)

Full Context

configure system security profile grpc rpc-authorization gnmi-set

Description

This command permits the use of Set RPC.

The no form of this command reverts to the default value.

Default

gnmi-set permit

Parameters

permit

Specifies that the use of the Set RPC is permitted.

deny

Specifies that the use of the Set RPC is denied.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnmi-subscribe)

Full Context

configure system security profile grpc rpc-authorization gnmi-subscribe

Description

This command permits the use of Subscribe RPC.

The no form of this command reverts to the default value.

Default

gnmi-subscribe permit

Parameters

permit

Specifies that the use of the Subscribe RPC is permitted.

deny

Specifies that the use of the Subscribe RPC is denied.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-cert-mgmt-cangenerate)

Full Context

configure system security profile grpc rpc-authorization gnoi-cert-mgmt-cangenerate

Description

This command permits the use of gNOI CanGenerateCSR RPCs for the user profile.

The no form of this command reverts to the default value.

Default

gnoi-cert-mgmt-cangenerate deny

Parameters

permit

Specifies that the use of the gNOI CanGenerateCSR RPCs for the user profile is permitted.

deny

Specifies that the use of the gNOI CanGenerateCSR RPCs for the user profile is denied.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-cert-mgmt-getcert)

Full Context

configure system security profile grpc rpc-authorization gnoi-cert-mgmt-getcert

Description

This command permits the use of gNOI GetCertificate RPCs for the user profile.

The no form of this command reverts to the default value.

Default

gnoi-cert-mgmt-getcert deny

Parameters

permit

Specifies that the use of the gNOI GetCertificate RPCs for the user profile is permitted.

deny

Specifies that the use of the gNOI GetCertificate RPCs for the user profile is denied.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-cert-mgmt-install)

Full Context

configure system security profile grpc rpc-authorization gnoi-cert-mgmt-install

Description

This command permits the use of gNOI Install RPCs for the user profile.

The no form of this command reverts to the default value.

Default

gnoi-cert-mgmt-install deny

Parameters

permit

Specifies that the use of the gNOI Install RPCs for the user profile is permitted.

deny

Specifies that the use of the gNOI Install RPCs for the user profile is denied.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-cert-mgmt-revoke)

Full Context

configure system security profile grpc rpc-authorization gnoi-cert-mgmt-revoke

Description

This command permits or denies the use of gNOI RevokeCertificates RPCs for the user profile.

The no form of this command reverts to the default value.

Default

gnoi-cert-mgmt-revoke deny

Parameters

permit

Specifies that the use of gNOI RevokeCertificates RPCs for the user profile is permitted.

deny

Specifies that the use of gNOI RevokeCertificates RPCs for the user profile is denied.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-cert-mgmt-rotate)

Full Context

configure system security profile grpc rpc-authorization gnoi-cert-mgmt-rotate

Description

This command permits the use of gNOI Rotate RPCs for the user profile.

Default

gnoi-cert-mgmt-rotate deny

Parameters

permit

Specifies that the use of the gNOI Rotate RPCs for the user profile is permitted.

deny

Specifies that the use of the gNOI Rotate RPCs for the user profile is denied.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-file-get)

Full Context

configure system security profile grpc rpc-authorization gnoi-file-get

Description

This command permits the use of gNOI File Get RPC for a file from a target location.

Default

gnoi-file-get permit

Parameters

permit

Specifies that the use of the gNOI File Get RPC is permitted.

deny

Specifies that the use of the gNOI File Get RPC is denied.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-file-put)

Full Context

configure system security profile grpc rpc-authorization gnoi-file-put

Description

This command permits the use of gNOI File Put RPC to write to a file on a target location.

Default

gnoi-file-put permit

Parameters

permit

Specifies that the use of the gNOI File Put RPC is permitted.

deny

Specifies that the use of the gNOI File Put RPC is denied.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-file-remove)

Full Context

configure system security profile grpc rpc-authorization gnoi-file-remove

Description

This command permits the use of gNOI File Remove RPC to remove a file from the specified target location.

Default

gnoi-file-remove permit

Parameters

permit

Specifies that the use of the gNOI File Remove RPC is permitted.

deny

Specifies that the use of the gNOI File Remove RPC is denied.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-file-stat)

Full Context

configure system security profile grpc rpc-authorization gnoi-file-stat

Description

This command permits the use of gNOI File Stat RPC to retrieve metadata for a file from the specified target location.

Default

gnoi-file-stat permit

Parameters

permit

Specifies that the use of the gNOI File Stat RPC is permitted.

deny

Specifies that the use of the gNOI File Stat RPC is denied.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-file-transfertoremote)

Full Context

configure system security profile grpc rpc-authorization gnoi-file-transfertoremote

Description

This command permits the use of the gNOI File TransferToRemote RPC to transfer the file from the target node to a specified remote location.

Default

gnoi-file-transfertoremote permit

Parameters

permit

Specifies that the use of the gNOI File TransferToRemote RPC is permitted.

deny

Specifies that the use of the gNOI File TransferToRemote RPC is denied.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-system-cancelreboot)

Full Context

configure system security profile grpc rpc-authorization gnoi-system-cancelreboot

Description

This command permits the use of gNOI System CancelReboot RPC for a user-given profile.

Default

gnoi-system-cancelreboot deny

Parameters

permit

Specifies that the use of gNOI System CancelReboot RPC is permitted.

deny

Specifies that the use of gNOI System CancelReboot RPC is denied.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-system-ping)

Full Context

configure system security profile grpc rpc-authorization gnoi-system-ping

Description

This command permits the use of the gNOI Ping RPC to execute the ping command on the target node and stream back the results.

Default

gnoi-system-ping permit

Parameters

permit

Specifies that the use of the gNOI Ping RPC is permitted.

deny

Specifies that the use of the gNOI Ping RPC is denied.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-system-reboot)

Full Context

configure system security profile grpc rpc-authorization gnoi-system-reboot

Description

This command permits the use of gNOI System Reboot RPC for a user-given profile.

The no form of this command reverts to the default value.

Default

gnoi-system-reboot deny

Parameters

permit

Specifies that the use of gNOI System Reboot RPC is permitted.

deny

Specifies that the use of gNOI System Reboot RPC is denied.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-system-rebootstatus)

Full Context

configure system security profile grpc rpc-authorization gnoi-system-rebootstatus

Description

This command permits the use of gNOI System RebootStatus RPC for a user-given profile.

The no form of this command reverts to the default value.

Default

gnoi-system-rebootstatus deny

Parameters

permit

Specifies that the use of gNOI System RebootStatus RPC is permitted for a user-given profile.

deny

Specifies that the use of gNOI System RebootStatus RPC is denied.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-system-setpackage)

Full Context

configure system security profile grpc rpc-authorization gnoi-system-setpackage

Description

This command permits the use of gNOI System SetPackage RPC for a user-given profile.

The no form of this command reverts to the default value.

Default

gnoi-system-setpackage deny

Parameters

deny

Specifies that the use of gNOI System SetPackage RPC is denied.

permit

Specifies that the use of gNOI System SetPackage RPC is permitted.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-system-switchcontrolprocessor)

Full Context

configure system security profile grpc rpc-authorization gnoi-system-switchcontrolprocessor

Description

This command permits the use of gNOI System SwitchControlProcessor RPC for a user-given profile.

The no form of this command reverts to the default value.

Default

gnoi-system-switchcontrolprocessor deny

Parameters

deny

Specifies that the use of gNOI System SwitchControlProcessor RPC is denied.

permit

Specifies that the use of gNOI System SwitchControlProcessor RPC is permitted.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-system-time)

Full Context

configure system security profile grpc rpc-authorization gnoi-system-time

Description

This command permits the use of the gNOI Time RPC to return the current time on the target node.

Default

gnoi-system-time permit

Parameters

permit

Specifies that the use of the gNOI Time RPC is permitted.

deny

Specifies that the use of the gNOI Time RPC is denied.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>profile>grpc>rpc-authorization gnoi-system-traceroute)

Full Context

configure system security profile grpc rpc-authorization gnoi-system-traceroute

Description

This command permits the use of the gNOI Traceroute RPC to execute the traceroute command on the target node and stream back the results.

Default

gnoi-system-traceroute permit

Parameters

permit

Specifies that the use of the gNOI Traceroute RPC is permitted.

deny

Specifies that the use of the gNOI Traceroute RPC is denied.

Platforms

7705 SAR Gen 2

Context

[Tree] (candidate goto)

Full Context

candidate goto

Description

This command changes the edit point of the candidate configuration. The edit point is the point after which new commands are inserted into the candidate configuration as an operator navigates the CLI and issues commands in edit-cfg mode.

Parameters

line

Indicates which line to change starting at the point indicated by the following options.

Values

line, offset, first, edit-point, last
	line	absolute line number
	offset	relative line number to current edit point. Prefixed with '+' or '-'
	first	keyword - first line
	edit-point	keyword - current edit point
	last	keyword - last line that is not 'exit'

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>rsvp>if gr-helper)

Full Context

configure router rsvp interface gr-helper

Description

This command enables the RSVP Graceful Restart Helper feature.

The RSVP-TE Graceful Restart helper mode allows the SR OS based system (the helper node) to provide another router that has requested it (the restarting node) a grace period, during which the system will continue to use RSVP sessions to neighbors requesting the grace period. This is typically used when another router is rebooting its control plane but its forwarding plane is expected to continue to forward traffic based on the previously available Path and Resv states.

The user can enable Graceful Restart helper on each RSVP interface separately. When the GR helper feature is enabled on an RSVP interface, the node starts inserting a new Restart_Cap Object in the Hello packets to its neighbor. The restarting node does the same and indicates to the helper node the desired Restart Time and Recovery Time.

The GR Restart helper consists of a couple of phases. Once it loses Hello communication with its neighbor, the helper node enters the Restart phase. During this phase, it preserves the state of all RSVP sessions to its neighbor and waits for a new Hello message.

Once the Hello message is received indicating the restarting node preserved state, the helper node enters the recovery phase in which it starts refreshing all the sessions that were preserved. The restarting node will activate all the stale sessions that are refreshed by the helper node. Any Path state which did not get a Resv message from the restarting node once the Recovery Phase time is over is considered to have expired and is deleted by the helper node causing the proper Path Tear generation downstream.

The duration of the restart phase (recovery phase) is equal to the minimum of the neighbor’s advertised Restart Time (Recovery Time) in its last Hello message and the locally configured value of the max-restart (max-recovery) parameter.

When GR helper is enabled on an RSVP interface, its procedures apply to the state of both P2P and P2MP RSVP LSP to a neighbor over this interface.

Default

disable

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>rsvp gr-helper-time)

Full Context

configure router rsvp gr-helper-time

Description

This command configures the local values for the max-recovery and the max-restart intervals used in the RSVP Graceful Restart Helper feature.

The values are configured globally in RSVP but separate instances of the timers are applied to each RSVP interface that has the RSVP Graceful Restart Helper enabled.

The no version of this command re-instates the default value for the delay timer.

Default

gr-helper-time max-recovery 300 max-restart 120

Parameters

recovery-interval

Specifies the max recovery interval value in seconds.

Values

1 to 1800

restart-interval

Specifies the max restart interval value in seconds.

Values

1 to 300

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>bgp>group graceful-restart)

[Tree] (config>service>vprn>bgp graceful-restart)

[Tree] (config>service>vprn>bgp>group>neighbor graceful-restart)

Full Context

configure service vprn bgp group graceful-restart

configure service vprn bgp graceful-restart

configure service vprn bgp group neighbor graceful-restart

Description

This command enables BGP graceful restart helper procedures (the "receiving router” role defined in the standard) for address families included in the GR capabilities of both peers. In a VPRN, SR OS can support GR helper functionality for IPv4, IPv6, label-ipv4, flow-ipv4 (IPv4 FlowSpec) and flow-ipv6 (IPv6 FlowSpec) routes.

When a neighbor covered by the GR helper mode restarts its control plane, forwarding can continue uninterrupted while the session is re-established and routes are re-learned.

The no form of this command disables graceful restart.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>isis graceful-restart)

Full Context

configure service vprn isis graceful-restart

Description

This command enables IS-IS graceful restart (GR) to minimize service interruption. When the control plane of a GR-capable router fails or restarts, the neighboring routers (GR helpers) temporarily preserve IS-IS forwarding information. Traffic continues to be forwarded to the restarting router using the last known forwarding tables. If the control plane of the restarting router becomes operationally and administratively up within the grace period, the restarting router resumes normal IS-IS operation. If the grace period expires, then the restarting router is presumed inactive and the IS-IS topology is recalculated to route traffic around the failure.

The no form of this command disables graceful restart and removes the graceful restart configuration from the IS-IS instance.

Default

no graceful-restart

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>ospf3 graceful-restart)

[Tree] (config>service>vprn>ospf graceful-restart)

Full Context

configure service vprn ospf3 graceful-restart

configure service vprn ospf graceful-restart

Description

This command enables OSPF graceful restart (GR) to minimize service interruption.

When the control plane of a GR-capable router fails or restarts, the neighboring routers (GR helpers) temporarily preserve OSPF forwarding information. Traffic continues to be forwarded to the restarting router using the last known forwarding tables. If the control plane of the restarting router becomes operationally and administratively up within the grace period, the restarting router resumes normal OSPF operation. If the grace period expires, the restarting router is presumed inactive and the OSPF topology is recalculated to route traffic around the failure.

The no form of this command disables GR and removes the GR configuration from the OSPF instance.

Default

no graceful-restart

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ldp graceful-restart)

Full Context

configure router ldp graceful-restart

Description

This command enables graceful restart helper.

The no form of this command disables graceful restart.

Graceful restart helper configuration changes, enable/disable, or change of a parameter will cause the LDP session to bounce.

Default

no graceful-restart (disabled) — Graceful-restart must be explicitly enabled.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>group graceful-restart)

[Tree] (config>router>bgp>group>neighbor graceful-restart)

[Tree] (config>router>bgp graceful-restart)

Full Context

configure router bgp group graceful-restart

configure router bgp group neighbor graceful-restart

configure router bgp graceful-restart

Description

This command enables BGP graceful restart helper procedures (the "receiving router” role defined in the standard) for address families included in the GR capabilities of both peers. SR OS can support GR helper functionality for IPv4, IPv6, VPN-IPv4, VPN-IPv6, Label-IPv4, Label-IPv6, L2-VPN, Route-Target (RTC), Flow-IPv4 (IPv4 FlowSpec) and Flow-IPv6 (IPv6 FlowSpec) routes.

If a neighbor covered by the GR helper mode restarts its control plane, forwarding can continue uninterrupted while the session is re-established and routes are re-learned.

The no form of this command disables graceful restart.

Default

no graceful-restart

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>bgp graceful-restart)

Full Context

debug router bgp graceful-restart

Description

This command enables debugging for BGP graceful restart.

The no form of this command disables the debugging.

Parameters

neighbor ip-address

Debugs only events affecting the specified BGP neighbor.

Values

ipv4-address:

• a.b.c.d (host bits must be 0)

ipv6-address:

• x:x:x:x:x:x:x:x [-interface] (eight 16-bit pieces)

• x:x:x:x:x:x:d.d.d.d [-interface]

• x: [0 to FFFF]H

• d: [0 to 255]D

• interface: up to 32 characters for link local addresses

group name

Debugs only events affecting the specified peer group name, up to 64 characters, and associated neighbors.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis graceful-restart)

Full Context

configure router isis graceful-restart

Description

This command enables IS-IS graceful restart (GR) to minimize service interruption. When the control plane of a GR-capable router fails or restarts, the neighboring routers (GR helpers) temporarily preserve IS-IS forwarding information. Traffic continues to be forwarded to the restarting router using the last known forwarding tables. If the control plane of the restarting router becomes operationally and administratively up within the grace period, the restarting router resumes normal IS-IS operation. If the grace period expires, then the restarting router is presumed inactive and the IS-IS topology is recalculated to route traffic around the failure.

The no form of this command disables graceful restart and removes the graceful restart configuration from the IS-IS instance.

Default

no graceful-restart

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>isis graceful-restart)

Full Context

debug router isis graceful-restart

Description

This command enables debugging for IS-IS graceful-restart.

The no form of the command disables debugging.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ospf graceful-restart)

[Tree] (config>router>ospf3 graceful-restart)

Full Context

configure router ospf graceful-restart

configure router ospf3 graceful-restart

Description

This command enables OSPF graceful restart (GR) to minimize service disruption. When the control plane of a GR-capable router fails or restarts, the neighboring routers (GR helpers) temporarily preserve OSPF forwarding information. Traffic continues to be forwarded to the restarting router using the last known forwarding tables. If the control plane of the restarting router comes back up within the grace period, the restarting router resumes normal OSPF operation. If the grace period expires, then the restarting router is presumed inactive and the OSPF topology is recalculated to route traffic around the failure.

The no form of this command disables graceful restart and removes the graceful restart configuration from the OSPF instance.

Default

no graceful-restart

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>ospf graceful-restart)

[Tree] (debug>router>ospf3 graceful-restart)

Full Context

debug router ospf graceful-restart

debug router ospf3 graceful-restart

Description

This command enables debugging for OSPF and OSPF3 graceful restart.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>rsvp graceful-shutdown)

[Tree] (config>router>rsvp>interface graceful-shutdown)

Full Context

configure router rsvp graceful-shutdown

configure router rsvp interface graceful-shutdown

Description

This command initiates a graceful shutdown of the specified RSVP interface or all RSVP interfaces on the node if applied at the RSVP level. These are referred to as maintenance interface and maintenance node, respectively.

To initiate a graceful shutdown the maintenance node generates a PathErr message with a specific error sub-code of Local Maintenance on TE Link required for each LSP that is exiting the maintenance interface.

The node performs a single make-before-break attempt for all adaptive CSPF LSPs it originates and LSP paths using the maintenance interfaces. If an alternative path for an affected LSP is not found, then the LSP is maintained on its current path. The maintenance node also tears down and re-signals any detour LSP path using listed maintenance interfaces as soon as they are not active.

The maintenance node floods an IGP TE LSA/LSP containing Link TLV for the links under graceful shutdown with TE metric set to 0xffffffff and Unreserved Bandwidth parameter set to zero (0).

A head-end LER node, upon receipt of the PathErr message performs a single make-before-break attempt on the affected adaptive CSPF LSP. If an alternative path is not found, then the LSP is maintained on its current path.

A node does not take any action on the paths of the following originating LSPs after receiving the PathErr message:

a. An adaptive CSPF LSP for which the PathErr indicates a node address in the address list and the node corresponds to the destination of the LSP. In this case, there are no alternative paths which can be found.

b. An adaptive CSPF LSP whose path has explicit hops defined using the listed maintenance interface(s)/node(s).

c. A CSPF LSP with the adaptive option disabled and which current path is over the listed maintenance interfaces in the PathErr message. These are not subject to make-before-break.

d. A non CSPF LSP which current path is over the listed maintenance interfaces in the PathErr message.

The head-end LER node upon receipt of the updates IPG TE LSA/LSP for the maintenance interfaces updates the TE database. This information will be used at the next scheduled CSPF computation for any LSP which path may traverse any of the maintenance interfaces.

The no form of this command disables the graceful shutdown operation at the RSVP interface level or at the RSVP level. The configured TE parameters of the maintenance links are restored and the maintenance node floods the links.

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>pim graft)

Full Context

debug router pim graft

Description

This command enables debugging for PIM grafts.

The no form of this command disables PIM graft debugging.

Parameters

ip-address

Debugs graft information associated with the specified source.

Values

source address (ipv4, ipv6)

grp-ip-address

Debugs graft information associated with the specified group.

Values

multicast group address (ipv4, ipv6)

detail

Debugs detailed graft information.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>bgp-ipvpn>mpls>auto-bind-tunnel>resolution-filter gre)

Full Context

configure service vprn bgp-ipvpn mpls auto-bind-tunnel resolution-filter gre

Description

This command enables setting the tunnel type for the auto bind tunnel.

The gre encapsulation of the MPLS service packet uses the base 4-byte header as per RFC 2890. The optional fields Checksum (plus Reserved field), Key, and Sequence Number are not inserted.

The no form of this command disables the setting the tunnel type for the auto bind tunnel.

Default

no gre

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>auto-bind-tunnel>res-filter gre)

Full Context

configure service vprn auto-bind-tunnel resolution-filter gre

Description

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if>sap>ip-tunnel gre-header)

[Tree] (config>service>vprn>if>sap>ip-tunnel gre-header)

Full Context

configure service ies interface sap ip-tunnel gre-header

configure service vprn interface sap ip-tunnel gre-header

Description

This command configures the type of the IP tunnel. If the gre-header command is configured then the tunnel is a GRE tunnel with a GRE header inserted between the outer and inner IP headers. If the no form of this command is configured then the tunnel is a simple IP-IP tunnel.

Default

no gre-header

Parameters

send-key send-key

Specifies a 32-bit unsigned integer.

Values

0 to 4294967295

receive-key receive-key

Specifies a 32-bit unsigned integer.

Values

0 to 4294967295

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>rip group)

Full Context

configure service vprn rip group

Description

This command creates a context for configuring a RIP group of neighbors. RIP groups are a way of logically associating RIP neighbor interfaces to facilitate a common configuration for RIP interfaces.

The no form of this command deletes the RIP neighbor interface group. Deleting the group also removes the RIP configuration of all the neighbor interfaces currently assigned to this group.

Default

no group

Parameters

group-name

The RIP group name. Allowed values are any string, up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp group)

Full Context

configure router bgp group

Description

Commands in this context configure a BGP peer group.

The no form of this command deletes the specified peer group and all configurations associated with the peer group. The group must be shut down before it can be deleted.

Default

no group

Parameters

name

Specifies the peer group name. Allowed values are any string, up to 64 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>mesh-sdp>mld-snooping>static group)

[Tree] (config>service>vpls>spoke-sdp>igmp-snooping>static group)

[Tree] (config>service>vpls>sap>mld-snooping>static group)

[Tree] (config>service>vpls>spoke-sdp>mld-snooping>static group)

[Tree] (config>service>vpls>mesh-sdp>igmp-snooping>static group)

[Tree] (config>service>vpls>sap>igmp-snooping>static group)

Full Context

configure service vpls mesh-sdp mld-snooping static group

configure service vpls spoke-sdp igmp-snooping static group

configure service vpls sap mld-snooping static group

configure service vpls spoke-sdp mld-snooping static group

configure service vpls mesh-sdp igmp-snooping static group

configure service vpls sap igmp-snooping static group

Description

Commands in this context add a static multicast group as a (*, G) or as one or more (S,G) records. When a static MLD or IGMP group is added, multicast data for that (*,G) or (S,G) is forwarded to the specific SAP or SDP without receiving any membership report from a host.

Parameters

grp-ip-address

Specifies an IGMP multicast group address that receives data on an interface. The IP address must be unique for each static group.

grp-ipv6-address

Specifies an MLD multicast group address that receives data on an interface. The IP address must be unique for each static group.

Values

ipv6-address:

• x:x:x:x:x:x:x:x (eight 16-bit pieces)

• x:x:x:x:x:x:d.d.d.d

• x: [0 to FFFF]H

• d: [0 to 255]D

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>bgp group)

Full Context

configure service vprn bgp group

Description

This command creates a context to configure a BGP peer group.

The no form of this command deletes the specified peer group and all configurations associated with the peer group. The group must be shut down before it can be deleted.

Parameters

name

Specifies the peer group name. Allowed values is a string up to 64 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed between double quotes.

esm-dynamic-peer

Specifies that the given BGP group is used by BGP peers created dynamically based on subscriber-hosts pointing to corresponding BGP peering policy. There can be only one BGP group with this flag set in any given VPRN. No BGP neighbors can be manually configured in a BGP group with this flag set.

Default

disabled

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>igmp>if>static group)

Full Context

configure service vprn igmp interface static group

Description

This command adds a static multicast group either as a (*,G) or one or more (S,G) records. Use IGMP static group memberships to test multicast forwarding without a receiver host. When IGMP static groups are enabled, data is forwarded to an interface without receiving membership reports from host members.

When static IGMP group entries on point-to-point links that connect routers to a rendezvous point (RP) are configured, the static IGMP group entries do not generate join messages toward the RP.

Parameters

grp-ip-address

Specifies an IGMP multicast group address that receives data on an interface. The IP address must be unique for each static group. The address must be in dotted decimal notation.

start grp-ip-address

Specifies the start multicast group address.

end grp-ip-address

Specifies the end multicast group address.

step ip-address

Specifies the step increment.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>mld>if>static group)

Full Context

configure service vprn mld interface static group

Description

Commands in this context add a static multicast group either as a (*,G) or one or more (S,G) records. Use MLD static group memberships to test multicast forwarding without a receiver host. When MLD static groups are enabled, data is forwarded to an interface without receiving membership reports from host members.

When static MLD group entries on point-to-point links that connect routers to a rendezvous point (RP) are configured, the static MLD group entries do not generate join messages toward the RP.

The no form of this command removes the IPv6 address from the configuration.

Parameters

grp-ipv6-address

Specifies an MLD multicast group address that receives data on an interface. The IP address must be unique for each static group.

Values

ipv6-address:

• x:x:x:x:x:x:x:x (eight 16-bit pieces)

• x:x:x:x:x:x:d.d.d.d

• x: [0 to FFFF]H

• d: [0 to 255]D

start grp-ipv6-address

Specifies the start multicast group address.

Values

ipv6-address:

• x:x:x:x:x:x:x:x (eight 16-bit pieces)

• x:x:x:x:x:x:d.d.d.d

• x: [0 to FFFF]H

• d: [0 to 255]D

end grp-ipv6-address

Specifies the end multicast group address.

Values

ipv6-address:

• x:x:x:x:x:x:x:x (eight 16-bit pieces)

• x:x:x:x:x:x:d.d.d.d

• x: [0 to FFFF]H

• d: [0 to 255]D

step ipv6-address

Specifies the step increment.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>igmp>if>static group)

Full Context

configure router igmp interface static group

Description

Commands in this context add a static multicast group either as a (*,G) or one or more (S,G) records. Use IGMP static group memberships to test multicast forwarding without a receiver host. When IGMP static groups are enabled, data is forwarded to an interface without receiving membership reports from host members.

When static IGMP group entries on point-to-point links that connect routers to a rendezvous point (RP) are configured, the static IGMP group entries do not generate join messages toward the RP.

Parameters

ip-address

Specifies an IGMP multicast group address that receives data on an interface. The IP address must be unique for each static group.

start grp-ip-address

Specifies the start multicast group address.

end grp-ip-address

Specifies the end multicast group address.

step ip-address

Specifies the step increment.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mld>if>static group)

Full Context

configure router mld interface static group

Description

Commands in this context add a static multicast group either as a (*,G) or one or more (S,G) records. Use MLD static group memberships to test multicast forwarding without a receiver host. When MLD static groups are enabled, data is forwarded to an interface without receiving membership reports from host members.

When static MLD group entries on point-to-point links that connect routers to a rendezvous point (RP) are configured, the static MLD group entries do not generate join messages toward the RP.

The no form of this command removes the IPv6 address from the configuration.

Parameters

grp-ipv6-address

Specifies an MLD multicast group address that receives data on an interface. The IP address must be unique for each static group.

Values

ipv6-address:

• x:x:x:x:x:x:x:x (eight 16-bit pieces)

• x:x:x:x:x:x:d.d.d.d

• x: [0 to FFFF]H

• d: [0 to 255]D

start grp-ipv6-address

Specifies the start multicast group address.

Values

ipv6-address:

• x:x:x:x:x:x:x:x (eight 16-bit pieces)

• x:x:x:x:x:x:d.d.d.d

• x: [0 to FFFF]H

• d: [0 to 255]D

end grp-ipv6-address

Specifies the end multicast group address.

Values

ipv6-address:

• x:x:x:x:x:x:x:x (eight 16-bit pieces)

• x:x:x:x:x:x:d.d.d.d

• x: [0 to FFFF]H

• d: [0 to 255]D

step ipv6-address

Specifies the step increment.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>user>snmp group)

Full Context

configure system security user snmp group

Description

This command associates (or links) a user to a group name. The group name must be configured with the config>system>security>user >snmp>group command. The config>system>security>user access command links the group with one or more views, security model (s), security level (s), and read, write, and notify permissions.

Parameters

group-name

Enter the group name (between 1 and 32 alphanumeric characters) that is associated with this user. A user can be associated with one group-name per security model.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>rip group)

[Tree] (config>router>ripng group)

Full Context

configure router rip group

configure router ripng group

Description

This command creates a context for configuring a RIP group of neighbor interfaces.

RIP groups are a way of logically associating RIP neighbor interfaces to facilitate a common configuration for RIP interfaces.

The no form of the command deletes the RIP neighbor interface group. Deleting the group will also remove the RIP configuration of all the neighbor interfaces currently assigned to this group.

Default

no group

Parameters

group-name

Specifies the RIP group name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>oper-group>hold-time group)

Full Context

configure service oper-group hold-time group

Description

The group down form of the command configures the number of seconds to wait before notifying clients monitoring this group when its operational status transitions from up to down.

The group up form of the command configures the number of seconds to wait before notifying clients monitoring this group when its operational status transitions from down to up. A value of zero indicates that transitions are reported immediately to monitoring clients. The up time option is a must to achieve fast convergence: when the group comes up, the monitoring MH site that tracks the group status may wait without impacting the overall convergence; there is usually a pair MH site that is already handling the traffic.

The no form of the command sets the values back to the default.

Default

group down 0

group up 4

Parameters

time

Specifies the group up or group down time value.

Values

0 to 3600

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>policy-options>policy-statement>entry>from group-address)

Full Context

configure router policy-options policy-statement entry from group-address

Description

This command specifies the multicast group-address prefix list containing multicast group-addresses that are embedded in the join or prune packet as a filter criterion. The prefix list must be configured prior to entering this command. Prefix lists are configured in the config>router>policy-options>prefix-list context.

The no form of this command removes the criterion from the configuration.

Default

no group-address

Parameters

prefix-list-name

Specifies the prefix-list name. Allowed values are any string up to 64 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

The prefix-list-name is defined in the config>router>policy-options>prefix-list context.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>interface group-encryption)

Full Context

configure router interface group-encryption

Description

This command enables NGE on the router interface. When NGE is enabled on the interface, all received Layer 3 packets that have the protocol ID configured as ESP are considered to be NGE packets and must be encrypted using a valid set of keys from any preconfigured key group on the system.

The no form of this command disables NGE on the interface. NGE cannot be disabled unless all key groups and IP exception filters are removed.

Default

no group-encryption

Platforms

7705 SAR Gen 2

Context

[Tree] (config group-encryption)

Full Context

configure group-encryption

Description

Commands in this context configure group encryption parameters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>grp-encryp group-encryption-label)

Full Context

configure group-encryption group-encryption-label

Description

This command configures the group encryption label used to identify when an MPLS payload is encrypted. This label must be unique network-wide and must be configured consistently on all nodes participating in a network group encryption domain. The label cannot be changed or deleted when there are any key groups configured on the node.

The no form of the command reverts to the default setting.

Parameters

encryption-label

The network-wide, unique reserved MPLS label for group encryption.

Values

32 to 2047

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>igmp group-interface)

Full Context

debug router igmp group-interface

Description

This command enables debugging for IGMP group-interface.

The no form of the command disables debugging.

Parameters

service-id

Debugs information associated with the service ID.

Values

service-id: 1 to 2148278386

svc-name: up to 64 characters.

ip-int-name

Debugs information associated with the specified IP interface name.

Values

IP interface address

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>tls>client-tls-profile group-list)

Full Context

configure system security tls client-tls-profile group-list

Description

This command assigns an existing TLS 1.3 group list to the TLS client profile.

The no form of this command removes the group list from the client profile.

Default

no group-list

Parameters

name

Specifies the name of the group list, up to 32 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>tls>server-tls-profile group-list)

Full Context

configure system security tls server-tls-profile group-list

Description

This command assigns an existing TLS 1.3 group list to the TLS server profile.

The no form of this command removes the group list from the server profile.

Default

no group-list

Parameters

name

Specifies the name of the group list, up to 32 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>sdp-group group-name)

Full Context

configure service sdp-group group-name

Description

This command defines SDP administrative groups, referred to as SDP admin groups.

SDP admin groups provide a way for services using a pseudowire template to automatically include or exclude specific provisioned SDPs. SDPs sharing a specific characteristic or attribute can be made members of the same admin group. When users configure a pseudowire template, they can include and/or exclude one or more admin groups. When the service is bound to the pseudowire template, the SDP selection rules will enforce the admin group constraints specified in the sdp-include and sdp-exclude commands.

A maximum of 32 admin groups can be created. The group value ranges from zero (0) to 31. It is uniquely associated with the group name at creation time. If the user attempts to configure another group name for a group value that is already assigned to an existing group name, the SDP admin group creation is failed. The same happens if the user attempts to configure an SDP admin group with a new name but associates it to a group value already assigned to an existing group name.

The no option of this command deletes the SDP admin group but is only allowed if the group-name is not referenced in a PW template or SDP.

Parameters

group-name

Specifies the name of the SDP admin group. A maximum of 32 characters can be entered.

group-value

Specifies the group value associated with this SDP admin group. This value is unique within the system.

Values

0 to 31

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>pim>rp>ipv6>static>address group-prefix)

[Tree] (config>router>pim>rp>static>address group-prefix)

Full Context

configure router pim rp ipv6 static address group-prefix

configure router pim rp static address group-prefix

Description

This command specifies the range of multicast group addresses which should be used by the router as the Rendezvous Point (RP). The config>router>pim>rp>static> address a.b.c.d implicitly defaults to deny all for all multicast groups (224.0.0.0/4). A group-prefix must be specified for that static address. This command does not apply to the whole group range.

The no form of this command removes the group-prefix from the configuration.

Parameters

grp-ipv6-address

Specifies the multicast group IPv6 address expressed in dotted decimal notation.

Values

grp-ipv6-address x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0..FFFF]H

d [0..255]D

prefix-length

Specifies the prefix length of the IPv6 address.

Values

8 to 128

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>pim>rp>ipv6>rp-candidate group-range)

[Tree] (config>service>vprn>pim>rp>ipv6>embedded-rp group-range)

Full Context

configure service vprn pim rp ipv6 rp-candidate group-range

configure service vprn pim rp ipv6 embedded-rp group-range

Description

This command configures the group address or range of group addresses for which this router can be the rendezvous point (RP).

The no form of this command removes the group address or range of group addresses for which this router can be the RP from the configuration.

Parameters

ipv6-address

Specifies the addresses or address ranges that this router can be an RP.

prefix-length

Specifies the address prefix length.

Values

ipv6-address	: x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x [0 to FFFF]H
	d [0 to 255]D
prefix-length	[8 to 128] // for embedded-rp
prefix-length	[16 to 128] // for rp-candidate

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>pim>ssm group-range)

[Tree] (config>service>vprn>pim>rp>rp-candidate group-range)

Full Context

configure service vprn pim ssm-groups group-range

configure service vprn pim rp rp-candidate group-range

Description

This command configures the group address or range of group addresses for which this router can be the rendezvous point (RP).

Use the no form of this command to remove the group address or range of group addresses for which this router can be the RP from the configuration.

Parameters

ip-prefix

Specifies the addresses or address ranges that this router can be an RP.

Values

ipv4-prefix - a.b.c.d ipv4-prefix-le - [0 to 32] ipv6-prefix - x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d x - [0 to FFFF]H d - [0 to 255]D ipv6-prefix-le - [0 to 128]

mask

Specifies the address mask with the address to define a range of addresses.

netmask

Specifies the subnet mask in dotted decimal notation.

Values

:a.b.c.d (network bits all 1 and host bits all 0)

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>pim>rp>ipv6>embedded-rp group-range)

[Tree] (config>router>pim>rp>ipv6>rp-candidate group-range)

Full Context

configure router pim rp ipv6 embedded-rp group-range

configure router pim rp ipv6 rp-candidate group-range

Description

This command defines which multicast groups can embed RP address information besides FF70::/12. Embedded RP information is only used when the multicast group is in FF70::/12 or the configured group range.

The no form of this command removes the parameter from the

Parameters

ipv6-address/prefix-length

Specifies the group range for embedded RP.

Values

ipv6-address:

• x:x:x:x:x:x:x:x (eight 16-bit pieces)

• x:x:x:x:x:x:d.d.d.d

• x: [0 to FFFF]H

• d: [0 to 255]D

  prefix-length: 16 to 128

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>pim>rp>rp-candidate group-range)

Full Context

configure router pim rp rp-candidate group-range

Description

This command configures the address ranges of the multicast groups for which this router can be an RP.

The no form of this commands removes the parameter from the configuration.

Parameters

grp-ip-address

Specifies the multicast group IP address expressed in dotted decimal notation.

Values

224.0.0.0 to 239.255.255.255

mask

Specifies the mask associated with the IP prefix expressed as a mask length or in dotted decimal notation; for example, /16 for a sixteen-bit mask. The mask can also be entered in dotted decimal notation (255.255.0.0).

Values

4 to 32

netmask

Specifies the subnet mask in dotted decimal notation.

Values

0.0.0.0 to 255.255.255.255 (network bits all 1 and host bits all 0)

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>pim>ssm-groups group-range)

Full Context

configure router pim ssm-groups group-range

Description

This command configures the address ranges of the multicast groups for this router. When there are parameters present, the command configures the SSM group ranges for IPv6 addresses and netmasks.

The no form of this command removes the parameter from the configuration.

Parameters

ip-prefix/mask

Specifies the IP prefix in dotted decimal notation for the range used by the ABR to advertise that summarizes the area into another area ipv6-prefix.

Values

ipv4-prefix:

• a.b.c.d

ipv4-prefix-le: 0 to 32

ipv6-address:

• x:x:x:x:x:x:x:x (eight 16-bit pieces)

• x:x:x:x:x:x:d.d.d.d

• x: [0 to FFFF]H

• d: [0 to 255]D

ipv6-prefix-le: 0 to 128

Values

0 to 32 (mask length), 0.0.0.0 to 255.255.255.255 (dotted decimal)

netmask

Specifies the subnet mask in dotted decimal notation.

Values

0.0.0.0 to 255.255.255.255 (network bits all 1 and host bits all 0)

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>igmp grp-if-query-src-ip)

Full Context

configure service vprn igmp grp-if-query-src-ip

Description

This command configures the query source IP address for all group interfaces.

The no form of this command removes the IP address.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>igmp grp-if-query-src-ip)

Full Context

configure router igmp grp-if-query-src-ip

Description

This command configures the query source IP address for all group interfaces.

The no form of the command removes the IP address.

Parameters

ip-address

Sets the query source IP address.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mld grp-if-query-src-ip)

Full Context

configure router mld grp-if-query-src-ip

Description

This command configures the query source IPv6 address for all group interfaces.

The no form of this command removes the IP address.

Parameters

ipv6-address

Sets the source IPv6 address for all group interfaces. The address can be up to 64 characters. The source address should be link local.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>igmp>ssm-translate grp-range)

Full Context

configure service vprn igmp ssm-translate grp-range

Description

This command is used to configure group ranges which are translated to SSM (S,G) entries.

Parameters

start

An IP address that specifies the start of the group range.

end

An IP address that specifies the end of the group range. This value should always be greater than or equal to the value of the start value.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>mld>ssm-translate grp-range)

Full Context

configure service vprn mld ssm-translate grp-range

Description

This command is used to configure group ranges which are translated to SSM (S,G) entries.

Parameters

start

An IP address that specifies the start of the group range.

end

An IP address that specifies the end of the group range. This value should always be greater than or equal to the value of the start value.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>igmp>ssm-translate grp-range)

[Tree] (config>router>igmp>if>ssm-translate grp-range)

Full Context

configure router igmp ssm-translate grp-range

configure router igmp interface ssm-translate grp-range

Description

This command is used to configure group ranges which are translated to SSM (S,G) entries.

Parameters

start

An IP address that specifies the start of the group range.

end

An IP address that specifies the end of the group range. This value should always be greater than or equal to the value of the start value.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mld>if>ssm-translate grp-range)

[Tree] (config>router>mld>ssm-translate grp-range)

Full Context

configure router mld interface ssm-translate grp-range

configure router mld ssm-translate grp-range

Description

This command is used to configure group ranges which are translated to SSM (S,G) entries.

The no form of this command removes the start and end ranges from the configuration.

Parameters

start

Specifies an IP address for the start of the group range.

end

Specifies an IP address for the end of the group range. This value should always be greater than or equal to the value of the start value.

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>system grpc)

Full Context

debug system grpc

Description

This command enables the debug context for gRPC.

The no form of this command removes any debug activation within the gRPC context.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>management-interface grpc)

Full Context

configure system security management-interface grpc

Description

Commands in this context configure hash-control for the gRPC interface.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>profile grpc)

Full Context

configure system security profile grpc

Description

Commands in this context configure a specific gRPC security profile.

Platforms

7705 SAR Gen 2

Context

[Tree] (admin>system>telemetry grpc)

[Tree] (config>system grpc)

Full Context

admin system telemetry grpc

configure system grpc

Description

Commands in this context configure gRPC parameters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system grpc-tunnel)

Full Context

configure system grpc-tunnel

Description

Commands in this context configure the GRPC tunnel.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>static-route-entry grt)

Full Context

configure service vprn static-route-entry grt

Description

This command creates a static route in a VPRN service context that points to the global routing context (base router). This is primarily used to allow traffic that ingress through a VPRN service to be routed out of the global routing context.

This next-hop type cannot be used in conjunction with any other next-hop types.

Default

no grt

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn grt-lookup)

Full Context

configure service vprn grt-lookup

Description

Commands in this context configure all Global Route Table (GRT) leaking commands. If all the supporting commands in the context are removed, this command is also removed.

Platforms

7705 SAR Gen 2