h Commands

Context

[Tree] (config>port>ethernet>dampening half-life)

Full Context

configure port ethernet dampening half-life

Description

This command configures the half-life decay time and the maximum period of time for which the port up state can be suppressed.

The half-life and max-time values must be set at the same time; the ratio of max-time/ half-life must be less than or equal to 49 and greater than or equal to 1.

Parameters

half-life

Specifies the required elapsed time, in seconds, before penalties decay to one-half the initial amount.

Values

1 to 2000

Default

5

max-time

Specifies the maximum suppression time, in seconds, which is the time it can take after the physical link comes up before the worst case accumulated penalties have decayed to the reuse threshold. The maximum penalty is derived from the maximum suppression time, half-life, and reuse threshold, using the following equation:

maximum penalty = (reuse threshold) X 2 expo:(max-time/half-life)

Values

1 to 43200

Default

20

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>policy-options>damping half-life)

Full Context

configure router policy-options damping half-life

Description

This command configures the half-life parameter for the route damping profile.

The half-life value is the time, expressed in minutes, required for a route to remain stable in order for the Figure of Merit (FoM) value to be reduced by one half; for example, if the half-life value is 6 (minutes) and the route remains stable for 6 minutes, then the new FoM value is 3 (minutes). After another 3 minutes pass and the route remains stable, the new FoM value is 1.5 (minutes).

When the FoM value falls below the config>router>policy-options>damping reuse threshold, the route is once again considered valid and can be reused or included in route advertisements.

The no form of this command removes the half life parameter from the damping profile.

Default

no half-life

Parameters

minutes

Specifies the half-life in minutes expressed as a decimal integer.

Values

1 to 45

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>event-handling handler)

Full Context

configure log event-handling handler

Description

This command configures an EHS handler.

The no form of this command removes the specified EHS handler.

Parameters

event-handler-name

Specifies the name of the EHS handler, up to 32 characters maximum.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>grpc-tunnel>tunnel handler)

Full Context

configure system grpc-tunnel tunnel handler

Description

Commands in this context configure tunnel handler parameters. There can be multiple handlers created for any tunnel.

The no form of this command removes the specified tunnel handler.

Parameters

name

Specifies the handler name, up to 32 characters.

create

Keyword used to create a tunnel.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>management-interface>md-cli hash-algorithm)

[Tree] (config>system>security>management-interface>grpc hash-algorithm)

[Tree] (config>system>security>management-interface>netconf hash-algorithm)

Full Context

configure system security management-interface md-cli hash-algorithm

configure system security management-interface grpc hash-algorithm

configure system security management-interface netconf hash-algorithm

Description

This command specifies the format of the input and output for encrypted configuration secrets.

The no form of this command reverts to the default value.

Default

hash-algorithm hash2

Parameters

hash

Specifies hash. Use this option to transport a phrase between modules and nodes.

hash2

Specifies hash2 which is module-specific.

custom

Specifies the custom encryption to management interface.

cleartext

Specifies that the phrase is displayed as cleartext everywhere.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>pki>cert-upd-prof hash-algorithm)

Full Context

configure system security pki certificate-update-profile hash-algorithm

Description

This command configures the hash algorithm used to generate a certificate request.

Default

hash-algorithm sha256

Parameters

algorithm

Specifies the hash option.

Values

md5, sha1, sha224, sha256, sha384, sha512

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>pw-template hash-label)

[Tree] (config>service>epipe>spoke-sdp hash-label)

Full Context

configure service pw-template hash-label

configure service epipe spoke-sdp hash-label

Description

This command enables the use of the hash label on a VLL, VPRN or VPLS service bound to any MPLS type encapsulated SDP, as well as to a VPRN service that is using the auto-bind-tunnel with the resolution-filter set to any MPLS tunnel type. This feature is not supported on a service bound to a GRE SDP or for a VPRN service using the autobind mode with the gre option. This feature is also not supported on multicast packets forwarded using RSVP P2MP LSP or mLDP LSP in both the base router instance and in the multicast VPN (mVPN) instance. It is, however, supported when forwarding multicast packets using an IES/VPRN spoke-interface.

When this feature is enabled, the ingress data path is modified such that the result of the hash on the packet header is communicated to the egress data path for use as the value of the label field of the hash label. The egress data path appends the hash label at the bottom of the stack (BoS) and sets the S-bit to one (1).

To allow applications where the egress LER infers the presence of the hash label implicitly from the value of the label, the Most Significant Bit (MSB) of the result of the hash is set before copying into the Hash Label. This means that the value of the hash label will always be in the range [524,288 - 1,048,575] and will not overlap with the signaled/static LSP and signaled/static service label ranges. This also guarantees that the hash label will not match a value in the reserved label range.

The (unmodified) result of the hash continues to be used for the purpose of ECMP and LAG spraying of packets locally on the ingress LER. Note, however, that for VLL services, the result of the hash is overwritten and the ECMP and LAG spraying will be based on service-id when ingress SAP shared queuing is not enabled. However, the hash label will still reflect the result of the hash such that an LSR can use it to perform fine grained load balancing of VLL pseudowire packets.

Packets generated in CPM and that are forwarded labeled within the context of a service (for example, OAM packets) must also include a Hash Label at the BoS and set the S-bit accordingly.

The TTL of the hash label is set to a value of 0.

The user enables the signaling of the hash-label capability under a VLL spoke-sdp, a VPLS spoke-sdp or mesh SDP, or an IES/VPRN spoke interface by adding the signal-capability option. In this case, the decision whether to insert the hash label on the user and control plane packets by the local PE is solely determined by the outcome of the signaling process and can override the local PE configuration. The following are the procedures:

• The local PE will insert the flow label interface parameters sub-TLV with F=1 in the PW ID FEC element in the label mapping message for that spoke SDP or mesh SDP.

• If the remote PE includes this sub-TLV with F=1 or F=0, then local PE must insert the hash label in the user and control plane packets.

• If remote PE does not include this sub-TLV (for example, it does not support it, or it is supported but the user did not enable the hash-label option or the signal-capability option), then the local PE establishes the PW but must not insert the hash label in the user and control packets over that spoke SDP or mesh SDP. If the remote PE does not support the signal-capability option, then there are a couple of possible outcomes:

  • If the hash-label option was enabled on the local configuration of the spoke SDP or mesh SDP at the remote PE, the PW packets received by the local PE will have the hash label included. These packets must be dropped. The only way to solve this is to disable the signaling capability option on the local node which will result in the insertion of the hash label by both PE nodes.

  • If the hash-label option is not supported or was not enabled on the local configuration of the spoke SDP or mesh SDP at the remote PE, the PW received by the local PE will not have the hash label included.

• The user can enable or disable the signal-capability option in CLI as needed. When doing so, the 7705 SAR Gen 2 must withdraw the label it sent to its peer and send a new label mapping message with the new value of the F bit in the flow label interface parameters sub-TLV of the PW ID FEC element.

The no form of this command disables the use of the hash label.

Default

no hash-label

Parameters

signal-capability

Enables the signaling and negotiation of the use of the hash label between the local and remote PE nodes. The signal-capability option is not supported on a VPRN spoke-sdp.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>mesh-sdp hash-label)

[Tree] (config>service>vpls>spoke-sdp hash-label)

Full Context

configure service vpls mesh-sdp hash-label

configure service vpls spoke-sdp hash-label

Description

This command enables the use of the hash label on a VLL, VPRN, or VPLS service bound to any MPLS type encapsulated SDP, as well as to a VPRN service using the auto-bind-tunnel with the resolution-filter set to any MPLS tunnel type. This feature is not supported on a service bound to a GRE SDP or for a VPRN service using the autobind mode with the gre option. This feature is also not supported on multicast packets forwarded using RSVP P2MP LSP or mLDP LSP in both the base router instance and in the multicast VPN (mVPN) instance. It is, however, supported when forwarding multicast packets using an IES/VPRN spoke-interface.

When this feature is enabled, the ingress data path is modified such that the result of the hash on the packet header is communicated to the egress data path for use as the value of the label field of the hash label. The egress data path appends the hash label at the bottom of the stack (BoS) and sets the S-bit to one (1).

To allow applications where the egress LER infers the presence of the hash label implicitly from the value of the label, the Most Significant Bit (MSB) of the result of the hash is set before copying into the Hash Label. This means that the value of the hash label will always be in the range [524,288 - 1,048,575] and will not overlap with the signaled/static LSP and signaled/static service label ranges. This also guarantees that the hash label will not match a value in the reserved label range.

The (unmodified) result of the hash continues to be used for the purpose of ECMP and LAG spraying of packets locally on the ingress LER. Note, however, that for VLL services, the result of the hash is overwritten and the ECMP and LAG spraying will be based on service-id when ingress SAP shared queuing is not enabled. However, the hash label will still reflect the result of the hash such that an LSR can use it to perform fine grained load balancing of VLL pseudowire packets.

Packets generated in CPM and that are forwarded labeled within the context of a service (for example, OAM packets) must also include a Hash Label at the BoS and set the S-bit accordingly.

The TTL of the hash label is set to a value of 0.

The user enables the signaling of the hash-label capability under a VLL spoke-sdp, a VPLS spoke-sdp or mesh-sdp, or an IES/VPRN spoke interface by adding the signal-capability option. In this case, the decision whether to insert the hash label on the user and control plane packets by the local PE is solely determined by the outcome of the signaling process and can override the local PE configuration. The following are the procedures:

• The 7705 SAR Gen 2 local PE will insert the flow label interface parameters sub-TLV with F=1 in the pseudowire ID FEC element in the label mapping message for that spoke-sdp or mesh-sdp.

• If the remote PE includes this sub-TLV with F=1 or F=0, then local PE must insert the hash label in the user and control plane packets.

• If remote PE does not include this sub-TLV (for example, it does not support it, or it is supported but the user did not enable the hash-label option or the signal-capability option), then the local PE establishes the pseudowire but must not insert the hash label in the user and control packets over that spoke-sdp or mesh-sdp. If the remote PE does not support the signal-capability option, then there are a couple of possible outcomes:

  • If the hash-label option was enabled on the local configuration of the spoke-sdp or mesh-sdp at the remote PE, the pseudowire packets received by the local PE will have the hash label included. These packets must be dropped. The only way to solve this is to disable the signaling capability option on the local node which will result in the insertion of the hash label by both PE nodes.

  • If the hash-label option is not supported or was not enabled on the local configuration of the spoke-sdp or mesh-sdp at the remote PE, the pseudowire received by the local PE will not have the hash label included.

• The user can enable or disable the signal-capability option in CLI as needed. When doing so, the 7705 SAR Gen 2 must withdraw the label it sent to its peer and send a new label mapping message with the new value of the F bit in the flow label interface parameters sub-TLV of the pseudowire ID FEC element.

The no form of this command disables the use of the hash label.

Default

no hash-label

Parameters

signal-capability

Enables the signaling and negotiation of the use of the hash label between the local and remote PE nodes. The signal-capability option is not supported on a VPRN spoke-sdp.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if>spoke-sdp hash-label)

Full Context

configure service ies interface spoke-sdp hash-label

Description

This command enables the use of the hash label on a VLL, VPLS, or VPRN service bound to any MPLS-type encapsulated SDP, as well as to a VPRN service using auto-bind-tunnel with the resolution-filter configures as any MPLS tunnel type. This feature is not supported on a service bound to a GRE SDP or for a VPRN service using the autobind mode with the gre option.

When this feature is enabled, the ingress data path is modified such that the result of the hash on the packet header is communicated to the egress data path for use as the value of the label field of the hash label. The egress data path appends the hash label at the bottom of the stack (BoS) and sets the S-bit to 1 to indicate that.

In order to allow for applications whereby the egress LER infers the presence of the hash label implicitly from the value of the label, the Most Significant Bit (MSB) of the result of the hash is set before copying into the hash label. This means that the value of the hash label will always be in the range [524,288 to 1,048,575] and will not overlap with the signaled/static LSP and signaled/static service label ranges. This also guarantees that the hash label will not match a value in the reserved label range.

The (unmodified) result of the hash continues to be used for the purpose of ECMP and LAG spraying of packets locally on the ingress LER. For VLL services, the result of the hash is overwritten and the ECMP and LAG spraying will be based on service-id when ingress SAP shared queuing is not enabled. However, the hash label will still reflect the result of the hash such that an LSR can use it to perform fine grained load balancing of VLL pseudowire packets.

Packets that are generated in CPM and forwarded labeled within the context of a service (for example, OAM packets) must also include a hash label at the BoS and set the S-bit accordingly.

The TTL of the hash label is set to a value of 0.

The user enables the signaling of the hash-label capability under a VLL spoke-sdp, a VPLS spoke-sdp or mesh-sdp, or an IES/VPRN spoke interface by adding the signal-capability option. In this case, the decision whether to insert the hash label on the user and control plane packets by the local PE is solely determined by the outcome of the signaling process and can override the local PE configuration. The following are the procedures:

• The local PE will insert the flow label interface parameters sub-TLV with F=1 in the PW ID FEC element in the label mapping message for that spoke-sdp or mesh-sdp.

• If the remote PE includes this sub-TLV with F=1 or F=0, then local PE must insert the hash label in the user and control plane packets.

• If remote PE does not include this sub-TLV (for example, it does not support it, or it is supported but the user did not enable the hash-label option or the signal-capability option), then the local PE establishes the PW but must not insert the hash label in the user and control packets over that spoke-sdp or mesh-sdp. If the remote PE does not support the signal-capability option, then there are a couple of possible outcomes:

  • If the hash-label option was enabled on the local configuration of the spoke-sdp or mesh-sdp at the remote PE, the PW packets received by the local PE will have the hash label included. These packets must be dropped. The only way to solve this is to disable the signaling capability option on the local node which will result in the insertion of the hash label by both PE nodes.

  • If the hash-label option is not supported or was not enabled on the local configuration of the spoke-sdp or mesh-sdp at the remote PE, the PW received by the local PE will not have the hash label included.

• The user can enable or disable the signal-capability option in CLI as needed. When doing so, the router must withdraw the label it sent to its peer and send a new label mapping message with the new value of the F bit in the flow label interface parameters sub-TLV of the PW ID FEC element.

The no form of this command disables the use of the hash label.

Default

no hash-label

Parameters

signal-capability

Enables the signaling and negotiation of the use of the hash label between the local and remote PE nodes. The signal-capability option is not supported on a VPRN spoke-sdp.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>if>spoke-sdp hash-label)

[Tree] (config>service>vprn hash-label)

Full Context

configure service vprn interface spoke-sdp hash-label

configure service vprn hash-label

Description

This command enables the use of the hash label on a VLL, VPLS, or VPRN service bound to any MPLS-type encapsulated SDP as well as to a VPRN service using auto-bind-tunnel with the resolution-filter configured as any MPLS tunnel type. This feature is not supported on a service bound to a GRE SDP or for a VPRN service using the autobind mode with the gre option.

When this feature is enabled, the ingress data path is modified such that the result of the hash on the packet header is communicated to the egress data path for use as the value of the label field of the hash label. The egress data path appends the hash label at the bottom of the stack (BoS) and sets the S-bit to 1 to indicate that.

In order to allow for applications whereby the egress LER infers the presence of the Hash Label implicitly from the value of the label, the Most Significant Bit (MSB) of the result of the hash is set before copying into the Hash Label. This means that the value of the hash label will always be in the range [524,288 - 1,048,575] and will not overlap with the signaled/static LSP and signaled/static service label ranges. This also guarantees that the hash label will not match a value in the reserved label range.

The (unmodified) result of the hash continues to be used for the purpose of ECMP and LAG spraying of packets locally on the ingress LER. For VLL services, the result of the hash is overwritten and the ECMP and LAG spraying will be based on service-id when ingress SAP shared queuing is not enabled. However, the hash label will still reflect the result of the hash such that an LSR can use it to perform fine grained load balancing of VLL pseudowire packets.

Packets that are generated in CPM and forwarded labeled within the context of a service (for example, OAM packets) must also include a Hash Label at the BoS and set the S-bit accordingly.

The TTL of the hash label is set to a value of 0.

The no form of this command disables the use of the hash label.

Default

no hash-label

Parameters

signal-capability

Specifies whether the service should send the Stack Capability and check whether the capability is received from the peer via LDP interface parameters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>bgp-evpn>mpls hash-label)

Full Context

configure service vpls bgp-evpn mpls hash-label

Description

This command pushes the hash label based on the following:

• If the no incl-mcast-l2-attributes-advertisement command is configured, the hash label is pushed to a unicast EVPN destination.

• If the incl-mcast-l2-attributes-advertisement command is configured, the F bit is set to 1 in the Layer 2 Attributes Extended Community of the EVPN IMET route for the service. The hash label is pushed only if the remote PE signaled support for hash label (received F bit is set to 1).

The hash label is never used for BUM packets.

The no form of this command disables the push of the hash label.

Default

no hash-label

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>pim>rp>bsr-candidate hash-mask-len)

Full Context

configure service vprn pim rp bsr-candidate hash-mask-len

Description

This command is used to configure the length of a mask that is to be combined with the group address before the hash function is called. All groups with the same hash map to the same RP. For example, if this value is 24, only the first 24 bits of the group addresses matter. This mechanism is used to map one group or multiple groups to an RP.

Default

hash-mask-len 30

Parameters

hash-mask-length

The hash mask length.

Values

0 to 32

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>pim>rp>ipv6>bsr-candidate hash-mask-len)

Full Context

configure service vprn pim rp ipv6 bsr-candidate hash-mask-len

Description

This command is used to configure the length of a mask that is to be combined with the group address before the hash function is called. All groups with the same hash map to the same RP. For example, if this value is 24, only the first 24 bits of the group addresses matter. This mechanism is used to map one group or multiple groups to an RP.

Default

hash-mask-len 126

Parameters

hash-mask-length

The hash mask length.

Values

0 to 128

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>pim>rp>bsr-candidate hash-mask-len)

[Tree] (config>router>pim>rp>ipv6>bsr-candidate hash-mask-len)

Full Context

configure router pim rp bsr-candidate hash-mask-len

configure router pim rp ipv6 bsr-candidate hash-mask-len

Description

This command configures the length of a mask that is to be combined with the group address before the hash function is called. All groups with the same hash map to the same RP. For example, if this value is 24, only the first 24 bits of the group addresses matter. This mechanism is used to map one group or multiple groups to an RP.

The no form of this command reverts to the default value.

Default

hash-mask-len 30 — for config>router>pim>rp>bsr-candidate

hash-mask-len 126 — for config>router>pim>rp>ipv6> bsr-candidate

Parameters

hash-mask-length

Specifies the hash mask length.

Values

0 to 32 (v4)

0 to 128 (v6)

Platforms

7705 SAR Gen 2

Context

[Tree] (config>lag hash-weight-threshold)

Full Context

configure lag hash-weight-threshold

Description

This command controls the operational status of the LAG or the IGP cost based on the sum of the hash-weight values for the active links in the LAG.

The no form of this command disables the hash weight threshold.

Parameters

weight

Specifies the value for the sum of all the active LAG ports hash-weight at or below which the configured action is invoked. If the sum of hash-weight for operational LAG links exceeds the hash-weight-threshold value, then no action is taken.

Values

1 to 6400000

action

Specifies the action to take if the sum of the hash-weight for active links in the LAG is equal or below the threshold value.

Values

down — Specifies that the LAG is operationally DOWN. The LAG is only considered as UP once the number of hash-weight for the active links exceeds the configured threshold value.

dynamic-cost — Specifies that dynamic cost is activated. The LAG remains operationally UP with a link cost relative to the number of operational links. The link is only considered as operationally DOWN when all links in the LAG are down.

static-cost — Specifies that static cost is activated. The LAG remains operationally UP with the configured cost, regardless of the number of operational links. The link is only considered as operationally DOWN when all links in the LAG are down. If this parameter is used with an IGP, its reference-bandwidth must also be configured.

static-cost

Specifies the decimal integer static cost of the LAG.

Values

1 to 16777215

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>password hashing)

Full Context

configure system security password hashing

Description

This command configures the password hashing algorithm.

Default

hashing bcrypt

Parameters

bcrypt

Keyword to indicate that the command configures the bcrypt algorithm.

sha2-pbkdf2

Keyword to indicate that the command configures the PBKDF2 algorithm hashed via SHA2.

sha3-pbkdf2

Keyword to indicate that the command configures the PBKDF2 algorithm hashed via SHA3.

Platforms

7705 SAR Gen 2

Context

[Tree] (conf>router>segment-routing>sr-policies>policy head-end)

Full Context

configure router segment-routing sr-policies static-policy head-end

Description

This command associates a head-end location with a statically-defined segment-routing policy. The head-end identifies the router that is the target to install the policy. This is a mandatory parameter and configuration command for enabling the segment-routing policy; if the head-end parameter value is not configured, the execution of the no shutdown command on the static segment routing policy fails.

To associate a static policy with the local router as head-end, the keyword local must be specified. The static policy is associated with another (non-local) router, if the head-end parameter is set to any IPv4 address. When a non-local, static segment routing policy that originates as a BGP route is imported into BGP, the configured head-end address is converted to an IPv4-address specific route-target extended community that is automatically added to the route.

The no form of this command removes the head-end association.

Default

no head-end

Parameters

local

Keyword indicating that the policy is intended to be used by the local router and not advertised to other BGP routers.

ipv4-address

Specifies the IP address of the target head-end router.

Values

ipv4-address:

a.b.c.d

Platforms

7705 SAR Gen 2

Context

[Tree] (config>aaa>radius-server-policy>servers health-check)

Full Context

configure aaa radius-server-policy servers health-check

Description

Commands in this context configure health check parameters for the RADIUS server.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>password health-check)

Full Context

configure system security password health-check

Description

This command enables health check monitoring of the RADIUS, TACACS+, and LDAP servers by sending authentication requests for an unknown user at regular intervals. If a response is not received, the operational status of the server is changed to down. The operational status is changed to up when responses are received.

When RADIUS over TLS is configured, Status-Server packets are sent at 30-second intervals as specified in RFC 3539, regardless of whether health checks are enabled.

The no form of this command disables health monitoring of RADIUS, TACACS+, and LDAP servers. In this case, the operational status for the server is up if a response was received for the last user request.

Default

health-check interval 30

Parameters

interval

Specifies the polling interval for RADIUS, TACACS+, and LDAP servers.

Values

6 to 1500

Default

30

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ldp>if-params>ipv4 hello)

[Tree] (config>router>ldp>targ-session>ipv6 hello)

[Tree] (config>router>ldp>if-params>if>ipv6 hello)

[Tree] (config>router>ldp>if-params>ipv6 hello)

[Tree] (config>router>ldp>targ-session>ipv4 hello)

[Tree] (config>router>ldp>if-params>if>ipv4 hello)

[Tree] (config>router>ldp>targ-session>peer hello)

[Tree] (config>router>ldp>targ-session>peer-template hello)

Full Context

configure router ldp interface-parameters ipv4 hello

configure router ldp targeted-session ipv6 hello

configure router ldp interface-parameters interface ipv6 hello

configure router ldp interface-parameters ipv6 hello

configure router ldp targeted-session ipv4 hello

configure router ldp interface-parameters interface ipv4 hello

configure router ldp targeted-session peer hello

configure router ldp targeted-session peer-template hello

Description

This command configures the time interval to wait before declaring a neighbor down. The factor parameter derives the Hello interval.

Hold time is local to the system and sent in the Hello messages to the neighbor. Hold time cannot be less than three times the Hello interval. The hold time can be configured globally (applies to all LDP interfaces) or per interface. The most specific value is used.

When LDP session is being set up, the hold down time is negotiated to the lower of the two peers. Once an operational value is agreed upon, the Hello factor is used to derive the value of the Hello interval.

The no form of the command at the interface-parameters and targeted-session level sets the hello timeout and the hello factor to the default values.

The no form of the command, at the interface level, sets the hello timeout and the hello factor to the value defined under the interface-parameters level.

The no form of this command, at the peer level, sets the hello timeout and the hello factor to the value defined under the targeted-session level.

The session must be flapped for the new settings to operate.

Default

Hello Timeout Factors lists the default values.

Parameters

timeout

Configures the time interval, in seconds, that LDP waits before a neighbor down.

Values

1 to 65535

factor

Specifies the number of keepalive messages that should be sent on an idle LDP session in the Hello timeout interval.

Values

1 to 255

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>ldp>if>packet hello)

[Tree] (debug>router>ldp>peer>packet hello)

Full Context

debug router ldp interface packet hello

debug router ldp peer packet hello

Description

This command enables debugging for LDP Hello packets.

The no form of the command disables the debugging output.

Parameters

detail

Displays detailed information.

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>rsvp>packet hello)

Full Context

debug router rsvp packet hello

Description

This command debugs Hello packets.

The no form of the command disables the debugging.

Parameters

detail

Displays detailed information about Hello packets.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>isis>interface hello-auth-keychain)

[Tree] (config>service>vprn>isis>interface>level hello-auth-keychain)

Full Context

configure service vprn isis interface hello-auth-keychain

configure service vprn isis interface level hello-auth-keychain

Description

This command configures an authentication keychain to use for the protocol interface. The keychain allows the rollover of authentication keys during the lifetime of a session.

Default

no hello-auth-keychain

Parameters

name

Specifies the name of the keychain, up to 32 characters, to use for the specified protocol session or sessions.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>isis>level hello-authentication)

[Tree] (config>service>vprn>isis>if hello-authentication)

[Tree] (config>service>vprn>isis hello-authentication)

Full Context

configure service vprn isis level hello-authentication

configure service vprn isis interface hello-authentication

configure service vprn isis hello-authentication

Description

This command enables authentication of individual IS-IS Hello packets for the VPRN instance.

The no form of this command suppresses authentication of Hello packets.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis hello-authentication)

[Tree] (config>router>isis>level hello-authentication)

[Tree] (config>router>isis>interface hello-authentication)

Full Context

configure router isis hello-authentication

configure router isis level hello-authentication

configure router isis interface hello-authentication

Description

This command enables authentication of individual IS-IS packets of HELLO type.

The no form of this command suppresses authentication of HELLO packets.

Default

hello-authentication

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>isis>if hello-authentication-key)

[Tree] (config>service>vprn>isis>if>level hello-authentication-key)

Full Context

configure service vprn isis interface hello-authentication-key

configure service vprn isis interface level hello-authentication-key

Description

This command configures the authentication key (password) for Hello PDUs. Neighboring routers use the password to verify the authenticity of Hello PDUs sent from this interface. Both the Hello authentication key and the Hello authentication type on a segment must match. The hello-authentication-type must be specified.

To configure the Hello authentication key in the interface context use the hello-authentication-key in the config>router>isis>if context.

To configure or override the Hello authentication key for a specific level, configure the hello-authentication-key in the config>router>isis>if>level context.

If both IS-IS and hello-authentication are configured, Hello messages are validated using Hello authentication. If only IS-IS authentication is configured, it will be used to authenticate all IS-IS (including Hello) protocol PDUs.

When the Hello authentication key is configured in the config>router>isis>if context, it applies to all levels configured for the interface.

The no form of this command removes the authentication-key from the configuration.

Default

no hello-authentication-key — No Hello authentication key is configured.

Parameters

authentication-key

The Hello authentication key (password). The key can be any combination of ASCII characters up to 254 characters in length (un-encrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).

hash-key

The hash key. The key can be any combination of ASCII characters up to 342 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).

This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis>interface hello-authentication-key)

[Tree] (config>router>isis>if>level hello-authentication-key)

Full Context

configure router isis interface hello-authentication-key

configure router isis interface level hello-authentication-key

Description

This command configures the authentication key (password) for Hello PDUs. Neighboring routers use the password to verify the authenticity of Hello PDUs sent from this interface. Both the Hello authentication key and the Hello authentication type on a segment must match. The hello-authentication-type must be specified.

To configure the Hello authentication key in the interface context, use the hello-authentication-key in the config>router>isis>interface context.

To configure or override the Hello authentication key for a specific level, configure the hello-authentication-key in the config>router>isis>interface>level context.

If both IS-IS and hello-authentication are configured, Hello messages are validated using Hello authentication. If only IS-IS authentication is configured, it will be used to authenticate all IS-IS (including Hello) protocol PDUs.

When the Hello authentication key is configured in the config>router>isis>interface context, it applies to all levels configured for the interface.

The no form of this command removes the authentication-key from the configuration.

Parameters

authentication-key

Specifies the Hello authentication key (password). The key can be any combination of ASCII characters, up to 254 characters (un-encrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).

hash-key

Specifies the hash key. The key can be any combination of ASCII characters, up to 342 characters (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (" ”).

This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom

Specifies the custom encryption to management interface.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>isis>if>level hello-authentication-type)

[Tree] (config>service>vprn>isis>if hello-authentication-type)

Full Context

configure service vprn isis interface level hello-authentication-type

configure service vprn isis interface hello-authentication-type

Description

This command enables Hello authentication at either the interface or level context. Both the Hello authentication key and the Hello authentication type on a segment must match. The hello authentication-key statement must also be included.

To configure the Hello authentication type at the interface context, use hello-authentication-type in the config>router>isis>if context.

To configure or override the Hello authentication setting for a given level, configure the hello-authentication-type in the config>router>isis>if>level context.

The no form of this command disables Hello authentication.

Default

no hello-authentication-type — Hello authentication is disabled

Parameters

password

Specifies simple password (plain text) authentication is required.

message-digest

Specifies MD5 authentication in accordance with RFC 2104 (HMAC: Keyed-Hashing for Message Authentication) is required.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis>interface hello-authentication-type)

[Tree] (config>router>isis>if>level hello-authentication-type)

Full Context

configure router isis interface hello-authentication-type

configure router isis interface level hello-authentication-type

Description

This command enables Hello authentication at either the interface or level context. Both the Hello authentication key and the Hello authentication type on a segment must match. The hello authentication-key statement must also be included.

To configure the Hello authentication type at the interface context, use hello-authentication-type in the config>router>isis>interface context.

To configure or override the Hello authentication setting for a given level, configure the hello-authentication-type in the config>router>isis>interface>level context.

The no form of this command disables Hello authentication.

Parameters

password

Specifies simple password (plain text) authentication is required.

message-digest

Specifies MD5 authentication in accordance with RFC 2104 (HMAC: Keyed-Hashing for Message Authentication) is required.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>isis>if>level hello-interval)

[Tree] (config>router>isis>if>level hello-interval)

Full Context

configure service vprn isis interface level hello-interval

configure router isis interface level hello-interval

Description

This command configures the interval between IS-IS Hello PDUs issued on the interface at this level. The hello-interval, along with the hello-multiplier, is used to calculate a hold time, which is communicated to a neighbor in a Hello PDU.

The no form of this command reverts to the default value.

Default

3 – for designated intermediate system interfaces

9 – for non-designated intermediate system interfaces and point-to-point interfaces

Parameters

seconds

The Hello interval in seconds expressed as a decimal integer.

Values

1 to 20000

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>ospf>area>sham-link hello-interval)

[Tree] (config>service>vprn>ospf3>area>virtual-link hello-interval)

[Tree] (config>service>vprn>ospf3>area>if hello-interval)

[Tree] (config>service>vprn>ospf>area>virtual-link hello-interval)

[Tree] (config>service>vprn>ospf>area>if hello-interval)

Full Context

configure service vprn ospf area sham-link hello-interval

configure service vprn ospf3 area virtual-link hello-interval

configure service vprn ospf3 area interface hello-interval

configure service vprn ospf area virtual-link hello-interval

configure service vprn ospf area interface hello-interval

Description

This command configures the interval between OSPF Hello messages issued on the interface, virtual link, or sham-link.

The Hello interval, in combination with the dead-interval, is used to establish and maintain the adjacency. Use this parameter to edit the frequency that Hello packets are sent.

Reducing the interval, in combination with an appropriate reduction in the associated dead-interval, allows for faster detection of link and/or router failures at the cost of higher processing costs.

The no form of this command reverts to the default value.

Default

hello-interval 10 — a 10-second Hello interval

Parameters

seconds

The Hello interval in seconds expressed as a decimal integer.

Values

1 to 65535

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>pim>if hello-interval)

Full Context

configure service vprn pim interface hello-interval

Description

This command configures the frequency at which PIM Hello messages are transmitted on this interface.

The no form of this command resets the configuration to the default value.

Default

hello-interval 30

Parameters

hello-interval

Specifies the Hello interval in seconds. A 0 (zero) value disables the sending of Hello messages (the PIM neighbor will never timeout the adjacency).

Values

0 to 255 seconds

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>rsvp>interface hello-interval)

Full Context

configure router rsvp interface hello-interval

Description

This command configures the time interval between RSVP Hello messages.

RSVP Hello packets are used to detect loss of RSVP connectivity with the neighboring node. Hello packets detect the loss of neighbor far quicker than it would take for the RSVP session to time out based on the refresh interval. After the loss of the of number keep-multiplier consecutive Hello packets, the neighbor is declared to be in a down state.

The no form of this command reverts to the default value of the hello-interval. To disable sending hello messages, set the value to zero.

Default

hello-interval 3000

Parameters

milli-seconds

Specifies the RSVP Hello interval (in ms), in multiples of 1000. A 0 (zero) value disables the sending of RSVP Hello messages.

Values

0 to 60000 ms (in multiples of 1000)

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>pim>interface hello-interval)

Full Context

configure router pim interface hello-interval

Description

This command configures the frequency at which PIM Hello messages are transmitted on this interface.

The no form of this command resets the configuration to the default value.

Default

hello-interval 30

Parameters

hello-interval

Specifies the Hello interval in seconds. A 0 (zero) value disables the sending of Hello messages (the PIM neighbor will never timeout the adjacency).

Values

0 to 255 seconds

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ospf>area>virtual-link hello-interval)

[Tree] (config>router>ospf3>area>interface hello-interval)

[Tree] (config>router>ospf>area>interface hello-interval)

[Tree] (config>router>ospf3>area>virtual-link hello-interval)

Full Context

configure router ospf area virtual-link hello-interval

configure router ospf3 area interface hello-interval

configure router ospf area interface hello-interval

configure router ospf3 area virtual-link hello-interval

Description

This command configures the interval between OSPF Hellos issued on the interface or virtual link.

The Hello interval, in combination with the dead-interval, is used to establish and maintain the adjacency. Use this parameter to edit the frequency that Hello packets are sent.

Reducing the interval, in combination with an appropriate reduction in the associated dead-interval , allows for faster detection of link and/or router failures at the cost of higher processing costs.

The no form of this command reverts to the default value.

Default

hello-interval 10

Parameters

seconds

Specifies the Hello interval, in seconds, expressed as a decimal integer.

Values

1 to 65535

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>management-interface>remote-management hello-interval)

Full Context

configure system management-interface remote-management hello-interval

Description

This command configures the time interval between Hello messages sent from the SR OS node to the remote manager.

Default

hello-interval 10

Parameters

number

Specifies the Hello interval, in minutes.

Values

10 to 3600

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>isis>if>level hello-multiplier)

Full Context

configure service vprn isis interface level hello-multiplier

Description

This command configures the number of missing Hello messages from a neighbor before the router declares the adjacency down.

The no form of this command reverts to the default value.

Default

hello-multiplier 3

Parameters

multiplier

The multiplier for the Hello interval expressed as a decimal integer.

Values

2 to 100

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>pim>if hello-multiplier)

Full Context

configure service vprn pim interface hello-multiplier

Description

This command configures the multiplier to determine the hold time for a PIM neighbor on this interface.

The hello-multiplier in conjunction with the hello-interval determines the holdtime for a PIM neighbor.

Default

hello-multiplier 35

Parameters

deci-units

Specify the value, specified in multiples of 0.1, for the formula used to calculate the holdtime based on the hello-multiplier:

(hello-interval X hello-multiplier) / 10

This allows the PIMv2 default hello-multiplier of 3.5 and the default timeout of 105 seconds to be supported.

Values

20 to 100

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>pim>interface hello-multiplier)

Full Context

configure router pim interface hello-multiplier

Description

This command configures the multiplier to determine the holdtime for a PIM neighbor on this interface.

The hello-multiplier in conjunction with the hello-interval determines the holdtime for a PIM neighbor.

The no form of this command reverts to the default value.

Default

hello-multiplier 35

Parameters

deci-units

Specifies the value, in multiples of 0.1, for the formula used to calculate the holdtime based on the hello-multiplier:

(hello-interval X hello-multiplier) / 10

This allows the PIMv2 default hello-multiplier of 3.5 and the default timeout of 105 seconds to be supported.

Values

20 to 100

Default

35

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis>if>level hello-multiplier)

Full Context

configure router isis interface level hello-multiplier

Description

This command configures a Hello multiplier. The hello-multiplier, along with the hello-interval, is used to calculate a hold time, which is communicated to a neighbor in a Hello PDU.

The hold time is the time in which the neighbor expects to receive the next Hello PDU. If the neighbor receives a Hello within this time, the hold time is reset. If the neighbor does not receive a Hello within the hold time, it brings the adjacency down.

The no form of this command reverts to the default value.

Default

hello-multiplier 3

Parameters

multiplier

Specifies the multiplier for the Hello interval expressed as a decimal integer.

Values

2 to 100

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>isis hello-padding)

[Tree] (config>service>vprn>isis>if hello-padding)

[Tree] (config>service>vprn>isis>if>level hello-padding)

[Tree] (config>service>vprn>isis>level hello-padding)

Full Context

configure service vprn isis hello-padding

configure service vprn isis interface hello-padding

configure service vprn isis interface level hello-padding

configure service vprn isis level hello-padding

Description

This command enables the IS-IS Hello (IIH) message padding to ensure that IS-IS LSPs can traverse the link. When this option is enabled, IS-IS Hello messages are padded to the maximum LSP MTU value, which can be set with the lsp-mtu-size command. If link MTU is greater than the maximum LSP MTU value, padding to the link MTU is applied.

The no form of this command disables IS-IS Hello message padding at this level. However, the router may still perform Hello padding if it was set at a higher level in the configuration. To ensure that Hello message padding is disabled, set all levels of configuration to no hello-padding.

Default

no hello-padding

Parameters

adaptive

Specifies the adaptive padding option; this option is able to detect MTU asymmetry from one side of the connection but uses more overhead than loose padding.

• point-to-point interface—Hello PDUs are padded until the sender declares an adjacency on the link to be in the state up. If the implementation supports RFC 3373/5303, Three-Way Handshake for IS-IS Point-to-Point Adjacencies, then this is when the three-way state is up. If the implementation uses the "classic” algorithm described in ISO 10589, this is when the adjacency state is up. If the neighbor does not support the adjacency state TLV, then padding continues.

• broadcast interface—Padding starts until at least one adjacency is up on the interface.

loose

Specifies the loose padding option; the loose padding may not be able to detect certain conditions such as asymmetrical MTUs between the routing devices.

• point-to-point interface—the Hello packet is padded from the initial detection of a new neighbor until the adjacency transitions to the INIT state

• broadcast interface—padding starts until at least one adjacency (broadcast only has up/down) is up on the interface

none

Specifies that the Hello message padding is not enabled at this level, even if it is configured at one of the parent levels.

strict

Specifies the strict padding option.

• point-to-point interface—padding is done for all adjacency states, and is continuous. Strict padding has the most overhead but detects MTU issues on both sides of a link

• broadcast interface—padding is done for all adjacency states, and is continuous. Strict padding has the most overhead but detects MTU issues on both sides of a link

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis>level hello-padding)

[Tree] (config>router>isis>interface>level hello-padding)

[Tree] (config>router>isis>interface hello-padding)

[Tree] (config>router>isis hello-padding)

Full Context

configure router isis level hello-padding

configure router isis interface level hello-padding

configure router isis interface hello-padding

configure router isis hello-padding

Description

This command enables IS-IS Hello (IIH) message padding to ensure that IS-IS LSPs can traverse the link. When this option is enabled, IS-IS Hello messages are padded to the maximum LSP MTU value, which can be set with the lsp-mtu-size command. If link MTU is greater than the maximum LSP MTU value, padding to the link MTU is applied.

The no form of this command disables IS-IS Hello padding at this level. However, the router may still perform Hello padding if it was set at a higher level in the configuration. To ensure that Hello message padding is disabled, set all levels of configuration to no hello-padding.

Default

no hello-padding

Parameters

none

Specifies that the Hello message padding is not enabled at this level, even if it is configured at one of the parent levels.

adaptive

Specifies the adaptive padding option; this option is able to detect LSP MTU asymmetry from one side of the connection but uses more overhead than loose padding.

1. point-to-point interface—Hello PDUs are padded until the sender declares an adjacency on the link to be in state up. If the implementation supports RFC 3373/5303, "Three-Way Handshake for IS-IS Point-to- Point Adjacencies” then this is when the three-way state is Up. If the implementation use the "classic” algorithm described in ISO 10589, this is when adjacency state is Up. If the neighbor does not support the adjacency state TLV, then padding continues.

2. broadcast interface—Padding starts until at least one adjacency is up on the interface.

loose

Specifies the loose padding option; the loose padding may not be able to detect certain situations such as asymmetrical LSP MTUs between the routing devices.

1. point-to-point interface—The Hello packet is padded from the initial detection of a new neighbor until the adjacency transitions to the INIT state.

2. broadcast interface—Padding starts until there is at least one adjacency (broadcast only has up/down) is up on the interface.

strict

Specifies the strict padding option; this option is the most overhead-intensive but detects LSP MTU issues on both sides of a link.

1. point-to-point interface—Padding is done for all adjacency states, and is continuous.

2. broadcast interface—Padding is done for all adjacency states, and is continuous.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ldp>targ-session>peer-template hello-reduction)

[Tree] (config>router>ldp>targ-session>ipv6 hello-reduction)

[Tree] (config>router>ldp>targ-session>ipv4 hello-reduction)

[Tree] (config>router>ldp>targ-session>peer hello-reduction)

Full Context

configure router ldp targeted-session peer-template hello-reduction

configure router ldp targeted-session ipv6 hello-reduction

configure router ldp targeted-session ipv4 hello-reduction

configure router ldp targeted-session peer hello-reduction

Description

This command enables the suppression of periodic targeted Hello messages between LDP peers once the targeted LDP session is brought up.

When this feature is enabled, the target Hello adjacency is brought up by advertising the Hold-Time value the user configured in the " hello timeout” parameter for the targeted session. The LSR node will then start advertising an exponentially increasing Hold-Time value in the Hello message as soon as the targeted LDP session to the peer is up. Each new incremented Hold-Time value is sent in a number of Hello messages equal to the value of the argument factor, which represents the dampening factor, before the next exponential value is advertised. This provides time for the two peers to settle on the new value. When the Hold-Time reaches the maximum value of 0xffff (binary 65535), the two peers will send Hello messages at a frequency of every [(65535-1)/local helloFactor] seconds for the lifetime of the targeted-LDP session (for example, if the local Hello Factor is three (3), then Hello messages will be sent every 21844 seconds.

The LSR node continues to compute the frequency of sending the Hello messages based on the minimum of its local Hold-time value and the one advertised by its peer as in RFC 5036. Thus for the targeted LDP session to suppress the periodic Hello messages, both peers must bring their advertised Hold-Time to the maximum value. If one of the LDP peers does not, the frequency of the Hello messages sent by both peers will continue to be governed by the smaller of the two Hold-Time values.

When the user enables the Hello reduction option on the LSR node while the targeted LDP session to the peer is operationally up, the change will take effect immediately. In other words, the LSR node will start advertising an exponentially increasing Hold-Time value in the Hello message, starting with the current configured Hold-Time value.

When the user disables the Hello reduction option while the targeted LDP session to the peer is operationally up, the change in the Hold-Time from 0xffff (binary 65535) to the user configured value for this peer will take effect immediately. The local LSR will immediately advertise the value of the user configured Hold-Time value and will not wait until the next scheduled time to send a Hello to make sure the peer adjusts its local hold timeout value immediately.

In general, any configuration change to the parameters of the T-LDP Hello adjacency (modifying the Hello adjacency Hello Timeout or factor, enabling/disabling Hello reduction, or modifying Hello reduction factor) will cause the LSR node to trigger immediately an updated Hello message with the updated Hold Time value without waiting for the next scheduled time to send a Hello.

The no form of this command disables the Hello reduction feature.

Default

no hello-reduction

Parameters

factor

Specifies the integer that specifies the Hello reduction dampening factor.

Values

3 to20

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>stp hello-time)

[Tree] (config>service>template>vpls-template>stp hello-time)

Full Context

configure service vpls stp hello-time

configure service template vpls-template stp hello-time

Description

This command configures the Spanning Tree Protocol (STP) Hello time for the Virtual Private LAN Service (VPLS) STP instance.

The Hello time parameter defines the default timer value that controls the sending interval between BPDU configuration messages by this bridge, on ports where this bridge assumes the designated role.

The active Hello time for the spanning tree is determined by the root bridge (except when the STP is running in RSTP mode, then the Hello time is always taken from the locally configured parameter).

The configured hello-time can also be used to calculate the forward delay. See auto-edge ( config>service>vpls>sap>stp auto-edge, config>service>template>vpls-sap-template>stp auto-edge, config>service>vpls>spoke-sdp>stp auto-edge).

The no form of this command returns the Hello time to the default value.

Default

hello-time 2

Parameters

hello-time

The Hello time for the STP instance in seconds.

Values

1 to 10

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>sdp>keep-alive hello-time)

Full Context

configure service sdp keep-alive hello-time

Description

This command configures the time period between SDP keepalive messages on the SDP-ID for the SDP connectivity monitoring messages.

The no form of this command reverts the hello-time seconds value to the default setting.

Default

hello-time 10

Parameters

seconds

Specifies the time period in seconds between SDP keepalive messages, expressed as a decimal integer.

Values

1 to 3600

Platforms

7705 SAR Gen 2

Context

[Tree] (help)

Full Context

help

Description

This command provides a brief description of the help system. The following information is shown:

Help may be requested at any point by hitting a question mark '?'.
In case of an executable node, the syntax for that node will be displayed with an
explanation of all parameters.
In case of sub-commands, a brief description is provided.
Global Commands:
Help on global commands can be observed by issuing "help globals" at any time.
Editing Commands:
Help on editing commands can be observed by issuing "help edit" at any time.

Parameters

help

Displays a brief description of the help system.

edit

Displays help on editing.

Available editing keystrokes:

Delete current character.....................Ctrl-d
Delete text up to cursor.....................Ctrl-u
Delete text after cursor.....................Ctrl-k
Move to beginning of line....................Ctrl-a
Move to end of line..........................Ctrl-e
Get prior command from history...............Ctrl-p
Get next command from history................Ctrl-n
Move cursor left.............................Ctrl-b
Move cursor right............................Ctrl-f
Move back one word...........................Esc-b
Move forward one word........................Esc-f
Convert rest of word to uppercase............Esc-c
Convert rest of word to lowercase............Esc-l
Delete remainder of word.....................Esc-d
Delete word up to cursor.....................Ctrl-w
Transpose current and previous character.....Ctrl-t
Enter command and return to root prompt......Ctrl-z
Refresh input line...........................Ctrl-l

global

Displays help on global commands.

Available global commands:

back            - Go back a level in the command tree
echo            - Echo the text that is typed in
exec            - Execute a file - use -echo to show the commands and
                  prompts on the screen
exit            - Exit to intermediate mode - use option all to exit to
                  root prompt
help            - Display help
history         - Show command history
info            - Display configuration for the present node
logout          - Log off this system
oam             + OAM Test Suite
ping            - Verify the reachability of a remote host
pwc             - Show the present working context
sleep           - Sleep for specified number of seconds
ssh             - SSH to a host
telnet          - Telnet to a host
traceroute      - Determine the route to a destination address
tree            - Display command tree structure from the context of
                  execution
write           - Write text to another user

special-characters

Displays help on special characters.

Use the following CLI commands to display more information about commands and command syntax:

?

Lists all commands in the current context.

string?

Lists all commands available in the current context that start with the string.

command ?

Displays command’s syntax and associated keywords.

string<Tab> or string<Space>

Completes a partial command name (auto-completion) or lists available commands that match the string.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>isis>graceful-restart helper-disable)

Full Context

configure service vprn isis graceful-restart helper-disable

Description

This command disables helper support for IS-IS graceful restart (GR).

When graceful-restart is enabled, the router can be a helper (that is, the router is helping a neighbor to restart), a restarting router, or both. The router only supports the helper mode. It will not act as a restarting router, because the high availability feature set already preserves IS-IS forwarding information such that this functionality is not needed.

The no helper-disable command enables helper support and is the default when graceful restart is enabled.

Default

no helper-disable

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>ospf>graceful-restart helper-disable)

[Tree] (config>service>vprn>ospf3>graceful-restart helper-disable)

Full Context

configure service vprn ospf graceful-restart helper-disable

configure service vprn ospf3 graceful-restart helper-disable

Description

This command disables helper support for OSPF graceful restart (GR).

When graceful-restart is enabled, the router can be a helper (that is, the router is helping a neighbor to restart), a restarting router, or both. The router only supports helper mode. It will not act as a restarting router, because the high availability feature set already preserves OSPF forwarding information such that this functionality is not needed.

The no helper-disable command enables helper support and is the default when graceful restart is enabled.

Default

no helper-disable

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis>graceful-restart helper-disable)

Full Context

configure router isis graceful-restart helper-disable

Description

This command disables helper support for IS-IS graceful restart (GR).

When graceful-restart is enabled, the router can be a helper (that is, the router is helping a neighbor to restart), a restarting router, or both. The router only supports the helper mode. It will not act as a restarting router, because the high availability feature set already preserves IS-IS forwarding information so that this functionality is not needed.

The no form of this command enables helper support and is the default when graceful restart is enabled.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ospf3>graceful-restart helper-disable)

[Tree] (config>router>ospf>graceful-restart helper-disable)

Full Context

configure router ospf3 graceful-restart helper-disable

configure router ospf graceful-restart helper-disable

Description

This command disables helper support for OSPF graceful restart (GR).

When graceful-restart is enabled, the router can be a helper (that is, the router is helping a neighbor to restart), a restarting router, or both. The router only supports the helper mode. It will not act as a restarting router because the high availability feature set already preserves OSPF forwarding information so that this functionality is not needed.

The no form of this command enables helper support and is the default when graceful-restart is enabled.

Default

no helper-disable

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>bgp>group>neighbor>graceful-restart>long-lived helper-override-restart-time)

[Tree] (config>service>vprn>bgp>group>graceful-restart>long-lived helper-override-restart-time)

[Tree] (config>service>vprn>bgp>graceful-restart>long-lived helper-override-restart-time)

Full Context

configure service vprn bgp group neighbor graceful-restart long-lived helper-override-restart-time

configure service vprn bgp group graceful-restart long-lived helper-override-restart-time

configure service vprn bgp graceful-restart long-lived helper-override-restart-time

Description

This command overrides the restart-time advertised by a peer (in its GR capability) with a locally-configured value. This override applies only to AFI/SAFI that were included in the GR capability of the peer. The restart-time is always zero for AFI/SAFI not included in the GR capability. This command is useful if the local router wants to force LLGR phase to begin after a set time for all protected AFI/SAFI.

By default, the restart time for all AFI/SAFI in the GR capability is the value signaled by the peer.

Default

no helper-override-restart-time

Parameters

seconds

The locally-imposed restart time for all AFI/SAFI included in the peer’s GR capability.

Values

0 to 4095

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>group>neighbor>graceful-restart>long-lived helper-override-restart-time)

[Tree] (config>router>bgp>graceful-restart>long-lived helper-override-restart-time)

[Tree] (config>router>bgp>group>graceful-restart>long-lived helper-override-restart-time)

Full Context

configure router bgp group neighbor graceful-restart long-lived helper-override-restart-time

configure router bgp graceful-restart long-lived helper-override-restart-time

configure router bgp group graceful-restart long-lived helper-override-restart-time

Description

This command overrides the restart-time advertised by a peer (in its GR capability) with a locally-configured value. This override applies only to AFI/SAFI that were included in the GR capability of the peer. The restart-time is always zero for AFI/SAFI not included in the GR capability. This command is useful if the local router wants to force LLGR phase to begin after a set time for all protected AFI/SAFI.

By default, the restart time for all AFI/SAFI in the GR capability is the value signaled by the peer.

Default

no helper-override-restart-time

Parameters

seconds

The locally-imposed restart time for all AFI/SAFI included in the peer’s GR capability.

Values

0 to 4095

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>bgp>group>neighbor>graceful-restart>long-lived>family helper-override-stale-time)

[Tree] (config>service>vprn>bgp>group>graceful-restart>long-lived helper-override-stale-time)

[Tree] (config>service>vprn>bgp>graceful-restart>long-lived helper-override-stale-time)

[Tree] (config>service>vprn>bgp>group>neighbor>graceful-restart>long-lived helper-override-stale-time)

[Tree] (config>service>vprn>bgp>group>graceful-restart>long-lived>family helper-override-stale-time)

[Tree] (config>service>vprn>bgp>graceful-restart>long-lived>family helper-override-stale-time)

Full Context

configure service vprn bgp group neighbor graceful-restart long-lived family helper-override-stale-time

configure service vprn bgp group graceful-restart long-lived helper-override-stale-time

configure service vprn bgp graceful-restart long-lived helper-override-stale-time

configure service vprn bgp group neighbor graceful-restart long-lived helper-override-stale-time

configure service vprn bgp group graceful-restart long-lived family helper-override-stale-time

configure service vprn bgp graceful-restart long-lived family helper-override-stale-time

Description

This command overrides the LLGR stale-time advertised by a peer (in its LLGR capability) with a locally-configured value. When configured in the long-lived configuration context, helper-override-stale-time applies to all AFI/SAFI in the advertised LLGR capability except for any AFI/SAFI with a family-specific override. A family-specific override is configured with the helper-override-stale-time command in a family context.

By default, the LLGR stale-time for an AFI/SAFI is the value signaled by the peer in the corresponding AFI/SAFI part of the LLGR capability.

Default

no helper-override-stale-time

Parameters

seconds

Specifies the locally imposed LLGR stale time in seconds.

Values

0 to 16777215

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>group>neighbor>graceful-restart>long-lived>family helper-override-stale-time)

[Tree] (config>router>bgp>graceful-restart>long-lived helper-override-stale-time)

[Tree] (config>router>bgp>group>graceful-restart>long-lived helper-override-stale-time)

[Tree] (config>router>bgp>graceful-restart>long-lived>family helper-override-stale-time)

[Tree] (config>router>bgp>group>graceful-restart>long-lived>family helper-override-stale-time)

[Tree] (config>router>bgp>group>neighbor>graceful-restart>long-lived helper-override-stale-time)

Full Context

configure router bgp group neighbor graceful-restart long-lived family helper-override-stale-time

configure router bgp graceful-restart long-lived helper-override-stale-time

configure router bgp group graceful-restart long-lived helper-override-stale-time

configure router bgp graceful-restart long-lived family helper-override-stale-time

configure router bgp group graceful-restart long-lived family helper-override-stale-time

configure router bgp group neighbor graceful-restart long-lived helper-override-stale-time

Description

This command overrides the LLGR stale-time advertised by a peer (in its LLGR capability) with a locally-configured value. When configured in the long-lived configuration context, helper-override-stale-time applies to all AFI/SAFI in the advertised LLGR capability except for any AFI/SAFI with a family-specific override. A family-specific override is configured with the helper-override-stale-time command in a family context.

By default, the LLGR stale-time for an AFI/SAFI is the value signaled by the peer in the corresponding AFI/SAFI part of the LLGR capability.

Default

no helper-override-stale-time

Parameters

seconds

Specifies the locally imposed LLGR stale time in seconds.

Values

0 to 16777215

Platforms

7705 SAR Gen 2

Context

[Tree] (config>qos>sap-egress>queue>drop-tail high)

Full Context

configure qos sap-egress queue drop-tail high

Description

Commands in this context configure the queue high drop tail parameters. The high drop tail defines the queue depth beyond which in-profile packets will not be accepted into the queue and will be discarded.

Platforms

7705 SAR Gen 2

Context

[Tree] (cfg>qos>qgrps>egr>qgrp>queue>drop-tail high)

Full Context

configure qos queue-group-templates egress queue-group queue drop-tail high

Description

Commands in this context configure the queue high drop-tail parameters. The high drop tail defines the queue depth beyond which in-profile packets will not be accepted into the queue and will be discarded.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>queue>i-counters high-octets-discarded-count)

[Tree] (config>log>acct-policy>cr>ref-queue>i-counters high-octets-discarded-count)

Full Context

configure log accounting-policy custom-record queue i-counters high-octets-discarded-count

configure log accounting-policy custom-record ref-queue i-counters high-octets-discarded-count

Description

This command includes the high octets discarded count.

The no form of this command excludes the high octets discarded count.

Default

no high-octets-discarded-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>ref-queue>i-counters high-octets-offered-count)

[Tree] (config>log>acct-policy>cr>queue>i-counters high-octets-offered-count)

Full Context

configure log accounting-policy custom-record ref-queue i-counters high-octets-offered-count

configure log accounting-policy custom-record queue i-counters high-octets-offered-count

Description

This command includes the high octets offered count.

The no form of this command excludes the high octets offered count.

Default

no high-octets-offered-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>ref-queue>i-counters high-packets-discarded-count)

[Tree] (config>log>acct-policy>cr>queue>i-counters high-packets-discarded-count)

Full Context

configure log accounting-policy custom-record ref-queue i-counters high-packets-discarded-count

configure log accounting-policy custom-record queue i-counters high-packets-discarded-count

Description

This command includes the high packets discarded count.

The no form of this command excludes the high packets discarded count.

Default

no high-packets-discarded-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>queue>i-counters high-packets-offered-count)

[Tree] (config>log>acct-policy>cr>ref-queue>i-counters high-packets-offered-count)

Full Context

configure log accounting-policy custom-record queue i-counters high-packets-offered-count

configure log accounting-policy custom-record ref-queue i-counters high-packets-offered-count

Description

This command includes the high packets offered count.

The no form of this command excludes the high packets offered count.

Default

no high-packets-offered-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>qos>sap-egress>policer high-prio-only)

[Tree] (config>qos>sap-ingress>policer high-prio-only)

Full Context

configure qos sap-egress policer high-prio-only

configure qos sap-ingress policer high-prio-only

Description

This command is used to configure the percentage of the policer’s PIR leaky bucket's MBS (maximum burst size) that is reserved for high-priority traffic. While the mbs value defines the policer’s high-priority violate threshold, the percentage value defined is applied to the mbs value to derive the bucket’s low-priority violate threshold. See the mbs command details for information about which types of traffic are associated with each violate threshold.

Parameters

percent-of-mbs

The percent-of-mbs parameter is required when specifying high-prio-only and is expressed as a percentage.

Values

0 to 100

Default

10

Platforms

7705 SAR Gen 2

Context

[Tree] (config>qos>qgrps>egr>qgrp>policer high-prio-only)

[Tree] (config>qos>qgrps>ing>qgrp>policer high-prio-only)

Full Context

configure qos queue-group-templates egress queue-group policer high-prio-only

configure qos queue-group-templates ingress queue-group policer high-prio-only

Description

This command is used to configure the percentage of the policer’s PIR leaky bucket's MBS (maximum burst size) that is reserved for high-priority traffic. While the mbs value defines the policer’s high-priority violate threshold, the percentage value defined is applied to the mbs value to derive the bucket’s low-priority violate threshold. See the mbs command details for information on which types of traffic is associated with each violate threshold.

Parameters

percent-of-mbs

The percent-of-mbs parameter is required when specifying high-prio-only and is expressed as a percentage.

Values

0 to 100

Default

10

Platforms

7705 SAR Gen 2

Context

[Tree] (config>qos>sap-egress>queue>drop-tail highplus)

Full Context

configure qos sap-egress queue drop-tail highplus

Description

Commands in this context configure the queue highplus drop tail parameters. The highplus drop tail defines the queue depth beyond which inplus-profile packets will not be accepted into the queue and will be discarded.

Platforms

7705 SAR Gen 2

Context

[Tree] (cfg>qos>qgrps>egr>qgrp>queue>drop-tail highplus)

Full Context

configure qos queue-group-templates egress queue-group queue drop-tail highplus

Description

Commands in this context configure the queue highplus drop-tail parameters. The highplus drop tail defines the queue depth beyond which inplus-profile packets will not be accepted into the queue and will be discarded.

Platforms

7705 SAR Gen 2

Context

[Tree] (history)

Full Context

history

Description

This command lists the last 30 commands entered in this session.

Re-execute a command in the history with the !n command, where n is the line number associated with the command in the history output.

Example:

A:ALA-1# history
  68 info
  69 exit
  70 info
  71 filter
  72 exit all
  73 configure
  74 router
  75 info
  76 interface "test"
  77 exit
  78 reduced-prompt
  79 info
  80 interface "test"
  81 icmp unreachables exit all
  82 exit all
  83 reduced-prompt
  84 configure router
  85 interface
  86 info
  87 interface "test"
  88 info
  89 reduced-prompt
  90 exit all
  91 configure
  92 card 1
  93 card-type
  94 exit
  95 router
  96 exit
  97 history
A:ALA-1# !91
A:ALA-1# configure
A:ALA-1>config#

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>management-interface>cli>md-cli>environment history)

Full Context

configure system management-interface cli md-cli environment history

Description

Commands in this context configure the command history.

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>system>nsp-proxy history)

Full Context

debug system nsp-proxy history

Description

This command enables the NSP proxy history for debugging purposes.

The no form of this command disables the NSP proxy history.

Default

no history

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>password history-size)

Full Context

configure system security password history-size

Description

Configure how many previous passwords a new password is matched against.

Default

history-size 0

Parameters

size

Specifies how many previous passwords a new password is matched against.

Values

0 to 20

Platforms

7705 SAR Gen 2

Context

[Tree] (config>oam-pm>session>ip>twamp-light>loss-events hli-event)

Full Context

configure oam-pm session ip twamp-light loss-events hli-event

Description

This command sets the high loss interval (HLI) threshold to be monitored and the associated thresholds using the counter of the specified direction. The aggregate is a function of summing forward and backward. This value is only used as a threshold mechanism and is not part of the stored statistics. If the optional clear clear-threshold parameter is not specified, the traffic crossing alarm is stateless. Stateless means the state is not carried forward to other measurement intervals. Each measurement interval is analyzed independently and regardless of any previous window. Each unique event can only be raised once within measurement interval. If the optional clear clear-threshold parameter is specified, the traffic crossing alarm uses stateful behavior. Stateful means each unique previous event state is carried forward to following measurement intervals. If a threshold crossing event is raised another is raised until a measurement interval completes and the clear threshold has not been exceeded. A clear event is raised under that condition.

The no form of this command removes the event threshold for frame loss ratio. The direction must be included with the no command.

Default

no hli-event forward

no hli-event backward

no hli-event aggregate

Parameters

forward

Specifies the threshold is applied to the forward direction count.

backward

Specifies the threshold is applied to the backward direction count.

aggregate

Specifies the threshold is applied to the aggregate count (sum of forward and backward).

raise-threshold

Specifies the rising threshold that determines when the event is to be generated, when the percentage of loss value is reached.

Values

1 to 864000

clear-threshold

Specifies an optional value used for stateful behavior that allows the operator to configure a percentage of loss value lower than the rising percentage to indicate when the clear event should be generated.

Values

0 to 863999

A value of zero means that the HLI counter must be 0.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>oam-pm>session>ip>twamp-light>loss hli-force-count)

Full Context

configure oam-pm session ip twamp-light loss hli-force-count

Description

This command allows High Loss Interval (HLI) and Consecutive High Loss Interval (CHLI) counters to increment regardless of availability. Without this command, HLI and CHLI counters can only increment during times of availability, which includes undetermined availability. During times of complete packet loss, the forward direction HLI is marked as high loss. The backward direction is not marked as high loss during times of complete packet loss.

The no form of this command configures HLI and CHLI counters to increment during times of availability only.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>vrrp>policy>priority-event>lag-port-down hold-clear)

[Tree] (config>vrrp>policy>priority-event>route-unknown hold-clear)

[Tree] (config>vrrp>policy>priority-event>port-down hold-clear)

[Tree] (config>vrrp>policy>priority-event>mc-ipsec-non-forwarding hold-clear)

[Tree] (config>vrrp>policy>priority-event>host-unreachable hold-clear)

Full Context

configure vrrp policy priority-event lag-port-down hold-clear

configure vrrp policy priority-event route-unknown hold-clear

configure vrrp policy priority-event port-down hold-clear

configure vrrp policy priority-event mc-ipsec-non-forwarding hold-clear

configure vrrp policy priority-event host-unreachable hold-clear

Description

This command configures the hold clear time for the event. The seconds parameter specifies the hold-clear time, the amount of time in seconds by which the effect of a cleared event on the associated virtual router instance is delayed.

The hold-clear time is used to prevent black hole conditions when a virtual router instance advertises itself as a master before other conditions associated with the cleared event have had a chance to enter a forwarding state.

Default

no hold-clear

Parameters

seconds

Specifies the amount of time in seconds by which the effect of a cleared event on the associated virtual router instance is delayed.

Values

0 to 86400

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>stp hold-count)

[Tree] (config>service>template>vpls-template>stp hold-count)

Full Context

configure service vpls stp hold-count

configure service template vpls-template stp hold-count

Description

This command configures the peak number of BPDUs that can be transmitted in a period of one second.

The no form of this command returns the hold count to the default value

Default

hold-count 6

Parameters

BPDU tx hold count

The hold count for the STP instance in seconds

Values

1 to 10

Platforms

7705 SAR Gen 2

Context

[Tree] (config>aaa>radius-srv-plcy>servers hold-down-time)

Full Context

configure aaa radius-server-policy servers hold-down-time

Description

This command determines the interval during which no new communication attempts are made to a RADIUS server that is marked down to prevent immediately overloading the server when it is starting up. The only exception is when all servers in the authentication policy are marked down; in that case, they will all be used again to prevent failures on new client connections.

The no form of this command reverts to the default.

Default

hold-down-time sec 30

Parameters

days

Specifies the hold time in days before re-using a RADIUS server that was down.

Values

1 to 1

hours

Specifies the hold time in hours before re-using a RADIUS server that was down.

Values

1 to 23

minutes

Specifies the hold time in minutes before re-using a RADIUS server that was down.

Values

1 to 59

seconds

Specifies the hold time in seconds before re-using a RADIUS server that was down.

Values

1 to 59

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>sdp>keep-alive hold-down-time)

Full Context

configure service sdp keep-alive hold-down-time

Description

This command configures the minimum time period the SDP will remain in the operationally down state in response to SDP keepalive monitoring.

This parameter can be used to prevent the SDP operational state from "flapping” by rapidly transitioning between the operationally up and operationally down states based on keepalive messages.

When an SDP keepalive response is received that indicates an error condition or the max-drop-count keepalive messages receive no reply, the sdp-id will immediately be brought operationally down. If a keepalive response is received that indicates the error has cleared, the sdp-id will be eligible to be put into the operationally up state only after the hold-down-time interval has expired.

The no form of this command reverts the hold-down-time seconds value to the default setting.

Default

hold-down-time 10

Parameters

seconds

Specifies time, in seconds, expressed as a decimal integer. The SDP ID will remain in the operationally down state before it is eligible to enter the operationally up state. A value of 0 indicates that no hold-down-time will be enforced for SDP ID.

Values

0 to 3600

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>segment-routing>maintenance-policy hold-down-timer)

Full Context

configure router segment-routing maintenance-policy hold-down-timer

Description

This command configures the hold down timer for SR policy candidate paths.

This command is intended to prevent bouncing of the SR policy path state if one or more S-BFD sessions associated with segment lists flap and therefore cause the threshold to be repeatedly crossed in a short period of time. It is started when the number of up S-BFD sessions drops below the threshold. The SR policy path is not considered to be up again until the hold down timer has expired and the number of up S-BFD sessions equals or exceeds the threshold and the internal hold timer is not running.

The no form of this command reverts to the default.

Default

hold-down-timer 0

Parameters

hold-down-timer

Specifies the hold-down timer, in deciseconds, in 10ms steps.

Values

0 to 5000

Platforms

7705 SAR Gen 2

Context

[Tree] (config>redundancy>multi-chassis>peer>mc-lag hold-on-neighbor-failure)

Full Context

configure redundancy multi-chassis peer mc-lag hold-on-neighbor-failure

Description

This command specifies the interval that the standby node will wait for packets from the active node before assuming a redundant-neighbor node failure. This delay in switch-over operation is required to accommodate different factors influencing node failure detection rate, such as IGP convergence, or HA switch-over times and to prevent the standby node to act prematurely.

The no form of this command reverts to the default.

Default

hold-on-neighbor-failure 3

Parameters

multiplier

Specifies the time interval that the standby node waits for packets from the active node before assuming a redundant-neighbor node failure.

Values

2 to 25

Platforms

7705 SAR Gen 2

Context

[Tree] (config>redundancy>multi-chassis>peer>mc-ep hold-on-neighbor-failure)

Full Context

configure redundancy multi-chassis peer mc-endpoint hold-on-neighbor-failure

Description

This command specifies the number of keep-alive intervals that the local node will wait for packets from the MC-EP peer before assuming failure. After this time interval passed the all the mc-endpoints configured under services will revert to single chassis behavior, activating the best local pseudowire.

The no form of this command sets the multiplier to default value

Default

no hold-on-neighbor-failure

Parameters

multiplier

Specifies the hold time applied on neighbor failure.

Values

2 to 25

Platforms

7705 SAR Gen 2

Context

[Tree] (config>redundancy>multi-chassis>peer>mc-ipsec hold-on-neighbor-failure)

Full Context

configure redundancy multi-chassis peer mc-ipsec hold-on-neighbor-failure

Description

This command specifies the number of keep-alive failures before the peer is considered to be down.

The no form of this command reverts to the default.

Default

hold-on-neighbor-failure 3

Parameters

multiplier

Specifies the hold time applied on the neighbor failure.

Values

2 to 25

Platforms

7705 SAR Gen 2

Context

[Tree] (config>vrrp>policy>priority-event>host-unreachable hold-set)

[Tree] (config>vrrp>policy>priority-event>mc-ipsec-non-forwarding hold-set)

[Tree] (config>vrrp>policy>priority-event>lag-port-down hold-set)

[Tree] (config>vrrp>policy>priority-event>port-down hold-set)

[Tree] (config>vrrp>policy>priority-event>route-unknown hold-set)

Full Context

configure vrrp policy priority-event host-unreachable hold-set

configure vrrp policy priority-event mc-ipsec-non-forwarding hold-set

configure vrrp policy priority-event lag-port-down hold-set

configure vrrp policy priority-event port-down hold-set

configure vrrp policy priority-event route-unknown hold-set

Description

This command specifies the amount of time that must pass before the set state for a VRRP priority control event can transition to the cleared state to dampen flapping events. A flapping event continually transitions between clear and set.

The hold-set command is used to dampen the effect of a flapping event. The hold-set value is loaded into a hold-set timer that prevents a set event from transitioning to the cleared state until it expires.

Each time an event transitions between cleared and set, the timer is loaded and begins a countdown to zero. When the timer reaches zero, the event is allowed to enter the cleared state. Entering the cleared state is dependent on the object controlling the event, conforming to the requirements defined in the event itself. It is possible, on some event types, to have another set action reload the hold-set timer. This extends the amount of time that must expire before entering the cleared state.

Once the hold-set timer expires and the event meets the cleared state requirements or is set to a lower threshold, the current set effect on the virtual router instances in-use priority can be removed. As with lag-port-down events, this may be a decrease in the set effect if the clearing amounts to a lower set threshold.

The hold-set command can be executed at any time. If the hold-set timer value is configured larger than the new seconds setting, the timer is loaded with the new hold-set value.

The no form of the command disables the hold timer so that event transitions are processed immediately.

Default

no hold-set

Parameters

seconds

The number of seconds that the hold-set timer waits after an event enters a set state or enters a higher threshold set state, depending on the event type.

The value of 0 disables the hold-set timer, preventing any delay in processing lower set thresholds or cleared events.

Values

0 to 86400

Platforms

7705 SAR Gen 2

Context

[Tree] (config>port>ethernet hold-time)

Full Context

configure port ethernet hold-time

Description

This command configures port link dampening timers which reduce the number of link transitions reported to upper layer protocols. The hold-time value dampens interface transitions.

When an interface transitions from an up state to a down state, it is immediately advertised to the rest of the system if the hold-time down interval is zero, but if the hold-time down interval is greater than zero, interface down transitions are not advertised to upper layers until the hold-time down interval has expired. Likewise, an interface is immediately advertised as up to the rest of the system if the hold-time up interval is zero, but if the hold-time up interval is greater than zero, up transitions are not advertised until the hold-time up interval has expired.

For ESM SRRP setup, MCS synchronizes subscriber information between the two chassis. After a chassis recovers from a power reset/down, MCS immediately synchronizes all subscriber information at once. The longer the host list, the longer it will take to synchronize the chassis. In a fully populated chassis, it is recommended to allow at least 45 minutes for MCS synchronization. It is also recommended to hold the port down, facing the subscriber, on the recovering chassis for 45 minutes before it is allowed to forward traffic again.

The no form of this command reverts to the default values.

Default

down 0 seconds — No port link down dampening is enabled; link down transitions are immediately reported to upper layer protocols.

up 0 seconds — No port link up dampening is enabled; link up transitions are immediately reported to upper layer protocols.

Parameters

hold-time-up

The delay, in seconds or centiseconds, after which to notify the upper layers when an interface transitions from a down state to an up state.

Values

0 to 36000 seconds, 0 or 10 to 3600000 centiseconds in 5 centisecond increments

hold-time-down

The delay, in seconds or centiseconds, after which to notify the upper layers when an interface transitions from an up state to a down state.

Values

0 to 36000 seconds, 0 or 10 to 3600000 centiseconds in 5 centisecond increments

seconds | centiseconds

Specifies the hold time units as seconds or centiseconds.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>lag hold-time)

Full Context

configure lag hold-time

Description

This command specifies the timer, in tenths of seconds, which controls the delay between detecting that a LAG is down (all active ports are down) and reporting it to the higher levels.

A non-zero value can be configured, for example, when active/standby signaling is used in a 1:1 fashion to avoid informing higher levels during the small time interval between detecting that the LAG is down and the time needed to activate the standby link.

Default

no hold-time

Parameters

hold-down-time

Specifies the hold-time for event reporting.

Values

0 to 2000

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>interface hold-time)

[Tree] (config>service>ies>interface hold-time)

[Tree] (config>service>vprn>network-interface hold-time)

[Tree] (config>service>vprn>interface hold-time)

[Tree] (config>router>if hold-time)

Full Context

configure service vpls interface hold-time

configure service ies interface hold-time

configure service vprn network-interface hold-time

configure service vprn interface hold-time

configure router interface hold-time

Description

This command creates the CLI context to configure interface level hold-up and hold-down timers for the associated IP interface.

The up timer controls a delay for the associated IPv4 or IPv6 interface so that the system will delay the deactivation of the associated interface for the specified amount of time.

The down timer controls a delay for the associated IPv4 or IPv6 interface so that the system will delay the activation of the associated interface for the specified amount of time

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>bgp hold-time)

[Tree] (config>service>vprn>bgp>group hold-time)

[Tree] (config>service>vprn>bgp>group>neighbor hold-time)

Full Context

configure service vprn bgp hold-time

configure service vprn bgp group hold-time

configure service vprn bgp group neighbor hold-time

Description

This command configures the BGP hold time, expressed in seconds.

The BGP hold time specifies the maximum time BGP waits between successive messages (either keepalive or update) from its peer, before closing the connection. This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used.

Even though the router OS implementation allows setting the keepalive (config>service>vprn>bgp keepalive, config>service>vprn>bgp>group keepalive, config>service>vprn>bgp>group>neighbor keepalive) time separately, the configured keepalive timer is overridden by the hold-time value under the following circumstances:

• If the specified hold-time is less than the configured keepalive time, then the operational keepalive time is set to a third of the hold-time; the configured keepalive time is not changed.

• If the hold-time is set to zero, then the operational value of the keepalive time is set to zero; the configured keepalive time is not changed. This means that the connection with the peer is up permanently and no keepalive packets are sent to the peer.

The no form of this command used at the global level reverts to the default value.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default

hold-time 90

Parameters

seconds

Specifies the hold-time, in seconds, expressed as a decimal integer. A value of 0 indicates the connection to the peer is up permanently.

Values

0, 3 to 65535

seconds2

Specifies the minimum hold-time that is accepted for the session. If the peer proposes a hold-time lower than this value the session attempt is rejected.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>oper-group hold-time)

Full Context

configure service oper-group hold-time

Description

Commands in this context configure hold time information.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>group hold-time)

[Tree] (config>router>bgp hold-time)

[Tree] (config>router>bgp>group>neighbor hold-time)

Full Context

configure router bgp group hold-time

configure router bgp hold-time

configure router bgp group neighbor hold-time

Description

This command configures the BGP hold time, expressed in seconds.

The BGP hold time specifies the maximum time BGP waits between successive messages (either keepalive or update) from its peer, before closing the connection. This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used.

Even though the implementation allows setting the keepalive time separately, the configured keepalive timer is overridden by the hold-time value under the following circumstances:

• If the specified hold-time is less than the configured keepalive time, then the operational keepalive time is set to a third of the hold-time; the configured keepalive time is not changed.

• If the hold-time is set to zero, then the operational value of the keepalive time is set to zero; the configured keepalive time is not changed. This means that the connection with the peer is up permanently and no keepalive packets are sent to the peer.

The no form of this command used at the global level reverts to the default value.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default

hold-time 90

Parameters

seconds

Specifies the hold-time, in seconds, expressed as a decimal integer. A value of 0 indicates the connection to the peer is up permanently.

Values

0, 3 to 65535

min seconds2

Specifies the minimum hold-time that will be accepted for the session. If the peer proposes a hold-time lower than this value, the session attempt will be rejected.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls hold-timer)

Full Context

configure router mpls hold-timer

Description

This command specifies the amount of time that the ingress node holds before programming its data plane and declaring the LSP up to the service module. This occurs anytime the ingress node brings up an LSP path or switches traffic from a working path to another working path of the same LSP.

The no form of this command reverts to the default value.

Default

no hold-timer

Parameters

seconds

Specifies the time (in seconds), for which the ingress node holds before programming its data plane and declaring the LSP up to the service module.

Values

0 to 1000

Default

1

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>rip holddown)

Full Context

debug router rip holddown

Description

This command enables debugging for RIP holddowns.

Parameters

ip-int-name | ip-address

Debugs the RIP holddowns sent on the neighbor IP address or interface.

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>ripng holddown)

Full Context

debug router ripng holddown

Description

This command enables debugging for RIPng holddowns.

Parameters

ip-int-name| ipv6-address

Debugs the RIPng holddowns sent on the neighbor IP address or interface.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>pim>rp>ipv6>rp-candidate holdtime)

[Tree] (config>service>vprn>pim>rp>rp-candidate holdtime)

Full Context

configure service vprn pim rp ipv6 rp-candidate holdtime

configure service vprn pim rp rp-candidate holdtime

Description

This command specifies the length of time a neighbor considers the sending router to be operationally up.

The no form of this command reverts to the default value.

Default

holdtime 150

Parameters

holdtime

Specifies the length of time, in seconds, that a neighbor should consider the sending router to be operational.

Values

5 to 255

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>pim>rp>rp-candidate holdtime)

[Tree] (config>router>pim>rp>ipv6>rp-candidate holdtime)

Full Context

configure router pim rp rp-candidate holdtime

configure router pim rp ipv6 rp-candidate holdtime

Description

This command configures the length of time, in seconds, that neighbors should consider the sending router to be operationally up. A local RP cannot be configured on a logical router.

The no form of this command reverts to the default value.

Default

holdtime 150

Parameters

holdtime

Specifies the hold time, in seconds.

Values

5 to 255

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>user home-directory)

[Tree] (config>system>security>user-template home-directory)

Full Context

configure system security user home-directory

configure system security user-template home-directory

Description

This command configures the home directory of the user for file access. Files can be accessed locally by CLI file commands and output modifiers such as > (file redirect), or remotely via FTP and SCP. If the home directory does not exist, a warning message is displayed when the user logs in.

When restricted-to-home is configured, file access is denied unless the home-directory is configured and the directory is created by an administrator.

The no form of this command removes the configured home directory of the user. The directory must be also removed by the administrator.

Default

no home-directory

Parameters

url-prefix [directory] [directory/directory ..]

Specifies the local home directory URL prefix of the user and directory structure, up to 200 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls>path hop)

Full Context

configure router mpls path hop

Description

This command specifies the hops that the LSP should traverse on its way to the egress router. When specified, the IP address can be the interface IP address, a loopback interface address, or the system IP address. If a loopback interface or the system IP address is specified then the LSP can choose the best available interface.

When an IPv6 hop is specified, the interface IP address must be a global unicast IPv6 address. A link-local address is not allowed and is rejected in the configuration if attempted.

Optionally, the LSP ingress and egress IP address can be included as the first and the last hop. A hop list can include the ingress interface IP address, the system IP address, and the egress IP address of any of the hops being specified.

When the sid-label parameter is specified, this command specifies an MPLS label value for a hop in the path of an SR-TE LSP. The label value implied by the SID is only used when the path is used by an SR-TE LSP.

The no form of this command deletes hop list entries for the path. All the LSPs currently using this path are affected. Additionally, all services actively using these LSPs are affected. The path must be shutdown first in order to delete the hop from the hop list. The no hop hop-index command will not result in any action except a warning message on the console indicating that the path is administratively up.

Parameters

hop-index

Specifies the hop index is used to order the hops specified. The LSP always traverses from the lowest hop index to the highest. The hop index does not need to be sequential.

Values

1 to 1024

ip-address

Specifies a loopback interface, the system or network interface IP address of the transit router. An interface IPv6 address must be a global unicast address.

Values

ipv4-address — a.b.c.d

ipv6-address — x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x — 0 to FFFF (hexadecimal)

d — 0 to 255 (decimal)

loose

This keyword specifies that the route taken by the LSP from the previous hop to this hop can traverse through other routers. Multiple hop entries with the same IP address are flagged as errors. Either the loose or strict keyword must be specified.

strict

This keyword specifies that the LSP must take a direct path from the previous hop router to this router. No transit routers between the previous router and this router are allowed. If the IP address specified is the interface address, then that is the interface the LSP must use. If there are direct parallel links between the previous router and this router and if system IP address is specified, then any one of the available interfaces can be used by the LSP. The user must ensure that the previous router and this router have a direct link. Multiple hop entries with the same IP address are flagged as errors. Either the loose or strict keyword must be specified.

sid-value

Specifies the SID value. The sid-value can be any valid MPLS/SR label value. It is not restricted by any locally-defined label ranges since these may be different on the remote node or adjacency for which the SID is defined.

Values

32 to 1048575

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>pw-routing>path hop)

Full Context

configure service pw-routing path hop

Description

This command configures each hop on an explicit path that can be used by one or more dynamic MS-PWs. It specifies the IP addresses of the hops that the MS-PE should traverse. These IP addresses can correspond to the system IP address of each S-PE, or the IP address on which the T-LDP session to a given S-PE terminates.

The no form of this command deletes hop list entries for the path. All the MS-PWs currently using this path are unaffected. Additionally, all services actively using these MS-PWs are unaffected. The path must be shutdown first in order to delete the hop from the hop list. The ' no hop hop-index’ command will not result in any action, except for a warning message on the console indicating that the path is administratively up.

Default

no hop

Parameters

hop-index

Specifies a locally significant numeric identifier for the hop. The hop index is used to order the hops specified. The LSP always traverses from the lowest hop index to the highest. The hop index does not need to be sequential.

Values

1 to 1024

ip-address

Specifies the system IP address or terminating IP address for the T-LDP session to the S-PE corresponding to this hop. For a given IP address on a hop, the system will choose the appropriate SDP to use.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>filter>ipv6-filter>entry>match hop-by-hop-opt)

Full Context

configure filter ipv6-filter entry match hop-by-hop-opt

Description

This command enables match on existence of Hop-by-Hop Options Extension Header in the IPv6 filter policy.

The no form of this command ignores Hop-by-Hop Options Extension Header presence/absence in a packet when evaluating match criteria of a given filter policy entry.

Default

no hop-by-hop-opt

Parameters

true

Matches a packet with a Hop-by-Hop Options Extension header.

false

Matches a packet without a Hop-by-Hop Options Extension header.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls>lsp>fast-reroute hop-limit)

[Tree] (config>router>mpls>lsp-template>fast-reroute hop-limit)

Full Context

configure router mpls lsp fast-reroute hop-limit

configure router mpls lsp-template fast-reroute hop-limit

Description

For fast reroute, how many more routers a detour is allowed to traverse compared to the LSP itself. For example, if an LSP traverses four routers, any detour for the LSP can be no more than ten router hops, including the ingress and egress routers.

The no form of this command reverts to the default value.

Default

hop-limit 16

Parameters

limit

Specify the maximum number of hops.

Values

0 to 255

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls>lsp hop-limit)

Full Context

configure router mpls lsp hop-limit

Description

This command specifies the maximum number of hops that an LSP can traverse, including the ingress and egress routers. An LSP is not set up if the hop limit is exceeded. This value can be changed dynamically for an LSP that is already set up with the following implications.

If the new value is less than the current number of hops of the established LSP, the LSP is brought down. The software then tries to re-establish the LSP within the new hop-limit number. If the new value is equal to or greater than the current number hops of the established LSP, the LSP is not affected.

The no form of this command returns the parameter to the default value.

Default

hop-limit 255

Parameters

number

Specifies the number of hops the LSP can traverse, expressed as an integer.

Values

2 to 255

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls>lsp>primary hop-limit)

[Tree] (config>router>mpls>lsp>secondary hop-limit)

Full Context

configure router mpls lsp primary hop-limit

configure router mpls lsp secondary hop-limit

Description

This optional command overrides the config>router>mpls>lsp lsp-name>hop-limit command. This command specifies the total number of hops that an LSP traverses, including the ingress and egress routers.

This value can be changed dynamically for an LSP that is already set up with the following implications:

If the new value is less than the current hops of the established LSP, the LSP is brought down. MPLS then tries to re-establish the LSP within the new hop-limit number. If the new value is equal or more than the current hops of the established LSP then the LSP will be unaffected.

The no form of this command reverts the values defined under the LSP definition using the config>router>mpls>lsp lsp-name>hop-limit command.

Default

no hop-limit

Parameters

number

Specifies the number of hops the LSP can traverse, expressed as an integer.

Values

2 to 255

Platforms

7705 SAR Gen 2

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe host)

Full Context

configure subscriber-mgmt local-user-db ipoe host

Description

This command creates an IPoE or PPP host entry in the local user database. A host entry in the local user database is matched based on the specified match-list criteria and an optional mask that is applied to the host-identification parameters.

A default host entry can be created without host-identification parameters which is used when no other host entries match. Note that creating a default host entry also requires a match-list to be specified.

The no form of this command removes the host entry from the local user database.

Parameters

host-name

Specifies a unique host name, up to 32 characters. The host-name default creates a special match-all host entry that should not have host-identification parameters and is used when no other host entries match.

create

Keyword used to create the host name. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>igmp host)

Full Context

debug router igmp host

Description

This command enables debugging for the IGMP host.

The no form of the command disables debugging.

Parameters

ip-address

Debugs the information associated with the specified IP address.

service-id

Debugs information associated with the service ID.

Values

service-id: 1 to 2148278386

svc-name: up to 64 characters.

group-interface ip-int-name

Debugs the information associated with the specified IP interface name.

Values

IP interface address

Platforms

7705 SAR Gen 2

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host host-identification)

Full Context

configure subscriber-mgmt local-user-db ipoe host host-identification

Description

Commands in this context configure host identification parameters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>policy-options>policy-statement>entry>from host-ip)

Full Context

configure router policy-options policy-statement entry from host-ip

Description

This command specifies a prefix list host IP address as a match criterion for the route policy-statement entry.

Default

no host-ip

Parameters

prefix-list-name

Specifies the prefix-list name. Allowed values are any string up to 64 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

The prefix-list-name is defined in the config>router>policy-options>prefix-list context.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>ssh>client-host-key host-key)

[Tree] (config>system>security>ssh>server-host-key host-key)

Full Context

configure system security ssh client-host-key-list host-key

configure system security ssh server-host-key-list host-key

Description

This command configures a host key. Client host keys are used when the SR OS is acting as an SSH client. Server host keys are used when the SR OS is acting as an SSH server.

The no form of this command removes the index and host-key name from the configuration.

Default

no host-key index

Parameters

index

Specifies the index of the host key in the list.

Values

1 to 255

host-key

Specifies the host-key algorithm.

Values

ssh-dss, ssh-rsa, rsa-sha2-256, rsa-sha2-512, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-ed25519

Platforms

7705 SAR Gen 2

Context

[Tree] (config>vrrp>policy>priority-event host-unreachable)

Full Context

configure vrrp policy priority-event host-unreachable

Description

This command creates the context to configure a host unreachable priority control event to monitor the ability to receive ICMP echo reply packets from an IP host address.

A host unreachable priority event creates a continuous ICMP echo request (ping) probe to the specified ip-address. If a ping fails, the event is considered to be set. If a ping is successful, the event is considered to be cleared.

Multiple unique (different ip-address) host-unreachable event nodes can be configured within the priority-event node to a maximum of 32 events.

The host-unreachable command can reference any valid local or remote IP address. The ability to ARP a local IP address or find a remote IP address within a route prefix in the route table is considered part of the monitoring procedure. The host-unreachable priority event operational state tracks ARP or route table entries dynamically appearing and disappearing from the system. The operational state of the host-unreachable event are listed in Host Unreachable Operational States.

Unlike other priority event types, the host-unreachable priority event monitors a repetitive task. A historical evaluation is performed on the success rate of receiving ICMP echo reply messages. The operational state takes its cleared and set orientation from the historical success rate. The informational portion of the operational state is derived from the last attempt’s result. It is possible for the previous attempt to fail while the operational state is still cleared due to an insufficient number of failures to cause it to become set. It is also possible for the state to be set while the previous attempt was successful.

When an event transitions from clear to set, the set is processed immediately and must be reflected in the associated virtual router instances in-use priority value. As the event transitions from clear to set, a hold-set timer is loaded with the value configured by the events hold-set command. This timer prevents the event from clearing until it expires, damping the effect of event flapping. If the event clears and becomes set again before the hold-set timer expires, the timer is reset to the hold-set value, extending the time before another clear can take effect.

The hold-set timer be expired and the historical success rate must be met prior to the event operational state becoming cleared.

The no form of the command deletes the specific IP host monitoring event. The event may be deleted at any time. When the event is deleted, the in-use priority of all associated virtual router instances must be reevaluated. The event’s hold-set timer has no effect on the removal procedure.

Default

no host-unreachable — No host unreachable priority events are created.

Parameters

ip-address

The IP address of the host for which the specific event will monitor connectivity. The ip-addr can only be monitored by a single event in this policy. The IP address can be monitored by multiple VRRP priority control policies. The IP address can be used in one or multiple ping requests. Each VRRP priority control host-unreachable and ping destined to the same ip-addr is uniquely identified on a per message basis. Each session originates a unique identifier value for the ICMP echo request messages it generates. This allows received ICMP echo reply messages to be directed to the appropriate sending application.

Values

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x[-interface]
	x:	[0..FFFF]H
	interface:	32 chars maximum, mandatory for link local addresses

The link-local IPv6 address must have an interface name specified. The global IPv6 address must not have an interface name specified.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>proxy-nd host-unsolicited-na-flood-evpn)

Full Context

configure service vpls proxy-nd host-unsolicited-na-flood-evpn

Description

This command controls whether the system floods host unsolicited Neighbor Advertisements to the EVPN. The NA messages impacted by this command are NA messages with the following flags: S=0 and R=0.

The no form of the command will only flood to local SAPs/binds but not to the EVPN destinations. This is only recommended in networks where CEs are routers that are directly connected to the PEs. Networks using aggregation switches between the host/routers and the PEs should flood unsolicited NA messages in the EVPN to ensure that the remote caches are updated and the BGP does not miss the advertisement of these entries.

Default

host-unsolicited-na-flood-evpn

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>syslog hostname)

Full Context

configure log syslog hostname

Description

This command controls how the HOSTNAME field of syslog messages is populated.

The no form of this command causes the HOSTNAME to be populated with an IP address.

Default

no hostname

Parameters

use-system-name

Keyword used to specify the HOSTNAME uses the system name as configured by the configure system name command. Do not use any spaces in the system name if it is used for the syslog HOSTNAME.

value-string

Specifies a string, up to 255 characters with no spaces, that is used as the HOSTNAME of syslog messages.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>log>syslog hostname)

Full Context

configure service vprn log syslog hostname

Description

This command controls how the HOSTNAME field of syslog messages is populated.

The no form of this command causes the HOSTNAME to be populated with an IP address.

Default

no hostname

Parameters

use-system-name

Keyword used to specify the HOSTNAME uses the system name as configured by the configure system name command. Do not use any spaces in the system name if it is used for the syslog HOSTNAME.

use-vprn-name

Keyword used to specify the HOSTNAME uses the VPRN name as configured by the configure service vprn name command. Do not use any spaces in the VPRN name if it is used for the syslog HOSTNAME.

value-string

Specifies a string, up to 255 characters with no spaces, that is used as the HOSTNAME of syslog messages.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>cron>sched hour)

Full Context

configure system cron schedule hour

Description

This command specifies which hour to schedule a command. Multiple hours of the day can be specified. When multiple hours are configured, each of them will cause the schedule to trigger. Day-of-month or weekday must also be specified. All days of the month or weekdays can be specified. If an hour is configured without configuring month, weekday, day-of-month, and minute, the event will not execute.

The no form of this command removes the specified hour from the configuration.

Default

no hour

Parameters

hour-number

Specifies the hour to schedule a command.

Values

0 to 23 (maximum 24 hour-numbers)

all

Specifies all hours.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>pki>est-profile http-auth)

Full Context

configure system security pki est-profile http-auth

Description

This command configures HTTP authentication parameters. HTTP authentication is used by a client when requested by the server. When disabled, there is no HTTP-level client authentication.

The no form of the command reverts to the default value.

Default

no http-auth

Parameters

password

Specifies a text string containing the password. Allowed values are any string up to 64 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

user-name

Specifies the name of the user to authenticate, up to 32 characters.

hash

Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>system http-connections)

Full Context

debug system http-connections

Description

This command displays HTTP connections debug information.

Parameters

ip-address/prefix-length

Displays information for the specified host IP address and prefix length.

Values

ip-address: a.b.c.d

prefix-length: 0 to 32

any

Specifies that any address can be used.

ipv6-address/prefix-length

Displays information for the specified host IPv6 address and prefix length.

Values

ipv6-address:

• x:x:x:x:x:x:x:x: (eight 16-bit pieces)

• x:x:x:x:x:x:d.d.d.d

• x [0 to FFFFF] H

• d [0 to 255] D

prefix-length: 0 to 128

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>pki>ca-profile>cmpv2 http-response-timeout)

Full Context

configure system security pki ca-profile cmpv2 http-response-timeout

Description

This command specifies the timeout value for HTTP response that is used by CMPv2.

The no form of this command reverts to the default.

Default

http-response-timeout 30

Parameters

timeout

Specifies the HTTP response timeout, in seconds.

Values

1 to 3600

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>pki>ca-profile>cmpv2 http-response-timeout)

Full Context

configure system security pki ca-profile cmpv2 http-response-timeout

Description

This command specifies the timeout value for HTTP response that is used by CMPv2.

The no form of this command reverts to the default.

Default

http-response-timeout 30

Parameters

timeout

Specifies the HTTP response timeout in seconds.

Values

1 to 3600

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>pki>ca-profile>cmpv2 http-version)

Full Context

configure system security pki ca-profile cmpv2 http-version

Description

This command configures the HTTP version for CMPv2 messages.

Default

http-version 1.1

Platforms

7705 SAR Gen 2