i Commands

Context

[Tree] (config>log>acct-policy>cr>policer i-counters)

[Tree] (config>log>acct-policy>cr>queue i-counters)

[Tree] (config>log>acct-policy>cr>ref-queue i-counters)

[Tree] (config>log>acct-policy>cr>ref-policer i-counters)

Full Context

configure log accounting-policy custom-record policer i-counters

configure log accounting-policy custom-record queue i-counters

configure log accounting-policy custom-record ref-queue i-counters

configure log accounting-policy custom-record ref-policer i-counters

Description

This command configures ingress counter parameters for this custom record.

The no form of this command reverts all ingress counters to their default value.

Default

i-counters

Parameters

all

Specifies that all ingress counters should be included.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>bgp ibgp-multipath)

Full Context

configure service vprn bgp ibgp-multipath

Description

This command defines the type of IBGP multipath to use when adding BGP routes to the route table if the route resolving the BGP nexthop offers multiple next-hops.

The no form of this command disables the IBGP multipath load balancing feature.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp ibgp-multipath)

Full Context

configure router bgp ibgp-multipath

Description

This command enables IBGP multipath load balancing when adding BGP routes to the route table if the route resolving the BGP nexthop offers multiple next-hops.

The no form of this command disables the IBGP multipath load balancing feature.

Default

no ibgp-multipath

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>nw-if icmp)

[Tree] (config>service>vprn>if icmp)

[Tree] (config>service>ies>if icmp)

Full Context

configure service vprn network-interface icmp

configure service vprn interface icmp

configure service ies interface icmp

Description

Commands in this context configure Internet Control Message Protocol (ICMP) parameters on a service.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>if icmp)

Full Context

configure router interface icmp

Description

This command enables access to the context to configure Internet Control Message Protocol (ICMP) parameters on a network IP interface. ICMP is a message control and error reporting protocol that also provides information relevant to IP packet processing.

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>ip icmp)

Full Context

debug router ip icmp

Description

This command enables ICMP debugging.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>test-oam icmp)

Full Context

configure test-oam icmp

Description

Commands in this context configure test ICMP OAM parameters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>filter>ip-exception>entry>match icmp-code)

[Tree] (config>filter>ipv6-filter>entry>match icmp-code)

[Tree] (config>filter>ipv6-exception>entry>match icmp-code)

[Tree] (config>filter>ip-filter>entry>match icmp-code)

Full Context

configure filter ip-exception entry match icmp-code

configure filter ipv6-filter entry match icmp-code

configure filter ipv6-exception entry match icmp-code

configure filter ip-filter entry match icmp-code

Description

Configures matching on /ICMPv6 code field in the /ICMPv6 header of an IPv4 or IPv6 packet as a filter match criterion or configures matching on the ICMP code field in the ICMP header of an IPv4 packet as an exception filter match criterion. An entry containing Layer 4 non-zero match criteria will not match non-initial (for example, 2nd, 3rd) fragments of a fragmented packet because only the first fragment contains the Layer 4 information. Similarly an entry containing " icmp-code 0" match criterion, may match non-initial fragments when the Layer 4 header is not present in a packet fragment and other match criteria are also met.

The no form of the command removes the criterion from the match entry.

Default

no icmp-code

Parameters

icmp-code

Specifies the /ICMPv6 code value that must be present to match. Value can be expressed as a decimal integer, as well as in hexadecimal or binary format, or even using keywords. The following value shows decimal integer only.

Values

0 to 255

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>nat>outside>pool icmp-echo-reply)

[Tree] (config>router>nat>outside>pool icmp-echo-reply)

Full Context

configure service vprn nat outside pool icmp-echo-reply

configure router nat outside pool icmp-echo-reply

Description

IPv4 addresses in a NAT pool can be configured to respond to ICMP Echo Requests (PINGs). The configuration can be toggled online while the pool is in use.

In L2-aware NAT when port-block-extensions is disabled, the reply from an outside IP address is generated only when this IP address has at least one host (binding) behind it.

In L2-aware NAT when port-block-extensions is enabled, the reply from an outside IP address is generated regardless if a binding is present.

In LSN, the reply from an outside IP address is generated regardless if a binding is present.

The no form of the command disables ICMP echo replies.

Default

no icmp-echo-reply

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>if>sap>ipsec-tunnel icmp-generation)

[Tree] (config>router>if>ipsec>ipsec-tunnel icmp-generation)

[Tree] (config>service>vprn>if>sap>ip-tunnel icmp-generation)

[Tree] (config>service>ies>if>sap>ip-tunnel icmp-generation)

[Tree] (config>ipsec>tunnel-template icmp-generation)

Full Context

configure service vprn interface sap ipsec-tunnel icmp-generation

configure router interface ipsec ipsec-tunnel icmp-generation

configure service vprn interface sap ip-tunnel icmp-generation

configure service ies interface sap ip-tunnel icmp-generation

configure ipsec tunnel-template icmp-generation

Description

This command enables the context to configure ICMP generation information.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>saa>test>type icmp-ping)

Full Context

configure saa test type icmp-ping

Description

This command configures an ICMP traceroute test.

Parameters

ip-address | dns-name

Specifies the far-end IP address or DNS name to which to send the svc-ping request message in dotted-decimal notation.

Values

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x
	x:x:x:x:x:x:d.d.d.d
	x:	[0 to FFFF]H
	d:	[0 to 255]D
	interface	up to 32 characters. This is mandatory for link local addresses.
dns-name	up to 128 characters

bypass-routing

Specifies whether to send the ping request to a host on a directly attached network bypassing the routing table.

interface-name

Specifies the name used to refer to the interface, up to 32 characters. The name must already exist in the config>router>interface context.

next-hop ip-address

Displays only static routes with the specified next-hop IP address.

Values

ipv4-address:	a.b.c.d (host bits must be 0)
ipv6-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x:	[0 to FFFF]H
	d:	[0 to 255]D

requests

Specifies the number of times to perform an OAM ping probe operation. Each OAM echo message request must either time out or receive a reply before the next message request is sent.

Values

1 to 100000

Default

5

do-not-fragment

Sets the DF (Do Not Fragment) bit in the ICMP ping packet (does not apply to ICMPv6).

fc-name

Specifies the forwarding class of the SAA.

Values

be, l2, af, l1, h2, ef, h1, nc

Default

nc

interval {centisecs | secs}

Specifies the minimum amount of time, in seconds, that must expire before the next message request is sent. If the rapid parameter is configured, this value is measured in centiseconds (hundredths of a second) instead of seconds.

Values

1 to 10000

Default

1

pattern

Specifies the date portion in a ping packet is filled with the pattern value specified. If not specified, a system-generated sequential pattern is used.

Values

0 to 65535

rapid

Configures the interval parameter to use centiseconds (hundredths of a second) instead of seconds.

router-or-service

Specifies the numerical reference to the router instance or service. Well known router names "Base", "management", "vpm-vr-name”, and " vpls-management" are allowed for convenience, but are mapped numerically.

Values

{router-name | vprn-svc-id}

router-name:	Base, management, cmp-vr-name, vpls-management
vprn-svc-id:	1 to 2147483647
cpm-vr-name:	Up to 32 characters

The parameter router-instance is preferred for specifying the router or service.

Default

Base

router-instance

Specifies the preferred method for entering a service name. Stored as the service name. Only the service linking function is allowed for both mixed-mode and model-driven configuration modes.

Values

router-name, vprn-svc-name

router-name: Base, management, vpls-management, cpm-vr-name

vprn-svc-name: up to 64 characters

cpm-vr-name: up to 32 characters

service-name

Specifies the alias function that allows the service name to be used, converted and stored as a service ID, up to 64 characters.

The router-instance parameter is preferred for specifying the router or service.

bytes

Specifies the request packet size in bytes, expressed as a decimal integer.

Values

0 to 16384

Default

56

source ip-address

Specifies the IP address to be used.

Values

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x
	x:x:x:x:x:x:d.d.d.d
	x:	[0 to FFFF]H
	d:	[0 to 255]D

timeout

Specifies the override time that the router waits for a message reply after sending the last probe for a specific test. Upon the expiration of the time out, the test is marked complete and no more packets are processed for any of those request probes.

Values

1 to 10

Default

5

type-of-service

Specifies the service type.

Values

0 to 255

Default

0

time-to-live

Specifies the TTL value for the MPLS label, expressed as a decimal integer.

Values

1 to 128

Default

64

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>nat>nat-policy>timeouts icmp-query)

Full Context

configure service nat nat-policy timeouts icmp-query

Description

This command configures the timeout applied to an ICMP query session.

Default

icmp-query min 1

Parameters

min minutes

Specifies the timeout, in minutes, applied to an ICMP query session.

Values

1 to 4

Default

1

sec seconds

Specifies the timeout, in seconds, applied to an ICMP query session.

Values

1 to 59

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router icmp-tunneling)

Full Context

configure router icmp-tunneling

Description

This command enables the tunneling of ICMP reply packets over MPLS LSP at a LSR node as per RFC 3032.

The LSR part of this feature consists of crafting the reply ICMP packet of type=11- 'time exceeded', with a source address set to a local address of the LSR node, and appending the IP header and leading payload octets of the original datagram. The system skips the lookup of the source address of the sender of the label TTL expiry packet, which becomes the destination address of the ICMP reply packet. Instead, CPM injects the ICMP reply packet in the forward direction of the MPLS LSP the label TTL expiry packet was received from. The TTL of pushed labels should be set to 255.

The source address of the ICMP reply packet is determined as follows. The LSR uses the address of the outgoing interface for the MPLS LSP. With LDP LSP or BGP LSP multiple ECMP next-hops can exist and in such a case the first outgoing interface is selected. If that interface does not have an address of the same family (IPv4 or IPv6) as the ICMP packet, then the system address of the same family is selected. If one is not configured, the packet is dropped.

When the packet is received by the egress LER, it performs a regular user packet lookup in the data path in the GRT context for BGP shortcut, 6PE, and BGP label route prefixes, or in VPRN context for VPRN and 6VPE prefixes. It then forwards it to the destination, which is the sender of the original packet which TTL expired at the LSR.

If the egress LER does not have a route to the destination of the ICMP packet, it drops the packets.

The rate of the tunneled ICMP replies at the LSR can be directly or indirectly controlled by the existing IOM level and CPM levels mechanisms. Specifically, the rate of the incoming UDP traceroute packets received with a label stack can be controlled at ingress IOM using the distributed CPU protection feature. The rate of the ICMP replies by CPM can also be directly controlled by configuring a system wide rate limit for packets ICMP replies to MPLS expired packets which are successfully forwarded to CPM using the command 'configure system security vprn-network-exceptions'. While this command's name refers to VPRN service, this feature rate limits ICMP replies for packets received with any label stack, including VPRN and shortcuts.

The 7705 SAR Gen 2 implementation supports appending to the ICMP reply of type Time Exceeded the MPLS label stack object defined in RFC 4950. It does not include it in the ICMP reply type of Destination unreachable.

The new MPLS Label Stack object permits an LSR to include label stack information including label value, EXP, and TTL field values, from the encapsulation header of the packet that expired at the LSR node. The ICMP message continues to include the IP header and leading payload octets of the original datagram.

In order to include the MPLS Label Stack object, SR OS implementation adds support of RFC 4884 which defines extensions for a multi-part ICMPv4/v6 message of type Time Exceeded.

The no form of command disables the tunneling of ICMP reply packets over MPLS LSP at a LSR node.

Default

no icmp-tunneling

Platforms

7705 SAR Gen 2

Context

[Tree] (config>filter>ip-exception>entry>match icmp-type)

[Tree] (config>filter>ipv6-filter>entry>match icmp-type)

[Tree] (config>filter>ipv6-exception>entry>match icmp-type)

[Tree] (config>filter>ip-filter>entry>match icmp-type)

Full Context

configure filter ip-exception entry match icmp-type

configure filter ipv6-filter entry match icmp-type

configure filter ipv6-exception entry match icmp-type

configure filter ip-filter entry match icmp-type

Description

This command configures matching on the /ICMPv6 type field in the /ICMPv6 header of an IPv4 or IPv6 packet as a filter match criterion or configures matching on the ICMP type field in the ICMP header of an IPv4 packet as an exception filter match criterion. An entry containing Layer 4 non-zero match criteria will not match non-initial (2nd, 3rd, etc.) fragments of a fragmented packet because only the first fragment contains the Layer 4 information. Similarly an entry containing " icmp-type 0" match criterion, may match non-initial fragments when the Layer 4 header is not present in a packet fragment and other match criteria are also met.

The no form of the command removes the criterion from the match entry.

Default

no icmp-type

Parameters

icmp-type

Specifies the /ICMPv6 type value that must be present to match. Value can be expressed as a decimal integer, as well as in hexadecimal or binary format, or even using keywords. The following value shows decimal integer only.

Values

0 to 255

Platforms

7705 SAR Gen 2

Context

[Tree] (config>qos>network>egress>ipv6-criteria>entry>match icmp-type)

[Tree] (config>qos>network>egress>ip-criteria>entry>match icmp-type)

Full Context

configure qos network egress ipv6-criteria entry match icmp-type

configure qos network egress ip-criteria entry match icmp-type

Description

This command configures matching on the ICMP or ICMPv6 type field in the ICMP or ICMPv6 header of an IPv4 or IPv6 packet as a network QoS match criterion.

An entry containing Layer 4 non-zero match criteria will not match non-initial (2nd, 3rd, etc.) fragments of a fragmented packet since only the first fragment contains the Layer 4 information. Similarly, an entry containing " icmp-type 0" match criterion, may match non-initial fragments when the Layer 4 header is not present in a packet fragment and other match criteria are also met.

The no form of the command removes the criterion from the match entry.

Default

no icmp-type

Parameters

icmp-type

Specifies the ICMP or ICMPv6 type value that must be present to match. Value can be expressed as a decimal integer, or in hexadecimal or binary format, or even using keywords.

Values

0 to 255 (Decimal)

0 to FF (Hexadecimal)

0 to 11111111 (Binary)

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if>ipv6 icmp6)

[Tree] (config>service>vprn>if>ipv6 icmp6)

Full Context

configure service ies interface ipv6 icmp6

configure service vprn interface ipv6 icmp6

Description

This command configures ICMPv6 parameters for the interface.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>if>ipv6 icmp6)

Full Context

configure router interface ipv6 icmp6

Description

Commands in this context configure ICMPv6 parameters for the interface.

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>ip icmp6)

Full Context

debug router ip icmp6

Description

This command enables ICMPv6 debugging.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>if>sap>ipsec-tun icmp6-generation)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel icmp6-generation)

[Tree] (config>service>vprn>if>sap>ip-tunnel icmp6-generation)

[Tree] (config>ipsec>tnl-temp icmp6-generation)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel icmp6-generation)

[Tree] (config>router>if>ipsec>ipsec-tunnel icmp6-generation)

[Tree] (config>service>ies>if>sap>ip-tunnel icmp6-generation)

Full Context

configure service vprn interface sap ipsec-tunnel icmp6-generation

configure service vprn interface ipsec ipsec-tunnel icmp6-generation

configure service vprn interface sap ip-tunnel icmp6-generation

configure ipsec tunnel-template icmp6-generation

configure service ies interface ipsec ipsec-tunnel icmp6-generation

configure router interface ipsec ipsec-tunnel icmp6-generation

configure service ies interface sap ip-tunnel icmp6-generation

Description

This command enables the ICMPv6 packet generation configuration context.

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>service id)

Full Context

debug service id

Description

This command enables debugging for the specified service ID.

The no form of this command disables the debugging.

Parameters

service-id

The ID that uniquely identifies a service.

Values

service-id: 1 to 214748364

svc-name: A string up to 64 characters in length

Platforms

7705 SAR Gen 2

Context

[Tree] (config>ipsec>client-db>client>client-id idi)

Full Context

configure ipsec client-db client client-identification idi

Description

This command specifies a match criteria that uses the peer’s identification initiator (IDi) as the input, only one IDi criteria can be configured for a given client entry. This command supports the following matching methods:

• idi any: Matches any type of IDi with any value.

• idi ipv4-prefix: Matches an IDi with the type ID_IPV4_ADDR. If the any parameter is specified, then it will match any IPv4 address. If an IPv4 prefix is specified, then it will match an IPv4 address that is within the specified prefix.

• idi ipv6-prefix: Matches an IDi with the type ID_IPV6_ADDR. If the any parameter is specified, then it will match any IPv6 address. If an IPv6 prefix is specified, then it will match an IPv6 address that is within the specified prefix.

• idi string-type: Supports following type of IDi:

  • FQDN: Either a full match or a suffix match

  • RFC822: Either a full match or a suffix match

The no form of this command reverts to the default.

Default

no idi

Parameters

any

Matches any type of IDi with any value.

ipv4-prefix/ipv4-prefix-length

Matches any IPv4 address and prefix.

ipv6-prefix/ipv6-prefix-length

Matches any IPv6 address and prefix.

string-type

Matches the type of IDi value for this IPsec client entry.

Values

fqdn, fqdn-suffix, rfc822, rfc822-suffix

string-value

Matches the IDi value within the client ID for this IPsec client entry up to 256 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>ipsec>client-db>match-list idi)

Full Context

configure ipsec client-db match-list idi

Description

This command enables the Identification Initiator (IDi) type in the IPsec client matching process.

The no form of this command disables the IDi matching process.

Default

no idi

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>grpc-tunnel>destination-group>tcp-keepalive idle-time)

[Tree] (config>system>grpc>tcp-keepalive idle-time)

[Tree] (config>system>telemetry>destination-group>tcp-keepalive idle-time)

Full Context

configure system grpc-tunnel destination-group tcp-keepalive idle-time

configure system grpc tcp-keepalive idle-time

configure system telemetry destination-group tcp-keepalive idle-time

Description

This command configures the amount of time, in seconds, that the connection must remain idle before TCP keepalive probes are sent.

The no form of this command reverts to the default value.

Default

idle-time 600

Parameters

idle

Specifies the number of seconds before the first TCP keepalive probe is sent.

Values

1 to 100000

Default

600

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>login-control idle-timeout)

Full Context

configure system login-control idle-timeout

Description

This command configures the idle timeout for console, FTP, Telnet, and SSH sessions before the session is terminated by the system.

By default, each idle console, FTP, Telnet, and SSH session times out after 30 minutes of inactivity.

The no form of this command reverts to the default value.

Default

idle-timeout 30

Parameters

minutes

Specifies the idle timeout in minutes. Allowed values are 1 to 1440.

Values

1 to 1440

disable

When the disable option is specified, a session will never timeout. To re-enable idle timeout, enter the command without the disable option.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service ies)

Full Context

configure service ies

Description

This command creates or edits an IES service instance.

The ies command creates or maintains an Internet Ethernet Service (IES). If the service-id does not exist, a context for the service is created. If the service-id exists, the context for editing the service is entered.

IES services allow the creation of customer facing IP interfaces in the same routing instance used for service network core routing connectivity. IES services require that the IP addressing scheme used by the subscriber must be unique between it and other addressing schemes used by the provider and potentially the entire Internet.

IP interfaces defined within the context of an IES service ID must have a SAP created as the access point to the subscriber network. This allows a combination of bridging and IP routing for redundancy purposes.

When a service is created, the customer keyword and customer-id must be specified and associates the service with a customer. The customer-id must already exist having been created using the customer command in the service context. Once a service has been created with a customer association, it is not possible to edit the customer association. The service must be deleted and recreated with a new customer association.

Once a service is created, the use of the customer customer-id is optional for navigating into the service configuration context. Attempting to edit a service with the incorrect customer-id specified results in an error.

Multiple IES services are created to separate customer owned IP interfaces. More than one IES service may be created for a single customer ID. More than one IP interface may be created within a single IES service ID. All IP interfaces created within an IES service ID belongs to the same customer.

By default, no IES service instances exist until they are explicitly created.

The no form of this command deletes the IES service instance with the specified service-id. The service cannot be deleted until all the IP interfaces defined within the service ID have been shut down and deleted.

Parameters

service-id

Specifies the unique service identification number identifying the service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number used for every router on which this service is defined.

Values

service-id: 1 to 214748364

svc-name: A string up to 64 characters

customer-id

Specifies the customer ID number to be associated with the service. This parameter is required on service creation and optional for service editing or deleting.

Values

1 to 2147483647

vpn-id

Specifies the VPN ID number used to identify virtual private networks (VPNs) by a VPN identification number.

Values

1 to 2147483647

Default

null (0)

create

Keyword used to create the service ID. The create keyword requirement can be enabled or disabled in the environment>create context.

name

This parameter configures an optional service name, up to 64 characters, which adds a name identifier to a given service to then use that service name in configuration references as well as display and use service names in show commands throughout the system. This helps the service provider or administrator to identify and manage services within the SR OS platforms.

All services are required to assign a service ID to initially create a service. However, either the service ID or the service name can be used to identify and reference a given service once it is initially created.

If a name is not specified at creation time, then SR OS assigns a string version of the service-id as the name.

Service names may not begin with an integer (0 to 9).

Values

name: up to 64 characters

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>interface if-attribute)

[Tree] (config>router if-attribute)

[Tree] (config>service>vprn>interface if-attribute)

[Tree] (config>router>interface if-attribute)

Full Context

configure service ies interface if-attribute

configure router if-attribute

configure service vprn interface if-attribute

configure router interface if-attribute

Description

This command creates the context to configure or apply IP interface attributes such as administrative group (admin-group) or Shared Risk Loss Group (SRLG).

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn igmp)

Full Context

configure service vprn igmp

Description

Commands in this context configure IGMP parameters.

The no form of this command disables IGMP.

Default

no igmp

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router igmp)

Full Context

configure router igmp

Description

This command enables the Internet Group Management Protocol (IGMP) context. When the context is created, the IGMP protocol is enabled.

The Internet Group Management Protocol (IGMP) is used by IPv4 systems (hosts and routers) to report their IP multicast group memberships to neighboring multicast routers. An IP multicast router can be a member of one or more multicast groups, in which case it performs both the "multicast router part” of the protocol which collects the membership information needed by its multicast routing protocol, and the "group member part” of the protocol which informs itself and other neighboring multicast routers of its memberships.

The no form of the command disables the IGMP instance. To start or suspend execution of IGMP without affecting the configuration, use the no shutdown command.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>mesh-sdp igmp-snooping)

[Tree] (config>service>vpls>spoke-sdp igmp-snooping)

[Tree] (config>service>vpls>sap igmp-snooping)

[Tree] (config>service>vpls igmp-snooping)

Full Context

configure service vpls mesh-sdp igmp-snooping

configure service vpls spoke-sdp igmp-snooping

configure service vpls sap igmp-snooping

configure service vpls igmp-snooping

Description

This command enables the Internet Group Management Protocol (IGMP) snooping context.

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>service>id igmp-snooping)

Full Context

debug service id igmp-snooping

Description

This command enables and configures IGMP-snooping debugging.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>pw-template igmp-snooping)

Full Context

configure service pw-template igmp-snooping

Description

This command enables the Internet Group Management Protocol (IGMP) snooping context.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>isis ignore-attached-bit)

Full Context

configure service vprn isis ignore-attached-bit

Description

This command configures IS-IS to ignore the attached bit on received Level 1 LSPs to disable installation of default routes.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis ignore-attached-bit)

Full Context

configure router isis ignore-attached-bit

Description

This command configures IS-IS to ignore the attached bit on received Level 1 LSPs to disable installation of default routes.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>if>ipv6>urpf-check ignore-default)

[Tree] (config>router>if>urpf-check ignore-default)

Full Context

configure router interface ipv6 urpf-check ignore-default

configure router interface urpf-check ignore-default

Description

This command configures the uRPF check (if enabled) to ignore default routes for purposes of determining the validity of incoming packets. By default, default routes are considered eligible.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>ospf ignore-dn-bit)

[Tree] (config>service>vprn>ospf3 ignore-dn-bit)

Full Context

configure service vprn ospf ignore-dn-bit

configure service vprn ospf3 ignore-dn-bit

Description

This command specifies whether to ignore the DN bit for OSPF LSA packets for this instance of OSPF on the router. When enabled, the DN bit for OSPF LSA packets are ignored.

The no form of this command does not ignore the DN bit for OSPF LSA packets.

Default

no ignore-dn-bit

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe ignore-l2vpn-mtu-mismatch)

Full Context

configure service epipe ignore-l2vpn-mtu-mismatch

Description

This command enables the router to bring up a BGP-VPWS service regardless of any MTU mismatch. The router does not check the value of the Layer 2 MTU in the Layer2 Info Extended Community received in a BGP update message against the local service MTU or locally signaled MTU.

The no form of this command disables the functionality. When this command is disabled, the router does not bring up a BGP-VPWS service if an MTU mismatch occurs.

Default

no ignore-l2vpn-mtu-mismatch

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls ignore-l2vpn-mtu-mismatch)

Full Context

configure service vpls ignore-l2vpn-mtu-mismatch

Description

This command enables the router to bring up a VPLS service, regardless of any MTU mismatch. The router does not check the value of the Layer 2 MTU in the Layer 2 Info Extended Community received in a BGP update message or the value of the MTU interface parameter received in a LDP label mapping message against the local service MTU or locally signaled MTU.

The no form of this command disables the functionality. When this functionality is disabled, the router does not bring up a VPLS service if an MTU mismatch occurs.

Default

no ignore-l2vpn-mtu-mismatch

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis ignore-lsp-errors)

[Tree] (config>service>vprn>isis ignore-lsp-errors)

Full Context

configure router isis ignore-lsp-errors

configure service vprn isis ignore-lsp-errors

Description

This command specifies that for this VPRN instance, ISIS will ignore LSP packets with errors. When enabled, IS-IS LSP errors will be ignored and the associated record will not be purged.

This command enables ISIS to ignore the ATT bit and therefore suppress the installation of default routes.

The no form of this command specifies that ISIS will not ignore LSP errors.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>filter>ipv6-filter>entry>action ignore-match)

[Tree] (config>filter>ip-filter>entry>action ignore-match)

Full Context

configure filter ipv6-filter entry action ignore-match

configure filter ip-filter entry action ignore-match

Description

This command sets the filter entry action to ignore-match, as a result this filter entry is ignored and not programmed in hardware.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>dhcp6>server>pool>failover ignore-mclt-on-takeover)

[Tree] (config>router>dhcp>server>failover ignore-mclt-on-takeover)

[Tree] (config>service>vprn>dhcp>server>pool>failover ignore-mclt-on-takeover)

[Tree] (config>router>dhcp6>server>pool>failover ignore-mclt-on-takeover)

[Tree] (config>router>dhcp>server>pool>failover ignore-mclt-on-takeover)

[Tree] (config>router>dhcp6>server>failover ignore-mclt-on-takeover)

[Tree] (config>service>vprn>dhcp>server>failover ignore-mclt-on-takeover)

[Tree] (config>service>vprn>dhcp6>server>failover ignore-mclt-on-takeover)

Full Context

configure service vprn dhcp6 local-dhcp-server pool failover ignore-mclt-on-takeover

configure router dhcp local-dhcp-server failover ignore-mclt-on-takeover

configure service vprn dhcp local-dhcp-server pool failover ignore-mclt-on-takeover

configure router dhcp6 local-dhcp-server pool failover ignore-mclt-on-takeover

configure router dhcp local-dhcp-server pool failover ignore-mclt-on-takeover

configure router dhcp6 local-dhcp-server failover ignore-mclt-on-takeover

configure service vprn dhcp local-dhcp-server failover ignore-mclt-on-takeover

configure service vprn dhcp6 local-dhcp-server failover ignore-mclt-on-takeover

Description

With this flag enabled, the remote IP address or prefix can be taken over immediately upon entering the PARTNER-DOWN state of the intercommunication link, without having to wait for the Maximum Client Lead Time (MCLT) to expire. By setting this flag, the lease times of the existing DHCP clients, while the intercommunication link is in the PARTNER-DOWN state, will still be reduced to the MCLT over time and all new lease times are set to MCLT. This behavior remains the same as originally intended for MCLT.

Some deployments require that the remote IP address/prefix range starts delegating new IP addresses and prefixes upon the failure of the intercommunication link, without waiting for the intercommunication link to transition from the COMM-INT state into the PARTNER-DOWN state and the MCLT to expire while in PARTNER-DOWN state.

This can be achieved by enabling the ignore-mclt-on-takeover flag and by configuring the partner-down-delay to 0.

Enabling this functionality must be exercised with caution. One needs to keep in mind that the partner-down-delay and MCLT timers were originally introduced to prevent IP address duplication in cases where DHCP redundant nodes transition out-of-sync due to the failure of intercommunication link. These timers ( partner-down-delay and MCLT) would ensure that during their duration, the new IP addresses and prefixes are delegated only from one node, the one with local IP address-range/prefix. This causes the new IP address delegation to be delayed and the service is impacted.

If it can be assured that the intercommunication link is always available, then the DHCP nodes would stay in sync and the two timers would not be needed. Therefore, it is important that in this mode of operation, the intercommunication link is well protected by providing multiple paths between the two DHCP nodes. The only event that should cause intercommunication link to fail is the entire nodal failure. This failure is acceptable since in this case only one DHCP node is available to provide new IP addresses and prefixes.

The no form of this command reverts to the default.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>bgp-evpn ignore-mtu-mismatch)

Full Context

configure service vpls bgp-evpn ignore-mtu-mismatch

Description

This command enables the system to ignore the received Layer 2 MTU in the L2 attributes extended community of the IMET route for a peer.

The no form of this command configures the system to compare the local service MTU against the received Layer 2 MTU and if there is a mismatch, keep the EVPN destination to the peer with operational state down.

Default

no ignore-mtu-mismatch

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>isis ignore-narrow-metric)

Full Context

configure service vprn isis ignore-narrow-metric

Description

This command specifies that IS-IS ignores links with narrow metrics when wide-metrics support has been enabled.

The no form of this command specifies that IS-IS does not ignore these links.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis ignore-narrow-metric)

Full Context

configure router isis ignore-narrow-metric

Description

This command specifies that IS-IS will ignore links with narrow metrics when wide-metrics support has been enabled.

The no form of this command specifies that IS-IS will not ignore these links.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn ignore-nh-metric)

[Tree] (config>service>vprn>bgp>best-path-selection ignore-nh-metric)

[Tree] (config>router>bgp>best-path-selection ignore-nh-metric)

Full Context

configure service vprn ignore-nh-metric

configure service vprn bgp best-path-selection ignore-nh-metric

configure router bgp best-path-selection ignore-nh-metric

Description

This command instructs BGP to disregard the resolved distance to the BGP next-hop in its decision process for selecting the best route to a destination. When configured in the config>router>bgp>best-path-selection context, this command applies to the comparison of two BGP routes with the same NLRI learned from base router BGP peers. When configured in the config>service>vprn context, this command applies to the comparison of two BGP-VPN routes for the same IP prefix imported into the VPRN from the base router BGP instance. When configured in the config>service>vprn>bgp>best-path-selection context, this command applies to the comparison of two BGP routes for the same IP prefix learned from VPRN BGP peers.

The no form of this command (no ignore-nh-metric) restores the default behavior whereby BGP factors distance to the next-hop into its decision process.

Default

no ignore-nh-metric

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe>sap ignore-oper-down)

Full Context

configure service epipe sap ignore-oper-down

Description

This command enables the ability to ignore the operationally down status for service oper state calculation. An Epipe service does not transition to Oper State: Down when a SAP fails and when this optional command is configured under that specific SAP. Only a single SAP in an Epipe may have this optional command included. The command can be used in Epipes with or without EVPN enabled.

The no form of this command disables whether a service ignores the operationally down state of the SAP.

Default

no ignore-oper-down

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>dhcp6>server ignore-rapid-commit)

[Tree] (config>router>dhcp6>server ignore-rapid-commit)

Full Context

configure service vprn dhcp6 local-dhcp-server ignore-rapid-commit

configure router dhcp6 local-dhcp-server ignore-rapid-commit

Description

This command enables the Rapid Commit Option for DHCP6.

The no form of this command disables the Rapid Commit Option.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>best-path-selection ignore-router-id)

[Tree] (config>service>vprn>bgp>best-path-selection ignore-router-id)

Full Context

configure router bgp best-path-selection ignore-router-id

configure service vprn bgp best-path-selection ignore-router-id

Description

When the ignore-router-id command is present, and the current best path to a destination was learned from EBGP peer X with BGP identifier x and a new path is received from EBGP peer Y with BGP identifier y, the best path remains unchanged if the new path is equivalent to the current best path up to the BGP identifier comparison – even if y is less than x.

The no form of this command restores the default behavior of selecting the route with the lowest BGP identifier (y) as best.

Default

no ignore-router-id

Parameters

family

Specifies up to two internal families to be included in this configuration.

Values

mvpn-ipv4, mvpn-ipv6

include-internal

Specifies to ignore the router ID value even when comparing two IGBP paths or an EBGP and an IBGP path.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>endpoint ignore-standby-signaling)

[Tree] (config>service>vpls>spoke-sdp ignore-standby-signaling)

Full Context

configure service vpls endpoint ignore-standby-signaling

configure service vpls spoke-sdp ignore-standby-signaling

Description

When this command is enabled, the node ignores the standby-bit received from the TLDP peers for the specific spoke-SDP and performs internal tasks without taking it into account.

This command is present at the endpoint level and the spoke-SDP level. If the spoke-SDP is part of the explicit-endpoint, this setting cannot be changed at the spoke-SDP level. The existing spoke-SDP will become part of the explicit-endpoint only if the setting is not conflicting. The newly created spoke-SDP, which is a part of the specified explicit-endpoint, will inherit this setting from the endpoint configuration.

Default

no ignore-standby-signaling

Platforms

7705 SAR Gen 2

Context

[Tree] (config>oam-pm>session>ip>tunnel>mpls>sr-ospf igp-instance)

[Tree] (config>oam-pm>session>ip>tunnel>mpls>sr-isis igp-instance)

Full Context

configure oam-pm session ip tunnel mpls sr-ospf igp-instance

configure oam-pm session ip tunnel mpls sr-isis igp-instance

Description

This command configures the IGP instance to tunnel IP packets for the session test.

Default

igp-instance 0

Parameters

igp-instance

Specifies the IGP instance used to tunnel packets for the session.

Values

isis-inst	0 to 127
ospf-inst	0 to 31
ospf3-inst	0 to 31,64 to 95

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls>lsp-template igp-shortcut)

[Tree] (config>router>mpls>lsp igp-shortcut)

Full Context

configure router mpls lsp-template igp-shortcut

configure router mpls lsp igp-shortcut

Description

This command enables the use of a specific RSVP LSP by IS-IS and OSPF routing protocols as a shortcut or as a forwarding adjacency for resolving IGP routes.

When the igp-shortcut or the advertise-tunnel-link option is enabled at the IGP instance level, all RSVP LSPs originating on this node are eligible by default as long as the destination address of the LSP, as configured in config>router>mpls>lsp>to, corresponds to a router-id of a remote node.

The lfa-protect option allows an LSP to be included in both the main SPF and the Loop-Free Alternate (LFA) SPF. For a given prefix, the LSP can be used either as a primary next-hop or as an LFA next-hop, but not both. If the main SPF computation selected a tunneled primary next-hop for a prefix, the LFA SPF will not select an LFA next-hop for this prefix and the protection of this prefix will rely on the RSVP LSP FRR protection. If the main SPF computation selected a direct primary next-hop, then the LFA SPF will select an LFA next-hop for this prefix but will prefer a direct LFA next-hop over a tunneled LFA next-hop.

The lfa-only option allows an LSP to be included in the LFA SPF only such that the introduction of IGP shortcuts does not impact the main SPF decision. For a given prefix, the main SPF always selects a direct primary next-hop. The LFA SPF selects an LFA next-hop for this prefix but will prefer a direct LFA next-hop over a tunneled LFA next-hop.

When the relative-metric option is enabled, IGP will apply the shortest IGP cost between the endpoints of the LSP plus the value of the offset (instead of the LSP operational metric) when computing the cost of a prefix which is resolved to the LSP. The offset value is optional and it defaults to zero. The minimum net cost for a prefix is one (1) after applying the offset. The TTM continues the show the LSP operational metric as provided by MPLS. In other words, applications such as LDP-over-RSVP (when IGP shortcut is disabled) and BGP and static route shortcuts will continue to use the LSP operational metric.

The relative-metric option is mutually exclusive with the lfa-protect or the lfa-only options. In other words, an LSP with the relative-metric option enabled cannot be included in the LFA SPF, and vice-versa, when the igp-shortcut option is enabled in the IGP.

Finally, the relative-metric option is ignored when forwarding adjacency is enabled in IS-IS or OSPF. In this case, IGP advertises the LSP as a point-to-point unnumbered link along with the LSP operational metric as returned by MPLS and capped to maximum link metric allowed in that IGP. Both the main SPF and the LFA SPFs will use the local IGP database to resolve the routes.

When the router performs local SPF, the SR-TE LSP is used as an eligible IGP shortcut for SRv4 or SRv6 only if the LSP is explicitly allowed using the allow-sr-over-srte option when the top SID in the SR-TE LSP is an adjacency SID.

The no form of this command disables the use of a specific RSVP LSP by IS-IS and OSPF routing protocols as a shortcut or a forwarding adjacency for resolving IGP routes.

Default

igp-shortcut. All RSVP LSPs originating on this node are eligible by default as long as the destination address of the LSP corresponds to a router-id of a remote node.

Parameters

lfa-protect

Specifies an LSP is included in both the main SPF and the LFA SPF.

lfa-only

Specifies an LSP is included in the LFA SPF only.

relative-metric [offset]

Specifies the shortest IGP cost between the endpoints of the LSP plus the configured offset, instead of the LSP operational metric returned by MPLS, is used when calculating the cost of prefix resolved to this LSP. The offset parameter is an integer and is optional. An offset value of zero is used when the relative-metric option is enabled without specifying the offset parameter value.

Values

[-10, +10]

allow-sr-over-srte

Specifies that the LSP or LSP template is eligible as an IGP shortcut.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis igp-shortcut)

Full Context

configure router isis igp-shortcut

Description

This command enables the use of an RSVP-TE or SR-TE shortcut for resolving IGP routes by OSPF or IS-IS routing protocols.

This command instructs IGP to include RSVP LSPs and SR-TE LSPs originating on this node and terminating on the router ID of a remote node as direct links with a metric equal to the metric provided by MPLS.

During the IP reach calculation to determine the reachability of nodes and prefixes, LSPs are overlaid and the LSP metric is used to determine the subset of paths that are equal lowest cost to reach a node or a prefix. If the user enabled the relative-metric option for this LSP, IGP will apply the shortest IGP cost between the endpoints of the LSP plus the value of the offset, instead of the LSP operational metric, when computing the cost of a prefix that is resolved to the LSP.

When a prefix is resolved to a tunnel next-hop, the packet is sent labeled with the label stack corresponding to the NHLFE of the RSVP-TE or SR-TE LSP, as well as the explicit-null IPv6 label at the bottom of the stack in the case of an IPv6 prefix. Any network event causing one or more IGP shortcuts to go down will trigger a full SPF computation, which may result in installing a new route over an updated set of tunnel next-hops and IP next-hops.

When igp-shortcut is enabled at the IGP instance level, all RSVP-TE and SR-TE LSPs originating on this node are eligible by default as long as the destination address of the LSP, as configured in config>router>mpls>lsp>to, corresponds to a router ID of a remote node. LSPs with a destination corresponding to an interface address or any other loopback interface address of a remote node are automatically not considered by IGP. The user can, however, exclude a specific RSVP-TE or SR-TE LSP from being used as a shortcut for resolving IGP routes by entering the config>router>mpls>lsp>no igp-shortcut command.

The SPF in IGP only uses RSVP LSPs as forwarding adjacencies, IGP shortcuts, or as endpoints for LDP-over-RSVP. These applications of RSVP LSPs are mutually exclusive at the IGP instance level. If two or more options are enabled in the same IGP instance, then forwarding adjacency takes precedence over the shortcut application, which takes precedence over the LDP-over-RSVP application.

The SPF in IGP uses SR-TE LSPs as IGP shortcuts only.

When ECMP is enabled on the system and multiple equal-cost paths exist for a prefix, the following selection criteria are used to pick up the set of tunnel and IP next-hops to program in the data path.

• Where a destination is a tunnel-endpoint (including external prefixes with tunnel-endpoint as the next-hop), the tunnel with lowest tunnel-index is selected (the IP next-hop is never used in this case).

• Where a destination is not a tunnel-endpoint:

  • LSPs with metric higher than underlying IGP cost between the endpoint of the LSP are excluded

  • Tunnel next-hops are preferred over IP next-hops

  • Within tunnel next-hops, the following priority applies to selection:

    1. The lowest endpoint-to-destination cost is selected

    2. If the endpoint-to-destination costs are the same, the lowest endpoint node router ID is selected

    3. If the router IDs are the same, the lowest tunnel index is selected

  • Within IP next-hops, the following priority applies to selection:

    1. The lowest downstream router ID is selected

    2. If the downstream router IDs are the same, the lowest interface-index is selected

When both RSVP-TE and SR-TE IGP shortcuts are available, the IP reach calculation, in the unicast routing table, will first follow the above ECMP tunnel and IP next-hop selection rules when resolving a prefix over IGP shortcuts. After the set of ECMP tunnel and IP next-hops have been selected, the preference of tunnel type is then applied based on the user setting for prefix family resolution. If the user enabled resolution of the prefix family to both RSVP-TE and SR-TE tunnel types, the TTM tunnel preference value is used to select one type for the prefix. In other words, an RSVP-TE LSP type is preferred to an SR-TE LSP type on a per-prefix basis.

The ingress IOM sprays the packets for this prefix over the set of tunnel next-hops and IP next-hops based on the hashing routine currently supported for IPv4 packets.

This feature provides IGP with the capability to populate the multicast RTM with the prefix IP next-hop when both the igp-shortcut and the multicast-import options are enabled in IGP. The unicast RTM can still use the tunnel next-hop for the same prefix. The SPF keeps track of both the direct first hop and the tunneled first hop of a node, which is added to the Dijkstra tree.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ospf3 igp-shortcut)

[Tree] (config>router>ospf igp-shortcut)

Full Context

configure router ospf3 igp-shortcut

configure router ospf igp-shortcut

Description

This command enables the use of an RSVP-TE or SR-TE shortcut for resolving IGP routes by OSPF or IS-IS routing protocols.

This command instructs IGP to include RSVP LSPs and SR-TE LSPs originating on this node and terminating on the router ID of a remote node as direct links with a metric equal to the metric provided by MPLS.

During the IP reach calculation to determine the reachability of nodes and prefixes, LSPs are overlaid and the LSP metric is used to determine the subset of paths that are equal lowest cost to reach a node or a prefix. If the user enabled the relative-metric option for this LSP, IGP will apply the shortest IGP cost between the endpoints of the LSP plus the value of the offset, instead of the LSP operational metric, when computing the cost of a prefix that is resolved to the LSP.

When a prefix is resolved to a tunnel next hop, the packet is sent labeled with the label stack corresponding to the NHLFE of the RSVP-TE or SR-TE LSP, as well as the explicit-null IPv6 label at the bottom of the stack in the case of an IPv6 prefix. Any network event causing one or more IGP shortcuts to go down will trigger a full SPF computation, which may result in installing a new route over an updated set of tunnel next-hops and IP next-hops.

When igp-shortcut is enabled at the IGP instance level, all RSVP-TE and SR-TE LSPs originating on this node are eligible by default as long as the destination address of the LSP, as configured in config>router>mpls>lsp>to, corresponds to a router ID of a remote node. LSPs with a destination corresponding to an interface address or any other loopback interface address of a remote node are automatically not considered by IGP. The user can, however, exclude a specific RSVP-TE or SR-TE LSP from being used as a shortcut for resolving IGP routes by entering the config>router>mpls>lsp>no igp-shortcut command.

The SPF in IGP only uses RSVP LSPs as forwarding adjacencies, IGP shortcuts, or as endpoints for LDP-over-RSVP. These applications of RSVP LSPs are mutually exclusive at the IGP instance level. If two or more options are enabled in the same IGP instance, then forwarding adjacency takes precedence over the shortcut application, which takes precedence over the LDP-over-RSVP application.

The SPF in IGP uses SR-TE LSPs as IGP shortcuts only.

When ECMP is enabled on the system and multiple equal-cost paths exist for a prefix, the following selection criteria are used to pick up the set of tunnel and IP next-hops to program in the data path.

• Where a destination is a tunnel-endpoint (including external prefixes with tunnel-endpoint as the next hop), the tunnel with lowest tunnel-index is selected (the IP next hop is never used in this case).

• Where a destination is not a tunnel-endpoint:

  • LSPs with metric higher than underlying IGP cost between the endpoint of the LSP are excluded

  • Tunnel next-hops are preferred over IP next-hops

  • Within tunnel next-hops:

    1. The lowest endpoint-to-destination cost is selected

    2. If the endpoint-to-destination costs are the same, the lowest endpoint node router ID is selected

    3. If the router IDs are the same, the lowest tunnel index is selected

  • Within IP next-hops:

    1. The lowest downstream router ID is selected

    2. If the downstream router IDs are the same, the lowest interface-index is selected

When both RSVP-TE and SR-TE IGP shortcuts are available, the IP reach calculation, in the unicast routing table, will first follow the above ECMP tunnel and IP next hop selection rules when resolving a prefix over IGP shortcuts. After the set of ECMP tunnel and IP next-hops have been selected, the preference of tunnel type is then applied based on the user setting of the resolution of the family of the prefix. If the user enabled resolution of the prefix family to both RSVP-TE and SR-TE tunnel types, the TTM tunnel preference value is used to select one type for the prefix. In other words, the RSVP-TE LSP type is preferred to an SR-TE LSP type on a per-prefix basis.

The ingress IOM sprays the packets for this prefix over the set of tunnel next-hops and IP next-hops based on the hashing routine currently supported for IPv4 packets.

This feature provides IGP with the capability to populate the multicast RTM with the prefix IP next hop when both the igp-shortcut and the multicast-import options are enabled in IGP. The unicast RTM can still make use of the tunnel next hop for the same prefix. This change is made possible with the enhancement by which SPF keeps track of both the direct first hop and the tunneled first hop of a node which is added to the Dijkstra tree.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>isis iid-tlv-enable)

Full Context

configure service vprn isis iid-tlv-enable

Description

This command enables IS-IS multi-instance (MI) as described in draft-ietf-isis-mi-02. Multiple instances allow instance-specific adjacencies to be formed that support multiple network topologies on the same physical interfaces. Each instance has an LSDB, and each PDU contains a TLV identifying the instance and the topology to which the PDU belongs.

The iid-tlv-enable (based on draft-ietf-isis-mi-02) and standard-multi-instance (based on draft-ginsberg-isis-mi-bis-01) commands cannot be configured in the same instance, because the MAC addresses and PDUs in each standard are incompatible.

Default

no iid-tlv-enable

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis iid-tlv-enable)

Full Context

configure router isis iid-tlv-enable

Description

This command enables IS-IS multi-instance (MI) as described in draft-ietf-isis-mi-02. Multiple instances allows the formation of instance-specific adjacencies that support multiple network topologies on the same physical interfaces. Each instance has an LSDB, and each PDU contains a TLV that identifies the instance and the topology to which the PDU belongs.

The iid-tlv-enable (based on draft-ietf-isis-mi-02) and standard-multi-instance (based on draft-ginsberg-isis-mi-bis-01) commands cannot be configured in the same instance, because the MAC addresses and PDUs in each standard are incompatible.

The no form of this command disables IS-IS MI.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>ipsec>ike-transform ike-auth-algorithm)

Full Context

configure ipsec ike-transform ike-auth-algorithm

Description

This command specifies the IKE authentication algorithm for the IKE transform

Default

ike-auth-algorithm sha1

Parameters

auth-algorithm

Specifies the values used to identify the hashing algorithm

Values

md5 — Configures the use of the hmac-md5 algorithm for authentication

sha1 — Configures the use of the hmac-sha1 algorithm for authentication

sha256 — Configures the use of the hmac-sha256 algorithm for authentication.

sha384 — Configures the use of the hmac-sha384 algorithm for authentication

sha512 — Configures the use of the hmac-sha512 algorithm for authentication.

aes-xcbc — Configures the use of aes-xcbc (RFC 3566, The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec) algorithm for authentication.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>ipsec>ike-transform ike-encryption-algorithm)

Full Context

configure ipsec ike-transform ike-encryption-algorithm

Description

This command specifies the IKE encryption algorithm to be used in the IKE transform instance.

Default

ike-encryption-algorithm aes128

Parameters

encryption-algorithm

Specifies the IKE encryption algorithm.

Values

des — Configures the 56-bit des algorithm for encryption. This is an older algorithm with relatively weak security. While better than nothing, it should only be used where a strong algorithm is not available on both ends at an acceptable performance level.

3des — Configures the 3-des algorithm for encryption. This is a modified application of the des algorithm which uses multiple des operations to make information more secure.

aes128 — Configures the aes algorithm with a block size of 128 bits. This is a mandatory implementation size for aes. This is a very strong algorithm choice.

aes192 — Configures the aes algorithm with a block size of 192 bits. This is a stronger version of aes.

aes256 — Configures the aes algorithm with a block size of 256 bits. This is the strongest available version of aes.

aes128-gcm8 - Configures ESP to use aes-gcm with a 128-bit key size and an 8-byte ICV for encryption and authentication.

aes128-gcm16 - Configures ESP to use aes-gcm with a 128-bit key size and a 16-byte ICV for encryption and authentication.

aes256-gcm8 - Configures ESP to use aes-gcm with a 256-bit key size and an 8-byte ICV for encryption and authentication.

aes256-gcm16 - This parameter configures ESP to use aes-gcm with a 256-bit key size and a 16-byte ICV for encryption and authentication.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>ipsec>ike-policy ike-mode)

Full Context

configure ipsec ike-policy ike-mode

Description

This command specifies one of either two modes of operation. IKE version 1 can support main mode and aggressive mode. The difference lies in the number of messages used to establish the session.

The no form of this command reverts to the default.

Default

no ike-mode

Parameters

main

Specifies identity protection for the hosts initiating the IPsec session. This mode takes slightly longer to complete.

aggressive

Specifies that the aggressive mode provides no identity protection but is faster.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>ipsec ike-policy)

Full Context

configure ipsec ike-policy

Description

Commands in this context configure an IKE policy.

The no form of this command

Parameters

ike-policy-id

Specifies a policy ID value to identify the IKE policy.

Values

1 to 2048

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>dyn ike-policy)

[Tree] (config>service>vprn>if>sap>ipsec-gw ike-policy)

[Tree] (config>router>if>ipsec>ipsec-tunnel>dyn ike-policy)

[Tree] (config>service>ies>if>sap>ipsec-gw ike-policy)

[Tree] (config>ipsec>trans-mode-prof>dyn ike-policy)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>dyn ike-policy)

Full Context

configure service ies interface ipsec ipsec-tunnel dynamic-keying ike-policy

configure service vprn interface sap ipsec-gw ike-policy

configure router interface ipsec ipsec-tunnel dynamic-keying ike-policy

configure service ies interface sap ipsec-gw ike-policy

configure ipsec ipsec-transport-mode-profile dynamic-keying ike-policy

configure service vprn interface ipsec ipsec-tunnel dynamic-keying ike-policy

Description

This command specifies the ID of the IKE policy used for IKE negotiation.

The no form of this command removes the IKE policy ID from the configuration.

Parameters

ike-policy-id

Specifies the IKE policy ID.

Values

1 to 2048

Platforms

7705 SAR Gen 2

Context

[Tree] (config>ipsec>ike-transform ike-prf-algorithm)

Full Context

configure ipsec ike-transform ike-prf-algorithm

Description

This command specifies the PRF algorithm to use for IKE security association.

Default

ike-prf-algorithm same-as-auth

Parameters

md5

This parameter configures IKE to use the hmac-md5 algorithm for PRF.

sha1

This parameter configures IKE to use the hmac-sha1 algorithm for PRF.

sha256

This parameter configures IKE to use the hmac-sha256 algorithm for PRF.

sha384

This parameter configures IKE to use the hmac-sha384 algorithm for PRF.

sha512

This parameter configures IKE to use the hmac-sha512 algorithm for PRF.

aes-xcbc

This parameter configures IKE to use the aes128-xcbc algorithm for PRF.

same-as-auth

This parameter configures the same algorithm as IKE authentication algorithm.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>ipsec>ike-policy ike-transform)

Full Context

configure ipsec ike-policy ike-transform

Description

This command specifies the IKE transform to be used in the IKE policy. Up to four IKE transforms can be specified. If multiple IDs are specified, the system selects an IKE transform based on the peer's proposal. If the system is a tunnel initiator, it uses the configured IKE transform to generate the SA payload.

Default

no ike-transform

Parameters

ike-transform-id

Specifies up to four existing IKE transform instances to be associated with this IKE policy.

Values

1 to 4096

Platforms

7705 SAR Gen 2

Context

[Tree] (config>ipsec ike-transform)

Full Context

configure ipsec ike-transform

Description

This commands creates a new or enters an existing IKE transform instance. The IKE transform include following configuration for IKE SA:

• DH Group

• IKE authentication algorithm

• IKE encryption algorithm

• IKE SA lifetime

The ike-transform-id is referenced in the ike-policy configuration.

Parameters

ike-transform

Specifies a number used to uniquely identify an IKE transform instance.

Values

1 to 4096

create

Keyword used to create the ike-transform instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>ipsec>ike-policy ike-version)

Full Context

configure ipsec ike-policy ike-version

Description

This command sets the IKE version (1 or 2) that the ike-policy will use.

Default

ike-version 1

Parameters

1 | 2

Specifies the version of IKE protocol.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>ipsec>ike-policy ikev1-ph1-responder-delete-notify)

Full Context

configure ipsec ike-policy ikev1-ph1-responder-delete-notify

Description

This command specifies the system, when deleting an IKEv1 phase 1 SA for which it was the responder, to send a delete notification to the peer. This command only applies when the configured ike-version 1. This command is ignored with IKE version 2.

The no form of this command reverts to the default.

Default

ikev1-ph1-responder-delete-notify

Platforms

7705 SAR Gen 2

Context

[Tree] (config>ipsec>ike-policy ikev2-fragment)

Full Context

configure ipsec ike-policy ikev2-fragment

Description

This command enables IKEv2 protocol level fragmentation (RFC 7383). The specified MTU is the maximum size of IKEv2 packet.

Default

no ikev2-fragment

Parameters

octets

Specifies the MTU for IKEv2 messages.

Values

512 to 9000

seconds

Specifies the timeout for reassembly.

Values

1 to 5

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ldp implicit-null-label)

Full Context

configure router ldp implicit-null-label

Description

This command enables the use of the implicit null label. Use this command to signal the implicit null option for all LDP FECs for which this node is the egress LER.

The no form of this command disables the signaling of the implicit null label.

Default

no implicit-null-label

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>rsvp implicit-null-label)

Full Context

configure router rsvp implicit-null-label

Description

This command enables the use of the implicit null label.

Signaling the IMPLICIT NULL label value for all RSVP LSPs can be enabled for which this node is the egress LER. RSVP must be shut down before being able to change this configuration option.

The egress LER does not signal the implicit null label value on P2MP RSVP LSPs. However, the Penultimate Hop Popping (PHP) node can honor a Resv message with the label value set to the implicit null.

The no form of this command disables the signaling of the implicit null label.

Default

no implicit-null-label

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>rsvp>interface implicit-null-label)

Full Context

configure router rsvp interface implicit-null-label

Description

This command enables the use of the implicit null label over a specific RSVP interface.

All LSPs for which this node is the egress LER and for which the path message is received from the previous hop node over this RSVP interface will signal the implicit null label. This means that if the egress LER is also the merge-point (MP) node, then the incoming interface for the path refresh message over the bypass dictates if the packet will use the implicit null label or not. The same for a 1-to-1 detour LSP.

The user must shut down the RSVP interface before being able to change the implicit null configuration option.

The no form of this command returns the RSVP interface to use the RSVP level configuration value.

Default

no implicit-null-label

Parameters

enable

Enables the implicit null label.

disable

Disables the implicit null label.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>mesh-sdp>igmp-snooping import)

[Tree] (config>service>vpls>sap>igmp-snooping import)

[Tree] (config>service>vpls>spoke-sdp>igmp-snooping import)

[Tree] (config>service>vpls>sap>mld-snooping import)

[Tree] (config>service>vpls>mesh-sdp>mld-snooping import)

[Tree] (config>service>vpls>spoke-sdp>mld-snooping import)

Full Context

configure service vpls mesh-sdp igmp-snooping import

configure service vpls sap igmp-snooping import

configure service vpls spoke-sdp igmp-snooping import

configure service vpls sap mld-snooping import

configure service vpls mesh-sdp mld-snooping import

configure service vpls spoke-sdp mld-snooping import

Description

This command specifies the import routing policy to be used for IGMP packets to be used on this SAP or SDP. Only a single policy can be imported on a SAP at any time.

The no form of this command removes the policy association from the SAP or SDP.

Default

no import

Parameters

policy-name

Specifies the routing policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters excluding double quotes. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes. Routing policies are configured in the config>router>policy-options context The router policy must be defined before it can be imported.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>bgp import)

[Tree] (config>service>vprn>bgp>group>neighbor import)

[Tree] (config>service>vprn>bgp>group import)

Full Context

configure service vprn bgp import

configure service vprn bgp group neighbor import

configure service vprn bgp group import

Description

This command is used to specify route policies that control the handling of inbound routes received from certain peers. Route policies are configured in the config>router>policy-options context.

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in a peer-group) or neighbor level (only applies to the specified peer). The most specific level is used

The import command can reference up to 15 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine the modifications of each route and the final action to accept or reject the route.

Only one of the 15 objects referenced by the import command can be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 15 objects has a maximum length of 255 characters while the remaining 14 objects have a maximum length of 64 characters each.

When multiple import commands are issued, the last command entered overrides the previous command.

When an import policy is not specified, BGP routes are accepted by default.

The no form of this command removes the policy association.

Default

no import

Parameters

plcy-or-long-expr

Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters).

plcy-or-expr

Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters).

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>igmp>if import)

Full Context

configure service vprn igmp interface import

Description

This command imports a policy to filter IGMP packets.

The no form of this command removes the policy association from the IGMP instance.

Default

no import — No import policy specified.

Parameters

policy-name

Specifies the import route policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed between double quotes.

The specified name(s) must already be defined.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>isis import)

Full Context

configure service vprn isis import

Description

This command applies one or more (up to five) route polices as IS-IS import policies.

When a prefix received in an IS-IS LSP is accepted by an entry in an IS-IS import policy, it is installed in the routing table, if it is the most preferred route to the destination.

When a prefix received in an IS-IS LSP is rejected by an entry in an IS-IS import policy, it is not installed in the routing table, even if it has the lowest preference value among all the routes to that destination.

The flooding of LSPs is unaffected by IS-IS import policy actions.

The no form of this command removes all policies from the configuration.

Default

no import

Parameters

policy-name

Identifies the export route policy name. Allowed values are any string up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed between double quotes. The specified name(s) must already be defined.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>mld>if import)

Full Context

configure service vprn mld interface import

Description

This command specifies the import route policy to be used for determining which membership reports are accepted by the router. Route policies are configured in the config>router>policy-options context.

When an import policy is not specified, all the MLD reports are accepted.

The no form of this command removes the policy association from the MLD instance.

Default

no import

Parameters

policy-name

Specifies the route policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed between double quotes. Route policies are configured in the config>router>policy-options context.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>ospf>area import)

[Tree] (config>service>vprn>ospf3>area import)

Full Context

configure service vprn ospf area import

configure service vprn ospf3 area import

Description

This command configures ABR import policies to filter OSPFv2 Type 3 Summary-LSAs or OSPFv3 Inter-Area-Prefix-LSA between areas, to only permit the specified routes from being imported into an area.

This command cannot be used in OSPF area 0.

The no form of this command reverts to the default value.

Default

no import

Parameters

policy-name

Specifies the export route policy name. A maximum of five policy names can be specified. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

The specified policy names must be predefined and already exist in the system.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>ospf import)

[Tree] (config>service>vprn>ospf3 import)

Full Context

configure service vprn ospf import

configure service vprn ospf3 import

Description

This command applies one or more (up to five) route polices as OSPF import policies. When a prefix received in an OSPF LSA is accepted by an entry in an OSPF import policy it is installed in the routing table if it is the most preferred route to the destination. When a prefix received in an OSPF LSA is rejected by an entry in an OSPF import policy it is not installed in the routing table, even if it has the lowest preference value among all the routes to that destination. The flooding of LSAs is unaffected by OSPF import policy actions.

Default

If an OSPF route has the lowest preference value among all routes to a destination it is installed in the routing table.

Parameters

policy-name

Specifies the import route policy name. A maximum of five policy names can be specified. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed between double quotes.

The specified policy name(s) must be predefined and already exist in the system.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>pim import)

Full Context

configure service vprn pim import

Description

This command specifies the import route policy to be used for determining which routes are accepted from peers. Route policies are configured in the config>router>policy-options context. When an import policy is not specified, BGP routes are accepted by default.

The no form of this command removes the policy association from the IGMP instance.

Default

no import join-policy

no import register-policy

Parameters

join-policy

Use this command to filter PIM join messages which prevents unwanted multicast streams from traversing the network.

register-policy

This keyword filters register messages. PIM register filters prevent register messages from being processed by the RP. This filter can only be defined on an RP. When a match is found, the RP immediately sends back a register-stop message.

policy-name

Specifies the route policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed between double quotes. Route policies are configured in the config>router>policy-options context.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>rip>group import)

[Tree] (config>service>vprn>rip import)

[Tree] (config>service>vprn>ripng import)

[Tree] (config>service>vprn>rip>group>neighbor import)

[Tree] (config>service>vprn>ripng>group import)

[Tree] (config>service>vprn>ripng>group>neighbor import)

Full Context

configure service vprn rip group import

configure service vprn rip import

configure service vprn ripng import

configure service vprn rip group neighbor import

configure service vprn ripng group import

configure service vprn ripng group neighbor import

Description

This command configures import route policies to determine routes that will be accepted from RIP neighbors. If no import policy is specified, RIP accepts all routes from configured RIP neighbors. Import policies can be used to limit or modify the routes accepted and their corresponding parameters and metrics.

If multiple policy names are specified, the policies are evaluated in the order that they are specified. The first policy that matches is applied. If multiple import commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

The no form of this command removes all policies from the configuration.

Default

no import

Parameters

policy-name

The import route policy name. Allowed values are any string up to 32 characters in length and composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed between double quotes. The specified names must already be defined.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ldp import)

Full Context

configure router ldp import

Description

This command configures import route policies to determine which label bindings (FECs) are accepted from LDP neighbors. Policies are configured in the config>router>policy-options context.

If no import policy is specified, LDP accepts all label bindings from configured LDP neighbors. Import policies can be used to limit or modify the routes accepted and their corresponding parameters and metrics.

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple import commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

The no form of this command removes all policies from the configuration.

Default

no import

Parameters

policy-name

Specifies up to five import route policy names, up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

The specified name(s) must already be defined.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>igmp>if import)

Full Context

configure router igmp interface import

Description

This command applies the referenced IGMP policy (filter) to an interface subscriber or a group-interface. An IGMP filter is also known as a black/white list and it is defined under the config>router>policy-options.

When redirection is applied, only the import policy from the subscriber will be in effect. The import policy under the group interface is applicable only for IGMP states received directly on the SAP (AN in IGMP proxy mode).

The no form of the command removes the policy association from the IGMP instance.

Default

no import

Parameters

policy-name

The route policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes. Route policies are configured in the config>router>policy-options context.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mld>if import)

Full Context

configure router mld interface import

Description

This command specifies the import route policy to determine which membership reports are accepted by the router. Route policies are configured in the config>router>policy-options context.

When an import policy is not specified, all the MLD reports are accepted.

The no form of this command removes the policy association from the MLD instance.

Default

no import

Parameters

policy-name

Specifies the route policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes. Route policies are configured in the config>router>policy-options context.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>pim import)

Full Context

configure router pim import

Description

This command specifies the import route policy to be used. Route policies are configured in the config>router>policy-options context.

When an import policy is not specified, BGP routes are accepted by default. Up to five import policy names can be specified.

The no form of this command removes the policy association from the instance.

Default

no import

Parameters

join-policy

Filters PIM join messages which prevents unwanted multicast streams from traversing the network.

register-policy

Filters register messages. PIM register filters prevent register messages from being processed by the RP. This filter can only be defined on an RP. When a match is found, the RP immediately sends back a register-stop message.

policy-name

Specifies the route policy name, up to 32 characters. Route policies are configured in the config>router>policy-options context.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>pw-template>igmp-snooping import)

Full Context

configure service pw-template igmp-snooping import

Description

This command specifies the import routing policy to be used for IGMP packets. Only a single policy can be imported at a time.

The no form of the command removes the policy association.

Default

no import

Parameters

policy-name

Specifies the import policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes. Routing policies are configured in the config>router>policy-options context The router policy must be defined before it can be imported.

Platforms

7705 SAR Gen 2

Context

[Tree] (admin>certificate import)

Full Context

admin certificate import

Description

This command converts an input file (key/certificate/CRL) to a system format file. The following list summarizes the formats supported by this command:

• Certificate

  • PKCS #12

  • PKCS #7 PEM encoded

  • PKCS #7 DER encoded

  • PEM

  • DER

• Key

  • PKCS #12

  • PEM

  • DER

• CRL

  • PKCS #7 PEM encoded

  • PKCS #7 DER encoded

  • PEM

  • DER

Parameters

input url-string

Specifies the URL for the input file. This URL could be either a local CF card URL file or a FP URL to download the input file.

Values

url-string	<local-url> up to 99 characters
local-url	<cflash-id>/<file-path>
cflash-id	cf1:| cf2:| cf3:

output filename

Specifies the name of output file up to 95 characters. The output directory depends on the file type like following:

• Key: cf3:\system-pki\key

• Cert: cf3:\system-pki\cert

• CRL: cf3:\system-pki\CRL

type

The type of input file.

Values

cert, key, crl

format

Specifies the format of input file.

Values

pkcs12, pkcs7-der, pkcs7-pem, pem, der

password

Specifies the password to decrypt the input file in case that it is an encrypted PKCS#12 file.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>group>neighbor import)

[Tree] (config>router>bgp>group import)

[Tree] (config>router>bgp import)

Full Context

configure router bgp group neighbor import

configure router bgp group import

configure router bgp import

Description

This command specifies route policies that control the handling of inbound routes received from certain peers. Route policies are configured in the config>router>policy-options context.

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific level is used.

The import command can reference up to 15 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine the modifications of each route and the final action to accept or reject the route.

Only one of the 15 objects referenced by the import command is allowed to be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 15 objects has a maximum length of 255 characters; the remaining 14 objects have a maximum length of 64 characters each.

When multiple import commands are issued, the last command entered overrides the previous command.

When an import policy is not specified, BGP routes are accepted by default.

The no form of this command removes the policy association.

Default

no import

Parameters

plcy-or-long-expr

Specifies the route policy name (up to 64 characters long) or a policy logical expression (up to 255 characters long). Allowed values are any string up to 255 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

plcy-or-expr

Specifies the route policy name (up to 64 characters long) or a policy logical expression (up to 64 characters long). Allowed values are any string up to 64 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis import)

Full Context

configure router isis import

Description

This command specifies up to five route polices as IS-IS import policies.

When a prefix received in an IS-IS LSP is accepted by an entry in an IS-IS import policy, it is installed in the routing table, if it is the most preferred route to the destination.

When a prefix received in an IS-IS LSP is rejected by an entry in an IS-IS import policy, it is not installed in the routing table, even if it has the lowest preference value among all the routes to that destination.

The flooding of LSPs is unaffected by IS-IS import policy actions.

The no form of this command removes all policies from the configuration.

Default

no import

Parameters

policy-name

Specifies the import route policy name. Allowed values are any string up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes. The specified names must already be defined.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ospf3 import)

[Tree] (config>router>ospf import)

Full Context

configure router ospf3 import

configure router ospf import

Description

This command applies one or more (up to 5) route polices as OSPF import policies. When a prefix received in an OSPF LSA is accepted by an entry in an OSPF import policy, it is installed in the routing table if it is the most preferred route to the destination. When a prefix received in an OSPF LSA is rejected by an entry in an OSPF import policy, it is not installed in the routing table, even if it has the lowest preference value among all the routes to that destination. The flooding of LSAs is unaffected by OSPF import policy actions. The no form of this command removes all policies from the configuration.

Default

no import

Parameters

policy-name

Specifies up to 5 export route policy names. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes. The specified names must already be defined.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ospf3>area import)

[Tree] (config>router>ospf>area import)

Full Context

configure router ospf3 area import

configure router ospf area import

Description

This command configures ABR import policies to filter OSPFv2 Type 3 Summary-LSAs or OSPFv3 Inter-Area-Prefix-LSA between areas, in order to only permit the specified routes from being imported into an area.

This command cannot be used in OSPF area 0.

The no form of this command reverts to the default value.

Default

no import

Parameters

policy-name

Specifies up to five import route policy names. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes. The specified names must already be defined.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ripng>group>neighbor import)

[Tree] (config>router>rip import)

[Tree] (config>router>rip>group import)

[Tree] (config>router>ripng>group import)

[Tree] (config>router>rip>group>neighbor import)

[Tree] (config>router>ripng import)

Full Context

configure router ripng group neighbor import

configure router rip import

configure router rip group import

configure router ripng group import

configure router rip group neighbor import

configure router ripng import

Description

This command configures import route policies to determine which routes are accepted from RIP neighbors. If no import policy is specified, RIP accepts all routes from configured RIP neighbors. Import policies can be used to limit or modify the routes accepted and their corresponding parameters and metrics.

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple import commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

The no form of the command removes all policies from the configuration.

Default

no import

Parameters

policy-name

Specifies up to five import route policy names. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

The specified names must already be defined.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>bgp-ipvpn>attribute-set import)

Full Context

configure service vprn bgp-ipvpn attribute-set import

Description

This command configures the reception behavior for ATTR_SETs in received VPN-IP routes.

Default

import ignore

Parameters

accept

Keyword to configure BGP to accept and process ATTR_SETs in received unicast VPN-IP routes (MPLS or SRv6) when they are imported into the VPRN. The path attributes contained inside the ATTR_SET are used for best-path selection within the VPRN, instead of the outer-path attributes attached to the imported VPN-IP route. The path attributes inside the ATTR_SET determine the path attributes of BGP routes advertised to PE-CE peers of the VPRN. However, the ATTR_SET is removed at the time of advertisement. VPRN BGP routes with attributes derived from accept processing are only advertised to EBGP peers and IBGP route reflector client peers. VPRN BGP routes are not advertised to BGP confederation peers. If the origin AS in the ATTR_SET attribute does not match the configured ASN, VPRN BGP routes with attributes derived from accept processing are advertised to IBGP peers that are not covered by a cluster configuration.

drop

Keyword to configure BGP to ignore and silently discard ATTR_SETs in received VPN-IP routes when they are imported into the VPRN. The path attributes contained inside the ATTR_SET are not used for best path selection within the VPRN. If a VPRN is not involved in an independent domain Layer 3 VPN service, Nokia recommends configuring the import command to drop.

ignore

Keyword to configure BGP to ignore ATTR_SETs in received VPN-IP routes when they are imported into the VPRN. The path attributes contained inside the ATTR_SET are not used for best-path selection within the VPRN. With the ignore parameter, the ATTR_SET attribute is transmitted unchanged to the CE. Nokia does not recommend configuring the import command to ignore in most deployments.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>grt import-grt)

Full Context

configure service vprn grt-lookup import-grt

Description

This command associates policies to control the leaking of GRT routes into the associated VPRN.

The GRT route must have first been leaked by a leak-export policy defined under the config>router context. Then the route must match a route entry in the specified import-grt policy with an accept action.

The no form of this command removes route leaking policy associations and disables the leaking of GRT routes into the local VPRN.

Parameters

plcy-or-long-expr

Specifies route policy names, up to 64 characters, or a policy logical expression, up to 255 characters.

Values

plcy-or-long-expr: policy-name | long-expr

policy-name: up to 64 characters

long-expr: up to 255 characters

plcy-or-expr

Specifies up to four route policy names, up to 64 characters, or a policy logical expression, up to 64 characters.

Values

plcy-or-expr: policy-name | expr

policy-name: up to 64 characters

expr: up to 64 characters

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ldp import-pmsi-routes)

Full Context

configure router ldp import-pmsi-routes

Description

Commands in this context configure import-pmsi-routes.

For option B, the leafs or ABR/ASBR that are not directly connected to the root have no visibility of the root. As such, for LDP to build the recursive FEC it needs to cache the MVPN PMSI AD routes, this command gives the user the ability to manually enable caching of MVPN PMSI AD routes internally in LDP for EVPN or MVPN inter-as or mvpn_no_export_community intra-as.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ldp>session-params>peer import-prefixes)

Full Context

configure router ldp session-parameters peer import-prefixes

Description

This command configures the import FEC prefix policy to determine which prefixes received from this LDP peer are imported and installed by LDP on this node. If resolved these FEC prefixes are then re-distributed to other LDP and T-LDP peers. A FEC prefix that is filtered out (deny) will not be imported. A FEC prefix that is filtered in (accept) will be imported.

If no import policy is specified, the node will import all prefixes received from this LDP/T-LDP peer. This policy is applied in addition to the global LDP policy and targeted session policy.

Policies are configured in the config>router>policy-options context. A maximum of five policy names can be specified. Peer address has to be the peer LSR-ID address.

The no form of the command removes the policy from the configuration.

Default

no import-prefixes - no import route policy is specified

Parameters

policy-name

Specifies up to five import-prefix route policy names. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters excluding double quotes. If the string contains spaces, use double quotes to delimit the start and end of the string. The specified name(s) must already be defined.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ldp>targeted-session import-prefixes)

Full Context

configure router ldp targeted-session import-prefixes

Description

This command configures the import route policy to determine which FEC prefix label bindings are accepted from targeted LDP neighbors into this node. A label binding that is filtered out (deny) will not be imported. A route that is filtered in (accept) will be imported.

If no import policy is specified, this node session will accept all bindings from configured targeted LDP neighbors. This policy is applied in addition to the global LDP policy.

Policies are configured in the config>router>policy-options context. A maximum of five policy names can be specified.

The no form of this command removes the policy from the configuration.

Parameters

policy-name

Specifies up to five import policy names. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ldp import-tunnel-table)

Full Context

configure router ldp import-tunnel-table

Description

This command controls the import, in the tunnel table, of LDP tunnels to non-host prefixes. This command is only intended for importing tunnels; it cannot be used for preventing the import of any specific prefix and only non-host prefixes will be considered when evaluating this policy in this context. The LDP tunnels to these non-host prefixes must be created before they can be imported.

This command does not affect the automatic import of LDP tunnels to host prefixes.

The no version of this command removes all of the import policies and, by consequence, any tunnels to non-host prefixes from the tunnel table. If a non-host prefix tunnel is currently being used for forwarding, disabling this command may be service-impacting.

Default

no import-tunnel-table

Parameters

policy-name

Specifies up to five import route policy names. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

The specified policy names must already be defined.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>pki imported-format)

Full Context

configure system security pki imported-format

Description

This command specifies the allowed format of imported certificates or keys in the cf3:/system-pki directory.

Default

imported-format any

Parameters

any

Allows any imported format.

secure

Only allows enhanced secure imported formats.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>pim>if improved-assert)

Full Context

configure service vprn pim interface improved-assert

Description

This command enables improved assert processing on this interface. The PIM assert process establishes a forwarder for a LAN and requires interaction between the control and forwarding planes.

The assert process is started when data is received on an outgoing interface. This could impact performance if data is continuously received on an outgoing interface.

When enabled, the PIM assert process is done entirely on the control-plane with no interaction between the control and forwarding plane.

Default

improved-assert

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>pim>interface improved-assert)

Full Context

configure router pim interface improved-assert

Description

This command enables improved assert processing. The PIM assert process establishes a forwarder for a LAN and requires interaction between the control and forwarding planes. The assert process is started when data is received on an outgoing interface meaning that duplicate traffic is forwarded to the LAN until the forwarder is negotiated among the routers.

When the improved-assert command is enabled, the PIM assert process is done entirely in the control plane. The advantages are that it eliminates duplicate traffic forwarding to the LAN. It also improves performance since it removes the required interaction between the control and data planes.

Default

improved-assert

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters in-plus-profile-octets-discarded-count)

[Tree] (config>log>acct-policy>cr>policer>e-counters in-plus-profile-octets-discarded-count)

Full Context

configure log accounting-policy custom-record ref-policer e-counters in-plus-profile-octets-discarded-count

configure log accounting-policy custom-record policer e-counters in-plus-profile-octets-discarded-count

Description

This command includes the in-plus profile octets discarded count.

The no form of this command excludes the in-plus profile octets discarded count.

Default

no in-plus-profile-octets-discarded-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>policer>e-counters in-plus-profile-octets-forwarded-count)

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters in-plus-profile-octets-forwarded-count)

Full Context

configure log accounting-policy custom-record policer e-counters in-plus-profile-octets-forwarded-count

configure log accounting-policy custom-record ref-policer e-counters in-plus-profile-octets-forwarded-count

Description

This command includes the in-plus profile octets forwarded count.

The no form of this command excludes the in-plus profile octets forwarded count.

Default

no in-plus-profile-octets-forwarded-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters in-plus-profile-octets-offered-count)

[Tree] (config>log>acct-policy>cr>policer>e-counters in-plus-profile-octets-offered-count)

Full Context

configure log accounting-policy custom-record ref-policer e-counters in-plus-profile-octets-offered-count

configure log accounting-policy custom-record policer e-counters in-plus-profile-octets-offered-count

Description

This command includes the in-plus profile octets offered count.

The no form of this command excludes the in-plus profile octets offered count.

Default

no in-plus-profile-octets-offered-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters in-plus-profile-packets-discarded-count)

[Tree] (config>log>acct-policy>cr>policer>e-counters in-plus-profile-packets-discarded-count)

Full Context

configure log accounting-policy custom-record ref-policer e-counters in-plus-profile-packets-discarded-count

configure log accounting-policy custom-record policer e-counters in-plus-profile-packets-discarded-count

Description

This command includes the in-plus profile packets discarded count.

The no form of this command excludes the in-plus profile packets discarded count.

Default

no in-plus-profile-packets-discarded-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>policer>e-counters in-plus-profile-packets-forwarded-count)

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters in-plus-profile-packets-forwarded-count)

Full Context

configure log accounting-policy custom-record policer e-counters in-plus-profile-packets-forwarded-count

configure log accounting-policy custom-record ref-policer e-counters in-plus-profile-packets-forwarded-count

Description

This command includes the in-plus profile packets forwarded count.

The no form of this command excludes the in-plus profile packets forwarded count.

Default

no in-plus-profile-packets-forwarded-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters in-plus-profile-packets-offered-count)

[Tree] (config>log>acct-policy>cr>policer>e-counters in-plus-profile-packets-offered-count)

Full Context

configure log accounting-policy custom-record ref-policer e-counters in-plus-profile-packets-offered-count

configure log accounting-policy custom-record policer e-counters in-plus-profile-packets-offered-count

Description

This command includes the in-plus profile packets offered count.

The no form of this command excludes the in-plus profile packets offered count.

Default

no in-plus-profile-packets-offered-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters in-profile-octets-discarded-count)

[Tree] (config>log>acct-policy>cr>policer>e-counters in-profile-octets-discarded-count)

[Tree] (config>log>acct-policy>cr>ref-queue>e-counters in-profile-octets-discarded-count)

[Tree] (config>log>acct-policy>cr>queue>e-counters in-profile-octets-discarded-count)

Full Context

configure log accounting-policy custom-record ref-policer e-counters in-profile-octets-discarded-count

configure log accounting-policy custom-record policer e-counters in-profile-octets-discarded-count

configure log accounting-policy custom-record ref-queue e-counters in-profile-octets-discarded-count

configure log accounting-policy custom-record queue e-counters in-profile-octets-discarded-count

Description

This command includes the in-profile octets discarded count.

The no form of this command excludes the in-profile octets discarded count.

Default

no in-profile-octets-discarded-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>ref-policer>i-counters in-profile-octets-discarded-count)

[Tree] (config>log>acct-policy>cr>policer>i-counters in-profile-octets-discarded-count)

Full Context

configure log accounting-policy custom-record ref-policer i-counters in-profile-octets-discarded-count

configure log accounting-policy custom-record policer i-counters in-profile-octets-discarded-count

Description

This command includes the in-profile octets discarded count.

The no form of this command excludes the in-profile octets discarded count.

Default

no in-profile-octets-discarded-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>queue>e-counters in-profile-octets-forwarded-count)

[Tree] (config>log>acct-policy>cr>policer>e-counters in-profile-octets-forwarded-count)

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters in-profile-octets-forwarded-count)

[Tree] (config>log>acct-policy>cr>ref-queue>e-counters in-profile-octets-forwarded-count)

Full Context

configure log accounting-policy custom-record queue e-counters in-profile-octets-forwarded-count

configure log accounting-policy custom-record policer e-counters in-profile-octets-forwarded-count

configure log accounting-policy custom-record ref-policer e-counters in-profile-octets-forwarded-count

configure log accounting-policy custom-record ref-queue e-counters in-profile-octets-forwarded-count

Description

This command includes the in-profile octets forwarded count.

The no form of this command excludes the in-profile octets forwarded count.

Default

no in-profile-octets-forwarded-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>ref-queue>i-counters in-profile-octets-forwarded-count)

[Tree] (config>log>acct-policy>cr>policer>i-counters in-profile-octets-forwarded-count)

[Tree] (config>log>acct-policy>cr>queue>i-counters in-profile-octets-forwarded-count)

[Tree] (config>log>acct-policy>cr>ref-policer>i-counters in-profile-octets-forwarded-count)

Full Context

configure log accounting-policy custom-record ref-queue i-counters in-profile-octets-forwarded-count

configure log accounting-policy custom-record policer i-counters in-profile-octets-forwarded-count

configure log accounting-policy custom-record queue i-counters in-profile-octets-forwarded-count

configure log accounting-policy custom-record ref-policer i-counters in-profile-octets-forwarded-count

Description

This command includes the in profile octets forwarded count.

The no form of this command excludes the in profile octets forwarded count.

Default

no in-profile-octets-forwarded-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters in-profile-octets-offered-count)

[Tree] (config>log>acct-policy>cr>policer>e-counters in-profile-octets-offered-count)

Full Context

configure log accounting-policy custom-record ref-policer e-counters in-profile-octets-offered-count

configure log accounting-policy custom-record policer e-counters in-profile-octets-offered-count

Description

This command includes the in profile octets offered count.

The no form of this command excludes the in-profile octets offered count.

Default

no in-profile-octets-offered-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>policer>i-counters in-profile-octets-offered-count)

[Tree] (config>log>acct-policy>cr>ref-policer>i-counters in-profile-octets-offered-count)

Full Context

configure log accounting-policy custom-record policer i-counters in-profile-octets-offered-count

configure log accounting-policy custom-record ref-policer i-counters in-profile-octets-offered-count

Description

This command includes the in-profile octets offered count.

The no form of this command excludes the in-profile octets offered count.

Default

no in-profile-octets-offered-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters in-profile-packets-discarded-count)

[Tree] (config>log>acct-policy>cr>ref-queue>e-counters in-profile-packets-discarded-count)

[Tree] (config>log>acct-policy>cr>policer>e-counters in-profile-packets-discarded-count)

[Tree] (config>log>acct-policy>cr>queue>e-counters in-profile-packets-discarded-count)

Full Context

configure log accounting-policy custom-record ref-policer e-counters in-profile-packets-discarded-count

configure log accounting-policy custom-record ref-queue e-counters in-profile-packets-discarded-count

configure log accounting-policy custom-record policer e-counters in-profile-packets-discarded-count

configure log accounting-policy custom-record queue e-counters in-profile-packets-discarded-count

Description

This command includes the in-profile packets discarded count.

The no form of this command excludes the in-profile packets discarded count.

Default

no in-profile-packets-discarded-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>ref-policer>i-counters in-profile-packets-discarded-count)

[Tree] (config>log>acct-policy>cr>policer>i-counters in-profile-packets-discarded-count)

Full Context

configure log accounting-policy custom-record ref-policer i-counters in-profile-packets-discarded-count

configure log accounting-policy custom-record policer i-counters in-profile-packets-discarded-count

Description

This command includes the in-profile packets discarded count.

The no form of this command excludes the in-profile packets discarded count.

Default

no in-profile-packets-discarded-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters in-profile-packets-forwarded-count)

[Tree] (config>log>acct-policy>cr>queue>e-counters in-profile-packets-forwarded-count)

[Tree] (config>log>acct-policy>cr>policer>e-counters in-profile-packets-forwarded-count)

[Tree] (config>log>acct-policy>cr>ref-queue>e-counters in-profile-packets-forwarded-count)

Full Context

configure log accounting-policy custom-record ref-policer e-counters in-profile-packets-forwarded-count

configure log accounting-policy custom-record queue e-counters in-profile-packets-forwarded-count

configure log accounting-policy custom-record policer e-counters in-profile-packets-forwarded-count

configure log accounting-policy custom-record ref-queue e-counters in-profile-packets-forwarded-count

Description

This command includes the in-profile packets forwarded count.

The no form of this command excludes the in-profile packets forwarded count.

Default

no in-profile-packets-forwarded-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>policer>i-counters in-profile-packets-forwarded-count)

[Tree] (config>log>acct-policy>cr>queue>i-counters in-profile-packets-forwarded-count)

[Tree] (config>log>acct-policy>cr>ref-queue>i-counters in-profile-packets-forwarded-count)

[Tree] (config>log>acct-policy>cr>ref-policer>i-counters in-profile-packets-forwarded-count)

Full Context

configure log accounting-policy custom-record policer i-counters in-profile-packets-forwarded-count

configure log accounting-policy custom-record queue i-counters in-profile-packets-forwarded-count

configure log accounting-policy custom-record ref-queue i-counters in-profile-packets-forwarded-count

configure log accounting-policy custom-record ref-policer i-counters in-profile-packets-forwarded-count

Description

This command includes the in profile packets forwarded count.

The no form of this command excludes the in profile packets forwarded count.

Default

no in-profile-packets-forwarded-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters in-profile-packets-offered-count)

[Tree] (config>log>acct-policy>cr>policer>e-counters in-profile-packets-offered-count)

Full Context

configure log accounting-policy custom-record ref-policer e-counters in-profile-packets-offered-count

configure log accounting-policy custom-record policer e-counters in-profile-packets-offered-count

Description

This command includes the in profile packets offered count.

The no form of this command excludes the in profile packets offered count.

Default

no in-profile-packets-offered-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>policer>i-counters in-profile-packets-offered-count)

[Tree] (config>log>acct-policy>cr>ref-policer>i-counters in-profile-packets-offered-count)

Full Context

configure log accounting-policy custom-record policer i-counters in-profile-packets-offered-count

configure log accounting-policy custom-record ref-policer i-counters in-profile-packets-offered-count

Description

This command includes the in-profile packets offered count.

The no form of this command excludes the in-profile packets offered count.

Default

no in-profile-packets-offered-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>qos>sap-ingress>fc in-remark)

Full Context

configure qos sap-ingress fc in-remark

Description

This command is used in a SAP ingress QoS policy to define an explicit in-profile remark action for a forwarding class or subclass. While the SAP ingress QoS policy may be applied to any SAP, the remarking functions are only enforced when the SAP is associated with an IP or subscriber interface (in an IES or VPRN). When the policy is applied to a Layer 2 SAP (i.e., Epipe or VPLS), the remarking definitions are silently ignored.

In the case where the policy is applied to a Layer 3 SAP, the in-profile remarking definition will be applied to packets that have been classified to the forwarding class or subclass. It is possible for a packet to match a classification command that maps the packet to a particular forwarding class or subclass, only to have a more explicit (higher priority match) override the association. Only the highest priority match forwarding class or subclass association will drive the in-profile marking.

The in-remark command is only applicable to ingress IP routed packets that are considered in-profile. The profile of a SAP ingress packet is affected by either the explicit in-profile/out-of-profile definitions or the ingress policing function applied to the packet. Effect of In-Remark Command on Received SAP Ingress Packets shows the effect of the in-remark command on received SAP ingress packets. Within the in-profile IP packet’s ToS field, either the six DSCP bits or the three precedence bits are remarked.

The no form of this command disables ingress remarking of in-profile packets classified to the forwarding class or subclass.

Parameters

dscp dscp-name

Specifies that the matching packet’s DSCP bits should be overridden with the value represented by dscp-name.

The dscp-name parameter is a 6-bit value. It must be one of the predefined DSCP names defined on the system.

Values

be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, c p35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63

prec ip-prec-value

Specifies that the matching packet’s precedence bits should be overridden with the value represented by ip-prec-value.

Values

0 to 7

Platforms

7705 SAR Gen 2

Context

[Tree] (config>test-oam>twamp>server inactivity-timeout)

Full Context

configure test-oam twamp server inactivity-timeout

Description

This command configures the inactivity time out for all TWAMP-control connections. If no TWAMP control message is exchanged over the TCP connection for this duration of time the connection is closed and all in-progress tests are terminated.

The no form of this command returns the value to the default.

Default

inactivity-timeout 900

Parameters

seconds

Specifies the duration of the inactivity time out.

Values

60 to 3600

Default

900

Platforms

7705 SAR Gen 2

Context

[Tree] (config>test-oam>twamp>twamp-light inactivity-timeout)

Full Context

configure test-oam twamp twamp-light inactivity-timeout

Description

This command configures the length of time to maintain stale state on the session reflector. Stale state is test data that has not been refreshed or updated by newly arriving probes for that specific test in a predetermined length of time. Any single reflector can maintain up state for a maximum of 12000 tests. If the maximum value is exceeded, the session reflector lacks memory to allocate to new tests.

The no form of this command returns the value to the default.

Default

inactivity-timeout 100

Parameters

seconds

Specifies the value in seconds for maintaining stale state.

Values

10 to 100

Default

100

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>vprn-aaa-server inband)

Full Context

configure system security vprn-aaa-server inband

Description

This command configures TACACS+ or RADIUS servers in a VPRN to be used for AAA by that VPRN and by sessions in the Base routing instance.

The no form of this command disables the use of servers for in-band management.

Default

no inband

Parameters

service-id

Specifies the VPRN server for AAA to use for in-band sessions.

Values

service-id: 1 to 2147483648

svc-name: 64 characters maximum

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>login-control>ftp inbound-max-sessions)

Full Context

configure system login-control ftp inbound-max-sessions

Description

This command configures the maximum number of concurrent inbound FTP sessions.

This value is the combined total of inbound and outbound sessions.

The no form of this command reverts to the default value.

Default

inbound-max-sessions 3

Parameters

value

Specifies the maximum number of concurrent FTP sessions on the node.

Values

0 to 5

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>login-control>telnet inbound-max-sessions)

[Tree] (config>system>login-control>ssh inbound-max-sessions)

Full Context

configure system login-control telnet inbound-max-sessions

configure system login-control ssh inbound-max-sessions

Description

This parameter limits the number of inbound Telnet and SSH sessions. A maximum of 30 telnet and ssh connections can be established to the router. The local serial port cannot be disabled.

Telnet and SSH maximum sessions can also use the combined total of both inbound sessions (SSH+Telnet). While it is acceptable to continue to internally limit the combined total of SSH and Telnet sessions to N, either SSH or Telnet sessions can use the inbound maximum sessions, if so required by the Operator.

The no form of this command reverts to the default value.

Default

inbound-max-sessions 5

Parameters

number-of-sessions

The maximum number of concurrent inbound Telnet sessions, expressed as an integer.

Values

0 to 50 (default = 5) or 0 to N where N is the new total number of SSH+Telnet sessions if they are scaled

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>bgp-evpn incl-mcast-l2-attributes-advertisement)

Full Context

configure service vpls bgp-evpn incl-mcast-l2-attributes-advertisement

Description

This command triggers the advertisement of the Layer 2 attributes extended community including:

• the service MTU in the Layer 2 MTU field

• the F bit, which is set to 1 if the hash-label command is set to true (in the configure service vpls bgp-evpn mpls context); otherwise, the F bit is set to 0

• the C bit, which is set to 1 if the control-word command is set to true (in the configure service vpls bgp-evpn mpls context); otherwise, the C bit is set to 0

The router compares the received Layer 2 MTU from a peer with the local service MTU. If there is a mismatch, the operation state of the EVPN destination is set to down, except if the configure service vpls bgp-evpn ignore-mtu-mismatch command is enabled.

A mismatch between the received C bit and the local control-word setting (in the configure service vpls bgp-evpn mpls context) results in the operational state of the EVPN destination being set to down.

A mismatch between the received F bit and the local F bit (via the hash label configuration) results in the operational state of the EVPN destination being set to down.

The no form of this command prevents the router from advertising the Layer 2 attributes extended community along with the IMET route for the service.

Default

no incl-mcast-l2-attributes-advertisement

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>bgp-evpn incl-mcast-orig-ip)

Full Context

configure service vpls bgp-evpn incl-mcast-orig-ip

Description

The IP address configured by the user in the incl-mcast-orig-ip command is encoded in the originating-ip field of EVPN Inclusive Multicast Routes with tunnel type Ingress Replication (value 6), mLDP (2), and Composite IR and mLDP (130).

The configured address does not need to be reachable in the base router or have an interface in the base router. The originating-ip address is used solely for BGP route-key selection.

The originating-ip is never changed for Inclusive Multicast Routes with tunnel type AR (Assisted Replication, value 10).

The no version of the command withdraws the affected Inclusive Multicast Routes and re-advertises it with the default system-ip address in the originating-ip field.

Default

incl-mcast-orig-ip 1

Parameters

ip-address

Specifies the IPv4 address value.

Values

a.b.c.d

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls>lsp>secondary include)

[Tree] (config>router>mpls>lsp include)

[Tree] (config>router>mpls>lsp>primary include)

[Tree] (config>router>mpls>lsp-template include)

Full Context

configure router mpls lsp secondary include

configure router mpls lsp include

configure router mpls lsp primary include

configure router mpls lsp-template include

Description

This command specifies the admin groups to be included when an LSP is set up. Up to five groups per operation can be specified, up to 32 maximum. The include statement instructs the CSPF algorithm to pick TE links among the links which belong to one or more of the specified admin groups. A link that does not belong to at least one of the specified admin groups is excluded and thus pruned from the TE database before the CSPF computation. However, a link can still be selected if it belongs to one of the groups in a include statement but also belongs to other groups which are not part of any include statement in the LSP or primary/secondary path configuration. In other words, the include statements implements the "include-any” behavior.

The no form of this command deletes the specified groups in the specified context.

Default

no include

Parameters

group-name

Specifies admin groups to be included when an LSP is set up.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>admin-tags>route-admin-tag-policy include)

Full Context

configure router admin-tags route-admin-tag-policy include

Description

This configures an admin tag to be included when matching a route against an LSP.

Up to eight inclusion statements are supported per policy.

The no form of this command removes the admin tag from the include statement.

Parameters

tag

Specifies the value of the admin tag, up to 32 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>fad>flex-algo include-all)

Full Context

configure router flexible-algorithm-definitions flex-algo include-all

Description

Commands in this context configure administrative groups to include in the flexible algorithm topology graph. Administrative groups are attributes associated with a link and are generally referred to as link colors.

Flexible algorithms provide the possibility to restrict inclusion into the topology graph to links that have a pre-defined combination of associated administrative groups. The include-all command requires that all configured administrative groups must be present in a link before the link can be included in the topology graph.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>fad>flex-algo include-any)

Full Context

configure router flexible-algorithm-definitions flex-algo include-any

Description

Commands in this context configure administrative groups to include in the flexible algorithm topology graph. Administrative groups are attributes associated with a link and are generally referred to as link colors.

Flexible algorithms provide the possibility to restrict inclusion into the topology graph to links that have a pre-defined combination of associated administrative groups. The include-any command requires that one of the configured administrative groups must be present on a link before the link can be included in the topology graph.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>router-advert>if>dns-options include-dns)

Full Context

configure service vprn router-advertisement interface dns-options include-dns

Description

This command enables the Recursive DNS Server (RDNSS) Option in router advertisements. This must be enabled for each interface on which the RDNSS option is required in router advertisement messages.

The no form of this command disables the RDNSS option in router advertisements.

Default

include-dns

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>router-advert>if>dns-opt include-dns)

Full Context

configure router router-advertisement interface dns-options include-dns

Description

This command enables the Recursive DNS Server (RDNSS) Option in router advertisements. This must be enabled for each interface on which the RDNSS option is required in router advertisement messages.

The no form of this command disables the RDNSS option in router advertisements.

Default

include-dns

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>route-next-hop-policy>template include-group)

Full Context

configure router route-next-hop-policy template include-group

Description

This command configures the admin group constraint into the route next-hop policy template.

Each group is entered individually. The include-group statement instructs the LFA SPF selection algorithm to pick up a subset of LFA next-hops among the links which belong to one or more of the specified admin groups. A link which does not belong to at least one of the admin-groups is excluded. However, a link can still be selected if it belongs to one of the groups in a include-group statement but also belongs to other groups which are not part of any include-group statement in the route next-hop policy.

The pref option is used to provide a relative preference for the admin group to select. A lower preference value means that LFA SPF will first attempt to select a LFA backup next-hop which is a member of the corresponding admin group. If none is found, then the admin group with the next higher preference value is evaluated. If no preference is configured for a given admin group name, then it is supposed to be the least preferred, that is, numerically the highest preference value.

When evaluating multiple include-group statements within the same preference, any link which belongs to one or more of the included admin groups can be selected as an LFA next-hop. There is no relative preference based on how many of those included admin groups the link is a member of.

The exclude-group statement simply prunes all links belonging to the specified admin group before making the LFA backup next-hop selection for a prefix.

If the same group name is part of both include and exclude statements, the exclude statement will win. It other words, the exclude statement can be viewed as having an implicit preference value of 0.

The admin-group criteria are applied before running the LFA next-hop selection algorithm.

The no form deletes the admin group constraint from the route next-hop policy template.

Parameters

ip-admin-group-name

Specifies the name of the group, up to 32 characters.

preference

An integer specifying the relative preference of a group.

Values

1 to 255

Default

255

Platforms

7705 SAR Gen 2

Context

[Tree] (config>ipsec>rad-auth-plcy include-radius-attribute)

[Tree] (config>ipsec>rad-acct-plcy include-radius-attribute)

Full Context

configure ipsec radius-authentication-policy include-radius-attribute

configure ipsec radius-accounting-policy include-radius-attribute

Description

Commands in this context specify the RADIUS attributes that the system should include into RADIUS Access-Request (for authentication) and Accounting-Request (for accounting) messages.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>accounting-policy include-system-info)

Full Context

configure log accounting-policy include-system-info

Description

This command allows the operator to optionally include router information at the top of each accounting file generated for a given accounting policy.

The no form of this command configures the router to not include optional router information at the top of the file.

Default

no include-system-info

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ospf>timers incremental-spf-wait)

[Tree] (config>router>ospf3>timers incremental-spf-wait)

Full Context

configure router ospf timers incremental-spf-wait

configure router ospf3 timers incremental-spf-wait

Description

This command sets the delay before an incremental SPF calculation is performed when LSA types 3, 4, 5, or 7 are received. This allows multiple updates to be processed in the same SPF calculation. Type 1 or type 2 LSAs are considered a topology change and will always trigger a full SPF calculation.

The no form of this command resets the timer value back to the default value.

Default

incremental-spf-wait 1000

Parameters

incremental-spf-wait

Specifies the OSPF incremental SPF calculation delay, in milliseconds.

Values

0 to 1000

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>static-route-entry indirect)

Full Context

configure service vprn static-route-entry indirect

Description

This command specifies that the route is indirect and specifies the next hop IP address used to reach the destination.

The configured ip-address is not directly connected to a network configured on this node. The destination can be reached via multiple paths. The indirect address can only be resolved from dynamic routing protocol. Another static route cannot be used to resolve the indirect address.

The ip-address configured here can be either on the network side or the access side and is typically at least one hop away from this node.

Default

no indirect

Parameters

ip-address

The IP address of the IP interface.

Values

ipv4-address	a.b.c.d
ipv6-address	x:x:x:x:x:x:x:x-[interface]

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>static-route-entry indirect)

Full Context

configure router static-route-entry indirect

Description

This command specifies that the route is indirect and specifies the next hop IP address used to reach the destination.

The configured ip-address is not directly connected to a network configured on this node. The destination can be reached via multiple paths. The indirect address can only be resolved from dynamic routing protocol. Another static route cannot be used to resolve the indirect address.

The ip-address configured here can be either on the network side or the access side and is typically at least one hop away from this node.

Default

no indirect

Parameters

ip-address

Specifies the IP address of the IP interface.

Values

ipv4-address	a.b.c.d
ipv6-address	x:x:x:x:x:x:x:x-[interface]

Platforms

7705 SAR Gen 2

Context

[Tree] (info)

Full Context

info

Description

This command displays the running configuration for the configuration context where it is entered and all branches below that context level. It can be used in any branch under configure, but not with configure itself.

By default, the command only enters the configuration parameters that vary from the default values.

The detail keyword causes all configuration parameters to be displayed. The include-dynamic objective keyword includes configuration parameters from dynamic sources such as dynamic data services Python scripts. These dynamic configuration parameters are not saved in the configuration file.

The operational keyword is available in edit-cfg mode only, in which case the keyword is mandatory when using the info command.

Example:

A:ALA-48>config>router>if-attr# info
------------------------------------
            admin-group "green" value 15
            admin-group "red" value 25
            admin-group "yellow" value 20
A:ALA-48>config>router>mpls# info
------------------------------------
            interface "system"
            exit
            interface "to-104"
                admin-group "green"
                admin-group "red"
                admin-group "yellow"
                label-map 35
                    swap 36 nexthop 10.10.10.91
                    no shutdown
                exit
            exit
            path "secondary-path"
                hop 1 10.10.0.111  strict
                hop 2 10.10.0.222  strict
                hop 3 10.10.0.123  strict
                no shutdown
            exit
            path "to-NYC"
                hop 1 10.10.10.104  strict
                hop 2 10.10.0.210  strict
                no shutdown
            exit
            path "to-104"
                no shutdown
            exit
            lsp "to-104"
                to 10.10.10.104
                from 10.10.10.103
                rsvp-resv-style ff
                cspf
...
----------------------------------------------
A:ALA-48>config>router>mpls#
A:ALA-48>config>router>mpls# info detail
----------------------------------------------
            frr-object
            no resignal-timer
            interface "system"
                no admin-group
                no shutdown
            exit
            interface "to-104"
                admin-group "green"
                admin-group "red"
                admin-group "yellow"
                label-map 35
                    swap 36 nexthop 10.10.10.91
                    no shutdown
                exit
                no shutdown
            exit
            path "secondary-path"
                hop 1 10.10.0.111  strict
                hop 2 10.10.0.222  strict
                hop 3 10.10.0.123  strict
                no shutdown
            exit
            path "to-NYC"
                hop 1 10.10.10.104  strict
                hop 2 10.10.0.210  strict
                no shutdown
            exit
            path "to-104"
                no shutdown
            exit
            lsp "to-104"
                to 10.10.10.104
                from 10.10.10.103
                rsvp-resv-style ff
                adaptive
                cspf
                include "red"
                exclude "green"
                adspec
                fast-reroute one-to-one
                    no bandwidth
                    no hop-limit
                    node-protect
                exit
                hop-limit 10
                retry-limit 0
                retry-timer 30
                secondary "secondary-path"
                    no standby
                    no hop-limit
                    adaptive
                    no include
                    no exclude
                    record
                    record-label
                    bandwidth 50000
                    no shutdown
                exit
                primary "to-NYC"
                    hop-limit 50
                    adaptive
                    no include
                    no exclude
                    record
                    record-label
                    no bandwidth
                    no shutdown
                exit
                no shutdown
            exit
...
----------------------------------------------
A:ALA-48>config>router>mpls#

Parameters

detail

Displays all configuration parameters including parameters at their default values.

objective

Provides an output objective that controls the configuration parameters to be displayed.

Values

include-dynamic: includes configuration parameters from dynamic sources such as dynamic data services Python scripts.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>management-interface>cli>md-cli>environment info-output)

Full Context

configure system management-interface cli md-cli environment info-output

Description

Commands in this context configure the elements that are displayed in the MD-CLI session.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>card>fp ingress)

Full Context

configure card fp ingress

Description

This command enables access to the ingress fp CLI context.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>sap ingress)

[Tree] (config>service>ies>if>spoke-sdp ingress)

[Tree] (config>service>vpls>mesh-sdp ingress)

[Tree] (config>service>ies>if>sap ingress)

[Tree] (config>service>vpls>spoke-sdp ingress)

Full Context

configure service vpls sap ingress

configure service ies interface spoke-sdp ingress

configure service vpls mesh-sdp ingress

configure service ies interface sap ingress

configure service vpls spoke-sdp ingress

Description

Commands in this context configure ingress Quality of Service (QoS) policies and filter policies.

If no QoS policy is defined, the system default sap-ingress QoS policy is used for ingress processing. If no ingress filter is defined, no filtering is performed.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>port>access ingress)

[Tree] (config>card>mda>access ingress)

Full Context

configure port access ingress

configure card mda access ingress

Description

Commands in this context configure ingress buffer pool parameters which define the percentage of the pool buffers that are used for CBS calculations and specify the slope policy that is configured in the config>qos>slope-policy context.

On the MDA level, access ingress pools are only allocated on channelized MDAs.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>port>ethernet>access ingress)

Full Context

configure port ethernet access ingress

Description

This command configures Ethernet access ingress port parameters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe>sap ingress)

Full Context

configure service epipe sap ingress

Description

Commands in this context configure ingress SAP Quality of Service (QoS) policies.

If no sap-ingress QoS policy is defined, the system default sap-ingress QoS policy is used for ingress processing.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe>spoke-sdp ingress)

Full Context

configure service epipe spoke-sdp ingress

Description

This command configures the ingress SDP context.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if>vpls ingress)

Full Context

configure service ies interface vpls ingress

Description

The ingress node in this context under the vpls binding is used to define the routed IPv4 and IPv6 optional filter overrides.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if ingress)

Full Context

configure service ies interface ingress

Description

This command enters context to configure ingress parameters for network interfaces.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>network ingress)

Full Context

configure service vprn network ingress

Description

Commands in this context configure network ingress parameters for the VPRN service.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>if ingress)

Full Context

configure service vprn interface ingress

Description

This command enters context to configure ingress parameters for network interfaces.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>if>sap ingress)

Full Context

configure service vprn interface sap ingress

Description

Commands in this context configure ingress SAP Quality of Service (QoS) policies and filter policies.

If no sap-ingress QoS policy is defined, the system default sap-ingress QoS policy is used for ingress processing. If no ingress filter is defined, no filtering is performed.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>if>vpls ingress)

Full Context

configure service vprn interface vpls ingress

Description

The ingress node in this context under the vpls binding is used to define the routed IPv4 and IPv6 optional filter overrides.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>card>mda>network ingress)

Full Context

configure card mda network ingress

Description

Commands in this context configure MDA-level IOM Quality of Service (QoS).

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>ipmirrorif>spoke-sdp ingress)

[Tree] (config>mirror>mirror-dest>remote-src>spoke-sdp ingress)

Full Context

configure service vprn ip-mirror-interface spoke-sdp ingress

configure mirror mirror-dest remote-source spoke-sdp ingress

Description

Commands in this context configure spoke SDP ingress parameters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>qos>network ingress)

Full Context

configure qos network ingress

Description

This command is used to enter the CLI node that creates or edits policy entries that specify the DiffServ code points-to-forwarding class mapping for all IP packets and define the MPLS EXP bits-to-forwarding class mapping for all labeled packets.

When premarked IP or MPLS packets ingress on a network port, they get a Per Hop Behavior (that is, the QoS treatment through the router, based on the mapping defined under the current node).

Platforms

7705 SAR Gen 2

Context

[Tree] (config>qos>queue-group-templates ingress)

Full Context

configure qos queue-group-templates ingress

Description

Commands in this context create ingress queue group templates. Ingress queue group templates can be applied to ingress ports to create an ingress queue group of the same name.

An ingress template must be created for a group-name prior to creating a queue group with the same name on an ingress port.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>if ingress)

Full Context

configure router interface ingress

Description

This command enables access to the context to configure ingress network filter policies for the IP interface. If an ingress filter is not defined, no filtering is performed.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>cust>multi-service-site ingress)

Full Context

configure service customer multi-service-site ingress

Description

Commands in this context configure the ingress node associate an existing scheduler policy name with the customer site. The ingress node is an entity to associate commands that complement the association.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>pw-template ingress)

Full Context

configure service pw-template ingress

Description

Commands in this context configure spoke SDP binding ingress filter parameters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>port>ethernet ingress-rate)

Full Context

configure port ethernet ingress-rate

Description

This command configures the maximum amount of ingress bandwidth that this port can receive with the configured sub-rate using packet-based accounting.

The no form of this command returns the value to the default.

Default

no ingress-rate

Parameters

sub-rate

Specifies the ingress rate, in Mb/s.

Values

1 to 400000

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>bgp-evpn ingress-repl-inc-mcast-advertisement)

Full Context

configure service vpls bgp-evpn ingress-repl-inc-mcast-advertisement

Description

This command enables and disables the advertisement of the Inclusive Multicast Ethernet Tag route (IMET route) with tunnel-type Ingress-Replication in the PMSI Tunnel Attribute, or with the tunnel-type Composite Point-to-Multipoint and Ingress-Replication (P2MP+IR) in the root-and-leaf nodes. The following must be considered:

• When no ingress-repl-inc-mcast-advertisement is configured, no IMET routes will be sent for the service unless the provider-tunnel is configured with owner bgp-evpn-mpls and root-and-leaf, in which case, an IMET-P2MP route is sent.

• When ingress-repl-inc-mcast-advertisement and provider-tunnel are configured for bgp-evpn-mpls with root-and-leaf, the system will send an IMET-P2MP-IR route, that is, an IMET route with a composite P2MP+IR tunnel type.

• When no ingress-repl-inc-mcast-advertisement and assisted-replication replicator are configured, the system will send IMET-AR routes, but IMET-IR routes will not be sent.

Default

ingress-repl-inc-mcast-advertisement

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>bgp-evpn>mpls ingress-replication-bum-label)

Full Context

configure service vpls bgp-evpn mpls ingress-replication-bum-label

Description

This command allows the user to configure the system so that a separate label is sent for BUM (Broadcast, Unknown unicast and Multicast) traffic in a specified service. By default ( no ingress-replication-bum-label), the same label is used for unicast and flooded BUM packets when for-warding traffic to remote PEs.

When saving labels, this might cause transient traffic duplication for all-active multi-homing. By enabling ingress-replication-bum-label, the system will advertise two labels per EVPN VPLS instance, one for unicast and one for BUM traffic. The ingress PE will use the BUM label for flooded traffic to the advertising egress PE, so that the egress PE can determine if the unicast traffic has been flooded by the ingress PE. Depending on the scale required in the network, the user may choose between saving label space or avoiding transient packet duplication sent to an all-active multi-homed CE for certain macs.

Default

no ingress-replication-bum-label

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls>fwd-policies>fwd-policy ingress-statistics)

Full Context

configure router mpls forwarding-policies forwarding-policy ingress-statistics

Description

This command configures ingress statistics in an MPLS forwarding policy.

The ingress statistics are associated with a binding label, that is the ILM of the forwarding policy, and provides aggregate packet and byte counters for packets matching the binding label.

The no form of this command removes the statistics from the MPLS forwarding policy.

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>ldp>peer>packet init)

Full Context

debug router ldp peer packet init

Description

This command enables debugging for LDP Init packets.

The no form of the command disables the debugging output.

Parameters

detail

Displays detailed information.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if>ipv6>vrrp init-delay)

Full Context

configure service ies interface ipv6 vrrp init-delay

Description

This command configures a VRRP initialization delay timer.

Default

no init-delay

Parameters

seconds

Specifies the initialization delay timer for VRRP, in seconds.

Values

1 to 65535

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if>vrrp init-delay)

Full Context

configure service ies interface vrrp init-delay

Description

This command configures a VRRP initialization delay timer.

Default

no init-delay

Parameters

seconds

Specifies the initialization delay timer for VRRP, in seconds.

Values

1 to 65535

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>if>vrrp init-delay)

[Tree] (config>service>vprn>if>ipv6>vrrp init-delay)

Full Context

configure service vprn interface vrrp init-delay

configure service vprn interface ipv6 vrrp init-delay

Description

This command configures a VRRP initialization delay timer.

Default

no init-delay

Parameters

seconds

Specifies the initialization delay timer for VRRP, in seconds.

Values

1 to 65535

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>if>vrrp init-delay)

[Tree] (config>router>if>ipv6>vrrp init-delay)

Full Context

configure router interface vrrp init-delay

configure router interface ipv6 vrrp init-delay

Description

This command configures a VRRP initialization delay timer.

Default

no init-delay

Parameters

seconds

Specifies the initialization delay timer for VRRP, in seconds.

Values

1 to 65535

Platforms

7705 SAR Gen 2

Context

[Tree] (config>card>fp init-extract-prio-mode)

Full Context

configure card fp init-extract-prio-mode

Description

This command determines the scheme used to select the initial drop priority of extracted control plane traffic. The initial drop priority of extracted packets can be either low or high priority. The drop priority of the extracted packets can be subsequently altered by mechanisms such as CPU protection. High-priority traffic receives preferential treatment in control plane congestion situations over low-priority traffic.

Default

init-extract-prio-mode uniform

Parameters

uniform

Initializes the drop priority of all extracted control traffic as high priority. Drop priority can then be altered (marked low priority) by distributed CPU protection (DCP) or centralized CPU protection rate-limiting functions in order to achieve protocol and interface isolation.

l3-classify

Initializes the drop priority of Layer 3 extracted control traffic (BGP and OSPF) based on the QoS classification of the packets. This is useful in networks where the DSCP and EXP markings can be trusted as the primary method to distinguish, protect, and isolate good terminating protocol traffic from unknown or potentially harmful protocol traffic instead of using the rate-based DCP and centralized CPU protection traffic marking/coloring mechanisms (for example, out-profile-rate and exceed-action low-priority).

For network interfaces, the QoS classification profile result selects the drop priority (in = high priority, out = low priority) for extracted control traffic, and the default QoS classification maps different DSCP and EXP values to different in/out profile states.

For access interfaces, the QoS classification priority result typically selects the drop priority for extracted control traffic. The default access QoS classification ( default-priority) maps all traffic to low. If the queues in the access QoS policy are configured as profile-mode queues (rather than the default priority-mode) extracted traffic will use the QoS classification profile value configured against the associated FC (rather than the priority result) to select the drop priority.

Layer 2 extracted control traffic (ARP or ETH-CFM) and protocols that cannot always be QoS-classified, such as IS-IS, are initialized as low drop priority in order to protect Layer 2 protocol traffic on uniform interfaces (which would typically be subject to centralized CPU protection). Alternately, DCP can be used (by configuring a non-zero rate with exceed-action of low-priority for the all-unspecified protocol) to mark some of this traffic as high priority.

Platforms

7705 SAR Gen 2

Context

[Tree] (admin>certificate>cmpv2 initial-registration)

Full Context

admin certificate cmpv2 initial-registration

Description

This command request initial certificate from CA by using CMPv2 initial registration procedure.

The ca parameter specifies a CA-profile which includes CMP server information.

The key-to-certify is an imported key file to be certified by the CA.

The protection-key is an imported key file used to for message protection if protection-alg is signature.

The request is authenticated either of following methods:

• A password and a reference number that pre-distributed by CA via out-of-band means.

• The specified password and reference number are not necessarily in the cmp-keylist configured in the corresponding CA-Profile

• A signature signed by the protection-key or key-to-certify, optionally along with the corresponding certificate. If the protection-key is not specified, system will use the key-to-certify for message protection. The hash algorithm used for signature is depends on key type:

• DSA key: SHA1

• RSA key: MD5/SHA1/SHA224 | SHA256 | SHA384 | SHA512, by default is SHA1

Optionally, the system could also send a certificate or a chain of certificates in extraCerts field. Certificate is specified by the "cert” parameter, it must include the public key of the key used for message protection.

Sending a chain is enabled by specify the send-chain parameter.

subject-dn specifies the subject of the requesting certificate.

save-as specifies full path name of saving the result certificate.

In some cases, CA may not return certificate immediately, due to reason like request processing need manual intervention. In such cases, the admin certificate cmpv2 poll command could be used to poll the status of the request. If key-list is not configured in the corresponding ca-profile, then the system will use the existing password to authenticate the CMPv2 packets from server if it is in password protection.

If key-list is configured in the corresponding ca-profile and server does not send SenderKID, then the system will use lexicographical first key in the key-list to authenticate the CMPv2 packets from server in case it is in password protection.

Parameters

ca-profile-name

Specifies a ca-profile name which includes CMP server information up to 32 characters.

key-filename

Specifies the file name of the key to certify up to 95 characters.

password

Specifies an ASCII string up to 64 characters.

ref-number

Specifies the reference number for this CA initial authentication key up to 64 characters.

cert-file-name

specifies the certificate file up to 95 characters.

ca-profile-name

Specifies to send the chain.

key-file-name

Specifies the protection key associated with the action on the CA profile.

hash-algorithm

Specifies the hash algorithm for RSA key.

Values

md5,sha1,sha224,sha256,sha384,sha512

dn

Specifies the subject of the requesting certificate up to 256 characters.

Values

attr1 equals val1

attr2 equals val2 where: attrN equals {C | ST | O | OU | CN}

save-path-of-result-cert

Specifies the save full path name of saving the result certificate up to 200 characters.

domain-name domain-names

Specifies FQDNs for SubjectAltName of the requesting certificate, separated by commas, up to 512 characters.

ip-address | ipv6-address

Specifies an IPv4 or IPv6 address for SubjectAtName of the requesting certificate.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>bgp>group initial-send-delay-zero)

[Tree] (config>service>vprn>bgp>group>neighbor initial-send-delay-zero)

[Tree] (config>service>vprn>bgp initial-send-delay-zero)

Full Context

configure service vprn bgp group initial-send-delay-zero

configure service vprn bgp group neighbor initial-send-delay-zero

configure service vprn bgp initial-send-delay-zero

Description

This command configures BGP to send UPDATE messages announcing reachability information to a peer or set of peers immediately after the sessions come up (become established) with these peers.

The default behavior, provided by the no form of this command, is to wait for min-route-advertisement time after each session is established before sending the first set of UPDATE messages.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp initial-send-delay-zero)

[Tree] (config>router>bgp>group initial-send-delay-zero)

[Tree] (config>router>bgp>group>neighbor initial-send-delay-zero)

Full Context

configure router bgp initial-send-delay-zero

configure router bgp group initial-send-delay-zero

configure router bgp group neighbor initial-send-delay-zero

Description

This command configures BGP to send UPDATE messages announcing reachability information to a peer or set of peers immediately after the sessions become established with these peers.

The no form of this command waits for min-route-advertisement time after each session is established before sending the first set of UPDATE messages.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>qos>sap-ingress>mac-criteria>entry>match inner-tag)

Full Context

configure qos sap-ingress mac-criteria entry match inner-tag

Description

This command configures the matching of the second tag that is carried transparently through the service. The inner tag on ingress is the second tag on the frame if there are no service delimiting tags. The inner tag is the second tag before any service delimiting tags on egress but is dependent in the ingress configuration and may be set to 0 even in cases where additional tags are on the frame. This allows matching VLAN tags for explicit filtering or QoS setting when using default or null encapsulations.

The inner tag is not applicable in ingress on dot1Q SAPs. The inner tag may be populated on egress depending on the ingress SAP type.

On QinQ SAPs of null and default that do not strip tags, the inner-tag will contain the second tag (which is still the second tag carried transparently through the service.) On ingress SAPs that strip any tags, the inner tag will contain 0 even if there are more than two tags on the frame.

The optional vid_mask is defaulted to 4095 (exact match) but may be specified to allow pattern matching. The masking operation is ((value and vid-mask) = = (tag and vid-mask)). A value of 6 and a mask of 7 would match all VIDs with the lower 3 bits set to 6.

For QoS, the VID type cannot be specified on the default QoS policy.

The default vid-mask is set to 4095 for exact match.

Platforms

7705 SAR Gen 2

Context

[Tree] (candidate insert)

Full Context

candidate insert

Description

This command inserts the contents of the temporary buffer (populated by a previous copy or delete command) into the candidate configuration. The contents are inserted by default after the current edit point. Optional parameters allow the insertion after some other point of the candidate. The contents of the temporary buffer are deleted when the operator exits candidate edit mode.

Insertions are context-aware. The temporary buffer always stores the CLI context (such as the current CLI branch) for each line deleted or copied. If the lines to be inserted are supported at the context of the insertion point then the lines are simply inserted into the configuration. If the lines to be inserted are not supported at the context of the insertion point, then the context at the insertion point is first closed using multiple exit statements, the context of the lines to be inserted is built (added) into the candidate at the insertion point, then the lines themselves are added, the context of the inserted lines is closed using exit statements and finally the context from the original insertion point is built again leaving the context at the same point as it was before the insertion.

Parameters

line

Indicates where to insert the line starting at the point indicated by the following options.

Values

line, offset, first, edit-point, last
	line	absolute line number
	offset	relative line number to current edit point. Prefixed with '+' or '-'
	first	keyword - first line
	edit-point	keyword - current edit point
	last	keyword - last line that is not 'exit'

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>nat inside)

[Tree] (config>router>nat inside)

Full Context

configure service vprn nat inside

configure router nat inside

Description

Commands in this context the inside NAT instance.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>policy-options>policy-statement>default-action install-backup-path)

[Tree] (config>router>policy-options>policy-statement>entry>action install-backup-path)

Full Context

configure router policy-options policy-statement default-action install-backup-path

configure router policy-options policy-statement entry action install-backup-path

Description

When the best BGP route for an IPv4 or IPv6 prefix is matched by a policy entry or policy default action with this command, BGP attempts to find and install a preprogrammed backup path for the prefix in order to provide BGP fast reroute protection.

The install-backup-path command overrides and has no dependency on commands such as the BGP instance backup-path command or the VPRN-level enable-bgp-vpn-backup command, which enable BGP fast reroute for an entire address family. The install-backup-path command provides more precise control over which IP prefixes are supported with preprogrammed backup paths.

In VPRN, if the best path for an IP prefix is provided by a VPRN BGP route, the backup path can be provided by another VPRN BGP route or an imported VPN-IP route. If the best path for an IP prefix is provided by an imported VPN-IP route, the backup path can be provided by another VPN-IP route.

The install-backup-path command is supported only in BGP and VRF import policies and has no effect on other types. The install-backup-path command applies only to the following types of matched routes: IPv4, IPv6, label-IPv4, label-IPv6, VPN-IPv4, and VPN-IPv6.

The no form of this command disables the install-backup-path functionality.

Default

no install-backup-path

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>pim>if instant-prune-echo)

Full Context

configure service vprn pim interface instant-prune-echo

Description

This command enables PIM to send an instant prune echo when the router starts the prune pending timer for a group on the interface. All downstream routers will see the prune message immediately, and can send a join override if they are interested in receiving the group. Configuring instant-prune-echo is recommended on broadcast interfaces with more than one PIM neighbor to optimize multicast convergence.

The no form of this command disables instant Prune Echo on the PIM interface.

Default

no instant-prune-echo

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>pim>interface instant-prune-echo)

Full Context

configure router pim interface instant-prune-echo

Description

This command enables PIM to send an instant prune echo when the router starts the prune pending timer for a group on the interface. All downstream routers will see the prune message immediately, and can send a join override if they are interested in receiving the group. Configuring instant-prune-echo is recommended on broadcast interfaces with more than one PIM neighbor to optimize multicast convergence.

The no form of this command disables instant Prune Echo on the PIM interface.

Default

no instant-prune-echo

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>radius interactive-authentication)

[Tree] (config>service>vprn>aaa>rmt-srv>radius interactive-authentication)

Full Context

configure system security radius interactive-authentication

configure service vprn aaa remote-servers radius interactive-authentication

Description

This command enables RADIUS interactive authentication for the system. Enabling interactive-authentication forces RADIUS to fall into challenge/response mode.

Default

no interactive-authentication

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>tacplus interactive-authentication)

[Tree] (config>service>vprn>aaa>rmt-srv>tacplus interactive-authentication)

Full Context

configure system security tacplus interactive-authentication

configure service vprn aaa remote-servers tacplus interactive-authentication

Description

This configuration instructs the SR OS to send no username nor password in the TACACS+ start message, and to display the server_msg in the GETUSER and GETPASS response from the TACACS+ server. Interactive authentication can be used to support a One Time Password scheme (such as an S/Key). An example flow (such as with a telnet connection) is as follows:

• The SR OS sends an authentication start request to the TACACS+ server with no username nor password.

• TACACS+ server replies with TAC_PLUS_AUTHEN_STATUS_GETUSER and a server_msg.

• The SR OS displays the server_msg, and collects the username.

• The SR OS sends a continue message with the username.

• TACACS+ server replies with TAC_PLUS_AUTHEN_STATUS_GETPASS and a server_msg.

• The SR OS displays the server_msg (which may contain, for example, an S/Key for One Time Password operation), and collects the password.

• The SR OS sends a continue message with the password.

• TACACS+ server replies with PASS or FAIL.

When interactive-authentication is disabled, the SR OS will send the username and password in the tacplus start message. An example flow (such as with a telnet connection) is as follows:

• TAC_PLUS_AUTHEN_TYPE_ASCII.

  • the login username in the "user” field.

  • the password in the user_msg field (while this is non-standard, it does not cause interoperability problems).

• TACACS+ server ignores the password and replies with TAC_PLUS_AUTHEN_STATUS_GETPASS.

• The SR OS sends a continue packet with the password in the user_msg field.

• TACACS+ server replies with PASS or FAIL.

When interactive-authentication is enabled, tacplus must be the first method specified in the authentication-order configuration.

Default

no interactive-authentication

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn interface)

[Tree] (config>service>ies interface)

Full Context

configure service vprn interface

configure service ies interface

Description

This command creates a logical IP routing interface. Once created, attributes like an IP address and service access point (SAP) can be associated with the IP interface.

The interface command, under the context of services, is used to create and maintain IP routing interfaces within service IDs. The interface command can be executed in the context of a service ID. The IP interface created is associated with the service core network routing instance and default routing table. The typical use for IP interfaces created in this manner is for subscriber Internet access. An IP address cannot be assigned to an IES interface. Multiple SAPs can be assigned to a single group interface.

Interface names are case sensitive and must be unique within the group of defined IP interfaces defined for config>router>interface, config>service>ies>interface and config>service>vprn>interface (that is, the network core router instance). Interface names must not be in the dotted decimal notation of an IP address. For example, the name "1.1.1.1” is not allowed, but "int-1.1.1.1” is allowed. Show commands for router interfaces use either interface names or the IP addresses. Use unique IP address values and IP address names to maintain clarity. It could be unclear to the user if the same IP address and IP address name values are used. Although not recommended, duplicate interface names can exist in different router instances.

When a new name is entered, a new logical router interface is created. When an existing interface name is entered, the user enters the router interface context for editing and configuration.

By default, there are no default IP interface names defined within the system. All IP interfaces must be explicitly defined. Interfaces are created in an enabled state.

The no form of this command removes IP the interface and all the associated configuration. The interface must be administratively shut down before issuing the no interface command.

The IP interface must be shut down before the SAP on that interface may be removed. IES and VPRN services do not have the shutdown command in the SAP CLI context. The service SAPs rely on the interface status to enable and disable them.

Parameters

ip-int-name

Specifies the name of the IP interface. Interface names must be unique within the group of defined IP interfaces for config router interface and config service vprn interface commands. An interface name cannot be in the form of an IP address. Interface names can be from 1 to 32 alphanumeric characters. If the string contains special characters (#, ?, space), the entire string must be enclosed between double quotes.

If ip-int-name already exists within the service ID, the context will be changed to maintain that IP interface. If ip-int-name already exists within another service ID or is an IP interface defined within the config router commands, an error will occur and context will not be changed to that IP interface. If ip-int-name does not exist, the interface is created and context is changed to that interface for further command processing.

tunnel

Specifies that the interface is configured as tunnel interface, which could be used to terminate IPsec or GRE runnels in the private service.

create

Creates the IPsec interface instance. The create keyword requirement can be enabled/disabled in the environment>create context.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>igmp interface)

Full Context

configure router igmp interface

Description

Commands in this context configure an IGMP interface. The interface is a local identifier of the network interface on which reception of the specified multicast address is to be enabled or disabled.

The no form of the command deletes the IGMP interface. The shutdown command in the config>router>igmp>interface context can be used to disable an interface without removing the configuration for the interface.

Default

no interface

Parameters

ip-int-name

The IP interface name. Interface names must be unique within the group of defined IP interfaces for config router interface and config service ies interface commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

If the IP interface name does not exist or does not have an IP address configured an error message will be returned.

If the IP interface exists in a different area it will be moved to this area.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mld interface)

Full Context

configure router mld interface

Description

Commands in this context configure an Multicast Listener Discovery (MLD) interface. The interface is a local identifier of the network interface on which reception of the specified multicast address is to be enabled or disabled.

The no form of this command deletes the MLD interface. The shutdown command in the config>router>mld>interface context can be used to disable an interface without removing the configuration for the interface.

Default

no interface — No interfaces are defined.

Parameters

ip-int-name

Specifies the IP interface name. Interface names must be unique within the group of defined IP interfaces for config>router>interface and config>service>ies>interface commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

If the IP interface name does not exist or does not have an IP address configured an error message will be returned.

If the IP interface exists in a different area it will be moved to this area.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls interface)

Full Context

configure service vpls interface

Description

This command creates a logical IP routing interface for a VPLS service. Once created, attributes such as IP address and service access points (SAP) can be associated with the IP interface.

The interface command, under the context of services, is used to create and maintain IP routing interfaces within the VPLS service IDs. The IP interface created is associated with the VPLS management routing instance. This instance does not support routing.

Interface names are case-sensitive and must be unique within the group of defined IP interfaces defined for the network core router instance. Interface names in the dotted decimal notation of an IP address are not allowed. For example, the name "1.1.1.1” is not allowed, but "int-1.1.1.1” is allowed. Show commands for router interfaces use either interface names or the IP addresses. Use unique IP address values and IP address names to maintain clarity. Duplicate interface names can exist in different router instances.

Enter a new name to create a logical router interface. When an existing interface name is entered, the user enters the router interface context for editing and configuration.

By default, no default IP interface names are defined within the system. All VPLS IP interfaces must be explicitly defined in an enabled state.

The no form of this command removes the IP interface and the entire associated configuration. The interface must be administratively shut down before issuing the no interface command.

For VPLS services, the IP interface must be shut down before the SAP on that interface is removed.

For VPLS service, ping and traceroute are the only applications supported.

Parameters

ip-int-name

Specifies the name of the IP interface. Interface names must be unique within the group of defined IP.

An interface name:

• Should not be in the form of an IP address.

• Can be from 1 to 32 alphanumeric characters.

• If the string contains special characters (such as #,$,spaces), the entire string must be enclosed within double quotes.

If ip-int-name already exists within the service ID, the context changes to maintain that IP interface. If ip-int-name already exists within another service ID, an error occurs and the context does not change to that IP interface. If ip-int-name does not exist, the interface is created and the context is changed to that interface for further command processing.

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>igmp interface)

Full Context

debug router igmp interface

Description

This command enables debugging for IGMP interfaces.

The no form of this command disables the IGMP interface debugging for the specifies interface name or IP address.

Parameters

ip-int-name

Debugs the information associated with the specified IP interface name.

ip-address

Debugs the information associated with the specified IP address.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>igmp interface)

Full Context

configure service vprn igmp interface

Description

Commands in this context configure interface parameters.

Parameters

ip-int-name

Specifies the name of the IP interface, up to 32 characters. If the string contains special characters (#, ?, space), the entire string must be enclosed between double quotes.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>isis interface)

Full Context

configure service vprn isis interface

Description

This command creates the context to configure an IS-IS interface.

When an area is defined, the interfaces belong to that area. Interfaces cannot belong to separate areas.

When the interface is a POS channel, the OSI Network Layer Control Protocol (OSINLCP) is enabled when the interface is created and removed when the interface is deleted.

The no form of this command removes IS-IS from the interface.

The shutdown command in the config>router>isis>if context administratively disables IS-IS on the interface without affecting the IS-IS configuration.

Default

no interface — No IS-IS interfaces are defined.

Parameters

ip-int-name

Identify the IP interface name created in the config>router>if context. The IP interface name must already exist.

Platforms

7705 SAR Gen 2