r Commands – Part II

Context

[Tree] (config>router>policy-options>policy-statement renumber)

Full Context

configure router policy-options policy-statement renumber

Description

This command allows the operator to renumber the existing entry ID to a new entry ID. When performing the renumbering action, the two entry IDs must be different. The existing (from) entry-id must exist. The new (to) entry-id must not exist.

Renumbering is not saved in the configuration because it is a performing action.

Parameters

from entry-id

Specifies the existing entry ID to be renumbered.

Values

1 to 4294967295

to entry-id

Specifies the new entry ID to be assigned.

Values

1 to 4294967295

Platforms

7705 SAR Gen 2

Context

[Tree] (file repair)

Full Context

file repair

Description

This command checks a compact flash device for errors and repairs any errors found.

Parameters

cflash-id

Specifies the compact flash slot ID to be repaired. When a specific cflash-id is specified, that drive is repaired. If no flash-id is specified, the drive referred to by the current working directory is assumed. If a slot number is not specified, the active CPM is assumed.

Values

cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

Default

the current compact flash device

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>password>complexity-rules repeated-characters)

Full Context

configure system security password complexity-rules repeated-characters

Description

The number of times a characters can be repeated consecutively.

The no form of this command resets to default.

Default

no repeated-characters

Parameters

count

Specifies the minimum count of consecutively repeated characters.

Values

2 to 8

Platforms

7705 SAR Gen 2

Context

[Tree] (candidate replace)

Full Context

candidate replace

Description

This command displays the specified line (a single line only) and allows it to be changed.

Parameters

line

Indicates which line to replace starting at the point indicated by the following options.

Values

line, offset, first, edit-point, last
	line	absolute line number
	offset	relative line number to current edit point. Prefixed with '+' or '-'
	first	keyword - first line
	edit-point	keyword - current edit point
	last	keyword - last line that is not 'exit'

Platforms

7705 SAR Gen 2

Context

[Tree] (config>macsec>connectivity-association replay-protection)

Full Context

configure macsec connectivity-association replay-protection

Description

Specifies the size of the replay protection window.

This command must be configured to force packet discard when it has detected a packet that is not within the replay-window-size.

When replay protection is enabled, the sequence of the ID number of the received packets are checked. If the packet arrives out of sequence and the difference between the packet numbers exceeds the replay window size, the packet is counted by the receiving port and then discarded. For example, if the replay protection window size is set to five and a packet assigned the ID of 1006 arrives on the receiving link immediately after the packet assigned the ID of 1000, the packet that is assigned the ID of 1006 is counted and discarded because it falls outside the parameters of the replay window size.

Replay protection is especially useful for fighting man-in-the-middle attacks. A packet that is replayed by a man-in-the-middle attacker on the Ethernet link will arrive on the receiving link out of sequence, so replay protection helps ensure the replayed packet is dropped instead of forwarded through the network.

Replay protection should not be enabled in cases where packets are expected to arrive out of order.

Default

no replay-protection

Platforms

7705 SAR Gen 2

Context

[Tree] (config>ipsec>trans-mode-prof replay-window)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel replay-window)

[Tree] (config>service>vprn>if>sap>ipsec-tunnel replay-window)

[Tree] (config>ipsec>tnl-temp replay-window)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel replay-window)

Full Context

configure ipsec ipsec-transport-mode-profile replay-window

configure service ies interface ipsec ipsec-tunnel replay-window

configure service vprn interface sap ipsec-tunnel replay-window

configure ipsec tunnel-template replay-window

configure service vprn interface ipsec ipsec-tunnel replay-window

Description

This command specifies the size of the anti-replay window. The anti-replay window protocol further secures IPsec against an entity that can inject a recorded message in a message stream from a source to a destination computer on the Internet.

Default

no replay-window

Parameters

replay-window-size

Specifies the size of the SA anti-replay window.

Values

32, 64, 128, 256, 512

Platforms

7705 SAR Gen 2

Context

[Tree] (config>macsec>connectivity-association replay-window-size)

Full Context

configure macsec connectivity-association replay-window-size

Description

This command specifies the size of the replay protection window.

This command must be configured to enable replay protection. When replay protection is enabled, the sequence of the ID number of received packets are checked. If the packet arrives out of sequence and the difference between the packet numbers exceeds the replay protection window size, the packet is dropped by the receiving port. For example, if the replay protection window size is set to five and a packet assigned the ID of 1006 arrives on the receiving link immediately after the packet assigned the ID of 1000, the packet that is assigned the ID of 1006 is dropped because it falls outside the parameters of the replay protection window.

Replay protection is especially useful for fighting man-in-the-middle attacks. A packet that is replayed by a man-in-the-middle attacker on the Ethernet link will arrive on the receiving link out of sequence, so replay protection helps ensure the replayed packet is dropped instead of forwarded through the network.

Replay protection should not be enabled in cases where packets are expected to arrive out of order.

When the number-of-packets variable is set to 0, all packets that arrive out-of-order are dropped.

The no form of this command reverts to the default value.

Default

replay-window-size 0

Parameters

number-of-packets

Specifies the window for which the packets can arrive out of order.

Values

0 to 4294967294

Platforms

7705 SAR Gen 2

Context

[Tree] (config>port>ethernet report-alarm)

Full Context

configure port ethernet report-alarm

Description

This command specifies when and if to generate alarms and alarm clear notifications for this port.

Parameters

signal-fail

Reports an Ethernet signal lost alarm.

remote

Reports remote faults.

local

Reports local faults.

no-frame-lock

Reports a 'not locked on the Ethernet framing sequence' alarm.

high-ber

Reports High Bit Error Rate.

no-block-lock

Reports 40G/100G PCS Lanes Not Block Locked.

no-am-lock

Reports 40G/100G PCS Alignment Marker Loss of Lock.

duplicate-lane

Reports 40G/100G PCS Duplicate Lane Marker.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>port>dwdm>coherent report-alarms)

Full Context

configure port dwdm coherent report-alarms

Description

This command configures the alarms that will be reported for the coherent module.

Default

modflt mod netrx nettx hosttx

Parameters

modflt

Reports module fault alarm.

mod

Reports module alarm.

netrx

Reports network (optical side) receive alarm.

nettx

Reports network (optical side) transmit alarm.

hosttx

Reports host (electrical side) transmit alarm.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>pcep>pcc report-path-constraints)

Full Context

configure router pcep pcc report-path-constraints

Description

This command enables the inclusion of LSP path constraints in the PCE report messages sent from the PCC to a PCE.

In order for the PCE to know about the original constraints for an LSP which is delegated, but for which there is no prior state in its LSP database, such as if no PCReq message was sent for the same PLSP-ID, the following proprietary behavior is observed:

• PCC appends a duplicate of each of the LSPA, METRIC, and BANDWIDTH objects in the PCRpt message. The only difference between two objects of the same type is that the P-flag is set in the common header of the duplicate object to indicate that it is a mandatory object for processing by PCE.

• The value of the metric or bandwidth in the duplicate object contains the original constraint value, while the first object contains the operational value. This is applicable to hop metrics in the METRIC and BANDWIDTH objects only. The SR OS PCC does not support configuring a boundary on the path computation IGP or TE metrics.

• The path computation on the PCE must use the first set of objects when updating a path if the PCRpt contained a single set. If the PCRpt contained a duplicate set, PCE path computation must use the constraints in the duplicate set.

The no form of the command disables the above behavior in case of interoperability issues with third-party PCE implementations.

Default

report-path-constraints

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>igmp-snooping report-src-ip)

Full Context

configure service vpls igmp-snooping report-src-ip

Description

This command configures the source IPv4 address used when generating IGMP reports. According the IGMPv3 standard, a zero source address is allowed in sending IGMP reports. However, for interoperability with some multicast routers, the source IP address of IGMP group reports can be configured using this command.

Default

report-src-ip 0.0.0.0

Parameters

ip-address

Specifies the source IPv4 address in transmitted IGMP reports.

Values

a.b.c.d

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>mld-snooping report-src-ip)

Full Context

configure service vpls mld-snooping report-src-ip

Description

This command configures the source IPv6 address used when generating MLD reports. A zero source address is allowed in sending MLD reports. However, for interoperability with some multicast routers, the source IP address of MLD reports can be configured using this command.

Default

report-src-ip 0:0:0:0:0:0:0:0

Parameters

ipv6-address

Specifies the source IPv6 address in transmitted MLD reports.

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>aaa>rmt-srv>tacplus request-format)

[Tree] (config>system>security>tacplus request-format)

Full Context

configure service vprn aaa remote-servers tacplus request-format

configure system security tacplus request-format

Description

Commands in this context configure access operations that are sent to the TACACS+ server during authorization.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe>spoke-sdp>control-channel-status request-timer)

[Tree] (config>service>vpls>spoke-sdp>control-channel-status request-timer)

Full Context

configure service epipe spoke-sdp control-channel-status request-timer

configure service vpls spoke-sdp control-channel-status request-timer

Description

This command configures the control channel status request mechanism. When it is configured, control channel status request procedures are used. These augment the procedures for control channel status messaging from RFC 6478. This command cannot be used with a non-zero refresh-timer value.

Parameters

timer1

Specifies the interval, in seconds, at which pseudowire status messages, including a reliable delivery TLV with the "request” bit set, are sent.

Values

10 to 65535

timer2

specifies the timeout interval, in seconds, if no response to a pseudowire status request is received. This parameter must be configured. A value of zero (0) disables retries.

Values

0, 3 to 60

multiplier

If a requesting node does not receive a valid response to a pseudowire status request within a number of seconds equal to the retry timer multiplied by this multiplier, then it will assume the pseudowire is down. This parameter is optional.

Values

3 to 20

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>spoke-sdp>control-channel-status request-timer)

Full Context

configure service vpls spoke-sdp control-channel-status request-timer

Description

This command configures the control channel status request mechanism. When it is configured, control channel status request procedures are used. These augment the procedures for control channel status messaging from RFC 6478, Pseudowire Status for Static Pseudowires. This command cannot be used with a non-zero refresh-timer value.

Parameters

request-timer-secs

Specifies the interval, in seconds, at which pseudowire status messages, including a reliable delivery TLV with the "request” bit set, are sent.

Values

10 to 65535

retry-timer-secs

specifies the timeout interval, in seconds, if no response to a pseudowire status request is received. This parameter must be configured. A value of zero (0) disables retries.

Values

0, 3 to 60

multiplier

If a requesting node does not receive a valid response to a pseudowire status request within a number of seconds equal to the retry timer multiplied by this multiplier, then it will assume the pseudowire is down. This parameter is optional.

Values

3 to 20

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if>spoke-sdp>control-channel-status request-timer)

Full Context

configure service ies interface spoke-sdp control-channel-status request-timer

Description

This command configures the control channel status request mechanism. When it is configured, control channel status request procedures are used. These augment the procedures for control channel status messaging from RFC 6478. This command is mutually exclusive with a non-zero refresh-timer value.

Parameters

timer1

Specifies the interval at which pseudowire status messages, including a reliable delivery TLV, with the "request” bit set, are sent.

Values

10 to 65535 seconds

retry-timer timer2

Specifies the timeout interval if no response to a pseudowire status request is received. This parameter must be configured. A value of zero (0) disables retries.

Values

0, 3 to 60 seconds

timeout-multiplier multiplier

If a requesting node does not receive a valid response to a pseudowire status request within this multiplier times the retry timer, then it will assume the pseudowire is down. This parameter is optional.

Values

3 to 20 seconds

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>if>spoke-sdp>control-channel-status request-timer)

Full Context

configure service vprn interface spoke-sdp control-channel-status request-timer

Description

This command configures the control channel status request mechanism. When it is configured, control channel status request procedures are used. These augment the procedures for control channel status messaging from RFC 6478. This command is mutually exclusive with a non-zero refresh-timer value.

Parameters

request-timer-secs

Specifies the interval, in seconds, at which pseudowire status messages, including a reliable delivery TLV, with the "request” bit set, are sent.

Values

10 to 65535

retry-timer retry-timer-secs

Specifies the timeout interval, in seconds, if no response to a pseudowire status request is received. This parameter must be configured. A value of zero (0) disables retries.

Values

0, 3 to 60

timeout-multiplier multiplier

Specifies the multiplier, in seconds. If a requesting node does not receive a valid response to a pseudowire status request within this multiplier times the retry timer, then it assume the pseudowire is down. This parameter is optional.

Values

3 to 15

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>rip requests)

Full Context

debug router rip requests

Description

This command enables debugging for RIP requests.

Parameters

ip-int-name | ip-address

Debugs the RIP requests sent on the neighbor IP address or interface.

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>ripng requests)

Full Context

debug router ripng requests

Description

This command enables debugging for RIP requests.

Parameters

ip-int-name| ipv6-address

Debugs the RIP requests sent on the neighbor IP address or interface.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>password>complexity-rules required)

Full Context

configure system security password complexity-rules required

Description

Force the minimum number of different character classes required.

The no form of this command resets to default.

Default

required lowercase 0 uppercase 0 numeric 0 special-character 0

Parameters

count

Specifies the minimum count of characters classes.

Values

0 to 10

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>rollback rescue-location)

Full Context

configure system rollback rescue-location

Description

The location and filename of the rescue configuration is configurable to be local (on compact flash) or remote. The suffix .rc will be automatically appended to the filename when a rescue configuration file is saved. Trivial FTP (TFTP) is not supported for remote locations.

Default

no rescue location

Parameters

file-url

Specifies the URL or filename.

Values

local-url | remote-url
local-url	[cflash-id/][file-path] up to 200 characters, including cflash-id directory length of up to 99 characters each
remote-url	[{ftp://}login:pswd@ remote-locn/][file-path] up to 255 characters, directory length of up to 99 characters each
remote-locn	[hostname | ipv4-address | ipv6-address]
ipv4-address	a.b.c.d
ipv6-address	x:x:x:x:x:x:x:x[-interface]
	x:x:x:x:x:x:d.d.d.d[-interface]
	x - [0 to FFFF]H
	d - [0 to 255]D
	interface - 32 chars max, for link local addresses
cflash-id	cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:
rescue filename	suffixed with .rc during the rescue file creation

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls-labels reserved-label-block)

Full Context

configure router mpls-labels reserved-label-block

Description

Commands in this context configure a block of labels from the dynamic range to be locally assigned for specific applications, such as Segment Routing adjacency SIDs. The reserved label block is not advertised by the IGP.

The no form of this command removes a reserved label block.

Parameters

name

Specifies the name of the reserved label block, up to 64 characters

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls>fwd-policies reserved-label-block)

Full Context

configure router mpls forwarding-policies reserved-label-block

Description

This command specifies the reserved label block to use for all MPLS forwarding policies. The named reserved label block must already have been configured under config>router>mpls-labels.

The no form of the command removes the assignment of the reserved label block.

Parameters

name

Specifies the name of the reserved label block, up to 64 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>segment-routing>sr-policies reserved-label-block)

Full Context

configure router segment-routing sr-policies reserved-label-block

Description

This command associates a reserved label block with segment routing policies. The name must already exist. Reserved label blocks are configured under the config>router>mpls-labels hierarchy.

A locally-targeted segment routing policy (statically configured or BGP signaled) cannot be activated if its binding SID (BSID) is not an available label between the start-label and end-label of the referenced reserved label block.

The no form of this command removes any association of segment routing policies with a reserved label block.

Default

no reserved-label-block

Parameters

name

Specifies the name of a reserved-label-block that has already been configured, up to 64 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (admin reset-policy-exclusive)

Full Context

admin reset-policy-exclusive

Description

This command allows an authorized administrator to reset the exclusive policy editing lock. This will reset the lock flag and end the policy editing session in progress, discarding any policy edits.

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>rpki-session>packet reset-query)

Full Context

debug router rpki-session packet reset-query

Description

This command enables debugging for reset query RPKI packets.

The no form of this command disables debugging for reset query RPKI packets.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls>sr-te-resignal resignal-on-igp-event)

Full Context

configure router mpls sr-te-resignal resignal-on-igp-event

Description

This command enables the ad hoc reoptimzation of all CSPF paths in the operational UP state of all SR-TE LSPs at the receipt of an IGP link event. The following link events are supported:

• link down
• link up
• IGP or TE metric change
• SRLG change
• admin group change

The ad hoc reoptimization follows the same behavior as in the timer-based resignal Make-Before-Break (MBB) feature. MPLS reevaluates all the paths in operational UP state of all SR-TE LSPs. The reevaluation consists of updating the total IGP or TE metric of the current path, checking the validity of the hops and labels, and computing a new CSPF path. MPLS programs the new path only if its total metric is different than the updated metric of the current path, or if one or more hops or labels of the current path are invalid. Otherwise, the current path is considered to be the most optimal and retained.

This feature does not require that the timer-based resignal (configure router mpls sr-te-resignal resignal-timer) command be enabled. If enabled, the resignal timer is aborted and an ad hoc reoptimization is performed.

The no form of this command disables ad hoc reoptimization of SR-TE LSPs.

Default

no resignal-on-igp-event

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls resignal-on-igp-event)

Full Context

configure router mpls resignal-on-igp-event

Description

This command enables the ad hoc reoptimization of the active CSPF path of all RSVP-TE LSPs at the receipt of an IGP link event. The following link events are supported:

• link down
• link up
• IGP or TE metric change
• SRLG change
• admin group change

The ad hoc reoptimization follows the same behavior as in the timer-based resignal Make-Before-Break (MBB) feature. MPLS reevaluates the active paths of all RSVP-TE LSPs. The reevaluation consists of updating the total IGP or TE metric of the current path, checking the validity of the hops, and computing a new CSPF path. MPLS signals and programs the new path only if its total metric is different than the updated metric of the current path, or if one or more hops of the current path are invalid. Otherwise, the current path is considered to be the most optimal and retained.

This feature does not require that the timer-based resignal (configure router mpls resignal-timer) command be enabled. If enabled, the resignal timer is aborted and an ad hoc reoptimization is performed.

The no form of this command disables ad hoc reoptimization of the active RSVP-TE LSPs.

Default

no resignal-on-igp-event

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls resignal-on-igp-overload)

Full Context

configure router mpls resignal-on-igp-overload

Description

This command enables the resignaling of all RSVP-TE LSPs at the receipt of the IS-IS overload bit in the TE-DB.

Once the re-optimization is triggered, the behavior is the same as the timer-based resignal or the delay option of the manual-based resignal. MPLS forces the expiry of the resignal timer and requests the TE-DB to compute a new CSPF for each RSVP-TE LSP active path.

This re-optimization effectively causes the immediate move of transit RSVP-TE LSP paths away from the IS-IS node in overload.

By default, MPLS re-optimizes, using the MBB procedure, the transit paths away from the node in an IS-IS overload state only at the time a manual or timer-based resignal is performed for the LSP paths. MPLS does not act immediately on the receipt of the IS-IS overload bit.

The no form of this command results in the MPLS not acting immediately to the request of the IS-IS overload bit.

Default

no resignal-on-overload

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls>sr-te-resignal resignal-on-igp-overload)

Full Context

configure router mpls sr-te-resignal resignal-on-igp-overload

Description

This command enables the ad-hoc re-optimzation of the CSPF paths of all SR-TE LSPs when IS-IS receives an IS-IS overload bit advertisement from a remote router.

When this command is enabled on the router and an IGP overload bit is set in a Layer 1 or Layer 2 IS-IS LSP received from a remote router, MPLS performs an ad-hoc re-optimization of all the paths of all the SR-TE LSPs that have paths computed by the local CSPF. For each SR-TE LSP current path that transits the router in overload, the CSPF looks for a new path that avoids the router. For each SR-TE LSP current path that terminates on the router in overload, the CSPF checks if a better path exists. In both cases, if a new path is not found the system maintains the current path when operationally up.

configure router mpls sr-te-resignal resignal-timer

The no form of this command configures MPLS to not act immediately on an IS-IS overload bit from a remote router. MPLS will act on it at the next timer-based or manual re-optimization of the SR-TE LSPs.

Default

no resignal-on-igp-overload

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls resignal-timer)

Full Context

configure router mpls resignal-timer

Description

This command specifies the value for the LSP resignal timer. The resignal timer is the time, in minutes, the software waits before attempting to resignal the LSPs.

When the resignal timer expires, if the new computed path for an LSP has a better metric than the current recorded hop list, an attempt is made to resignal that LSP using the make-before-break mechanism. If the attempt to resignal an LSP fails, the LSP continues to use the existing path and a resignal will be attempted the next time the timer expires.

The no form of this command disables timer-based LSP resignaling.

Default

no resignal-timer

Parameters

minutes

Specifies the time the software waits before attempting to resignal the LSPs.

Values

30 to 10080

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls>sr-te-resignal resignal-timer)

Full Context

configure router mpls sr-te-resignal resignal-timer

Description

This command specifies the value for the SR-TE LSP resignal timer when the path computation method is set to the local CSPF or the PCE.

The resignal timer is the time, in minutes, MPLS waits before attempting to re-optimize all paths of all SR-TE LSPs. The re-optimization is performed by the local CSPF or the PCE, depending on the value of the parameter path-computation-method.

When local CSPF is used and the resignal timer expires, MPLS provides the current path of the SR-TE LSP and TE-DB updates the total IGP or TE metric of the current path and checks the validity of the hops and labels. CSPF then computes a new path for each SR-TE LSP. MPLS programs the new path only if the total metric of the new computed path is different than the updated metric of the current path, or if one or more hops or labels of the current path are invalid. Otherwise, the current path is considered to be one of the most optimal ECMP paths and is not updated in data path.

The no form of this command disables timer-based LSP resignaling.

Default

no resignal-timer

Parameters

minutes

Specifies the time, in minutes, the software waits before attempting to resignal the SR-TE LSPs.

Values

30 to 10080

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe>bgp-evpn>mpls>auto-bind-tunnel resolution)

[Tree] (config>service>vprn>bgp-ipvpn>mpls>auto-bind-tunnel resolution)

[Tree] (config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel resolution)

[Tree] (config>service>vprn>bgp-evpn>mpls>auto-bind-tunnel resolution)

Full Context

configure service epipe bgp-evpn mpls auto-bind-tunnel resolution

configure service vprn bgp-ipvpn mpls auto-bind-tunnel resolution

configure service vpls bgp-evpn mpls auto-bind-tunnel resolution

configure service vprn bgp-evpn mpls auto-bind-tunnel resolution

Description

This command configures the resolution mode in the automatic binding of a BGP-EVPN or BGP-IPVPN MPLS service to tunnels to MP-BGP peers.

Default

resolution disabled

Parameters

any

Enables the binding to any supported tunnel type in a BGP-EVPN or BGP-IPVPN MPLS context following TTM preference.

disabled

Disables the automatic binding of a BGP-EVPN or BGP-IPVPN MPLS service to tunnels to MP-BGP peers.

filter

Enables the binding to the subset of tunnel types configured the resolution-filter context.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>static-route-entry>indirect>tunnel-next-hop resolution)

Full Context

configure router static-route-entry indirect tunnel-next-hop resolution

Description

This command determines the resolution mode for the associated static route to a tunnel next hop.

Default

resolution any

Parameters

any

Allows the associated static route to be resolved to any active entry in the TTM, following the TTM preference order.

disabled

Disables the resolution of the associated static route to any active entry in the TTM. As a result, the static route can only be resolved via IP RTM resolution of the static route's next hop.

filter

Allows the associated static route to be resolved to active tunnels in the TTM using the resolution-filter restrictions.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>next-hop-resolution>labeled-routes>transport-tunnel>family resolution)

Full Context

configure router bgp next-hop-resolution labeled-routes transport-tunnel family resolution

Description

This command configures the resolution mode in the resolution of BGP label routes using tunnels to BGP peers.

Parameters

any

Enables the binding to any supported tunnel type in the BGP label route context following TTM preference.

filter

Enables the binding to the subset of tunnel types configured under resolution-filter.

disabled

Disables the resolution of BGP label routes using tunnels to BGP peers.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>next-hop-res>shortcut-tunn>family resolution)

Full Context

configure router bgp next-hop-resolution shortcut-tunnel family resolution

Description

This command configures the resolution mode in the resolution of BGP prefixes using tunnels to BGP peers.

Parameters

any

Enables the binding to any supported tunnel type in BGP shortcut context following TTM preference.

filter

Enables the binding to the subset of tunnel types configured under resolution-filter.

disabled

Disables the resolution of BGP prefixes using tunnels to BGP peers.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis>igp-shortcut>tunnel-next-hop>family resolution)

Full Context

configure router isis igp-shortcut tunnel-next-hop family resolution

Description

This command configures resolution mode in the resolution of the IP prefix or SR tunnel family using IGP shortcuts.

Parameters

any

Enables the binding to any supported tunnel type following TTM preference.

disabled

Disables the resolution of the IP prefix or SR tunnel family using IGP shortcuts.

filter

Enables the binding to the subset of tunnel types configured under resolution-filter.

match-family-ip

Enables the resolution of the SR tunnel family to match that of the corresponding IP prefix family.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ospf>igp-shortcut>tunnel-next-hop>family resolution)

Full Context

configure router ospf igp-shortcut tunnel-next-hop family resolution

Description

This command configures resolution mode in the resolution of the IP prefix or SR tunnel family using IGP shortcuts.

Parameters

any

Enables the binding to any supported tunnel type following TTM preference.

disabled

Disables the resolution of the IP prefix or SR tunnel family using IGP shortcuts.

filter

Enables the binding to the subset of tunnel types configured under resolution-filter.

match-family-ip

Enables the resolution of the SR tunnel family to match that of the corresponding IP prefix family.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ospf3>igp-shortcut>tunnel-next-hop>family resolution)

Full Context

configure router ospf3 igp-shortcut tunnel-next-hop family resolution

Description

This command configures resolution mode in the resolution of the IPv6 prefix using IGP shortcuts.

Parameters

any

Enables the binding to any supported tunnel type following TTM preference.

disabled

Disables the resolution of the IPv6 prefix using IGP shortcuts.

filter

Enables the binding to the subset of tunnel types configured under resolution-filter.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>auto-bind-tunnel resolution)

Full Context

configure service vprn auto-bind-tunnel resolution

Description

This command configures the resolution method for tunnel selection.

Default

resolution any

Parameters

any

Allows the associated static route to be resolved to any active entry in the TTM, following the TTM preference order.

disabled

Disables the associated static route to be resolved to any active entry in the TTM. As a result, the static route can only be resolved via IP RTM resolution of the static route's nexthop.

filter

Allows the associated static route to be resolved to active tunnels in the TTM using the resolution-filter restrictions.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>auto-bind-tunnel resolution)

Full Context

configure service vprn auto-bind-tunnel resolution

Description

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe>bgp-evpn>mpls>auto-bind-tunnel resolution-filter)

[Tree] (config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel resolution-filter)

[Tree] (config>service>vprn>bgp-evpn>mpls>auto-bind-tunnel resolution-filter)

[Tree] (config>service>vprn>bgp-ipvpn>mpls>auto-bind-tunnel resolution-filter)

Full Context

configure service epipe bgp-evpn mpls auto-bind-tunnel resolution-filter

configure service vpls bgp-evpn mpls auto-bind-tunnel resolution-filter

configure service vprn bgp-evpn mpls auto-bind-tunnel resolution-filter

configure service vprn bgp-ipvpn mpls auto-bind-tunnel resolution-filter

Description

Commands in this context configure the subset of tunnel types that can be used in the resolution of BGP-EVPN or BGP-IPVPN routes within the automatic binding of BGP-EVPN or BGP-IPVPN MPLS service to tunnels to MP-BGP peers.

The following tunnel types are supported in a BGP-EVPN or BGP-IPVPN MPLS context: BGP, LDP, RIB-API, RSVP, SR-ISIS, SR-OSPF, SR-policy, SR-TE, UDP, and MPLS forwarding policy.

The user must set resolution to filter to activate the list of tunnel-types configured under resolution-filter.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>static-route-entry>indirect>tunnel-next-hop resolution-filter)

Full Context

configure router static-route-entry indirect tunnel-next-hop resolution-filter

Description

This command creates the context to configure the tunnel next-hop resolution options.

If one or more tunnel filter criteria are specified, the static route nexthop is resolved to an available tunnel from one of those LSP types. The tunnel type is selected based on the TTM preference.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>next-hop-resolution>labeled-routes>transport-tunnel>family resolution-filter)

Full Context

configure router bgp next-hop-resolution labeled-routes transport-tunnel family resolution-filter

Description

Commands in this context set resolution filter types.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>next-hop-res>shortcut-tunn>family resolution-filter)

Full Context

configure router bgp next-hop-resolution shortcut-tunnel family resolution-filter

Description

This command configures the subset of tunnel types that can be used to resolve BGP unlabeled routes.

Parameters

bgp

Selects the BGP label route tunnel type.

ldp

Selects the LDP tunnel type.

rsvp

Selects the RSVP-TE tunnel type.

sr-isis

Selects the SR tunnel type programmed by an IS-IS instance in TTM.

sr-ospf

Selects the SR tunnel type programmed by an OSPF instance in TTM.

sr-policy

Selects the SR tunnel type programmed by an SR policy instance in TTM.

sr-te

Selects the SR tunnel type programmed by a TE instance in TTM.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis>igp-shortcut>tunnel-next-hop>family resolution-filter)

Full Context

configure router isis igp-shortcut tunnel-next-hop family resolution-filter

Description

Commands in this context configure the subset of tunnel types which can be used in the resolution of the IP prefix or SR tunnel family using IGP shortcuts.

Parameters

rsvp

Selects the RSVP-TE tunnel type.

sr-te

Selects the SR-TE tunnel type.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ospf3>igp-shortcut>tunnel-next-hop>family resolution-filter)

[Tree] (config>router>ospf>igp-shortcut>tunnel-next-hop>family resolution-filter)

Full Context

configure router ospf3 igp-shortcut tunnel-next-hop family resolution-filter

configure router ospf igp-shortcut tunnel-next-hop family resolution-filter

Description

Commands in this context configure the subset of tunnel types that can be used in the resolution of the IP prefix or SR tunnel family using IGP shortcuts.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>auto-bind-tunnel resolution-filter)

Full Context

configure service vprn auto-bind-tunnel resolution-filter

Description

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>proxy-arp>dynamic resolve)

[Tree] (config>service>vpls>proxy-nd>dynamic resolve)

Full Context

configure service vpls proxy-arp dynamic resolve

configure service vpls proxy-nd dynamic resolve

Description

This command configures the frequency at which a resolve message is sent. The resolve message is an ARP-request or NS message flooded to all the non-EVPN endpoints in the service irrespective of the current status of the unknown-arp-request-flood-evpn or unknown-ns-flood-evpn commands.

Default

resolve 5

Parameters

minutes

Specifies the frequency in minutes at which the resolve message is issued.

Values

1 to 60

Default

5

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>policy-options>policy-statement>entry>action resolve-static)

[Tree] (config>router>policy-options>policy-statement>default-action resolve-static)

Full Context

configure router policy-options policy-statement entry action resolve-static

configure router policy-options policy-statement default-action resolve-static

Description

This command has an affect only in BGP route-table-import policies and applies only to BGP IPv4 and IPv6 routes created by importing static routes with indirect next-hops. When such a route matches a policy entry with this action, the BGP next-hop is the resolved next-hop of the static route.

The no form of this command reverts to the default behavior, which copies the indirect next-hop of the static route into the BGP next-hop without resolving it further.

Default

no resolve-static

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ldp>targ-session resolve-v6-prefix-over-shortcut)

Full Context

configure router ldp targeted-session resolve-v6-prefix-over-shortcut

Description

This command allows an IPv6 prefix FEC to be resolved over an IGP shortcut.

The no form of this command disables the resolution.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>pki>ca-profile>ocsp responder-url)

Full Context

configure system security pki ca-profile ocsp responder-url

Description

This command specifies HTTP URL of the OCSP responder for the CA, this URL will only be used if there is no OCSP responder defined in the AIA extension of the certificate to be verified.

Default

no responder-url

Parameters

url-string

Specifies the HTTP URL of the OCSP responder

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>pki>ca-profile>cmpv2 response-signing-cert)

Full Context

configure system security pki ca-profile cmpv2 response-signing-cert

Description

This command specifies a imported certificate that is used to verify the CMP response message if they are protected by signature. If this command is not configured, CA’s certificate is used.

Default

no response-signing-cert

Parameters

filename

Specifies the filename of the imported certificate.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>bgp>group>graceful-restart restart-time)

[Tree] (config>service>vprn>bgp>graceful-restart restart-time)

[Tree] (config>service>vprn>bgp>group>neighbor>graceful-restart restart-time)

Full Context

configure service vprn bgp group graceful-restart restart-time

configure service vprn bgp graceful-restart restart-time

configure service vprn bgp group neighbor graceful-restart restart-time

Description

This command sets the value of the restart-time that is advertised in the router’s graceful-restart capability. If this command is not configured, the default is 300.

Default

no restart-time

Parameters

seconds

Specifies the restart-time that is advertised in the router’s graceful-restart capability.

Values

0 to 4095 seconds

Default

300

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>group>graceful-restart restart-time)

[Tree] (config>router>bgp>group>neighbor>graceful-restart restart-time)

[Tree] (config>router>bgp>graceful-restart restart-time)

Full Context

configure router bgp group graceful-restart restart-time

configure router bgp group neighbor graceful-restart restart-time

configure router bgp graceful-restart restart-time

Description

This command sets the value of the restart-time that is advertised in the router’s graceful-restart capability. If this command is not configured, the default is 300.

Default

no restart time

Parameters

seconds

Specifies the restart-time that is advertised in the router’s graceful-restart capability.

Values

0 to 4095 seconds

Default

config>router>bgp>graceful-restart: 120 seconds

config>router>bgp>group>graceful-restart: 300 seconds

config>router>bgp>group>neighbor>graceful-restart: 300 seconds

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>proxy-arp restrict-non-configured-ip-address)

[Tree] (config>service>vpls>proxy-nd restrict-non-configured-ip-address)

Full Context

configure service vpls proxy-arp restrict-non-configured-ip-address

configure service vpls proxy-nd restrict-non-configured-ip-address

Description

This command configures whether all the configured dynamic IP address entries are considered the only authorized entries in the proxy ARP or ND table. ARP or ND packets coming from a unauthorized sender IP addresses are dropped. Therefore, unauthorized IP addresses are not learned in the proxy ARP or ND table, and ARP requests or neighbor solicitations (NS) coming from a unauthorized sender IP addresses are not replied to, unless the sponge-mac option is configured.

The no form of this command does not drop ARP or ND packets coming from a unauthorized sender IP addresses.

Parameters

sponge-mac

Keyword to specify that ARP requests or NSs from an unauthorized IP address are not learned in the proxy ARP or ND table and ARP requests or NSs from an unauthorized IP address are replied with the configured sponge MAC address. Any IP address that is not configured as proxy ARP, ND dynamic ARP, or neighbor IP address is considered unauthorized and dropped.

mac-address

Specifies the MAC address.

The configured sponge MAC address is not installed in the FDB or advertised in EVPN. If needed, the sponge MAC address can be configured as a static MAC in the same service in the node or a remote node.

Values

xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>pw-template>split-horizon-group restrict-protected-src)

[Tree] (config>service>pw-template restrict-protected-src)

[Tree] (config>service>vpls>mesh-sdp restrict-protected-src)

[Tree] (config>service>vpls>spoke-sdp restrict-protected-src)

[Tree] (config>service>vpls>split-horizon-group restrict-protected-src)

[Tree] (config>service>vpls>sap restrict-protected-src)

[Tree] (config>service>vpls>endpoint restrict-protected-src)

Full Context

configure service pw-template split-horizon-group restrict-protected-src

configure service pw-template restrict-protected-src

configure service vpls mesh-sdp restrict-protected-src

configure service vpls spoke-sdp restrict-protected-src

configure service vpls split-horizon-group restrict-protected-src

configure service vpls sap restrict-protected-src

configure service vpls endpoint restrict-protected-src

Description

This command indicates how the agent will handle relearn requests for protected MAC addresses, either manually added using the mac-protect command or automatically added using the auto-learn-mac-protect command. While enabled all packets entering the configured SAP, spoke SDP, mesh SDP, or any SAP that is part of the configured split horizon group (SHG) is verified not to contain a protected source MAC address. If the packet is found to contain such an address, the action taken depends on the parameter specified on the restrict-protected-src command, namely:

• No parameter — The packet is discarded, an alarm is generated and the SAP, spoke SDP or mesh SDP is set operationally down. The SAP, spoke SDP or mesh SDP must be shut down and enabled (no shutdown) for this state to be cleared.

• alarm-only — The packet is forwarded, an alarm is generated but the source MAC is not learned on the SAP, spoke SDP or mesh SDP.

• discard-frame — The packet is discarded and an alarm generated. The frequency of alarm generation is fixed to be at most one alarm per MAC address per FP per 10 minutes in a given VPLS service. This parameter is only applicable to automatically protected MAC addresses.

When the restrict-protected-src is enabled on an SHG the action only applies to the associated SAPs (no action is taken by default for spoke SDPs in the SHG) and is displayed in the SAP show output as the oper state unless it is overridden by the configuration of restrict-protected-src on the SAP itself. To enable this function for spoke SDPs within a SHG, the restrict-protected-src must be enabled explicitly under the spoke SDP. If required, restrict-protected-src can also be enabled explicitly under specific SAPs within the SHG.

When this command is applied or removed, with either the alarm-only or discard-frame parameters, the MAC addresses are cleared from the related object.

The use of restrict-protected-src discard-frame is mutually exclusive with the configuration of manually protected MAC addresses within a given VPLS.

The no form of the command reverts to the default.

Default

no restrict-protected-src

Parameters

alarm-only

Specifies that the packet is forwarded, an alarm is generated but the source MAC is not learned on the SAP, spoke SDP, or mesh SDP.

Default

no alarm-only

discard-frame

Specifies that the packet is discarded and an alarm generated. The frequency of alarm generation is fixed to be at most one alarm per MAC address per FP per 10 minutes within a given VPLS service.

Default

no discard-frame

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>sap restrict-unprotected-dst)

[Tree] (config>service>vpls>split-horizon-group restrict-unprotected-dst)

[Tree] (config>service>pw-template>split-horizon-group restrict-unprotected-dst)

Full Context

configure service vpls sap restrict-unprotected-dst

configure service vpls split-horizon-group restrict-unprotected-dst

configure service pw-template split-horizon-group restrict-unprotected-dst

Description

This command indicates how the system will forward packets destined for an unprotected MAC address, either manually added using the mac-protect command or automatically added using the auto-learn-mac-protect command. While enabled all packets entering the configured SAP or SAPs within a split horizon group (but not spoke or mesh-SDPs) will be verified to contain a protected destination MAC address. If the packet is found to contain a non-protected destination MAC, it will be discarded. Detecting a non-protected destination MAC on the SAP will not cause the SAP to be placed in the operationally down state. No alarms are generated.

If the destination MAC address is unknown, even if the packet is entering a restricted SAP, with restrict-unprotected-dst enabled, it will be flooded.

Default

no restrict-unprotected-dst

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>user restricted-to-home)

[Tree] (config>system>security>user-template restricted-to-home)

Full Context

configure system security user restricted-to-home

configure system security user-template restricted-to-home

Description

This command denies the user from accessing files outside of their home directory. Files can be accessed locally by CLI file commands and output modifiers such as > (file redirect), or remotely via FTP and SCP.

When enabled, the system denies all configuration save operations (such as admin save) via any management interface (such as CLI and NETCONF) unless save-when-restricted is enabled.

When restricted-to-home is configured, file access is denied unless the home-directory is configured and the directory is created by an administrator.

The no form of this command permits the user to access all files on the system.

Default

restricted-to-home

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>script-control>script-policy results)

Full Context

configure system script-control script-policy results

Description

This command is used to specify the location where the system writes the output of an event script’s execution.

The no form of the command removes the file location from the configuration. Scripts will not execute if there is no result location defined.

Default

no results

Parameters

file-url

Specifies the location to send CLI output from script runs. The file-url is a location, directory, and filename prefix to which a data and timestamp suffix is added when the results files are created during a script run, as follows:

file-url_YYYYMMDD-hhmmss.uuuuuu.out

where:

YYYYMMDD — date

hhmmss — hours, minutes, and seconds

uuuuuu — microseconds (padded to 6 characters with leading zeros)

Values

local-url | remote-url

local-url — [cflash-id/] [file-path] 167 chars max, including cflash-idfile-path 166 chars max

remote url — [{ftp:// | tftp://}login:password@remote-location/][file-path] 255 characters max directory length 99 characters max each

remote-location — [hostname | ipv4-address | ipv6-address]

ipv4-address — a.b.c.d

ipv6-address — x:x:x:x:x:x:x:x[-interface] x:x:x:x:x:x:d.d.d.d[-interface] x — [0 to FFFF]H d — [0 to 255]D interface — 32 characters max, for link local addresses

cflash-id — cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>rsvp>event resv)

Full Context

debug router rsvp event resv

Description

This command debugs RSVP reservation events.

The no form of the command disables the debugging.

Parameters

detail

Displays detailed information about RSVP reservation events.

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>rsvp>packet resv)

Full Context

debug router rsvp packet resv

Description

This command enables debugging for RSVP resv packets.

The no form of the command disables the debugging.

Parameters

detail

Displays detailed information about RSVP Resv events.

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>rsvp>packet resverr)

Full Context

debug router rsvp packet resverr

Description

This command debugs ResvErr packets.

The no form of the command disables the debugging.

Parameters

detail

Displays detailed information about ResvErr packets.

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>rsvp>packet resvtear)

Full Context

debug router rsvp packet resvtear

Description

This command debugs ResvTear packets.

The no form of the command disables the debugging.

Parameters

detail

Displays detailed information about ResvTear packets.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>isis>if retransmit-interval)

Full Context

configure service vprn isis interface retransmit-interval

Description

This command configures the minimum time between LSP PDU retransmissions on a point-to-point interface.

The no form of this command reverts to the default value.

Default

retransmit-interval 5

Parameters

seconds

Specifies the interval in seconds that IS-IS LSPs can be sent on the interface

1 to 65535.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>ospf3>area>if retransmit-interval)

[Tree] (config>service>vprn>ospf>area>if retransmit-interval)

[Tree] (config>service>vprn>ospf>area>sham-link retransmit-interval)

[Tree] (config>service>vprn>ospf>area>virtual-link retransmit-interval)

[Tree] (config>service>vprn>ospf3>area>virtual-link retransmit-interval)

Full Context

configure service vprn ospf3 area interface retransmit-interval

configure service vprn ospf area interface retransmit-interval

configure service vprn ospf area sham-link retransmit-interval

configure service vprn ospf area virtual-link retransmit-interval

configure service vprn ospf3 area virtual-link retransmit-interval

Description

This command specifies the length of time, in seconds, that OSPF will wait before retransmitting an unacknowledged link state advertisement (LSA) to an OSPF neighbor.

The value should be longer than the expected round trip delay between any two routers on the attached network. Once the retransmit interval expires and no acknowledgment is received, the LSA is retransmitted.

The no form of this command reverts to the default interval.

Default

retransmit-interval 5

Parameters

seconds

The retransmit interval in seconds expressed as a decimal integer.

Values

1 to 3600

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis>interface retransmit-interval)

Full Context

configure router isis interface retransmit-interval

Description

This command configures the minimum time between LSP PDU retransmissions on a point-to-point interface.

The no form of this command reverts to the default value.

Default

retransmit-interval 5

Parameters

seconds

Specifies the interval, in seconds, that IS-IS LSPs can be sent on the interface.

Values

1 to 65535

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ospf3>area>virtual-link retransmit-interval)

[Tree] (config>router>ospf>area>interface retransmit-interval)

[Tree] (config>router>ospf>area>virtual-link retransmit-interval)

[Tree] (config>router>ospf3>area>interface retransmit-interval)

Full Context

configure router ospf3 area virtual-link retransmit-interval

configure router ospf area interface retransmit-interval

configure router ospf area virtual-link retransmit-interval

configure router ospf3 area interface retransmit-interval

Description

This command specifies the length of time, in seconds, that OSPF will wait before retransmitting an unacknowledged link state advertisement (LSA) to an OSPF neighbor.

The value should be longer than the expected round trip delay between any two routers on the attached network. After the retransmit-interval expires and no acknowledgment has been received, the LSA will be retransmitted.

The no form of this command reverts to the default interval.

Default

retransmit-interval 5

Parameters

seconds

Specifies the retransmit interval in seconds expressed as a decimal integer.

Values

1 to 1800

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>router-advert>if retransmit-time)

[Tree] (config>router>router-advert>if retransmit-time)

Full Context

configure service vprn router-advertisement interface retransmit-time

configure router router-advertisement interface retransmit-time

Description

This command configures the value to be placed in the retransmit timer field in router advertisements sent from this interface.

The no form of this command reverts to the default.

Default

retransmit-time 0

Parameters

milli-seconds

Specifies the retransmit time, in milli-seconds, for advertisement from this group-interface.

Values

0 to 1800000

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>grpc>tcp-keepalive retries)

Full Context

configure system grpc tcp-keepalive retries

Description

This command configures the number of TCP keepalive probes sent by the router that must be unacknowledged before the connection is closed.

The no form of this command reverts to the default value.

Default

retries 4

Parameters

count

Specifies the number of missed keep-alives before the TCP connection is declared down.

Values

3 to 100

Default

4

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>grpc-tunnel>destination-group>tcp-keepalive retries)

[Tree] (config>system>telemetry>destination-group>tcp-keepalive retries)

Full Context

configure system grpc-tunnel destination-group tcp-keepalive retries

configure system telemetry destination-group tcp-keepalive retries

Description

This command configures the number of missed TCP keepalive probes before the TCP connection is closed and attempts are made to reach other destinations within the same destination group.

The no form of this command reverts to the default value.

Default

retries 4

Parameters

count

Specifies the number of missed keep-alives before the TCP connection is declared down.

Values

3 to 100

Default

4

Platforms

7705 SAR Gen 2

Context

[Tree] (config>aaa>radius-srv-plcy>servers retry)

Full Context

configure aaa radius-server-policy servers retry

Description

This command configures the number of times the router attempts to contact the RADIUS server, if not successful the first time.

The no form of this command reverts to the default.

Default

retry 3

Parameters

count

Specifies the number of times a signaling request message is transmitted towards the same peer.

Values

1 to 256

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>bgp-evpn>mac-duplication retry)

Full Context

configure service vpls bgp-evpn mac-duplication retry

Description

Specifies the timer after which the MAC in hold-down state is automatically flushed and the mac-duplication process starts again. This value is expected to be equal to two times or more than that of window.

If no retry is configured, this implies that, when mac-duplication is detected, MAC updates for that MAC will be held down till the user intervenes or a network event (that flushes the MAC) occurs.

Default

retry 9

Parameters

minutes

Specifies the BGP EVPN MAC duplication retry in minutes.

Values

2 to 60

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>aaa>rmt-srv>radius retry)

[Tree] (config>system>security>radius retry)

Full Context

configure service vprn aaa remote-servers radius retry

configure system security radius retry

Description

This command configures the number of times the router attempts to contact the RADIUS server for authentication if there are problems communicating with the server.

The no form of this command reverts to the default value.

Default

retry 3

Parameters

count

Specifies the retry count.

Values

1 to 10

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>file-trans-prof retry)

Full Context

configure system file-transmission-profile retry

Description

This command specifies the number of retries on transport protocol level.

When the virtual router does not receive any data from a server (e.g., FTP or HTTP server) after the configured timeout seconds, the router may repeat the request to the server. The number of retries specifies the maximum number of repeated requests.

The no form of this command disables the retry.

Default

no retry

Parameters

count

Specifies the number of retries.

Values

1 to 256

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>ldap retry)

Full Context

configure system security ldap retry

Description

This command configures the number of retries for the SR OS in its attempt to reach the current LDAP server before attempting the next server.

The no form of this command reverts to the default value.

Default

retry 3

Parameters

count

Specifies the number of retransmissions.

Values

1 to 10

Default

3

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe>spoke-sdp-fec retry-count)

Full Context

configure service epipe spoke-sdp-fec retry-count

Description

This optional command specifies the number of attempts software should make to reestablish the spoke SDP after it has failed. After each successful attempt, the counter is reset to zero.

When the specified number is reached, no more attempts are made and the spoke-sdp is put into the shutdown state.

Use the no shutdown command to bring up the path after the retry limit is exceeded.

The no form of this command reverts the parameter to the default value.

Default

retry-count 30

Parameters

retry-count

The maximum number of retries before putting the spoke-sdp into the shutdown state.

Values

10 to 10000

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>pw-routing retry-count)

Full Context

configure service pw-routing retry-count

Description

This optional command specifies the number of attempts software should make to re-establish the spoke SDP after it has failed. After each successful attempt, the counter is reset to zero.

When the specified number is reached, no more attempts are made and the spoke SDP is put into the shutdown state.

Use the no shutdown command to bring up the path after the retry limit is exceeded.

The no form of this command reverts the parameter to the default value.

Default

no retry-count

Parameters

count

Specifies the maximum number of retries before putting the spoke SDP into the shutdown state.

Values

10 to 10000

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>pki>ca-prof>auto-crl-update retry-interval)

Full Context

configure system security pki ca-profile auto-crl-update retry-interval

Description

This command specifies the interval, in seconds, that the system waits before retrying the configured url-entry list when schedule-type is next-update-based and none of the URLs return a qualified CRL.

The no form of this command causes the system to retry immediately without waiting.

Default

retry-interval 3600

Parameters

seconds

Specifies an interval, in seconds, before retrying to update the CRL.

Values

1 to 31622400

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>pki>cert-upd-prof retry-interval)

Full Context

configure system security pki certificate-update-profile retry-interval

Description

This command configures the retry interval after the update fails.

Default

retry-interval 3600

Parameters

seconds

Specifies a retry interval, in seconds, after a failed update.

Values

60 to 36000

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls>lsp-template retry-limit)

[Tree] (config>router>mpls>lsp retry-limit)

Full Context

configure router mpls lsp-template retry-limit

configure router mpls lsp retry-limit

Description

This optional command specifies the number of attempts software should make to re-establish the LSP after it has failed LSP. After each successful attempt, the counter is reset to zero.

When the specified number is reached, no more attempts are made and the LSP path is put into the shutdown state.

Use the config router mpls lsp lsp-name no shutdown command to bring up the path after the retry-limit is exceeded.

For P2MP LSP that are created based on the LSP template, all S2Ls must attempt to retry-limit before the client application is informed of failure.

The no form of this command reverts to the default value.

Default

retry-limit 0 (no limit, retries forever)

Parameters

number

Specifies the number of times software will attempt to re-establish the LSP after it has failed. Allowed values are integers in the range of 0 to 10000.

Values

0 to 10000

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls retry-on-igp-overload)

Full Context

configure router mpls retry-on-igp-overload

Description

This command allows for the global configuration of the handling in the ingress LER of the LSP paths which transit an LSR that advertised the IS-IS overload bit.

By default, MPLS re-optimizes using make-before-break (MBB) the transit paths away from the node in an IS-IS overload state only at the time a manual or timer-based re-signal is performed for the LSP paths. MPLS will not act immediately on the receipt of the IS-IS overload bit.

When this command is enabled, MPLS in the ingress LER immediately tears down and re-signals all LSP paths away from a transit LSR node which advertised the IS-IS overload bit.

LSP paths that terminate on the node that advertised the IS-IS overload bit are not acted on whether this command is enabled or disabled.

The no form of this command returns to the default behavior.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>template>vpls-template>mac-move retry-timeout)

[Tree] (config>service>vpls>mac-move retry-timeout)

Full Context

configure service template vpls-template mac-move retry-timeout

configure service vpls mac-move retry-timeout

Description

This indicates the time in seconds to wait before a SAP that has been disabled after exceeding the maximum relearn rate is re-enabled.

It is recommended that the retry-timeout value is larger or equal to 5s * cumulative factor of the highest priority port so that the sequential order of port blocking will not be disturbed by re-initializing lower priority ports.

A zero value indicates that the SAP will not be automatically re-enabled after being disabled. If, after the SAP is re-enabled it is disabled again, the retry timeout is increased with the provisioned retry timeout in order to avoid thrashing. For example, when retry-timeout is set to 15, it increments (15,30,45,60...).

The no form of this command reverts to the default value.

Default

retry-timeout 10 (when mac-move is enabled)

Parameters

timeout

Specifies the time, in seconds, to wait before a SAP that has been disabled after exceeding the maximum relearn rate is re-enabled.

Values

0 to 120

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe>spoke-sdp-fec retry-timer)

Full Context

configure service epipe spoke-sdp-fec retry-timer

Description

This command specifies a retry-timer for the spoke SDP. This is a configurable exponential back-off timer that determines the interval between retries to reestablish a spoke SDP if it fails and a label withdraw message is received with the status code "AII unreachable”.

The no form of this command reverts the timer to its default value.

Default

retry-timer 30

Parameters

retry-timer

The initial retry-timer value in seconds.

Values

10 to 480

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls>lsp retry-timer)

[Tree] (config>router>mpls>lsp-template retry-timer)

Full Context

configure router mpls lsp retry-timer

configure router mpls lsp-template retry-timer

Description

This command configures the time (in s), for LSP re-establishment attempts after it has failed. The retry time is jittered to +/- 25% of its nominal value.

For P2MP LSP created based on LSP template, all S2Ls must attempt to retry-limit before client application is informed of failure.

The no form of this command reverts to the default value.

Default

retry-timer 30

Parameters

seconds

Specifies the amount of time (in s), between attempts to re-establish the LSP after it has failed. Allowed values are integers in the range of 1 to 600.

Values

1 to 600

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>pw-routing retry-timer)

Full Context

configure service pw-routing retry-timer

Description

This command configures a retry-timer for the spoke-SDP. This is a configurable exponential back-off timer that determines the interval between retries to re-establish a spoke-SDP if it fails and a label withdraw message is received with the status code "AII unreachable”.

The no form of this command reverts the timer to its default value.

Default

no retry-timer

Parameters

secs

Specifies initial retry-timer value in seconds.

Values

10 to 480

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>segment-routing>main-plcy return-path-label)

Full Context

configure router segment-routing maintenance-policy return-path-label

Description

This command configures the Seamless Bidirectional Forwarding Detection (S-BFD) session to echo mode and adds an additional MPLS label, referring to an MPLS-labeled reply path for the S-BFD packet, to the bottom of the label stack for the S-BFD packet.

The command applies to the initiator of the S-BFD sessions. The return-path label may be a binding SID for an SR policy or other MPLS path configured on the reflector router. Instead of being routed through the IGP path, the S-BFD packet returns to the initiator through this MPLS return path.

The no form of this command disables the controlled return-path label and echo mode for S-BFD. S-BFD returns to asynchronous mode and the initiator node does not push a return-path label. Any S-BFD packets for this LSP or path that the reflector receives are sent back using a routed return path.

Default

no return-path-label

Parameters

label-value

Specifies the label value.

Values

32 to 1048575

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>policy-options>damping reuse)

Full Context

configure router policy-options damping reuse

Description

This command configures the reuse parameter for the route damping profile.

When the Figure of Merit (FoM) value falls below the reuse threshold, the route is once again considered valid and can be reused or included in route advertisements.

The no form of this command removes the reuse parameter from the damping profile.

Default

no reuse

Parameters

integer

Specifies the reuse value expressed as a decimal integer.

Values

1 to 20000

Platforms

7705 SAR Gen 2

Context

[Tree] (config>ipsec>tnl-temp reverse-route)

Full Context

configure ipsec tunnel-template reverse-route

Description

Commands in this context configure the dynamic LAN-to-LAN (DL2L) tunnel reverse-route options for the tunnel template.

Platforms

7705 SAR Gen 2

Context

[Tree] (admin>rollback revert)

Full Context

admin rollback revert

Description

This command initiates a configuration rollback revert operation that will return the configuration state of the node to a previously saved checkpoint. The rollback revert minimizes impacts to running services. There are no impacts in areas of configuration that did not change since the checkpoint. Configuration parameters that changed (or items on which changed configuration have dependencies) are first removed (revert to default) and the previous values are then restored (can be briefly service impacting in changed areas).

Parameters

latest-rb

Specifies the most recently created rollback checkpoint (corresponds to the file-url.rb rollback checkpoint file).

checkpoint-id

Specifies the configuration to return to (which rollback checkpoint file to use). Checkpoint-id of 1 corresponds to the file-url.rb.1 rollback checkpoint file. The higher the id, the older the checkpoint. Max is the highest rollback checkpoint supported or configured.

Values

1 to 9

rescue

Specifies to revert to the rescue checkpoint.

now

Forces a rollback revert without any interactive confirmations (assumes 'y’ for any confirmations that would have occurred).

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>isis>link-group>level revert-members)

Full Context

configure service vprn isis link-group level revert-members

Description

This command sets the threshold for the minimum number of operational links to return the associated link group to its normal operating state and remove the associated offsets to the IS-IS metrics. If the number of operational links is equal to or greater than the configured revert-members threshold, the configured offsets are removed.

The no form of this command reverts the threshold back to the default, which is equal to the oper-members threshold value.

Default

no revert-members oper-members

Parameters

1..8

Specifies the number of revert members.

Values

1 to 8

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis>link-group>level revert-members)

Full Context

configure router isis link-group level revert-members

Description

This command sets the threshold for the minimum number of operational links to return the associated link group to its normal operating state and remove the associated offsets to the IS-IS metrics. If the number of operational links is equal to or greater than the configured revert-member threshold then the configured offsets are removed.

The no form of this command reverts the threshold back to the default which is equal to the oper-member threshold value.

Default

no revert-members oper-members

Parameters

1..8

Specifies the threshold for revertive members.

Values

1 to 8

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe>endpoint revert-time)

Full Context

configure service epipe endpoint revert-time

Description

This command configures the time to wait before reverting back to the primary spoke SDP defined on this service endpoint, after having failed over to a backup spoke SDP.

Parameters

revert-time

Specifies the time, in seconds, to wait before reverting to the primary SDP.

Values

0 to 600

Default

0

infinite

Causes the endpoint to be non-revertive.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>endpoint revert-time)

Full Context

configure service vpls endpoint revert-time

Description

This command configures the time to wait before reverting to primary spoke-SDP.

In a regular endpoint the revert-time setting affects just the pseudowire defined as primary (precedence 0). For a failure of the primary pseudowire followed by restoration the revert-timer is started. After it expires the primary pseudowire takes the active role in the endpoint. This behavior does not apply for the case when both pseudowires are defined as secondary. For example, if the active secondary pseudowire fails and is restored it will stay in standby until a configuration change or a force command occurs.

Parameters

revert-time

Specifies the time to wait, in seconds, before reverting back to the primary spoke-SDP defined on this service endpoint, after having failed over to a backup spoke-SDP

Values

0 to 600

infinite

Specifying this keyword makes endpoint non-revertive

Platforms

7705 SAR Gen 2

Context

[Tree] (config>mirror>mirror-dest>endpoint revert-time)

Full Context

configure mirror mirror-dest endpoint revert-time

Description

This command configures the time to wait before reverting to the primary spoke SDP. This command has an effect only when used in conjunction with an endpoint which contains a SDP of type 'primary’. It is ignored and has no effect in all other cases. The revert-timer is the delay in seconds the system waits before it switches the path of the mirror service from an active secondary SDP in the endpoint into the endpoint primary SDP after the latter comes back up.

The no form of this command resets the timer to the default value of 0. This means that the mirror-service path is switched back to the endpoint primary sdp immediately after it comes back up.

Parameters

revert-time

Specifies a delay, in seconds, the system waits before it switches the path of the mirror service from an active secondary SDP in the endpoint into the endpoint primary SDP after the latter comes back up.

Values

0 to 600

infinite

Forces the mirror or LI service path to never revert to the primary SDP as long as the currently active secondary SDP is UP.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>sdp>mixed-lsp-mode revert-time)

Full Context

configure service sdp mixed-lsp-mode revert-time

Description

This command configures the delay period the SDP must wait before it reverts to a higher priority LSP type when one becomes available.

The no form of the command resets the timer to the default value of 0. This means the SDP reverts immediately to a higher priority LSP type when one becomes available.

Default

no revert-time

Parameters

revert-time

Specifies the delay period, in seconds, that the SDP must wait before it reverts to a higher priority LSP type when one becomes available. A value of zero means the SDP reverts immediately to a higher priority LSP type when one becomes available.

Values

0 to 600

infinite

This keyword forces the SDP to never revert to another higher priority LSP type unless the currently active LSP type is down.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls>lsp revert-timer)

Full Context

configure router mpls lsp revert-timer

Description

This command configures a revert timer on an LSP. The timer starts when the LSP primary path recovers from a failure. The LSP reverts from a secondary path to the primary path when the timer expires, or when the secondary path fails.

The no form of this command cancels any currently outstanding revert timer. If the LSP is up when a no revert-timer is issued, the LSP will revert to the primary path. Otherwise the LSP reverts when the primary path is restored.

Default

no revert-timer

Parameters

timer-value

Specifies the amount of time, in one minute increments, between attempts to re-establish the LSP after it has failed.

Values

1 to 4320

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls>fwd-policies>fwd-policy revert-timer)

Full Context

configure router mpls forwarding-policies forwarding-policy revert-timer

Description

This command configures the revert timer in an MPLS forwarding policy.

When the primary direct or indirect next hop is restored and is added back into the routing table, CPM waits for an amount of time equal to the user-programmed revert timer before activating it and updating the data path. However, if the backup direct or indirect next hop fails while the timer is running, CPM activates it and updates the data path immediately.

A value of 0 disables the revert timer; meaning the policy reverts immediately.

The no form of this command removes the revert timer from the MPLS forwarding policy.

Default

revert-timer 0

Parameters

seconds

Specifies the revert-timer value, in number of seconds.

Values

1 to 600

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>segment-routing>maintenance-policy revert-timer)

Full Context

configure router segment-routing maintenance-policy revert-timer

Description

This command configures the revert timer for SR Policy candidate paths.

The revert timer is started when the primary path (for example, the best preference programmed candidate path) recovers (for example, after the number of S-BFD sessions that are up is ≥ threshold and the hold-down-timer has expired) and switches back when the timer expires.

The no form of this command removes the revert timer from the SR policy.

Default

no revert-timer

Parameters

revert-timer

Specifies the revert timer, in minutes.

Values

1 to 4320

Platforms

7705 SAR Gen 2

Context

[Tree] (config>redundancy>multi-chassis>ipsec-domain revertive)

Full Context

configure redundancy multi-chassis ipsec-domain revertive

Description

This command configures whether to allow a revertive activity state after a designated active state recovers from an ineligibility event. The revertive function allows a router in an N:M domain to automatically take over as the active router in the domain, when it becomes eligible to do so.

The no form of this command reverts to the default value.

Default

no revertive

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>pki>ca-profile revocation-check)

Full Context

configure system security pki ca-profile revocation-check

Description

This command specifies the revocation method the system uses to check the revocation status of certificate issued by the CA. If the crl-optional option is configured, when the user disables the ca-profile, the system tries to load the configured CRL (specified by the crl-file command). However, if the system fails to load the configured CRL for the following reasons, the system still brings the ca-profile operationally up, but leaves the CRL configured as non-existent:

• CRL file does not exist

• CRL is not properly encoded - maybe due to interrupted file transfer

• CRL does not match cert

• Wrong CRL version

• CRL expired

If the system needs to use the CRL of a specific CA profile to check the revocation status of an end-entity certificate, and the CRL is non-existent due to the preceding reasons, the system treats a case like this as being unable to get an answer from CRL and falls back to the next status verify method or default result.

If the system needs to check the revocation of a CA certificate in a certificate chain, and if the CRL is non-existent due to the preceding reasons, the system skips checking the revocation status of the CA certificate. For example, if CA1 is issued by CA2, if the revocation-check for CA2 is crl-optional and the CRL for CA2 is non-existent, the system does not check the certificate revocation status of CA1 and it is considered as "good”.

Default

revocation-check crl

Parameters

crl

Specifies to use the configured CRL.

crl-optional

Specifies that the CRL is optional.

Platforms

7705 SAR Gen 2

Context

[Tree] (admin>system>security>secure-boot revoke-key)

Full Context

admin system security secure-boot revoke-key

Description

This command revokes secure boot keys.

Parameters

cpm-slot

Specifies the CPM slot.

Values

A,B

cpm-serial-number

Specifies the CPM serial number, up to 256 characters.

code

Specifies the signed software confirmation code, up to 32 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>bgp rib-management)

Full Context

configure service vprn bgp rib-management

Description

Commands in this context configure RIB management parameters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp rib-management)

Full Context

configure router bgp rib-management

Description

Commands in this context configure RIB management parameters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>isis rib-priority)

Full Context

configure service vprn isis rib-priority

Description

This command enabled RIB prioritization for the IS-IS protocol and specifies the prefix list or IS-IS tag value that will be used to select the specific routes that should be processed through the IS-IS route calculation process at a higher priority.

The no form of this command disables RIB prioritization.

Default

no rib-priority

Parameters

prefix-list-name

Specifies the prefix list which is used to select the routes that are processed at a higher priority through the route calculation process.

tag tag-value

Specifies the tag value that is used to match IS-IS routes that are to be processed at a higher priority through the route calculation process.

Values

1 to 4294967295

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>ospf>area>if rib-priority)

[Tree] (config>service>vprn>ospf3>area>if rib-priority)

Full Context

configure service vprn ospf area interface rib-priority

configure service vprn ospf3 area interface rib-priority

Description

This command enables RIB prioritization for the OSPF/OSPFv3 protocol. When enabled at the OSPF interface level, all routes learned through the associated OSPF interface will be processed through the OSPF route calculation process at a higher priority.

The no form of rib-priority command disables RIB prioritization at the associated level.

Default

no rib-priority

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>ospf3 rib-priority)

[Tree] (config>service>vprn>ospf rib-priority)

Full Context

configure service vprn ospf3 rib-priority

configure service vprn ospf rib-priority

Description

This command enabled RIB prioritization for the OSPF protocol and specifies the prefix list that will be used to select the specific routes that should be processed through the OSPF route calculation process at a higher priority.

The no form of rib-priority command disables RIB prioritization at the associated level.

Default

no rib-priority

Parameters

prefix-list-name

Specifies the prefix list which is used to select the routes that are processed at a higher priority through the route calculation process.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis rib-priority)

Full Context

configure router isis rib-priority

Description

This command enabled RIB prioritization for the IS-IS protocol and specifies the prefix list or IS-IS tag value that will be used to select the specific routes that should be processed through the IS-IS route calculation process at a higher priority.

The no rib-priority form of command disables RIB prioritization.

Default

no rib-priority high

Parameters

prefix-list-name

Specifies the prefix list which is used to select the routes that are processed at a higher priority through the route calculation process.

tag tag-value

Specifies the tag value that is used to match IS-IS routes that are to be processed at a higher priority through the route calculation process.

Values

1 to 4294967295

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ospf3 rib-priority)

[Tree] (config>router>ospf rib-priority)

Full Context

configure router ospf3 rib-priority

configure router ospf rib-priority

Description

This command enables RIB prioritization for the OSPF protocol and specifies the prefix list used to select the specific routes that should be processed through the OSPF route calculation process at a higher priority.

The no form of this command disables RIB prioritization at the associated level.

Default

no rib-priority high

Parameters

prefix-list-name

Specifies the prefix list, up to 32 characters, which is used to select the routes that are processed at a higher priority through the route calculation process.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ospf>area>interface rib-priority)

[Tree] (config>router>ospf3>area>interface rib-priority)

Full Context

configure router ospf area interface rib-priority

configure router ospf3 area interface rib-priority

Description

This command enables RIB prioritization for the OSPF/OSPFv3 protocol. When enabled at the OSPF interface level, all routes learned through the associated OSPF interface are processed through the OSPF route calculation process at a higher priority.

The no form of this command disables RIB prioritization at the associated level.

Default

no rib-priority

Parameters

high

Specifies that the name of the prefix list which contains prefixes get high priority for RIB-download. The high priority prefixes are downloaded first to the RIB. In doing so, the convergence time for these prefixes is better.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe>sap ring-node)

Full Context

configure service epipe sap ring-node

Description

This command configures a multi-chassis ring-node for this SAP.

The no form of this command removes the name from the configuration.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn rip)

Full Context

configure service vprn rip

Description

This command enables the RIP protocol on the given VPRN IP interface.

The no form of this command disables the RIP protocol from the given VPRN IP interface.

Default

no rip

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router rip)

Full Context

configure router rip

Description

This command creates the context to configure the RIP protocol instance.

When a RIP instance is created, the protocol is enabled by default. To start or suspend execution of the RIP protocol without affecting the configuration, use the [no] shutdown command.

The no form of the command deletes the RIP protocol instance removing all associated configuration parameters.

Default

no rip

Platforms

7705 SAR Gen 2

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host rip-policy)

Full Context

configure subscriber-mgmt local-user-db ipoe host rip-policy

Description

This command configures the RIP policy name. This policy is applied to a subscriber IPv4 host to enable the BNG to learn RIP routes from the host. RIP routes are never sent to the hosts.

The no form of this command removes the RIP policy name from the configuration.

Parameters

policy-name

Specifies the RIP policy name, up to 32 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>subscr-mgmt rip-policy)

Full Context

configure subscriber-mgmt rip-policy

Description

This command creates a RIP policy. This policy is applied to a subscriber IPv4 host to enable the BNG to learn RIP routes from the host. RIP routes are never sent to the hosts.

Parameters

policy-name

Specifies the RIP policy name up to 32 characters.

create

Keyword required to create the configuration context.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router ripng)

Full Context

configure router ripng

Description

This command creates the context to configure the RIPng protocol instance.

When a RIPng instance is created, the protocol is enabled by default. To start or suspend execution of the RIP protocol without affecting the configuration, use the [no] shutdown command.

The no form of this command deletes the RIP protocol instance removing all associated configuration parameters.

Default

no ripng

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>thresholds rmon)

Full Context

configure system thresholds rmon

Description

This command creates the context to configure generic RMON alarms and events.

Generic RMON alarms can be created on any SNMP object-ID that is valid for RMON monitoring (for example, an integer-based datatype).

The configuration of an event controls the generation and notification of threshold crossing events configured with the alarm command.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>mesh-sdp>igmp-snooping robust-count)

[Tree] (config>service>vpls>mesh-sdp>mld-snooping robust-count)

[Tree] (config>service>vpls>sap>igmp-snooping robust-count)

[Tree] (config>service>vpls>igmp-snooping robust-count)

[Tree] (config>service>vpls>sap>mld-snooping robust-count)

[Tree] (config>service>vpls>spoke-sdp>mld-snooping robust-count)

[Tree] (config>service>vpls>spoke-sdp>igmp-snooping robust-count)

Full Context

configure service vpls mesh-sdp igmp-snooping robust-count

configure service vpls mesh-sdp mld-snooping robust-count

configure service vpls sap igmp-snooping robust-count

configure service vpls igmp-snooping robust-count

configure service vpls sap mld-snooping robust-count

configure service vpls spoke-sdp mld-snooping robust-count

configure service vpls spoke-sdp igmp-snooping robust-count

Description

If the send-queries command is enabled, this parameter allows tuning for the expected packet loss on a SAP or SDP. The robust-count variable allows tuning for the expected packet loss on a subnet and is comparable to a retry count. If this SAP or SDP is expected to be 'lossy', this parameter may be increased. IGMP snooping on this SAP or SDP is robust to (robust-count-1) packet losses.

If send-queries is not enabled, this parameter will be ignored.

Default

robust-count 2

Parameters

robust-count

Specifies the robust count for the SAP or SDP

Values

2 to 7 (for config>service>vpls>sap>igmp-snooping) 1 to 255 (for config>service>vpls>igmp-snooping)

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>mld robust-count)

[Tree] (config>service>vprn>igmp robust-count)

Full Context

configure service vprn mld robust-count

configure service vprn igmp robust-count

Description

This command configures the robust count. The robust-count variable allows tuning for the expected packet loss on a subnet. If a subnet anticipates losses, the robust-count variable can be increased.

Default

robust-count 2

Parameters

robust-count

Specifies the robust count value.

Values

2 to 10

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>igmp robust-count)

Full Context

configure router igmp robust-count

Description

This command configures the robust count. The robust-count variable allows tuning for the expected packet loss on a subnet. If a subnet anticipates losses, the robust-count variable can be increased.

Default

robust-count 2

Parameters

robust-count

Specify the robust count value.

Values

2 to 10

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mld robust-count)

Full Context

configure router mld robust-count

Description

This command configures the robust count. The robust-count variable allows tuning for the expected packet loss on a subnet. If a subnet anticipates losses, the robust-count variable can be increased.

Default

robust-count 2

Parameters

robust-count

Specify the robust count value.

Values

2 to 10

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>pw-template>igmp-snooping robust-count)

Full Context

configure service pw-template igmp-snooping robust-count

Description

If the send-queries command is enabled, this parameter allows tuning for the expected packet loss. The robust-count variable allows tuning for the expected packet loss on a subnet and is comparable to a retry count.

If send-queries is not enabled, this parameter will be ignored.

Default

robust-count 2

Parameters

robust-count

Specifies the robust count for the SAP or SDP.

Values

2 to 7

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system rollback)

Full Context

configure system rollback

Description

Configure parameters of the classic CLI configuration rollback functionality. Configuration rollback provides the ability to undo configuration and revert back to previous router configuration states.

Platforms

7705 SAR Gen 2

Context

[Tree] (admin rollback)

Full Context

admin rollback

Description

Commands in this context configure rollback operations.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>rollback rollback-location)

Full Context

configure system rollback rollback-location

Description

The location and name of the rollback checkpoint files is configurable to be local (on compact flash) or remote. The file-url must not contain a suffix (just a path/directory + filename). The suffixes for rollback checkpoint files are ".rb”, ".rb.1", ..., ".rb.9" and are automatically appended to rollback checkpoint files.

Default

no rollback-location

Parameters

file-url

Specifies the URL or rollback filename.

Values

local-url | remote-url
local-url	[cflash-id/][file-path] up to 200 characters, including cflash-id directory length of up to 99 characters each
remote-url	[{ftp://}login:pswd@ remote-locn/][file-path] up to 255 characters, directory length of up to 99 characters each
remote-locn	[hostname | ipv4-address | ipv6-address]
ipv4-address	a.b.c.d
ipv6-address	x:x:x:x:x:x:x:x[-interface]
	x:x:x:x:x:x:d.d.d.d[-interface]
	x - [0 to FFFF]H
	d - [0 to 255]D
	interface - up to 32 characters each, for link local addresses
cflash-id	cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

rollback-filename

Specifies the rollback file name.

Values

suffixed with .rb, .rb.1 up to .9 during rollback checkpoint creation

Platforms

7705 SAR Gen 2

Context

[Tree] (admin>redundancy rollback-sync)

Full Context

admin redundancy rollback-sync

Description

This command copies the entire set of rollback checkpoint files from the active CPM CF to the standby CPM CF.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>redundancy rollback-sync)

Full Context

configure redundancy rollback-sync

Description

The operator can enable automatic synchronization of classic CLI rollback checkpoint files between the active CPM and standby CPM. When this automatic synchronization is enabled, a classic CLI rollback save causes the new classic CLI checkpoint file to be saved on both the active and standby CPMs. The suffixes of the old checkpoint files on both active and standby CPMs are incremented. Note that automatic sync only causes the one new checkpoint file to be copied to both CFs (the other checkpoint files are not automatically copied from active to standby but that can be done manually with admin redundancy rollback-sync).

Automatic synchronization of classic CLI rollback checkpoint files across CPMs is only performed if the rollback-location is configured as a local file-url (for example, "cf3:/rollback-files/rollback). Synchronization is not done if the rollback-location is remote.

The config redundancy synchronize {boot-env | config} and admin redundancy synchronize {boot-env | config} do not apply to classic CLI rollback checkpoint files. These commands do not manually or automatically sync classic CLI rollback checkpoint files. The dedicated rollback-sync command must be used to sync classic CLI rollback checkpoint files.

Default

no rollback-sync

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>file-id rollover)

Full Context

configure log file-id rollover

Description

This command configures how often an event or accounting log is rolled over or partitioned into a new file.

An event or accounting log is actually composed of multiple, individual files. The system creates a new file for the log based on the rollover time, expressed in minutes.

The retention option, expressed in hours, allows you to modify the default time to keep the file in the system. The retention time is based on the rollover time of the file.

If logs are needed to be retained for more than 16 days, use a CRON job to move the logs to a different location, either on a local drive or a remote server. For more information, contact Nokia support.

When multiple rollover commands for a file-id are entered, the last command overwrites the previous command.

The no form of this command reverts to the default values.

Default

rollover 1440 retention 12

Parameters

minutes

Specifies the rollover time, in minutes.

Values

5 to 10080

retention hours

Specifies the retention period in hours, expressed as a decimal integer. The retention time is based on the time creation time of the file. The file becomes a candidate for removal once the creation datestamp + rollover time + retention time is less than the current timestamp.

Default

12

Values

1 to 500

Platforms

7705 SAR Gen 2

Context

[Tree] (config>qos>policer-control-policy root)

Full Context

configure qos policer-control-policy root

Description

The root node contains the policer control policies configuration parameters for the root arbiter. Within the node, the parent policer’s maximum rate limit can be set, the strict priority level, and fair threshold portions may be defined per priority level.

The root node always exists and does not need to be created.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>sap>stp root-guard)

[Tree] (config>service>vpls>spoke-sdp>stp root-guard)

[Tree] (config>service>template>vpls-sap-template>stp root-guard)

Full Context

configure service vpls sap stp root-guard

configure service vpls spoke-sdp stp root-guard

configure service template vpls-sap-template stp root-guard

Description

This command specifies whether this port is allowed to become an STP root port. It corresponds to the restrictedRole parameter in 802.1Q. If set, it can cause lack of spanning tree connectivity.

Default

no root-guard

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>pw-template>stp root-guard)

Full Context

configure service pw-template stp root-guard

Description

This command specifies whether this port is allowed to become an STP root port. It corresponds to the restrictedRole parameter in 802.1Q. If set, it can cause lack of spanning tree connectivity.

Default

no root-guard

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>admin-tags route-admin-tag-policy)

Full Context

configure router admin-tags route-admin-tag-policy

Description

This command configures a route admin tag policy.

Up to 2,000 policies can be configured per system.

The no form of this command removes the route admin tag policy.

Parameters

policy-name

The name of the route admin tag policy, up to 32 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>bgp route-distinguisher)

[Tree] (config>service>epipe>bgp route-distinguisher)

Full Context

configure service vpls bgp route-distinguisher

configure service epipe bgp route-distinguisher

Description

This command configures the Route Distinguisher (RD) component that will be signaled in the MP-BGP NLRI for L2VPN and EVPN families. This value will be used for BGP-AD, BGP VPLS and BGP multi-homing NLRI if these features are configured.

If this command is not configured, the RD is automatically built using the BGP-AD VPLS ID. The following rules apply:

• if BGP AD VPLS-id is configured and no RD is configured under BGP node - RD=VPLS-ID

• if BGP AD VPLS-id is not configured then an RD value must be configured under BGP node (this is the case when only BGP VPLS is configured)

• if BGP AD VPLS-id is configured and an RD value is also configured under BGP node, the configured RD value prevails

Values and format (6 bytes, other 2 bytes of type will be automatically generated)

Alternatively, the auto-rd option allows the system to automatically generate an RD based on the bgp-auto-rd-range command configured at the service level. For BGP-EVPN enabled VPLS and Epipe services, the route-distinguisher value can also be auto-derived from the evi value (config>service>vpls>bgp-evpn>evi or config>service>epipe>bgp-evpn>evi) if this command is not configured. See the config>service>system>bgp-evpn>eth-seg>service-carving>manual evi command description for more information.

Parameters

ip-addr:comm-val

Specifies the IP address.

Values

ip-addr: a.b.c.d

comm-val: 0 to 65535

as-number:ext-comm-val

Specifies the AS number.

Values

as-number: 1 to 65535

ext-comm-val: 0 to 4294967295

auto-rd

The system will generate an RD for the service according to the IP address and range configured in the bgp-auto-rd-range command.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>system>bgp-evpn route-distinguisher)

Full Context

configure service system bgp-evpn route-distinguisher

Description

This command configures the Route Distinguisher (RD) component that will be signaled in the MP-BGP NLRI for EVPN corresponding to the base EVPN instance (Ethernet Segment routes). If the route-distinguisher component is not configured, the system will use system:ip-address as the default route-distinguisher

Default

no route-distinguisher

Parameters

ip-addr:comm-val

Specifies the IP address.

Values

ip-addr: a.b.c.d

comm-val: 0 to 65535

as-number:ext-comm-val

Specifies the AS number.

Values

as-number: 1 to 65535

ext-comm-val: 0 to 4294967295

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>bgp-ipvpn>mpls route-distinguisher)

[Tree] (config>service>vprn>bgp-evpn>mpls route-distinguisher)

Full Context

configure service vprn bgp-ipvpn mpls route-distinguisher

configure service vprn bgp-evpn mpls route-distinguisher

Description

This command specifies an identifier attached to a route, which enables the user to identify the VPN to which the route belongs. Each routing instance must have a unique (within the carrier’s domain) route distinguisher (RD) associated with it.

Alternatively, the auto-rd option allows the system to automatically generate an RD based on the configure service system bgp-auto-rd-range command.

The no form of this command removes the RD configuration.

Default

no route-distinguisher

Parameters

auto-rd

Keyword that allows the system to generate an RD for the service according to the IP address and range configured in the bgp-auto-rd-range command.

rd

Specifies the route distinguisher.

Values

rd: ip-addr:comm-val | 2byte-asnumber:ext-comm-val | 4byte-asnumber:comm-val

ip-addr: a.b.c.d

comm-val: [0 to 65535]

2byte-asnumber: [1 to 65535]

ext-comm-val: [0 to 4294967295]

4byte-asnumber: [1 to 4294967295]

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn route-distinguisher)

Full Context

configure service vprn route-distinguisher

Description

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>policy-options route-distinguisher-list)

Full Context

configure router policy-options route-distinguisher-list

Description

This command creates a list of entries used to match the RD in BGP routes of specific address families.

Parameters

name

Specifies the name of the RD list, up to 64 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>policy-options>policy-statement>entry>from route-distinguisher-list)

Full Context

configure router policy-options policy-statement entry from route-distinguisher-list

Description

This command configures a route distinguisher (RD) list as a match criterion for the policy statement entry.

This match condition is supported by policies applied as VRF import or BGP peer import policies. A BGP route can match a policy entry with this match criterion if the NLRI field contains an RD that is matched by at least one of the entries in the route-distinguisher-list.

BGP routes belonging to address families other than VPN-IPv4, VPN-IPv6, MCAST-VPN-IPv4, MCAST-VPN-IPv6, EVPN, FlowSpec-VPN IPv4, FlowSpec-VPN IPv6, MVPN-IPv4 or MVPN-IPv6 routes do not match policy entries with this match criterion.

Parameters

name

Specifies the (possibly parameterized) name of an RD list.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>policy-options>policy-statement>entry>cond-expr route-exists)

Full Context

configure router policy-options policy-statement entry conditional-expression route-exists

Description

This command is used to specify a route existence expression to control evaluation of the policy entry. If the route existence expression evaluates to 'true’ the matching and action commands of the policy entry are applied as normal. If the route existence expression evaluates to 'false’ the entire policy entry is skipped and processing continues with the next entry; however, conditional expressions are only parsed when the route policy is used as a BGP export policy or VRF export policy.

Default

no route-exists

Parameters

expression

"["<pfx-list-name>”]” [all | none]

If neither the all nor the none keyword are used the match logic is 'any’ – that is, the route expression evaluates as 'true’ if any exact match entry in the referenced prefix-list has an active route in the route table associated with the policy.

all – the route expression evaluates as 'true’ only if all the exact match entries in the referenced prefix-list have an active route in the route table associated with the policy.

none – the route expression evaluates as 'true’ only if none of the exact match entries in the referenced prefix-list have an active route in the route table associated with the policy.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>bgp-evpn>mpls route-next-hop)

[Tree] (config>service>epipe>bgp-evpn>mpls route-next-hop)

Full Context

configure service vpls bgp-evpn mpls route-next-hop

configure service epipe bgp-evpn mpls route-next-hop

Description

This command configures the next hop of the EVPN routes.

Default

route-next-hop system-ipv4

Parameters

system-ipv4

Specifies the system IPv4 address as the next hop for the service EVPN routes.

system-ipv6

Specifies the system IPv6 address as the next hop for the service EVPN routes.

ip-address

Specifies the IPv4 address value as the next hop for the service EVPN.

Values

a.b.c.d

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router route-next-hop-policy)

Full Context

configure router route-next-hop-policy

Description

This command creates the context to configure route next-hop policies.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log route-preference)

Full Context

configure log route-preference

Description

This command specifies the primary and secondary routing preference for traffic generated for SNMP notifications and syslog messages. If the remote destination is not reachable through the routing context specified by primary route preference then the secondary routing preference will be attempted.

The no form of this command reverts to the default values.

Default

no route-preference

Parameters

primary

Specifies the primary routing preference for traffic generated for SNMP notifications and syslog messages.

Default

outband

secondary

Specifies the secondary routing preference for traffic generated for SNMP notifications and syslog messages. The routing context specified by the secondary route preference will be attempted if the remote destination was not reachable by the primary routing preference, specified by primary route preference. The value specified for the secondary routing preference must be distinct from the value for primary route preference.

Default

inband

inband

Specifies that the logging utility will attempt to use the base routing context to send SNMP notifications and syslog messages to remote destinations.

outband

Specifies that the logging utility will attempt to use the management routing context to send SNMP notifications and syslog messages to remote destinations.

none

Specifies that no attempt will be made to send SNMP notifications and syslog messages to remote destinations.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>ldap route-preference)

[Tree] (config>system>security>radius route-preference)

[Tree] (config>system>security>tacplus route-preference)

Full Context

configure system security ldap route-preference

configure system security radius route-preference

configure system security tacplus route-preference

Description

This command specifies the routing preference to reach the AAA server. If the configured option is to use both in-band and out-of-band routes, the out-of-band routes in the management routing instance are used to reach the server before the in-band routes in the Base routing instance.

The no form of this command reverts to the default value.

Default

route-preference both

Parameters

both

Specifies the use of out-of-band routes before in-band routes.

inband

Specifies the use of in-band routes only.

outband

Specifies the use of out-of-band routes only.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>pcep>pcc>peer route-preference)

Full Context

configure router pcep pcc peer route-preference

Description

This command specifies the routing preference to reach the PCE server. If the configured option is to use both in-band and out-of-band routes, the out-of-band routes in the management routing instance are used to reach the server before the in-band routes in the Base routing instance.

The no form of this command reverts to the default value.

Default

route-preference both

Parameters

both

Specifies the use of out-of-band routes before in-band routes.

inband

Specifies the use of in-band routes only.

outband

Specifies the use of out-of-band routes only.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>app-route-notifications route-recovery-wait)

Full Context

configure log app-route-notifications route-recovery-wait

Description

The time delay that must pass before notifying specific CPM applications after the recovery or change of a route during normal operation.

The no form of this command disables the time-delay configuration.

Default

no route-recovery-wait

Parameters

seconds

Time delay in seconds.

Values

1 to 100

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>bgp route-refresh)

Full Context

debug router bgp route-refresh

Description

This command enables debugging for BGP route-refresh.

The no form of this command disables debugging.

Parameters

neighbor ip-address

Debugs only events affecting the specified BGP neighbor.

Values

ipv4-address:

• a.b.c.d (host bits must be 0)

ipv6-address:

• x:x:x:x:x:x:x:x [-interface] (eight 16-bit pieces)

• x:x:x:x:x:x:d.d.d.d [-interface]

• x: [0 to FFFF]H

• d: [0 to 255]D

• interface: up to 32 characters for link local addresses

group name

Debugs only events affecting the specified peer group name, up to 64 characters, and associated neighbors.

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>ip route-table)

Full Context

debug router ip route-table

Description

This command configures route table debugging.

Parameters

ip-prefix/prefix-length

The IP prefix for prefix list entry in dotted decimal notation.

Values

ipv4-prefix	a.b.c.d (host bits must be 0)
ipv4-prefix-length	0 to 32
ipv6-prefix	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x:	[0 to FFFF]H
	d:	[0 to 255]D
ipv6-prefix-length	0 to 128

longer

Specifies the prefix list entry matches any route that matches the specified ip-prefix and prefix mask length values greater than the specified mask.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>bgp>rib-management>ipv4 route-table-import)

[Tree] (config>service>vprn>bgp>rib-management>label-ipv4 route-table-import)

[Tree] (config>service>vprn>bgp>rib-management>ipv6 route-table-import)

Full Context

configure service vprn bgp rib-management ipv4 route-table-import

configure service vprn bgp rib-management label-ipv4 route-table-import

configure service vprn bgp rib-management ipv6 route-table-import

Description

This command specifies the name of a route policy to control the importation of active routes from the IP route table into one of the BGP RIBs.

If the route-table-import command is not configured, or if the command refers to an empty policy, all non-BGP routes from the IP route table are imported into the applicable RIB.

If the route-table-import command is configured, then routes dropped or rejected by the configured policy are not installed in the associated RIB. Rejected routes cannot be advertised to BGP peers associated with the RIB, but they can still be used to resolve BGP next-hops of routes in that RIB. If the active route for a prefix is rejected by the route-table-import policy, then the best BGP route for that prefix in the BGP RIB can be advertised to peers as though it is used.

Aggregate routes are always imported into each RIB, independent of the route-table-import policy.

Route modifications specified in the actions of a route-table-import policy are ignored and have no effect on the imported routes.

Default

no route-table-import

Parameters

policy-name

Specifies the name of a policy-statement (up to 64 characters).

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>rib-management>label-ipv6 route-table-import)

[Tree] (config>router>bgp>rib-management>ipv4 route-table-import)

[Tree] (config>router>bgp>rib-management>ipv6 route-table-import)

[Tree] (config>router>bgp>rib-management>label-ipv4 route-table-import)

Full Context

configure router bgp rib-management label-ipv6 route-table-import

configure router bgp rib-management ipv4 route-table-import

configure router bgp rib-management ipv6 route-table-import

configure router bgp rib-management label-ipv4 route-table-import

Description

This command specifies the name of a policy to control the importation of active routes from the IP route table into one of the BGP RIBs.

If the route-table-import command is not configured, or if the command refers to an empty policy, all non-BGP routes from the IP route table are imported into the applicable RIB.

If the route-table-import command is configured, then routes dropped or rejected by the configured policy are not installed in the associated RIB. Rejected routes cannot be advertised to BGP peers associated with the RIB, but they can still be used to resolve BGP next-hops of routes in that RIB. If the active route for a prefix is rejected by the route-table-import policy, then the best BGP route for that prefix in the BGP RIB can be advertised to peers as though it is used.

Aggregate routes are always imported into each RIB, independent of the route-table-import policy.

Route modifications specified in the actions of a route-table-import policy are ignored and have no effect on the imported routes.

Default

no route-table-import

Parameters

policy-name

Specifies the name of a policy-statement (up to 64 characters).

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe>bgp route-target)

[Tree] (config>service>vpls>bgp route-target)

Full Context

configure service epipe bgp route-target

configure service vpls bgp route-target

Description

This command configures the route target (RT) component that will be signaled in the related MP- BGP attribute to be used for BGP auto-discovery, BGP VPLS, BGP multi-homing and EVPN if these features are configured in this VPLS service, or for BGP multi-homing, BGP-VPWS and EVPN in case of Epipe services.

If this command is not used in VPLS services, the RT is built automatically using the VPLS ID. The extended community can have the same two formats as the VPLS ID, a two-octet AS-specific extended community, IPv4 specific extended community. For BGP EVPN enabled VPLS and Epipe services, the route target can also be auto-derived from the evi value (config>service>vpls>bgp-evpn>evi or config>service>epipe>bgp-evpn>evi) if this command is not configured.

Parameters

export ext-community

Specifies communities allowed to be sent to remote PE neighbors.

import ext-community

Specifies communities allowed to be accepted from remote PE neighbors.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp route-target-list)

Full Context

configure router bgp route-target-list

Description

This command specifies the route target(s) to be accepted from or advertised to peers. If the route-target-list is a non-null list, only routes with one or more of the given route targets are accepted from or advertised to peers.

The route-target-list is assigned at the global level and applies to all peers connected to the system.

This command is only applicable if the router is a route-reflector server.

The no form of this command with a specified route target community removes the specified community from the route-target-list. The no form of this command entered without a route target community removes all communities from the list.

Default

no route-target-list

Parameters

comm-id

Specifies up to 15 route target communities.

Values

[target: {ip-address:comm-val | 2byte-asnumber:ext-comm-val | 4byte-asnumber:comm-val}

where:

• ip-address — a.b.c.d

• comm-val — 0 to 65535

• 2byte-asnumber — 0 to 65535

• ext-comm-val — 0 to 4294967295

• 4byte-asnumber — 0 to 4294967295

Platforms

7705 SAR Gen 2

Context

[Tree] (config>vrrp>policy>priority-event route-unknown)

Full Context

configure vrrp policy priority-event route-unknown

Description

This command creates a context to configure a route unknown priority control event that monitors the existence of a specific active IP route prefix within the routing table.

The route-unknown command configures a priority control event that defines a link between the VRRP priority control policy and the Route Table Manager (RTM). The RTM registers the specified route prefix as monitored by the policy. If any change (add, delete, new next hop) occurs relative to the prefix, the policy is notified and takes correct action according to the priority event definition. If the route prefix exists and is active in the routing table according to the conditions defined, the event is in the cleared state. If the route prefix is removed, becomes inactive or fails to meet the event criteria, the event is in the set state.

The command creates a route-unknown node identified by prefix/mask-length and containing event control commands.

Multiple unique (different prefix/mask-length) route-unknown event nodes can be configured within the priority-event node up to the maximum limit of 32 events.

The route-unknown command can reference any valid IP address mask-length pair. The IP address and associated mask length define a unique IP router prefix. The dynamic monitoring of the route prefix results in one of the event operational states listed in Route-unknown Operational States.

An existing route prefix in the RTM must be active (used by the IP forwarding engine) to clear the event operational state. It may be less specific (the defined prefix may be contained in a larger prefix according to Classless Inter-Domain Routing (CIDR) techniques) if the event has the less-specific statement defined. The less specific route that incorporates the router prefix may be the default route (0.0.0.0) if the less-specific allow-default statement is defined. The matching prefix may be required to have a specific next hop IP address if defined by the event next-hop command. Finally, the source of the RTM prefix may be required to be one of the dynamic routing protocols or be statically defined if defined by the event protocol command. If an RTM prefix is not found that matches all the above criteria (if defined in the event control commands), the event is considered to be set. If a matching prefix is found in the RTM, the event is considered to be cleared.

When an event transitions from clear to set, the set is processed immediately and must be reflected in the associated virtual router instances in-use priority value. As the event transitions from clear to set, a hold-set timer is loaded with the value configured by the events hold-set command. This timer prevents the event from clearing until it expires, damping the effect of event flapping. If the event clears and becomes set again before the hold-set timer expires, the timer is reset to the hold-set value, extending the time before another clear can take effect.

The no form of the command is used to remove the specific prefix/mask-length monitoring event. The event can be removed at anytime. When the event is removed, the in-use priority of all associated virtual router instances must be reevaluated. The events hold-set timer has no effect on the removal procedure.

Default

no route-unknown — No route unknown priority control events are defined for the priority control event policy.

Parameters

ip-prefix/mask

The IP prefix address in dotted decimal notation and the subnet mask length expressed as a decimal integer associated with the IP prefix defining the route prefix to be monitored by the route unknown priority control event.

Values

ip-prefix/mask:	ip-prefix	a.b.c.d (host bits must be 0)
	mask	0 to 32

ipv6-address/prefix-length

The IPv6 address of the host for which the specific event will monitor connectivity. The ipv6-address can only be monitored by a single event in this policy. The IPv6 address can be monitored by multiple VRRP priority control policies. The IPv6 address can be used in one or multiple ping requests. Each VRRP priority control host-unreachable and ping destined to the same ipv6-address is uniquely identified on a per message basis. Each session originates a unique identifier value for the ICMP echo request messages it generates. This allows received ICMP echo reply messages to be directed to the appropriate sending application.

Values

ipv6-address x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x:	[0..FFFF]H
prefix-length	0 to 128

Platforms

7705 SAR Gen 2

Context

[Tree] (config>aaa>radius-srv-plcy>servers router)

Full Context

configure aaa radius-server-policy servers router

Description

This command specifies the virtual router instance applicable for the set of configured RADIUS servers. This value cannot be changed once a RADIUS server is configured for this policy.

The no form of this command reverts to the default.

Parameters

router-instance

Specifies the router instance.

Values

service-name	Service name, up to 64 characters.
	router-instance:	router-name, service-id
	router-name:	Base, management
	service-id:	1 to 2147483647

service-name

Specifies the router name service-id up to 64 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config router)

Full Context

configure router

Description

Commands in this context configure router parameters including interfaces, route policies and protocols. This command is also used to create CPM router instances.

For CPM router instances, this command enters or creates a user-created CPM router instance. A CPM router instance is a not a VPRN router instance. VPRN router instances are configured under configure service vprn. CPM router instances are the only type of non-VPRN router instances that can be created by a user, and they have a user-defined name. CPM router instances only use CPM/CCM ethernet ports as interfaces.

Parameters

router-instance

Specifies the router name or CPM router instance.

Values

router-instance : router name
	router-name	Base | management | cpm-vr-name
	cpm-vr-name	[32 characters maximum]

Default

Base

create

Mandatory keyword when creating a router instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7705 SAR Gen 2

Context

[Tree] (debug router)

Full Context

debug router

Description

Commands in this context enable debugging of various protocols and areas of a router-instance.

Parameters

router-instance

Specifies the router name, CPM router instance, or service ID.

Values

router-name or service-id

router-instance : router-name
	router-name	Base | management | cpm-vr-name
	cpm-vr-name	[32 characters maximum]

service-id: 1 to 2147483647

Default

Base

service-name

Specifies the service name, up to 64 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>file-trans-prof router)

Full Context

configure system file-transmission-profile router

Description

This command specifies the routing instance that the transport protocol uses.

Default

router Base

Parameters

router-instance

Specifies the router instance on which the file transmission connection will be established.

This variant of this command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic). The router service vprn-service-name variant can be used in all configuration modes.

Values

{router-name | vprn-svc-id}

router-name:	Base, management router-name is an alias for input only. The router-name gets replaced with an id automatically by SR OS in the configuration).
vprn-svc-id:	1 to 2147483647

Default

Base

service vprn-service-name

Identifies the service, up to 64 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>management-interface>remote-management router)

Full Context

configure system management-interface remote-management router

Description

This command defines the router instance in which all remote managers are reachable.

If this command is also configured for a specific manager in the config>system> management-interface>remote-management>manager context, that configuration takes precedence.

The no form of this command configures management as the router (default).

Default

router management

Parameters

router-instance

Specifies a router instance on which the remote management connection is established, up to 32 characters.

service vprn-service-instance

Specifies a VPRN service instance, up to 64 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>management-interface>remote-management>manager router)

Full Context

configure system management-interface remote-management manager router

Description

This command defines the router instance in which this manager is reachable.

This command takes precedence over the same command configured in the global context (config>system>management-interface>remote-management).

The no form of this command causes the router to be inherited from the global context (config>system>management-interface>remote-management).

Default

management

Parameters

router-instance

Specifies the router instance on which the remote management connection is established for this manager, up to 32 characters.

service vprn-service-instance

Specifies a VPRN service instance, up to 64 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>oam-pm>session>ip router)

Full Context

configure oam-pm session ip router

Description

This command numerically references the source context from which the TWAMP Light packet is launched. The router-instance router-instance configuration, under the same context as the router command, is the preferred method for referencing. This method references the launch context by name, and not number, or alias that converts service-name to a number.

The no form of this command restores the default value.

Parameters

router-or-service

Specifies the numerical reference to the router instance or service. Well known router-name "Base" is allowed for convenience, but mapped numerically.

Values

{router-name | vprn-svc-id}

router-name:	Base
vprn-svc-id:	1 to 2147483647

The parameter router-instance is preferred for specifying the router or service.

service-name

Specifies the alias function that allows the service-name to be used converted and stored as service ID, up to 64 characters. The parameter router-instance is preferred for specifying the router or service.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>filter>redirect-policy router)

Full Context

configure filter redirect-policy router

Description

This command enhances VRF support in redirect policies. When a router instance is specified, the configured destination tests are run in the specified router instance, and the PBR action is executed in the specified router instance. If no destination is active or if the hardware does not support PBR action "next-hop router”, action forward will be executed (i.e. routing will be performed in the context of the incoming interface routing instance).

The no form of the command preserves backward-compatibility. Tests always run in the "Base” routing instance context, and the PBR action executes in the routing context of the ingress interface that the filter using this redirect policy is deployed on.

Default

no router

Parameters

router-instance

Specifies a router instance in the form of router-name or service-id.

Values

router-name — Base

service-id — Specifies an existing Layer 3 service [1 to 2147483647]

service-name

Specifies the name of a configured Layer 3 service.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>filter>entry>match router)

Full Context

configure log filter entry match router

Description

This command specifies the log event matches for the router instance using a special vrtr-name format used by the logging system.

The no form of this command removes the log event matches.

Parameters

eq

Determines if the matching criteria should be equal to the specified value.

neq

Determines if the matching criteria should not be equal to the specified value.

router-instance

Specifies a router name, up to 32 characters, to be used in the match criteria. The router-instance in this command is a name for a router instance in a special format used in the logging system (called the vrtr-name). Examples of vrtr-names include Base and vprn101 (where 101 is the service-id of the VPRN service). It represents the router instance that generated the log event.

regexp

Specifies the type of string comparison to use to determine if the log event matches the value of the specified router instance. When the regexp keyword is specified, the string in the router command is a regular expression string that is matched against the vrtr-name string in the log event being filtered.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>mgmt-access-filter>ip-filter>entry router)

[Tree] (config>system>security>mgmt-access-filter>ipv6-filter>entry router)

Full Context

configure system security management-access-filter ip-filter entry router

configure system security management-access-filter ipv6-filter entry router

Description

This command configures a router name or service ID to be used as a management access filter match criterion.

The no form the command removes the router name or service ID from the match criteria.

Parameters

router-instance

Specifies one of the following parameters for the router instance:

router-name — Specifies a router name or CPM router instance, up to 32 characters to be used in the match criteria.

Values	"Base” | "management” | "vpls-management”
Default	Base

vprn-svc-id — Specifies a CPM router instance to be used in the match criteria.

Values

1 to 2147483647

service name

Specifies an existing service name, up to 64 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>mirror>mirror-dest>pcap router)

Full Context

configure mirror mirror-dest pcap router

Description

This command configures the destination router name for the FTP transmission of the PCAP file.

The no form of this command configures the router name to management, which is the default.

Default

router management

Parameters

router-name

Specifies the router name.

Values

Base, management

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn router-advertisement)

Full Context

configure service vprn router-advertisement

Description

This command configures router advertisement properties. By default, it is disabled for all IPv6 enabled interfaces.

The no form of this command disables all IPv6 interface. However, the no interface interface-name command disables a specific interface.

Default

no router-advertisement

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router router-advertisement)

Full Context

configure router router-advertisement

Description

This command configures router advertisement properties. By default, it is disabled for all IPv6 enabled interfaces.

The no form of this command disables all IPv6 interface. However, the no interface interface-name command disables a specific interface.

Default

disabled

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn router-id)

[Tree] (config>service>vprn>ospf router-id)

[Tree] (config>service>vprn>bgp router-id)

Full Context

configure service vprn router-id

configure service vprn ospf router-id

configure service vprn bgp router-id

Description

This command sets the router ID for a specific VPRN context.

When configuring the router ID in the base instance of OSPF it overrides the router ID configured in the config>router context. The default value for the base instance is inherited from the configuration in the config>router context. If the router ID in the config>router context is not configured, the following applies:

• The system uses the system interface address (which is also the loopback address).

• If a system interface address is not configured, use the last 32 bits of the chassis MAC address.

If neither the router ID nor system interface are defined, the router ID from the base router context is inherited.

This is a required command when configuring multiple instances and the instance being configured is not the base instance.

When configuring a new router ID, the instance is not automatically restarted with the new router ID. The next time the instance is initialized, the new router ID is used.

To force the new router ID to be used, issue the shutdown and no shutdown commands for the instance, or reboot the entire router.

It is possible to configure an SR OS to operate with an IPv6 only BOF and no IPv4 system interface address. When configured in this manner, the operator must explicitly define IPv4 router IDs for protocols such as OSPF and BGP as there is no mechanism to derive the router ID from an IPv6 system interface address.

The no form of this command removes the router ID definition from the given VPRN context.

Default

no router-id

Parameters

ip-address

The IP address must be given in dotted decimal notation.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>isis router-id)

Full Context

configure service vprn isis router-id

Description

This command sets the router ID for a specific VPRN context.

If neither the router ID nor system interface are defined, the router ID from the base router context is inherited.

The no form of this command removes the router ID definition from the given VPRN context.

Default

no router-id

Parameters

ip-address

The IP address must be given in dotted decimal notation.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls>srlg-database router-id)

Full Context

configure router mpls srlg-database router-id

Description

Commands in this context configure the link members of SRLG groups for a specific router in the network. The user must also use this command to enter the local interface SRLG membership into the user SRLG database. Use by CSPF of all interface SRLG membership information of a specific router ID may be temporarily disabled by shutting down the node. If this occurs, CSPF assumes these interfaces have no SRLG membership association.

The no form of this command will delete all interface entries under the router ID.

Parameters

ip-address

Specifies the router ID for this system. This must be the router ID configured under the base router instance, the base OSPF instance or the base IS-IS instance.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router router-id)

Full Context

configure router router-id

Description

This command configures the router ID for the router instance.

The router ID is used by both OSPF and BGP routing protocols in this instance of the routing table manager. IS-IS uses the router ID value as its system ID.

When configuring a new router ID, protocols are not automatically restarted with the new router ID. The next time a protocol is initialized, the new router ID is used. This can result in an interim period of time when different protocols use different router IDs.

It is possible to configure SR OS to operate with an IPv6 only BOF and no IPv4 system interface address. When configured in this manner, the operator must explicitly define IPv4 router IDs for protocols such as OSPF and BGP as there is no mechanism to derive the router ID from an IPv6 system interface address.

To force the new router ID to be used, issue the shutdown and no shutdown commands for each protocol that uses the router ID, or restart the entire router.

The system uses the system interface address which is also the loopback address. If a system interface address is not configured, use the last 32 bits of the chassis MAC address.

The no form of this command removes the configured value and the last 32 bits of the chassis MAC address are used.

Default

no router-id

Parameters

ip-address

Specifies the 32 bit router ID expressed in dotted decimal notation or as a decimal value.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp router-id)

Full Context

configure router bgp router-id

Description

This command specifies the router ID to be used with this BGP instance.

Changing the BGP router ID on an active BGP instance causes the BGP instance to restart with the new router ID.

It is possible to configure an SR OS to operate with an IPv6 only BOF and no IPv4 system interface address. When configured in this manner, the operator must explicitly define IPv4 router IDs for protocols such as OSPF and BGP as there is no mechanism to derive the router ID from an IPv6 system interface address.

When no router-id is configured for BGP, the system interface IP address is used.

Default

no router-id

Parameters

ip-address

Specifies the router ID, expressed as any non-zero value in the range 0.0.0.1 to 255.255.255.255 (or when converted to decimal it can have any value in the range 1-4294967295). It is recommended to use the system IPv4 address.

Platforms

7705 SAR Gen 2