s Commands – Part I

s-pmsi

Syntax

s-pmsi [{vpnSrcAddr [vpnGrpAddr]} [mdSrcAddr]]

no s-pmsi

Context

[Tree] (debug>router>pim s-pmsi)

Full Context

debug router pim s-pmsi

Description

This command enables debugging for PIM selective provider multicast service interface.

The no form of this command disables the debugging.

Parameters

vpnSrcAddr: Specifies the VPN source address.

vpnGrpAddr: Specifies the VPN group address.

mdSrcAddr: Specifies the source address of the multicast domain.

Platforms

7705 SAR Gen 2

sa-mac

Syntax

sa-mac ieee-address da-mac ieee-address

no sa-mac

Context

[Tree] (config>mirror>mirror-dest>sap>egress>ip-mirror sa-mac)

Full Context

configure mirror mirror-dest sap egress ip-mirror sa-mac

Description

This command configures the source and destination MAC addresses for IP mirroring.

The no form of this command reverts to the default.

Parameters

sa-mac ieee-address: Specifies the source MAC address. Multicast, Broadcast and zeros are not allowed.

da-mac ieee-address: Specifies the destination MAC address. Zeros are not allowed.

Platforms

7705 SAR Gen 2

saa

Syntax

saa

Context

[Tree] (config saa)

Full Context

configure saa

Description

Commands in this context configure the Service Assurance Agent (SAA) tests.

Platforms

7705 SAR Gen 2

saa

Syntax

saa test-name [owner test-owner] {start | stop} [no-accounting]

Context

[Tree] (oam saa)

Full Context

oam saa

Description

This command starts or stops an SAA test that is not configured as continuous.

Parameters

test-name: Specifies the name of the SAA test, up to 32 characters. The test name must already be configured in the config>saa>test context.

test-owner

Specifies the owner of an SAA operation, up to 32 characters. If a test-owner value is not specified, the default owner is used.

Default: "TiMOS CLI”

start

Starts the test. A test cannot be started if the same test is still running.

A test cannot be started if it is in a shut-down state. An error message and log event is generated to indicate a failed attempt to start an SAA test run. A test cannot be started if it is in a continuous state.

stop: Stops a test in progress. A test cannot be stopped if it is not in progress. A log message is generated to indicate that an SAA test run has been aborted. A test cannot be stopped if it is in a continuous state.

no-accounting: Disables the recording results in the accounting policy. When specifying no-accounting the MIB record produced at the end of the test is not added to the accounting file. It uses one of the three MIB rows available for the accounting module for collection.

Platforms

7705 SAR Gen 2

saii-type2

Syntax

saii-type2 global-id:prefix:ac-id

no saii-type2

Context

[Tree] (config>service>epipe>spoke-sdp-fec saii-type2)

Full Context

configure service epipe spoke-sdp-fec saii-type2

Description

This command configures the source attachment individual identifier for the spoke-sdp. This is only applicable to FEC129 AII type 2.

Parameters

global-id

A Global ID of this router T-PE. This value must correspond to one of the global_id values configured for a local-prefix under config>service>pw-routing>local-prefix context.

Values: 1 to 4294967295

prefix

The prefix on this router T-PE that the spoke-sdp SDP is associated with. This value must correspond to one of the prefixes configured under config>service>pw-routing>local-prefix context.

Values: an IPv4-formatted address a.b.c.d or 1 to 4294967295

ac-id

An unsigned integer representing a locally unique identifier for the spoke SDP.

Values: 1 to 4294967295

Platforms

7705 SAR Gen 2

same-recipnonce-for-pollreq

Syntax

[no] same-recipnonce-for-pollreq

Context

[Tree] (config>system>security>pki>ca-profile>cmpv2 same-recipnonce-for-pollreq)

Full Context

configure system security pki ca-profile cmpv2 same-recipnonce-for-pollreq

Description

This command enables the system to use same recipNonce as the last CMPv2 response for poll request.

The no form of this command disables the use of the same recipNonce as the last CMPv2 response for poll request.

Default

no same-recipnonce-for-pollreq

Platforms

7705 SAR Gen 2

sample-interval

Syntax

sample-interval interval

Context

[Tree] (config>system>telemetry>persistent-subscriptions>subscription sample-interval)

Full Context

configure system telemetry persistent-subscriptions subscription sample-interval

Description

This command configures the sample interval for persistent subscription.

This sampling interval only applies when the mode command is set to either target-defined or sample.

Default

sample-interval 10000

Parameters

interval

Specifies the sample interval, in milliseconds.

Values: 1000 to 4294967295

Platforms

7705 SAR Gen 2

sap

Syntax

sap sap-id[split-horizon-group group-name] [create] [capture-sap] [eth-ring ring-index]

sap sap-id[split-horizon-group group-name] [create] [capture-sap] [eth-ring ring-index] leaf-ac

sap sap-id[split-horizon-group group-name] [create] [capture- sap] [eth-ring ring-index] root-leaf-tag leaf-tag leaf-tag

no sap sap-id

Context

[Tree] (config>service>vpls sap)

Full Context

configure service vpls sap

Description

This command creates a Service Access Point (SAP) within a service. A SAP is a combination of port and encapsulation parameters which identifies the service access point on the interface and within the 7705 SAR Gen 2. Each SAP must be unique. All SAPs must be explicitly created within a service or on an IP interface.

Enter an existing SAP without the create keyword to edit SAP parameters. The SAP is owned by the service in which it was created.

A SAP can only be associated with a single service. A SAP can only be defined on a port that has been configured as an access port using the configure port port-id ethernet mode access command. Channelized TDM ports are always access ports.

If a port is shut down, all SAPs on that port become operationally down. When a service is shut down, SAPs for the service are not displayed as operationally down although all traffic traversing the service is discarded. The operational state of a SAP is relative to the operational state of the port on which the SAP is defined.

The no form of this command deletes the SAP with the specified port. When a SAP is deleted, all configuration parameters for the SAP are also deleted. For Internet Ethernet Service (IES), the IP interface must be shut down before the SAP on that interface may be removed.

Parameters

sap-id: Specifies the physical port identifier portion of the SAP definition.

port-id

Specifies the physical port ID in the slot/mda/port format.

If the card in the slot has Media Dependent Adapters (MDAs) installed, the port-id must be in the slot_number/MDA_number/port_number [.channel] format. For example 6/2/3 specifies port 3 on MDA 2 in slot 6.

The port-id must reference a valid port type. When the port-id parameter represents SONET/SDH and TDM channels, the port ID must include the channel ID. A period ".” separates the physical port from the channel-id. The port must be configured as an access port.

If the SONET/SDH port is configured as clear-channel then only the port is specified.

group-name: Specifies the name of the split horizon group to which the SAP belongs.

capture-sap: Specifies a capturing SAP in which triggering packets are sent to the CPM. Non-triggering packets captured by the capture SAP are dropped.

create: Keyword used to create a SAP instance. The create keyword requirement can be enabled or disabled in the environment>create context.

root-leaf-tag: Specifies a SAP as a root leaf tag SAP. Only SAPs of the form dot1q (for example, 1/1/1:X) or qinq (for example, 1/1/1:X.Y, 1/1/1:X.*) are supported. The default E-Tree SAP type is a root AC, if root-leaf-tag (or leaf-ac) is not specified at SAP creation. This option is only available when the VPLS is designated as an E-Tree VPLS.

leaf-tag-vid: Specifies to replace the outer SAP-ID for leaf traffic. The leaf tag VID is only significant between peering VPLS but the values must be consistent on each end.

leaf-ac: Specifies a SAP as a leaf access (AC) SAP. The default E-Tree SAP type is root AC if leaf-ac (or root-leaf-tag) is not specified at SAP creation. This option is only available when the VPLS is designated as an E-Tree VPLS.

Platforms

7705 SAR Gen 2

sap

Syntax

sap sap-id [create] [no-endpoint]

sap sap-id [create] endpoint endpoint-name

sap sap-id [create] [qtag-normalization] [[tag] | [s-tag.c-tag]]

no sap sap-id

Context

[Tree] (config>service>epipe sap)

Full Context

configure service epipe sap

Description

This command creates a Service Access Point (SAP) within a service. A SAP is a combination of port and encapsulation parameters which identifies the service access point on the interface and within the device. Each SAP must be unique.

All SAPs must be explicitly created. If no SAPs are created within a service or on an IP interface, a SAP will not exist on that object.

Enter an existing SAP without the create keyword to edit SAP parameters. The SAP is owned by the service in which it was created.

A SAP can only be associated with a single service. A SAP can only be defined on a port that has been configured as an access port. Channelized TDM ports are always access ports.

If a port is shutdown, all SAPs on that port become operationally down. When a service is shutdown, SAPs for the service are not displayed as operationally down although all traffic traversing the service will be discarded.

The operational state of a SAP is relative to the operational state of the port on which the SAP is defined.

Ethernet SAPs support null, dot1q, and qinq is supported for all routers.

The no form of this command deletes the SAP with the specified port. When a SAP is deleted, all configuration parameters for the SAP will also be deleted. For Internet Enhanced Service (IES), the IP interface must be shutdown before the SAP on that interface may be removed.

By default, no SAPs are defined.

Parameters

sap-id: Specifies the physical port identifier portion of the SAP.

port-id

Specifies the physical port ID.

If the card in the slot has Media Dependent Adapters (MDAs) installed, the port-id must be in the slot_number/MDA_number/port_number format. For example 6/2/3 specifies port 3 on MDA 2 in slot 6.

The port-id must reference a valid port type. When the port-id parameter represents SONET/SDH and TDM channels, the port ID must include the channel ID. A period ".” separates the physical port from the channel-id. The port must be configured as an access port.

If the SONET/SDH port is configured as clear-channel then only the port is specified.


port-id	slot/mda/port [.channel]
	eth-sat-id	esat-id/slot/port
		esat	keyword
		id	1 to 20
	pxc-id	pxc-id.sub-port
		pxc	keyword
		id	1 to 64
		sub-port	a, b

endpoint: Adds a SAP endpoint association.

no endpoint: Removes the association of a SAP or a spoke SDP with an explicit endpoint name.

create: Keyword to create a SAP instance. The create keyword requirement can be enabled or disabled in the environment create context.

qtag-normalization: Keyword to enable Q-tag normalization.

tag

Specifies the value for tag normalization. The tag value is pushed as the S-tag (outer tag) into the frames coming from this SAP and sent to EVPN. On network ingress, the inner and outer VLAN tags are looked up and the frames matching this value and the normalized C-tag value are sent to the associated SAP.

Values: 0 to 4094

s-tag

Specifies the value for tag normalization. The tag value is pushed as the S-tag (outer tag) into the frames coming from this SAP and sent to EVPN. On network ingress, the inner and outer VLAN tags are looked up and the frames matching this value and the normalized C-tag value are sent to the associated SAP.

Values: 0 to 4094

c-tag

Specifies the value for tag normalization. The tag value is pushed as the C-tag (inner tag) into the frames coming from this SAP and sent to EVPN. On network ingress, the inner and outer VLAN tags are looked up and the frames matching this value and the normalized S-tag value are sent to the associated SAP.

Values: 0 to 4094

Platforms

7705 SAR Gen 2

Output

The following output is an example of VLL SAP information.

Output Example

*A:test>config>service>epipe 200 name "200" customer 1 info detail
=================================================================
            sap 1/1/c5/1:200.200 create
                no shutdown
            exit
            sap pw-21:200.200 create
                no shutdown
            exit
            no shutdown
        exit
    exit
=================================================================

sap

Syntax

sap sap-id [create]

no sap sap-id

Context

[Tree] (config>service>ies>if sap)

[Tree] (config>service>vprn>if sap)

Full Context

configure service ies interface sap

configure service vprn interface sap

Description

This command creates a Service Access Point (SAP) within a service. A SAP is a combination of port and encapsulation parameters which identifies the service access point on the interface and within the router. Each SAP must be unique.

All SAPs must be explicitly created. If no SAPs are created within a service or on an IP interface, a SAP will not exist on that object.

Enter an existing SAP without the create keyword to edit SAP parameters. The SAP is owned by the service in which it was created.

A SAP can only be associated with a single service. A SAP can only be defined on a port that has been configured as an access port using the configure port port-id ethernet mode access command. Channelized TDM ports are always access ports.

If a port is shutdown, all SAPs on that port become operationally down. When a service is shutdown, SAPs for the service are not displayed as operationally down although all traffic traversing the service will be discarded. The operational state of a SAP is relative to the operational state of the port on which the SAP is defined.

Note:

Configure an IES interface as a loopback interface by issuing the loopback command instead of the sap sap-id command. The loopback flag cannot be set on an interface where a SAP is already defined and a SAP cannot be defined on a loopback interface.

The no form of this command deletes the SAP with the specified port. When a SAP is deleted, all configuration parameters for the SAP are also deleted. For Internet Enhanced Service (IES), the IP interface must be shutdown before the SAP on that interface may be removed. The no form of this command causes the ptp-hw-assist to be disabled.

Default

No SAPs are defined.

Parameters

sap-id: Specifies the physical port identifier portion of the SAP definition.

port-id

Specifies the physical port ID in the slot/mda/port format.

If the card in the slot has Media Dependent Adapters (MDAs) installed, the port-id must be in the slot_number/MDA_number/port_number format. For example 61/2/3 specifies port 3 on MDA 2 in slot 61.

Table 1. Port ID Syntax
null	port-id \| lag-id
dot1q	{port-id \| lag-id}:{qtag1 \| cp-conn-prof-id
qinq	{port-id \| lag-id}:{qtag1 \| cp-conn-prof-id}.{qtag2 \| cp-conn-prof-id} cp: keyword conn-prof-id: 1 to 8000
port-id	slot/mda/port [.channel]
	eth-sat-id	esat-id/slot/port
		esat: keyword
		id: 1 to20
	pxc-id	psc-id.sub-port
		pxc psc-id.sub-port
		pxc: keyword
		id: 1 to 64
		sub-port: a, b
lag-id	lag-id	lag: keyword
		id: 1 to 800
qtag1	0 to 4094
qtag2	* \| null \| 0 to 4094

The port-id must reference a valid port type. When the port-id parameter represents SONET/SDH and TDM channels, the port ID must include the channel ID. A period ".” separates the physical port from the channel-id. The port must be configured as an access port.

If the SONET/SDH port is configured as clear-channel then only the port is specified.

create: Keyword used to create a SAP instance. The create keyword requirement can be enabled/disabled in the environment>create context.

Platforms

7705 SAR Gen 2

sap

Syntax

sap sap-id

no sap

Context

[Tree] (config>service>vpls>site sap)

Full Context

configure service vpls site sap

Description

This command configures a SAP for the site.

The no form of this command removes the SAP ID from the configuration.

Parameters

sap-id: Specifies the physical port identifier portion of the SAP definition

Platforms

7705 SAR Gen 2

sap

Syntax

sap sap-id

no sap

Context

[Tree] (config>service>epipe>site sap)

Full Context

configure service epipe site sap

Description

This command configures a SAP for the site.

The no form of this command removes the SAP ID from the configuration.

Parameters

sap-id: Specifies the physical port identifier portion of the SAP definition.

Platforms

7705 SAR Gen 2

sap

Syntax

[no] sap sap-id

Context

[Tree] (debug>service>id>stp sap)

[Tree] (debug>service>id sap)

[Tree] (debug>service>id>dhcp sap)

Full Context

debug service id stp sap

debug service id sap

debug service id dhcp sap

Description

This command enables STP debugging for a specific SAP.

The no form of the command disables debugging.

Parameters

sap-id: Specifies the physical port identifier portion of the SAP definition.

Platforms

7705 SAR Gen 2

sap

Syntax

sap [split-horizon-group group-name] [create] [capture-sap]

no sap sap-id

Context

[Tree] (config>service>vpls>mac-move>primary-ports sap)

[Tree] (config>service>vpls>mac-move>secondary-ports sap)

Full Context

configure service vpls mac-move primary-ports sap

configure service vpls mac-move secondary-ports sap

Description

This command declares a specified SAP as a primary (or secondary) VPLS port.

Parameters

sap-id: Specifies the physical port identifier portion of the SAP definition

Platforms

7705 SAR Gen 2

sap

Syntax

[no] sap sap-id

Context

[Tree] (debug>service>id>igmp-snooping sap)

Full Context

debug service id igmp-snooping sap

Description

This command shows IGMP packets for a specific SAP.

The no form of this command disables the debugging for the SAP.

Platforms

7705 SAR Gen 2

sap

Syntax

[no] sap sap-id

Context

[Tree] (debug>service>id>mld sap)

Full Context

debug service id mld-snooping sap

Description

This command shows MLD packets for a specific SAP.

The no form of this command disables the debugging for the SAP.

Platforms

7705 SAR Gen 2

sap

Syntax

sap sap-id[create] [no-endpoint]

sap sap-id[create] endpoint name

no sap

Context

[Tree] (config>mirror>mirror-dest sap)

Full Context

configure mirror mirror-dest sap

Description

This command creates a service access point (SAP) within a mirror destination service. The SAP is owned by the mirror destination service ID.

The SAP is defined with port and encapsulation parameters to uniquely identify the (mirror) SAP on the interface and within the box. The specified SAP may be defined on an Ethernet access port with a dot1q, null, or q-in-q encapsulation type.

Only one SAP can be created within a mirror-dest service ID. If the defined SAP has not been created on any service within the system, the SAP is created and the context of the CLI will change to the newly created SAP. In addition, the port cannot be a member of a multi-link bundle, APS group or IMA bundle.

If the defined SAP exists in the context of another service ID, mirror-dest or any other type, an error is generated.

Mirror destination SAPs can be created on Ethernet interfaces that have been defined as an access interface. If the interface is defined as network, the SAP creation returns an error.

When the no form of this command is used on a SAP created by a mirror destination service ID, the SAP with the specified port and encapsulation parameters is deleted.

Parameters

sap-id: Specifies the physical port identifier portion of the SAP definition.

no-endpoint: Removes the association of a SAP or a sdp with an explicit endpoint name.

name: Specifies the name of the endpoint associated with the SAP.

Platforms

7705 SAR Gen 2

sap

Syntax

sap sap-id {[egress] [ingress]}

no sap sap-id [egress] [ingress]

Context

[Tree] (config>mirror>mirror-source sap)

Full Context

configure mirror mirror-source sap

Description

This command enables mirroring of traffic ingressing or egressing a service access port (SAP). A SAP that is defined within a mirror destination cannot be used in a mirror source. The mirror source SAP referenced by the sap-id is owned by the service ID of the service in which it was created. The SAP is only referenced in the mirror source name for mirroring purposes. The mirror source association does not need to be removed before deleting the SAP from its service ID. If the SAP is deleted from its service ID, the mirror association is removed from the mirror source.

More than one SAP can be associated within a single mirror-source. Each SAP has its own ingress and egress parameter keywords to define which packets are mirrored to the mirror destination.

The SAP must be valid and properly configured. If the associated SAP does not exist, an error occurs and the command will not execute.

The same SAP cannot be associated with multiple mirror source definitions for ingress packets.

The same SAP cannot be associated with multiple mirror source definitions for egress packets.

If a particular SAP is not associated with a mirror source name, then that SAP will not have mirroring enabled for that mirror source.

Note that the ingress and egress options cannot be supported at the same time on a CEM encap-type SAP. The options must be configured in either the ingress or egress contexts.

The no form of this command disables mirroring for the specified SAP. All mirroring for that SAP on ingress and egress is terminated. Mirroring of packets on the SAP can continue if more specific mirror criteria is configured. If the egress or ingress parameter keywords are specified in the no command, only the ingress or egress mirroring condition is removed.

Parameters

sap-id: Specifies the physical port identifier portion of the SAP definition.

egress: Specifies that packets egressing the SAP should be mirrored. Egress packets are mirrored to the mirror destination after egress packet modification.

ingress: Specifies that packets ingressing the SAP should be mirrored. Ingress packets are mirrored to the mirror destination before the ingress packet modification.

Platforms

7705 SAR Gen 2

sap

Syntax

sap sap-id {[egress] [ingress]}

no sap sap-id [egress] [ingress]

Context

[Tree] (debug>mirror-source sap)

Full Context

debug mirror-source sap

Description

This command enables mirroring of traffic ingressing or egressing a service access port (SAP). A SAP that is defined within a mirror destination cannot be used in a mirror source. The mirror source SAP referenced by the sap-id is owned by the service ID of the service in which it was created. The SAP is only referenced in the mirror source name for mirroring purposes. The mirror source association does not need to be removed before deleting the SAP from its service ID. If the SAP is deleted from its service ID, the mirror association is removed from the mirror source.

More than one SAP can be associated within a single mirror-source. Each SAP has its own ingress and egress parameter keywords to define which packets are mirrored to the mirror destination.

The SAP must be valid and properly configured. If the associated SAP does not exist, an error occurs and the command does not execute.

The same SAP cannot be associated with multiple mirror source definitions for ingress packets.

The same SAP cannot be associated with multiple mirror source definitions for egress packets.

If a particular SAP is not associated with a mirror source name, then that SAP does not have mirroring enabled for that mirror source.

Note that the ingress and egress options cannot be supported at the same time on a CEM encap-type SAP. The options must be configured in either the ingress or egress contexts,

The no form of this command disables mirroring for the specified SAP. All mirroring for that SAP on ingress and egress is terminated. Mirroring of packets on the SAP can continue if more specific mirror criteria is configured. If the egress or ingress parameter keywords are specified in the no command, only the ingress or egress mirroring condition is removed.

Parameters

sap-id: Specifies the physical port identifier portion of the SAP definition.

egress: Specifies that packets egressing the SAP should be mirrored. Egress packets are mirrored to the mirror destination after egress packet modification.

ingress: Specifies that packets ingressing the SAP should be mirrored. Ingress packets are mirrored to the mirror destination before the ingress packet modification.

Platforms

7705 SAR Gen 2

sap

Syntax

sap sap-id

no sap

Context

[Tree] (config>service>vpls>proxy-nd>dynamic sap)

[Tree] (config>service>vpls>proxy-arp>dynamic sap)

Full Context

configure service vpls proxy-nd dynamic sap

configure service vpls proxy-arp dynamic sap

Description

This command configures the proxy ARP or ND entry for creation when the ARP or neighbor advertisement (NA) packet for the configured IP address is received on the configured SAP. This command can be configured in combination with the configure service vpls proxy-arp dynamic mac-list or configure service vpls proxy-nd dynamic mac-list command for the entry. In this case, the MAC of the ARP or NA message and the SAP on which the ARP or NA packet is received are both checked before creating the entry.

The no form of this command removes the SAP as the match criterion.

Default

no sap

Parameters

sap-id

Specifies the physical port identifier portion of the SAP definition.

Values


null	port-id \| lag-id \| eth-sat-id
dot1q	port-id \| lag-id \| pw-id \| eth-sat-id:[qtag1 cp-conn-prof-id]
qinq	port-id \| lag-id \| pw-id \| eth-sat-id:[qtag1 cp-conn-prof-id].[qtag2 \| cp-conn-prof-id]
	cp	keyword
	conn-prof-id	1 to 8000
port-id	slot/mda/port[.channel]
eth-tunnel	eth-tunnel-id[:eth-tun-sap-id]
	id	1 to 1024
	eth-tun-sap-id	0 to 4094
lag-id	lag-id \| lag-string
	lag	keyword
	id	1 to 800
	string	up to 23 characters
pw-id	pw-id
	pw	keyword
	id	1 to 32767
qtag1	* \| null \| 0 to 4094
qtag2	* \| null \| 0 to 4094
tunnel-id	tunnel-id.private \| public:tag
	tunnel	keyword
	id	1 to 64
	tag	0 to 4094
eth-sat-id	esat-id/slot/port
	esat	keyword
	id	1 to 20

Platforms

7705 SAR Gen 2

sap-egress

Syntax

sap-egress {policy-id | policy-name} [create] [name name]

no sap-egress {policy-id | policy-name}

Context

[Tree] (config>qos sap-egress)

Full Context

configure qos sap-egress

Description

This command is used to create or edit a Service Egress QoS policy. The egress policy defines the SLA for service packets as they egress on the SAP.

Policies are templates that can be applied to multiple services as long as the scope of the policy is template. The queues defined in the policy are not instantiated until a policy is applied to a service.

Sap-egress policies determine queue mappings based on ingress DSCP, IP precedence, dot1p, and IPv4 or IPv6 match criteria. Multiple queues can be created per forwarding class and each queue can have different CIR or PIR parameters.

Egress SAP QoS policies allow the definition of queues and the mapping of forwarding classes to those queues. Each queue needs to have a relative CIR for determining its allocation of QoS resources during periods of congestion. A PIR can also be defined that forces a hard limit on the packets transmitted through the queue. When the forwarding class is mapped to the queue, a DSCP, IP precedence, or dot1p value can optionally be specified.

The sap-egress policy with policy-id 1 is the default sap-egress QoS policy and is applied to service egress SAPs when an explicit policy is not specified or removed. The default sap-egress policy cannot be modified or deleted.

By default, all forwarding classes map to queue 1.

Any changes made to an existing policy, using any of the sub-commands, will be applied immediately to all egress SAPs where this policy is applied. For this reason, when many changes are required on a policy, it is highly recommended that the policy be copied to a work area policy-id. That work-in-progress policy can be modified until complete, then written over the original policy-id. Use the config qos copy command to maintain policies in this manner.

The no form of this command deletes the sap-egress policy. A policy cannot be deleted until it is removed from all service SAPs where it is applied. When a sap-egress policy is removed from a SAP, the SAP will revert to the default sap-egress policy-id 1.

Parameters

policy-id

The policy-id uniquely identifies the policy on the router.

Values: 1 to 65535

policy-name

The policy-name uniquely identifies the policy.

Values: 64 characters maximum.

create: Required parameter when creating a SAP QoS egress policy.

name

Configures an optional policy name which adds a name identifier to a specific policy to then use that policy name in configuration references as well as display and use policy names in show commands throughout the system. This helps the service provider or administrator to identify and manage sap-egress policies within the SR OS platforms.

All sap-egress policies are required to assign a policy ID to initially create a policy. However, either the policy ID or the policy name can be used to identify and reference a specific policy once it is initially created.

If a name is not specified at creation time, then SR OS assigns a string version of the policy-id as the name.

Values: 64 characters maximum

Platforms

7705 SAR Gen 2

sap-id

Syntax

sap-id sap-id

no sap-id

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>host-ident sap-id)

Full Context

configure subscriber-mgmt local-user-db ipoe host host-identification sap-id

Description

This command specifies the SAP ID to match for a host lookup. When the LUDB is accessed using a DHCPv4 server, the SAP-ID is matched against the Nokia vendor-specific sub-option in DHCP Option 82.

Note:

This command is used only when sap-id is configured as one of the match-list parameters.

The no form of this command removes the SAP ID from the configuration.

Parameters

sap-id: Specifies a SAP ID, up to 255 characters.

Platforms

7705 SAR Gen 2

sap-id

Syntax

[no] sap-id

Context

[Tree] (config>service>vpls>sap>dhcp>option>vendor sap-id)

[Tree] (config>service>vprn>if>dhcp>option>vendor sap-id)

Full Context

configure service vpls sap dhcp option vendor-specific-option sap-id

configure service vprn interface dhcp option vendor-specific-option sap-id

Description

This command enables the sending of the SAP ID in the Nokia vendor-specific sub-option of the DHCP relay packet.

The no form of this command disables the sending of the SAP ID in the Nokia vendor-specific sub-option of the DHCP relay packet.

Platforms

7705 SAR Gen 2

sap-ingress

Syntax

sap-ingress {policy-id | policy-name} [create] [name name]

no sap-ingress {policy-id| policy-name}

Context

[Tree] (config>qos sap-ingress)

Full Context

configure qos sap-ingress

Description

This command is used to create or edit the ingress policy. The ingress policy defines the SLA enforcement that service packets receive as they ingress a SAP. SLA enforcement is accomplished through the definition of queues that have Forwarding Class (FC), Fair Information Rate (FIR), Committed Information Rate (CIR), Peak Information Rate (PIR), Committed Burst Size (CBS), and Maximum Burst Size (MBS) characteristics.

Policies in effect are templates that can be applied to multiple services as long as the scope of the policy is template. Queues defined in the policy are not instantiated until they are assigned to at least one forwarding class and a policy is applied to a service SAP.

It is possible that a SAP ingress policy will include the dscp map command, the dot1p map command, and an IP or MAC match criteria. When multiple matches occur for the traffic, the order of precedence will be used to arrive at the final action. The order of precedence is as follows:

802.1p bits
DSCP
IP quintuple or MAC headers

The SAP ingress policy with policy-id 1 is a system-defined policy applied to services when no other policy is explicitly specified. The system SAP ingress policy cannot be modified or deleted. The default SAP ingress policy defines one unicast and one multipoint queue associated with all forwarding classes, with an FIR of zero, a CIR of zero, and a PIR of line rate.

Any changes made to the existing policy, using any of the sub-commands, are applied immediately to all services where this policy is applied. For this reason, when many changes are required on a policy, it is recommended that the policy be copied to a work area policy ID. That work-in-progress policy can be modified until complete, then written over the original policy-id. Use the config>qos>copy command to maintain policies in this manner.

The no form of this command deletes the SAP ingress policy. A policy cannot be deleted until it is removed from all services where it is applied.

Parameters

policy-id

The policy-id uniquely identifies the policy.

Values: 1 to 65535

policy-name

The policy-name uniquely identifies the policy.

Values: 64 characters maximum

create: Required parameter when creating a SAP QoS ingress policy.

name name

Configures an optional policy name which adds a name identifier to a specific policy to then use that policy name in configuration references as well as display and use policy names in show commands throughout the system. This helps the service provider and administrator to identify and manage sap-ingress policies within the SR OS platforms.

All sap-ingress policies are required to assign a policy ID to initially create a policy. However, either the policy ID or the policy name can be used to identify and reference a specific policy after it is initially created.

If a name is not specified at creation time, then SR OS assigns a string version of the policy-id as the name.

Values: 64 characters

Platforms

7705 SAR Gen 2

sap-template-binding

Syntax

sap-template-binding name/id

no sap-template-binding

Context

[Tree] (config>service>vpls>vpls-group sap-template-binding)

Full Context

configure service vpls vpls-group sap-template-binding

Description

This command configures the binding to a SAP template to be used to instantiate SAPs in the data VPLS using as input variables the VLAN IDs generated by the vid-range command.

The no form of this command removes the binding and deletes the related SAP instances. The command will fail if any of the affected VPLS instances have either a provisioned SAP or an active MVRP declaration/registration or if the related vpls-group is in no shutdown state. Any changes to the sap-template-binding require the vpls-group to be in shutdown state. New control SAP additions to the management VPLS are allowed as long as data VPLS instantiations/removals for vpls-groups are not in progress. Control SAPs can be removed at any time generating the removal of related data SAPs from the data VPLS. The shutdown or no shutdown state for the control SAPs does not have any effect on data SAPs instantiated with this command.

Default

no sap-template-binding

Parameters

name

Specifies the name of the VPLS template

Values: ASCII character string

id

Specifies the ID of the VPLS template

Values: 1 to 8196

Platforms

7705 SAR Gen 2

save

Syntax

save [cflash-id]

Context

[Tree] (bof save)

Full Context

bof save

Description

This command uses the boot option parameters currently in memory and writes them from the boot option file to the specified compact flash.

The BOF must be located in the root directory of the internal or external compact flash drives local to the system and have the mandatory filename of bof.cfg.

If a location is not specified, the BOF is saved to the default compact flash drive (cf3:) on the active CPM (typically the CPM in slot A, but the CPM in slot B could also be acting as the active CPM). The slot name is not case-sensitive. You can use upper or lowercase "A” or "B”.

Command usage:

bof save — saves the BOF to the default drive (cf3:) on the active CPM (either in slot A or B)
bof save cf3: — saves the BOF to cf3: on the active CPM (either in slot A or B)

To save the BOF to a compact flash drive on the standby CPM (for example, the redundant (standby) CPM is installed in slot B), specify -A or -B option.

Command usage:

bof save cf3-A: — saves the BOF to cf3: on CPM in slot A whether it is active or standby
bof save cf3-B: — saves the BOF to cf3: on CPM in slot B whether it is active or standby

The slot name is not case-sensitive. You can use upper or lowercase "A” or "B”.

The bof save and show bof commands allow you to save to or read from the compact flash of the standby CPM. Use the show card command to determine the active and standby CPM (A or B).

Default

Saves must be explicitly executed. The BOF is saved to cf3: if a location is not specified.

Parameters

flash-id

Specifies the compact flash ID where the bof.cfg is to be saved.

Values: cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

Default: cf3:

Platforms

7705 SAR Gen 2

save

Syntax

save file-url

Context

[Tree] (candidate save)

Full Context

candidate save

Description

This command saves the current candidate to a file.

Parameters

file-url: Specifies the directory and filename.

Platforms

7705 SAR Gen 2

save

Syntax

save [comment comment] [rescue]

Context

[Tree] (admin>rollback save)

Full Context

admin rollback save

Description

If the optional rescue keyword is not used, this command saves a rollback checkpoint at the location and with the filename specified by the rollback-location with a suffix of .rb. The previously saved checkpoints will have their suffixes incremented by one (.rb.1 becomes .rb.2, and so on). If there are already as many checkpoint files as the maximum number supported, then the last checkpoint file is deleted.

If the rescue keyword is used, then this command saves the current operational configuration as a rescue configuration at the location and with the filename specified by the rescue location. The filename will have the suffix .rc appended.

Parameters

comment-string: Specifies a comment, up to 255 characters, that is associated with the checkpoint.

rescue: Saves the rescue checkpoint instead of a normal rollback checkpoint.

Platforms

7705 SAR Gen 2

save

Syntax

save [file-url] [detail] [index]

Context

[Tree] (admin save)

Full Context

admin save

Description

This command saves the running configuration to a configuration file. For example:

A:ALA-1>admin# save ftp://test:test@192.168.x.xx/./100.cfg
Saving configuration .........Completed.

By default, the running configuration is saved to the primary configuration file.

Parameters

file-url

Specifies the file URL location to save the configuration file.

Values


local-url \| remote-url
local-url	[cflash-id/][file-path] 200 chars max, including cflash-id
	directory length 99 chars max each
remote-url	[{ftp:// \| tftp://}login:pswd@remote-locn/][file-path]
	243 chars max
	directory length 99 chars max each
remote-locn	[hostname \| ipv4-address \| ipv6-address]
ipv4-address	a.b.c.d
ipv6-address	x:x:x:x:x:x:x:x[-interface]
	x:x:x:x:x:x:d.d.d.d[-interface]
	x - [0 to FFFF]H
	d - [0 to 255]D
	interface - 32 chars max, for link local addresses
cflash-id	cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

Default: the primary configuration file location

detail: Saves both default and non-default configuration parameters.

index: Forces a save of the persistent index file regardless of the persistent status in the BOF file. The index option can also be used to avoid an additional boot required while changing your system to use the persistence indexes.

Platforms

7705 SAR Gen 2

save-when-restricted

Syntax

[no] save-when-restricted

Context

[Tree] (config>system>security>user save-when-restricted)

[Tree] (config>system>security>user-template save-when-restricted)

Full Context

configure system security user save-when-restricted

configure system security user-template save-when-restricted

Description

This command specifies whether the system permits configuration save operations for all configuration regions (bof, debug, configure, li) via any management interface (such as CLI and NETCONF) even if restricted-to-home is enabled.

The configuration for a region can be saved with CLI commands such as bof save, admin debug-save, admin save, or configure li save.

The no form of this command denies saving the configuration when restricted-to-home is enabled.

Default

save-when-restricted

Platforms

7705 SAR Gen 2

saved-ind-prompt

Syntax

[no] saved-ind-prompt

Context

[Tree] (environment saved-ind-prompt)

Full Context

environment saved-ind-prompt

Description

This command enables saved indicator in the prompt. When changes are made to the configuration file a "*” appears in the prompt string indicating that the changes have not been saved. When an admin save command is executed the "*” disappears.

*A:ALA-48# admin save
Writing file to ftp://192.0.2.43/./sim48/sim48-config.cfg
Saving configuration .... Completed.
A:ALA-48#

Platforms

7705 SAR Gen 2

schedule

Syntax

[no] schedule schedule-name [owner schedule-owner]

Context

[Tree] (config>system>cron schedule)

Full Context

configure system cron schedule

Description

This command configures the type of schedule to run, including one-time only (oneshot), periodic or calendar-based runs. All runs are determined by month, day of month or weekday, hour, minute and interval (seconds).

The no form of the command removes the context from the configuration.

Parameters

schedule-name: Specifies the name of the schedule. The name can be up to 32 characters.

schedule-owner

Specifies the owner name of the schedule. The name can be up to 32 characters.

Default: TiMOS CLI

Platforms

7705 SAR Gen 2

schedule-type

Syntax

schedule-type schedule-type

Context

[Tree] (config>system>security>pki>ca-prof>auto-crl-update schedule-type)

Full Context

configure system security pki ca-profile auto-crl-update schedule-type

Description

This command specifies the schedule type for auto CRL update. The system supports two types:

periodic: — The system will download a CRL periodically at the interval configured via the periodic-update-interval command. For example, if the periodic-update-interval is 1 day, then the system will download a CRL every 1 day. The minimal periodic-update-interval is 1 hour.
next-update-based — The system will download a CRL at the time = Next_Update_of_existing_CRL minus pre-update-time. For example, if the Next-Update of the existing CRL is 2015-06-30 06:00 and pre-update-time is 1 hour, then the system will start downloading at 2015-06-30, 05:00.

Default

schedule-type next-update-based

Parameters

schedule-type

Specifies the type of time scheduler to update the CRL.

Values: periodic, next-update-based

Platforms

7705 SAR Gen 2

scheduler

Syntax

scheduler scheduler-name [create]

no scheduler scheduler-name

Context

[Tree] (config>service>vpls>sap>egress>sched-override scheduler)

Full Context

configure service vpls sap egress scheduler-override scheduler

Description

This command overrides specific attributes of the specified scheduler name.

A scheduler defines a bandwidth control that limits each child (other schedulers, policers and queues) associated with the scheduler. Scheduler objects are created within the hierarchical tiers of the policy. It is assumed that each scheduler created has policers, queues or other schedulers defined as child associations. The scheduler can be a child which takes bandwidth from a scheduler in a higher tier. A total of 32 schedulers can be created within a single scheduler policy with no restriction on the distribution between the tiers.

Each scheduler must have a unique name within the context of the scheduler policy; however the same name can be reused in multiple scheduler policies. If scheduler-name already exists within the policy tier level (regardless of the inclusion of the keyword create), the context changes to that scheduler name for the purpose of editing the scheduler parameters. Modifications made to an existing scheduler are executed on all instantiated schedulers created through association with the policy of the edited scheduler. This can cause policers, queues or schedulers to become orphaned (invalid parent association) and adversely affect the ability of the system to enforce service level agreements (SLAs).

If the scheduler-name exists within the policy on a different tier (regardless of the inclusion of the keyword create), an error occurs and the current CLI context does not change.

If the scheduler-name does not exist in this or another tier within the scheduler policy, it is assumed that an attempt is being made to create a scheduler of that name. The success of the command execution is dependent on the following:

The maximum number of schedulers has not been configured.
The provided scheduler-name is valid.
The create keyword is entered with the command if the system is configured to require it (enabled in the environment create command).

When the maximum number of schedulers has been exceeded on the policy, a configuration error occurs and the command does not execute, nor does the CLI context change.

If the provided scheduler-name is invalid according to the criteria below, a name syntax error occurs, the command does not execute, and the CLI context does not change.

The no form of this command removes the scheduler name from the configuration.

Parameters

scheduler-name

Specifies name of the scheduler

Values: Valid names consist of any string up to 32 characters long composed of printable, 7-bit ASCII characters excluding double quotes. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

create: This optional keyword explicitly specifies that it is acceptable to create a scheduler with the given scheduler-name. If the create keyword is omitted, scheduler-name is not created when the system environment variable create is set to true. This safeguard is meant to avoid accidental creation of system objects (such as schedulers) while attempting to edit an object with a mistyped name or ID. The keyword has no effect when the object already exists.

Platforms

7705 SAR Gen 2

scheduler

Syntax

scheduler scheduler-name [create]

no scheduler scheduler-name

Context

[Tree] (config>port>ethernet>access>egr>qgrp>sched-override scheduler)

[Tree] (config>port>ethernet>access>ing>qgrp>sched-override scheduler)

Full Context

configure port ethernet access egress queue-group scheduler-override scheduler

configure port ethernet access ingress queue-group scheduler-override scheduler

Description

This command can be used to override specific attributes of the specified scheduler name. A scheduler defines bandwidth controls that limit each child (other schedulers and queues) associated with the scheduler. Scheduler objects are created within the hierarchical tiers of the policy. It is assumed that each scheduler created will have queues or other schedulers defined as child associations. The scheduler can be a child which takes bandwidth from a scheduler in a higher tier. A total of 32 schedulers can be created within a single scheduler policy with no restriction on the distribution between the tiers. The scheduler-name must exist in the applied scheduler policy.

The no form of this command removes the scheduler overrides for the specified scheduler and returns the scheduler’s parent weight and CIR weight, and its PIR and CIR to the values configured in the applied scheduler policy.

Parameters

scheduler-name

Specifies the name of the scheduler.

Values: Valid names consist of any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

create: Creates a new scheduler for this port.

Platforms

7705 SAR Gen 2

scheduler

Syntax

scheduler scheduler-name [create]

no scheduler scheduler-name

Context

[Tree] (config>service>epipe>sap>egress>sched-override scheduler)

[Tree] (config>service>epipe>sap>ingress>sched-override scheduler)

Full Context

configure service epipe sap egress scheduler-override scheduler

configure service epipe sap ingress scheduler-override scheduler

Description

This command can be used to override specific attributes of the specified scheduler name. A scheduler defines bandwidth controls that limit each child (other schedulers, policers, and queues) associated with the scheduler. Scheduler objects are created within the hierarchical tiers of the policy. It is assumed that each scheduler created will have policers, queues or other schedulers defined as child associations. The scheduler can be a child which takes bandwidth from a scheduler in a higher tier. A total of 32 schedulers can be created within a single scheduler policy with no restriction on the distribution between the tiers.

Each scheduler must have a unique name within the context of the scheduler policy; however the same name can be reused in multiple scheduler policies. If scheduler-name already exists within the policy tier level (regardless of the inclusion of the keyword create), the context changes to that scheduler name for the purpose of editing the scheduler parameters. Modifications made to an existing scheduler are executed on all instantiated schedulers created through association with the policy of the edited scheduler. This can cause policers, queues, or schedulers to become orphaned (invalid parent association) and adversely affect the ability of the system to enforce service level agreements (SLAs).

If the scheduler-name exists within the policy on a different tier (regardless of the inclusion of the keyword create), an error occurs and the current CLI context will not change.

If the scheduler-name does not exist in this or another tier within the scheduler policy, it is assumed that an attempt is being made to create a scheduler of that name. The success of the command execution is dependent on the following:

The maximum number of schedulers has not been configured.
The provided scheduler-name is valid.
The create keyword is entered with the command if the system is configured to require it (enabled in the environment create command).

When the maximum number of schedulers has been exceeded on the policy, a configuration error occurs and the command will not execute, nor will the CLI context change.

If the provided scheduler-name is invalid according to the following criteria, a name syntax error will occur, the command will not execute, and the CLI context will not change.

Parameters

scheduler-name

The name of the scheduler. Each scheduler must be explicitly created.

Values: Valid names consist of any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

create: This optional keyword explicitly specifies that it is acceptable to create a scheduler with the given scheduler-name. If the create keyword is omitted, scheduler-name is not created when the system environment variable create is set to true. This safeguard is meant to avoid accidental creation of system objects (such as schedulers) while attempting to edit an object with a mistyped name or ID. The keyword has no effect when the object already exists.

Platforms

7705 SAR Gen 2

scheduler

Syntax

scheduler scheduler-name [create]

no scheduler scheduler-name

Context

[Tree] (config>service>vprn>if>sap>ingress>sched-override scheduler)

[Tree] (config>service>vprn>if>sap>egress>sched-override scheduler)

Full Context

configure service vprn interface sap ingress scheduler-override scheduler

configure service vprn interface sap egress scheduler-override scheduler

Description

This command can be used to override specific attributes of the specified scheduler name.

A scheduler defines a bandwidth controls that limit each child (other schedulers, policers, and queues) associated with the scheduler. Scheduler objects are created within the hierarchical tiers of the policy. It is assumed that each scheduler created will have policers, queues, or other schedulers defined as child associations. The scheduler can be a child which takes bandwidth from a scheduler in a higher tier. A total of 32 schedulers can be created within a single scheduler policy with no restriction on the distribution between the tiers.

Each scheduler must have a unique name within the context of the scheduler policy; however the same name can be reused in multiple scheduler policies. If scheduler-name already exists within the policy tier level (regardless of the inclusion of the keyword create), the context changes to that scheduler name for the purpose of editing the scheduler parameters. Modifications made to an existing scheduler are executed on all instantiated schedulers created through association with the policy of the edited scheduler. This can cause queues or schedulers to become orphaned (invalid parent association) and adversely affect the ability of the system to enforce service level agreements (SLAs).

If the scheduler-name exists within the policy on a different tier (regardless of the inclusion of the keyword create), an error occurs and the current CLI context will not change.

If the scheduler-name does not exist in this or another tier within the scheduler policy, it is assumed that an attempt is being made to create a scheduler of that name. The success of the command execution is dependent on the following:

The maximum number of schedulers has not been configured.
The provided scheduler-name is valid.
The create keyword is entered with the command if the system is configured to require it (enabled in the environment create command).

When the maximum number of schedulers has been exceeded on the policy, a configuration error occurs and the command will not execute, nor will the CLI context change.

If the provided scheduler-name is invalid according to the criteria below, a name syntax error will occur, the command will not execute, and the CLI context will not change.

Parameters

scheduler-name

Specifies the name of the scheduler.

Values: Valid names consist of any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed between double quotes.

create: Specifies that it is acceptable to create a scheduler with the given scheduler-name. If the create keyword is omitted, scheduler-name is not created when the system environment variable create is set to true. This safeguard is meant to avoid accidental creation of system objects (such as schedulers) while attempting to edit an object with a mistyped name or ID. The keyword has no effect when the object already exists.

Platforms

7705 SAR Gen 2

scheduler

Syntax

scheduler scheduler-name [create]

no scheduler scheduler-name

Context

[Tree] (config>service>ies>if>sap>egress>sched-override scheduler)

[Tree] (config>service>ies>if>sap>ingress>sched-override scheduler)

Full Context

configure service ies interface sap egress scheduler-override scheduler

configure service ies interface sap ingress scheduler-override scheduler

Description

This command can be used to override specific attributes of the specified scheduler name.

A scheduler defines a bandwidth controls that limit each child (other schedulers, policers, and queues) associated with the scheduler. Scheduler objects are created within the hierarchical tiers of the policy. It is assumed that each scheduler created will have policers, queues, or other schedulers defined as child associations. The scheduler can be a child which takes bandwidth from a scheduler in a higher tier. A total of 32 schedulers can be created within a single scheduler policy with no restriction on the distribution between the tiers.

Each scheduler must have a unique name within the context of the scheduler policy; however the same name can be reused in multiple scheduler policies. If scheduler-name already exists within the policy tier level (regardless of the inclusion of the keyword create), the context changes to that scheduler name for the purpose of editing the scheduler parameters. Modifications made to an existing scheduler are executed on all instantiated schedulers created through association with the policy of the edited scheduler. This can cause queues or schedulers to become orphaned (invalid parent association) and adversely affect the ability of the system to enforce service level agreements (SLAs).

If the scheduler-name exists within the policy on a different tier (regardless of the inclusion of the keyword create), an error occurs and the current CLI context will not change.

If the scheduler-name does not exist in this or another tier within the scheduler policy, it is assumed that an attempt is being made to create a scheduler of that name. The success of the command execution is dependent on the following:

The maximum number of schedulers has not been configured.
The provided scheduler-name is valid.
The create keyword is entered with the command if the system is configured to require it (enabled in the environment create command).

When the maximum number of schedulers has been exceeded on the policy, a configuration error occurs and the command will not execute, nor will the CLI context change.

If the provided scheduler-name is invalid according to the criteria below, a name syntax error will occur, the command will not execute, and the CLI context will not change.

Parameters

scheduler-name

The name of the scheduler. Each scheduler must be explicitly created.

Values: Valid names consist of any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

create: This optional keyword explicitly specifies that it is acceptable to create a scheduler with the given scheduler-name. If the create keyword is omitted, scheduler-name is not created when the system environment variable create is set to true. This safeguard is meant to avoid accidental creation of system objects (such as schedulers) while attempting to edit an object with a mistyped name or ID. The keyword has no effect when the object already exists.

Platforms

7705 SAR Gen 2

scheduler

Syntax

scheduler scheduler-name [create]

no scheduler scheduler-name

Context

[Tree] (config>qos>scheduler-policy>tier scheduler)

Full Context

configure qos scheduler-policy tier scheduler

Description

This command creates a new scheduler or edits an existing scheduler within the scheduler policy tier. A scheduler defines bandwidth controls that limit each child (other schedulers and queues) associated with the scheduler. Scheduler objects are created within the hierarchical tiers of the policy. It is assumed that each scheduler created will have queues or other schedulers defined as child associations. The scheduler can be a child which takes bandwidth from a scheduler in a higher tier. A total of 32 schedulers can be created within a single scheduler policy with no restriction on the distribution between the tiers.

Each scheduler must have a unique name within the context of the scheduler policy; however, the same name can be reused in multiple scheduler policies. If scheduler-name already exists within the policy tier level (regardless of the inclusion of the keyword create), the context changes to that scheduler name for the purpose of editing the scheduler parameters. Modifications made to an existing scheduler are executed on all instantiated schedulers created through association with the policy of the edited scheduler. This can cause queues or schedulers to become orphaned (invalid parent association) and adversely affect the ability of the system to enforce SLAs.

If the scheduler-name exists within the policy on a different tier (regardless of the inclusion of the keyword create), an error occurs and the current CLI context will not change.

If the scheduler-name does not exist in this or another tier within the scheduler policy, it is assumed that an attempt is being made to create a scheduler of that name. The success of the command execution is dependent on the following:

The maximum number of schedulers has not been configured.
The provided scheduler-name is valid.
The create keyword is entered with the command if the system is configured to require it (enabled in the environment create command).

When the maximum number of schedulers has been exceeded on the policy, a configuration error occurs, the command will not execute, nor will the CLI context change.

If the provided scheduler-name is invalid according to the criteria below, a name syntax error will occur, the command will not execute, and the CLI context will not change.

Parameters

scheduler-name

Specifies the scheduler name.

Values: Valid names consist of any string up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

create: This optional keyword explicitly specifies that it is acceptable to create a scheduler with the given scheduler-name. If the create keyword is omitted, scheduler-name is not created when the system environment variable create is set to true. This safeguard is meant to avoid accidental creation of system objects (such as schedulers) while attempting to edit an object with a mistyped name or ID. The keyword has no effect when the object already exists.

Platforms

7705 SAR Gen 2

scheduler

Syntax

scheduler scheduler-name [create]

no scheduler scheduler-name

Context

[Tree] (config>service>cust>multi-service-site>egress>sched-override scheduler)

[Tree] (config>service>cust>multi-service-site>ingress>sched-override scheduler)

Full Context

configure service customer multi-service-site egress scheduler-override scheduler

configure service customer multi-service-site ingress scheduler-override scheduler

Description

This command override specifics attributes of the specified scheduler name.

A scheduler defines bandwidth controls that limit each child (other schedulers, policers and queues) associated with the scheduler. Scheduler objects are created within the hierarchical tiers of the policy. It is assumed that each scheduler created will have policers, queues or other schedulers defined as child associations. The scheduler can be a child which takes bandwidth from a scheduler in a higher tier. A total of 32 schedulers can be created within a single scheduler policy with no restriction on the distribution between the tiers.

Each scheduler must have a unique name within the context of the scheduler policy; however the same name can be reused in multiple scheduler policies. If scheduler-name already exists within the policy tier level (regardless of the inclusion of the keyword create), the context changes to that scheduler name for the purpose of editing the scheduler parameters. Modifications made to an existing scheduler are executed on all instantiated schedulers created through association with the policy of the edited scheduler. This can cause policer, queues or schedulers to become orphaned (invalid parent association) and adversely affect the ability of the system to enforce service level agreements (SLAs).

If the scheduler-name exists within the policy on a different tier (regardless of the inclusion of the keyword create), an error occurs and the current CLI context will not change.

If the scheduler-name does not exist in this or another tier within the scheduler policy, it is assumed that an attempt is being made to create a scheduler of that name. The success of the command execution is dependent on the following:

The maximum number of schedulers has not been configured.
The provided scheduler-name is valid.
The create keyword is entered with the command if the system is configured to require it (enabled in the environment create command).

When the maximum number of schedulers has been exceeded on the policy, a configuration error occurs and the command will not execute, nor will the CLI context change.

If the provided scheduler-name is invalid according to the criteria below, a name syntax error will occur, the command will not execute, and the CLI context will not change.

The no form of the command disables the scheduler override.

Parameters

scheduler-name

Specifies the name of the scheduler.

Values: Valid names consist of any string up to 32 characters in length, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

create: This optional keyword explicitly specifies that it is acceptable to create a scheduler with the given scheduler-name. If the create keyword is omitted, scheduler-name is not created when the system environment variable create is set to true. This safeguard is meant to avoid accidental creation of system objects (such as schedulers) while attempting to edit an object with a mistyped name or ID. The keyword has no effect when the object already exists.

Platforms

7705 SAR Gen 2

scheduler-override

Syntax

[no] scheduler-override

Context

[Tree] (config>service>vpls>sap>ingress scheduler-override)

[Tree] (config>service>vpls>sap>egress scheduler-override)

Full Context

configure service vpls sap ingress scheduler-override

configure service vpls sap egress scheduler-override

Description

Commands in this context configure the set of attributes whose values have been overridden via management on this virtual scheduler. Clearing a given flag returns the corresponding overridden attribute to the value defined on the SAP's ingress scheduler policy.

The no form of this command removes scheduler parameters from the configuration.

Platforms

7705 SAR Gen 2

scheduler-override

Syntax

[no] scheduler-override

Context

[Tree] (config>port>ethernet>access>ing>qgrp scheduler-override)

[Tree] (config>port>ethernet>access>egr>qgrp scheduler-override)

Full Context

configure port ethernet access ingress queue-group scheduler-override

configure port ethernet access egress queue-group scheduler-override

Description

This command specifies the set of attributes whose values have been overridden by management on this virtual scheduler. Clearing a given flag will return the corresponding overridden attribute to the value defined on the ingress or egress queue group template.

The no form of this command removes all of the scheduler overrides and returns the scheduler’s parent weight and CIR weight, and its PIR and CIR to the values configured in the applied scheduler policy.

Platforms

7705 SAR Gen 2

scheduler-override

Syntax

[no] scheduler-override

Context

[Tree] (config>service>epipe>sap>ingress scheduler-override)

[Tree] (config>service>epipe>sap>egress scheduler-override)

Full Context

configure service epipe sap ingress scheduler-override

configure service epipe sap egress scheduler-override

Description

This command specifies the set of attributes whose values have been overridden by management on this virtual scheduler. Clearing a given flag will return the corresponding overridden attribute to the value defined on the SAP's ingress scheduler policy.

Platforms

7705 SAR Gen 2

scheduler-override

Syntax

[no] scheduler-override

Context

[Tree] (config>service>ies>if>sap>ingress scheduler-override)

[Tree] (config>service>ies>if>sap>egress scheduler-override)

Full Context

configure service ies interface sap ingress scheduler-override

configure service ies interface sap egress scheduler-override

Description

This command specifies the set of attributes whose values have been overridden via management on this virtual scheduler. Clearing a given flag will return the corresponding overridden attribute to the value defined on the SAP's ingress scheduler policy.

Platforms

7705 SAR Gen 2

scheduler-override

Syntax

[no] scheduler-override

Context

[Tree] (config>service>vprn>if>sap>egress scheduler-override)

[Tree] (config>service>vprn>if>sap>ingress scheduler-override)

Full Context

configure service vprn interface sap egress scheduler-override

configure service vprn interface sap ingress scheduler-override

Description

This command specifies the set of attributes whose values have been overridden via management on this virtual scheduler. Clearing a given flag will return the corresponding overridden attribute to the value defined on the SAP's ingress scheduler policy.

Platforms

7705 SAR Gen 2

scheduler-override

Syntax

[no] scheduler-override

Context

[Tree] (config>service>cust>multi-service-site>ingress scheduler-override)

[Tree] (config>service>cust>multi-service-site>egress scheduler-override)

Full Context

configure service customer multi-service-site ingress scheduler-override

configure service customer multi-service-site egress scheduler-override

Description

This command specifies the set of attributes whose values have been overridden by management on this virtual scheduler. Clearing a given flag will return the corresponding overridden attribute to the value defined on the SAP's ingress and egress scheduler policy.

The no form of the command disables the override.

Platforms

7705 SAR Gen 2

scheduler-policy

Syntax

scheduler-policy scheduler-policy-name

no scheduler-policy

Context

[Tree] (config>service>vprn>if>sap>ingress scheduler-policy)

[Tree] (config>service>ies>if>sap>ingress scheduler-policy)

[Tree] (config>service>vprn>if>sap>egress scheduler-policy)

[Tree] (config>service>vpls>sap>ingress scheduler-policy)

[Tree] (config>service>ies>if>sap>egress scheduler-policy)

[Tree] (config>service>vpls>sap>egress scheduler-policy)

Full Context

configure service vprn interface sap ingress scheduler-policy

configure service ies interface sap ingress scheduler-policy

configure service vprn interface sap egress scheduler-policy

configure service vpls sap ingress scheduler-policy

configure service ies interface sap egress scheduler-policy

configure service vpls sap egress scheduler-policy

Description

This command applies an existing scheduler policy to an ingress or egress scheduler used by SAP queues associated with this multi-service customer site. The schedulers defined in the scheduler policy can only be created once the customer site has been appropriately assigned to a chassis port, channel or slot. Scheduler policies are defined in the config>qos>scheduler-policy scheduler-policy-name context.

The no form of this command removes the configured ingress or egress scheduler policy from the multi-service customer site. When the policy is removed, the schedulers created due to the policy are removed also making them unavailable for the ingress SAP queues and egress SAP policers and queues associated with the customer site. Policers and queues that lose their parent scheduler association are deemed to be orphaned and are no longer subject to a virtual scheduler. The SAPs that have policers or queues reliant on the removed schedulers enter into an operational state depicting the orphaned status of one or more policers or queues. When the no scheduler-policy command is executed, the customer site’s ingress or egress node will not contain an applied scheduler policy.

Parameters

scheduler-policy-name

Specifies that the scheduler-policy-name is applied to an existing scheduler policy that was created in the config>qos>scheduler-policy scheduler-policy-name context to create the hierarchy of ingress or egress virtual schedulers. The scheduler names defined within the policy are created and made available to any ingress or egress queues created on associated SAPs.

Values: Any existing valid scheduler policy name.

Platforms

7705 SAR Gen 2

scheduler-policy

Syntax

scheduler-policy scheduler-policy-name

no scheduler-policy

Context

[Tree] (config>port>ethernet>network>egress>queue-group scheduler-policy)

Full Context

configure port ethernet network egress queue-group scheduler-policy

Description

This command configures a scheduler policy for the egress queue group.

Parameters

scheduler-policy-name: Specifies the scheduler policy name, up to 32 characters.

Platforms

7705 SAR Gen 2

scheduler-policy

Syntax

scheduler-policy scheduler-policy-name

no scheduler-policy

Context

[Tree] (config>service>epipe>sap>ingress scheduler-policy)

[Tree] (config>service>epipe>sap>egress scheduler-policy)

Full Context

configure service epipe sap ingress scheduler-policy

configure service epipe sap egress scheduler-policy

Description

This command applies an existing scheduler policy to an ingress or egress scheduler used by SAP queues associated with this multi-service customer site. The schedulers defined in the scheduler policy can only be created when the customer site has been appropriately assigned to a chassis port, channel or slot. Scheduler policies are defined in the config>qos>scheduler-policy scheduler-policy-name context.

The no form of this command removes the configured ingress or egress scheduler policy from the multi-service customer site. When the policy is removed, the schedulers created due to the policy are removed also making them unavailable for the ingress SAP queues associated with the customer site. Policers or queues that lose their parent scheduler association are deemed to be orphaned and are no longer subject to a virtual scheduler. The SAPs that have policers or queues reliant on the removed schedulers enter into an operational state depicting the orphaned status of one or more policers or queues. When the no scheduler-policy command is executed, the customer site ingress or egress node will not contain an applied scheduler policy.

Parameters

scheduler-policy-name: The scheduler-policy-name parameter applies an existing scheduler policy that was created in the config>qos>scheduler-policy scheduler-policy-name context to create the hierarchy of ingress or egress virtual schedulers. The scheduler names defined within the policy are created and made available to any ingress or egress queues and to egress policers managed by HQoS created on associated SAPs.

Platforms

7705 SAR Gen 2

scheduler-policy

Syntax

scheduler-policy scheduler-policy-name [create]

no scheduler-policy scheduler-policy-name

Context

[Tree] (config>qos scheduler-policy)

Full Context

configure qos scheduler-policy

Description

Each scheduler policy is divided up into groups of schedulers based on the tier each scheduler is created under. A tier is used to give structure to the schedulers within a policy and define rules for parent scheduler associations.

The scheduler-policy command creates a scheduler policy or allows editing of an existing policy. The policy defines the hierarchy and operating parameters for virtual schedulers. Creating a policy does not create the schedulers; it only provides a template for the schedulers to be created when the policy is associated with a SAP or multiservice site.

Each scheduler policy must have a unique name within the context of the system. Modifications made to an existing policy are executed on all schedulers that use the policy. This can cause queues or schedulers to become orphaned (invalid parent association) and adversely affect the ability of the system to enforce SLAs.

If a scheduler-policy-name does not exist, it is assumed that an attempt is being made to create a new policy. The success of the command execution is dependent on the following:

The maximum number of scheduler policies has not been configured.
The provided scheduler-policy-name is valid.
The create keyword is entered with the command if the system is configured to require it (enabled in the environment create command).

When the maximum number of scheduler policies has been exceeded, a configuration error occurs, the command will not execute, and the CLI context will not change.

If the provided scheduler-policy-name is invalid according to the criteria below, a name syntax error occurs, the command will not execute, and the CLI context will not change.

Parameters

scheduler-policy-name

The name of the scheduler policy.

Values: Valid names consist of any string up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

Platforms

7705 SAR Gen 2

scheduler-policy

Syntax

scheduler-policy scheduler-policy-name

no scheduler-policy

Context

[Tree] (config>service>cust>multi-service-site>egress scheduler-policy)

[Tree] (config>service>cust>multi-service-site>ingress scheduler-policy)

Full Context

configure service customer multi-service-site egress scheduler-policy

configure service customer multi-service-site ingress scheduler-policy

Description

This command applies an existing scheduler policy to an ingress or egress scheduler used by SAP queues or, at egress only, policers associated with this multi-service customer site. The schedulers defined in the scheduler policy can only be created once the customer site has been appropriately assigned to a chassis port, channel or slot. Scheduler policies are defined in the config>qos>scheduler-policy scheduler-policy-name context.

The no form of this command removes the configured ingress or egress scheduler policy from the multi-service customer site. When the policy is removed, the schedulers created due to the policy are removed also making them unavailable for the SAP policers and queues associated with the customer site. Policers and queues that lose their parent scheduler association are deemed to be orphaned and are no longer subject to a virtual scheduler.

The SAPs that have ingress queues reliant on the removed schedulers enter into an operational state depicting the orphaned status of one or more policers and queues. When the no scheduler-policy command is executed, the customer site ingress or egress node will not contain an applied scheduler policy.

Parameters

scheduler-policy-name

Applies an existing scheduler policy that was created in the config>qos>scheduler-policy scheduler-policy-name context to create the hierarchy of ingress or egress virtual schedulers. The scheduler names defined within the policy are created and made available to any ingress or egress queues and egress policers managed by HQoS created on associated SAPs.

Values: Any existing valid scheduler policy name up to 32 characters in length.

Platforms

7705 SAR Gen 2

schema-path

Syntax

schema-path url-string

no schema-path

Context

[Tree] (config>system>management-interface schema-path)

Full Context

configure system management-interface schema-path

Description

This command specifies the schema path where the SR OS YANG modules can be placed by the user before using a <get-schema> request. Nokia recommends that the URL string not exceed 135 characters for the <get-schema> request to work correctly with all schema files.

If this command is not configured, the software upgrade process manages the YANG schema files to ensure the schema files are synchronized with the software image on both the primary and standby CPM.

The no form of this command reverts to the default value.

Default

no schema-path

Parameters

url-string: Specifies the schema path URL up to 180 characters. However, Nokia recommends that the string shall not exceed 135 characters to ensure that the <get-schema> request works properly with all schema files.

Platforms

7705 SAR Gen 2

scope

Syntax

scope {exclusive | template}

no scope

Context

[Tree] (config>qos>sap-ingress scope)

Full Context

configure qos sap-ingress scope

Description

This command configures the Service Ingress QoS policy scope as exclusive or template.

The policy’s scope cannot be changed if the policy is applied to a service.

The no form of this command sets the scope of the policy to the default of template.

Default

scope template

Parameters

exclusive

When the scope of a policy is defined as exclusive, the policy can only be applied to one SAP. If a policy with an exclusive scope is assigned to a second SAP, an error message is generated. If the policy is removed from the exclusive SAP, it will become available for assignment to another exclusive SAP.

The system default policies cannot be put into the exclusive scope. An error will be generated if scope exclusive is executed in any policies with a policy-id equal to 1.

template

When the scope of a policy is defined as template, the policy can be applied to multiple SAPs on the router.

Default QoS policies are configured with template scopes. An error is generated when the template scope parameter to exclusive scope on default policies is modified.

Platforms

7705 SAR Gen 2

scope

Syntax

scope {exclusive | template}

no scope

Context

[Tree] (config>qos>sap-egress scope)

Full Context

configure qos sap-egress scope

Description

Enter the scope of this policy. The scope of the policy cannot be changed if the policy is applied to one or more services.

The no form of this command sets the scope of the policy to the default of template.

Default

scope template

Parameters

exclusive

When the scope of a policy is defined as exclusive, the policy can only be applied to a single SAP. Attempting to assign the policy to a second SAP will result in an error message. If the policy is removed from the exclusive SAP, it will become available for assignment to another exclusive SAP.

The system default policies cannot be put into the exclusive scope. An error will be generated if scope exclusive is executed in any policies with a policy-id equal to 1.

template: When the scope of a policy is defined as template, the policy can be applied to multiple SAPs on the router.

Platforms

7705 SAR Gen 2

scope

Syntax

scope {exclusive | template}

no scope

Context

[Tree] (config>qos>network scope)

Full Context

configure qos network scope

Description

This command configures the network policy scope as exclusive or template. The policy’s scope cannot be changed if the policy is applied to an interface.

The no form of this command sets the scope of the policy to the default of template.

Default

scope template

Parameters

exclusive

When the scope of a policy is defined as exclusive, the policy can only be applied to one interface. If a policy with an exclusive scope is assigned to a second interface, an error message is generated. If the policy is removed from the exclusive interface, it will become available for assignment to another exclusive interface.

The system default policies cannot be put into the exclusive scope. An error will be generated if the scope exclusive command is executed in any policies with a policy-id equal to 1.

template

When the scope of a policy is defined as template, the policy can be applied to multiple interfaces on the router.

Default QoS policies are configured with template scopes. An error is generated if the template scope parameter is modified to exclusive scope on default policies.

Platforms

7705 SAR Gen 2

scope

Syntax

scope {exclusive | template | embedded | system}

scope {exclusive | template}

no scope

Context

[Tree] (config>filter>ip-exception scope)

[Tree] (config>filter>ipv6-filter scope)

[Tree] (config>filter>ip-filter scope)

Full Context

configure filter ip-exception scope

configure filter ipv6-filter scope

configure filter ip-filter scope

Description

This command configures the filter policy scope as exclusive, template, embedded or system.

The scope of the policy cannot be changed when:

the scope is template and the policy is applied to one or more services or network interfaces
the scope is embedded and the policy is embedded by another policy

Changing the scope to/from system is only allowed when a policy is not active and the policy has no entries configured.

The no form of the command sets the scope of the policy to the default of template.

Default

scope template

Parameters

exclusive: Specifies that the policy can only be applied to a single entity. Attempting to assign the policy to a second entity will result in an error message.

template: Specifies that the policy can be applied to multiple entities.

embedded: Specifies that the policy cannot be applied directly. The policy defines embedded filter rules, which are embedded by other exclusive/template/system filter policies. The embedded scope is supported for IPv4 and IPv6 filter policies only.

system: Specifies that the policy defines system-wide filter rules. To apply system policy rules, activate system filter and chain exclusive/template ACL filter policy to the system filter. The system scope is supported for IPv4 and IPv6 filter policies only.

Platforms

7705 SAR Gen 2

scp

Syntax

scp local-file-url destination-file-url [router router-instance] [force]

scp local-file-url destination-file-url[force] service service-name

Context

[Tree] (file scp)

Full Context

file scp

Description

This command copies a local file to a remote host file system. It uses ssh for data transfer, and uses the same authentication and provides the same security as ssh. The following prompt appears:

"Are you sure (y/n)?” The destination must specify a user and a host.

Parameters

local-file-url

Specifies the local source file or directory.

Values


[cflash-id/] file-path	up to 200 characters
cflash-id	cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

destination-file-url

Specifies the destination file.

Values


destination-file-: user@hostname:file-path* - up to 255 characters
user	up to 32 characters
hostname	[dns-name \| ipv4-address \| "["ipv6-address”]”]
ipv4-address	a.b.c.d
ipv6-address	x:x:x:x:x:x:x:x[-interface]
	x:x:x:x:x:x:d.d.d.d[-interface]
	x - [0 to FFFF]H
	d - [0 to 255]D
	interface - up to 32 characters, mandatory for link local addresses
dns-name	up to 128 characters
file-path	up to 200 characters, directory length up to 99 characters

user: Specifies the SSH user.

hostname: Specifies the remote host IP address of DNS name.

file-path: Specifies the destination path.

router-instance

Specifies the router name or service ID used to specify the router instance.

Values


router-name	"Base”, "management”, "vpls-management”
vprn-service-id	1 to 2147483647

Default: Base

force: Forces an immediate copy of the specified file. The command file scp local-file-url destination-file-url [router router-instance] force executes the command without displaying a user prompt message.

service-name: Specifies the service name used to identify the router instance. The service name can be a maximum of 64 characters long.

Platforms

7705 SAR Gen 2

script

Syntax

script script-name [owner script-owner]

no script

Context

[Tree] (config>system>script-control>script-policy script)

[Tree] (config>system>script-control script)

Full Context

configure system script-control script-policy script

configure system script-control script

Description

This command is used to configure a script to be run.

The no form of the command removes the script.

Default

no script

Parameters

script-name: Specifies the name of the script. Can be up to 32 characters.

script-owner

Specifies the name of the script owner. Can be up to 32 characters.

The owner is an arbitrary name and not necessarily a user name. Commands in the scripts are not authorized against the owner. The configure system security cli-script authorization x cli-user command determines the user context against which commands in the scripts are authorized.

Default: "TiMOS CLI”

Platforms

7705 SAR Gen 2

script-control

Syntax

script-control

Context

[Tree] (config>system script-control)

Full Context

configure system script-control

Description

Commands in this context configure command script parameters.

Platforms

7705 SAR Gen 2

script-policy

Syntax

script-policy policy-name [owner policy-owner]

no script-policy

Context

[Tree] (config>system>cron>schedule script-policy)

Full Context

configure system cron schedule script-policy

Description

This command is used to configure the CLI script policy.

Parameters

policy-name: Specifies the name of the policy. Can be up to 32 characters.

policy-owner

Specifies the name of the policy owner. Can be up to 32 characters.

The owner is an arbitrary name and not necessarily a user name. Commands in the scripts are not authorized against the owner. The configure system security cli-script authorization x cli-user command determines the user context against which commands in the scripts are authorized.

Default: "TiMOS CLI”

Platforms

7705 SAR Gen 2

script-policy

Syntax

[no] script-policy policy-name [owner policy-owner]

Context

[Tree] (config>system>script-control script-policy)

Full Context

configure system script-control script-policy

Description

This command is used to configure the CLI script policy.

Parameters

policy-name: Specifies the name of the policy, up to 32 characters.

policy-owner

Specifies the name of the policy owner, up to 32 characters.

The owner is an arbitrary name and not necessarily a user name. Commands in the scripts are not authorized against the owner. The configure system security cli-script authorization x cli-user command determines the user context against which commands in the scripts are authorized.

Default: "TiMOS CLI”

Platforms

7705 SAR Gen 2

script-policy

Syntax

script-policy policy-name [owner policy-owner]

no script-policy

Context

[Tree] (config>log>event-handling>handler>action-list>entry script-policy)

Full Context

configure log event-handling handler action-list entry script-policy

Description

This command configures the script policy parameters to use for this EHS handler action-list entry. The associated script is launched when the handler is triggered.

Default

no script-policy

Parameters

policy-name: Specifies the script policy name. Can be up to 32 characters maximum.

owner policy-owner

Specifies the script policy owner. Can be up to 32 characters maximum.

Default: "TiMOS CLI”

Platforms

7705 SAR Gen 2

sd-offset

Syntax

sd-offset offset-value

no sd-offset

Context

[Tree] (config>service>vprn>isis>if>level sd-offset)

Full Context

configure service vprn isis interface level sd-offset

Description

If the pre-FEC error rate of the associated DWDM port crosses the configured sd-threshold, this offset-value is added to the IS-IS interface metric. This parameter is only effective if the interface is associated with a DWDM port and the sd-threshold value is configured under that port.

The no form of this command reverts the offset value to 0.

Default

no sd-offset

Parameters

offset-value

Specifies the amount the interface metric is increased by if the sd-threshold is crossed.

Values: 0 to 16777215

Platforms

7705 SAR Gen 2

sd-offset

Syntax

sd-offset sd-offset

no sd-offset

Context

[Tree] (config>router>isis>if>level sd-offset)

Full Context

configure router isis interface level sd-offset

Description

If the pre-FEC error rate of the associated DWDM port crosses the configured sd-threshold, this offset-value is added to the IS-IS interface metric. This parameter is only effective if the interface is associated with a DWDM port and the sd-threshold value is configured under that port.

The no form of this command reverts the offset value to 0.

Default

no sd-offset

Parameters

sd-offset

Specifies the amount the interface metric is increased by if the sd-threshold is crossed.

Values: 0 to 16777215

Platforms

7705 SAR Gen 2

sd-threshold

Syntax

sd-threshold threshold[multiplier multiplier]

no sd-threshold

Context

[Tree] (config>port>ethernet>crc-monitor sd-threshold)

Full Context

configure port ethernet crc-monitor sd-threshold

Description

This command specifies the error rate at which to declare the Signal Degrade condition on an Ethernet interface. The value represents M*10E-N a ratio of errored frames over total frames received over W seconds of the sliding window. The CRC errors on the interface are sampled once per second. A default of 10 seconds is used when there is no additional window-size configured. The multiplier keyword is optional. If the multiplier keyword is omitted or no sd-threshold is specified the multiplier will return to the default value of 1.

Default

no sd-threshold

Parameters

threshold

Specifies the threshold value.

Values: 1 to 9

multiplier

Specifies the multiplier value.

Values: 1 to 9

Platforms

7705 SAR Gen 2

sdp

Syntax

[no] sdp sdp-id:vc-id

Context

[Tree] (debug>service>id sdp)

[Tree] (debug>service>id>stp sdp)

[Tree] (debug>service>id>dhcp sdp)

Full Context

debug service id sdp

debug service id stp sdp

debug service id dhcp sdp

Description

This command enables STP debugging for a specific SDP.

The no form of the command disables debugging.

Parameters

sdp-id:vc-id

Specifies the SDP ID and VC ID.

Values

sdp-id: 1 to 17407

vc-id: 1 to 4294967295

Platforms

7705 SAR Gen 2

sdp

Syntax

[no] sdp sdp-id:vc-id

Context

[Tree] (debug>service>id>igmp-snooping sdp)

Full Context

debug service id igmp-snooping sdp

Description

This command shows IGMP packets for a specific SDP.

The no form of this command disables the debugging for the SDP.

Parameters

sdp-id

Displays only IGMP snooping entries associated with the specified mesh SDP or spoke-SDP. For a spoke-SDP, the VC ID must be specified, for a mesh SDP, the VC ID is optional.

Values: 1 to 17407

vc-id

Displays information for the specified virtual circuit ID on the SDP ID

Values: 1 to 4294967295

Platforms

7705 SAR Gen 2

sdp

Syntax

[no] sdp sdp-id:vc-id

Context

[Tree] (debug>service>id>mld sdp)

Full Context

debug service id mld-snooping sdp

Description

This command shows MLD packets for a specific SDP.

The no form of this command disables the debugging for the SDP.

Parameters

sdp-id

Displays only MLD entries associated with the specified mesh SDP or spoke-SDP

Values: 1 to 17407

vc-id

Displays information for the specified virtual circuit ID on the SDP ID

Values: 1 to 4294967295

Platforms

7705 SAR Gen 2

sdp

Syntax

sdp sdp-id [delivery-type] [create]

no sdp sdp-id

Context

[Tree] (config>service sdp)

Full Context

configure service sdp

Description

This command creates or edits a service destination point (SDP). SDPs must be explicitly configured.

An SDP is a logical mechanism that ties a far-end router to a particular service without having to specifically define far-end SAPs. Each SDP represents a method to reach another router.

One method is IP Generic Router Encapsulation (GRE), which has no state in the core of the network. GRE does not specify a specific path to the far-end router. A GRE-based SDP uses the underlying IGP routing table to find the best next hop to the far-end router.

The second method is Multi-Protocol Label Switching (MPLS) encapsulation. A router supports both signaled and non-signaled Label Switched Paths (LSPs) through the network. Non-signaled paths are defined at each hop through the network. Signaled paths are communicated by protocol from end-to-end using Resource Reservation Protocol (RSVP). Paths may be manually defined or a constraint-based routing protocol (such as OSPF-TE or CSPF) can be used to determine the best path with specific constraints. An LDP LSP can also be used for an SDP when the encapsulation is MPLS. The use of an LDP LSP type or an RSVP/Static LSP type are mutually exclusive except when the mixed-lsp option is enabled on the SDP.

Segment routing is another MPLS tunnel type and is used to allow service binding to an SR tunnel programmed in TTM by OSPF or IS-IS. The SDP of type sr-isis or sr-ospf can be used with the far-end option. The tunnel-far-end option is not supported. In addition, the mixed-lsp-mode option does not support the sr-isis and sr-ospf tunnel types.

L2TPv3-over-IPv6 transport is also an option for 7705 SAR Gen 2 Ethernet Pipe (Epipe) Services. Like GRE, L2TPv3 is stateless in the core of the network, as well as on the service nodes as the L2TPv3 control plane functionality is disabled for this SDP type. A unique source and destination IPv6 address combined with TX and RX Cookie values are used to ensure that the SDP is bound to the correct service.

SDPs are created and then bound to services. Many services may be bound to a single SDP. The operational and administrative state of the SDP controls the state of the SDP binding to the service.

If the sdp-id does not exist, a new SDP is created. When creating an SDP, either the gre, mpls, or l2tpv3 keyword must be specified. SDPs are created in the admin down state (shutdown) and the no shutdown command must be executed once all relevant parameters are defined and before the SDP can be used.

If sdp-id exists, the current CLI context is changed to that SDP for editing and modification. For editing an existing SDP, neither the gre, mpls, or l2tpv3 keyword is specified. If a keyword is specified for an existing sdp-id, an error is generated and the context of the CLI will not be changed to the specified sdp-id.

The no form of this command deletes the specified SDP. Before an SDP can be deleted, it must be administratively down (shutdown) and not bound to any services. If the specified SDP is bound to a service, the no sdp command will fail generating an error message specifying the first bound service found during the deletion process. If the specified sdp-id does not exist an error will be generated.

Parameters

sdp-id

Specifies the SDP identifier.

Values: 1 to 32767

gre: Specifies the SDP will use GRE to reach the far-end router. The GRE encapsulation of the MPLS service packet uses the base 4-byte header as per RFC 2890. The optional fields Checksum (plus Reserved field), Key, and Sequence Number are not inserted. Only one GRE SDP can be created to a given destination address. Multiple GRE SDPs to a single destination address serve no purpose as the path taken to reach the far end is determined by the IGP which will be the same for all SDPs to a given destination and there is no bandwidth reservation in GRE tunnels.

mpls: Specifies the SDP will use MPLS encapsulation and one or more LSP tunnels to reach the far-end device. Multiple MPLS SDPs may be created to a given destination device. Multiple MPLS SDPs to a single destination device are helpful when they use divergent paths.

l2tpv3: Specifies the SDP will use L2TPv3-over-IPv6 encapsulation. One SDP is created per service, regardless of whether the far-end node is common or not. Unique local and far-end addresses are configured for every L2TPv3 SDP type. The local address must exist on the local node.

eth-gre-bridged: Configures the SDP as an L2oGRE tunnel that is terminated on an FPE-based PW port. Only the end-points of such a tunnel (the far-end IPv4/IPv6 address or local-end IPv4/IPv6 address) are allowed to be configured under this SDP.

Platforms

7705 SAR Gen 2

sdp-exclude

Syntax

[no] sdp-exclude group-name

Context

[Tree] (config>service>pw-template sdp-exclude)

Full Context

configure service pw-template sdp-exclude

Description

This command configures SDP admin group constraints for a pseudowire template.

The admin group name must have been configured or the command is failed. The user can execute the command multiple times to include or exclude more than one admin group. The sdp-include and sdp-exclude commands can only be used with the use-provisioned-sdp or prefer-provisioned-sdp options. If the same group name is included and excluded within the same pseudowire template, only the exclude option will be enforced.

Any changes made to the admin group sdp-include and sdp-exclude constraints will only be reflected in existing spoke-sdps after the following command has been executed:

tools>perform>service>eval-pw-template>allow-service-impact

When the service is bound to the pseudowire template, the SDP selection rules will enforce the admin group constraints specified in the sdp-include and sdp-exclude commands.

In the SDP selection process, all provisioned SDPs with the correct far-end IP address, the correct tunnel-far-end IP address, and the correct service label signaling are considered. The SDP with the lowest admin metric is selected. If more than one SDP with the same lowest metric are found then the SDP with the highest sdp-id is selected. The type of SDP, GRE or MPLS (BGP/RSVP/LDP) is not a criterion in this selection.

The selection rule with SDP admin groups is modified such that the following admin-group constraints are applied upfront to prune SDPs that do not comply:

if one or more sdp-include statement is part of the PW template, then an SDP that is a member of one or more of the included groups will be considered. With the sdp-include statement, there is no preference for an SDP that belongs to all included groups versus one that belongs to one or fewer of the included groups. All SDPs satisfying the admin-group constraint will be considered and the selection above based on the lowest metric and highest sdp-id is applied.
if one or more sdp-exclude statement is part of the PW template, then an sdp that is a member of any of the excluded groups will not be considered.

SDP admin group constraints can be configured on all router services that makes use of the pseudowire template (BGP-AD VPLS service, BGP-VPLS service, and FEC129 VLL service). In the latter case, only support at a T-PE node is provided.

The no form of this command removes the SDP admin group constraints from the pseudowire template.

Parameters

group-name: Specifies the name of the SDP admin group. A maximum of 32 characters can be entered.

Platforms

7705 SAR Gen 2

sdp-group

Syntax

sdp-group

Context

[Tree] (config>service sdp-group)

Full Context

configure service sdp-group

Description

This command configures the SDP membership in admin groups.

The user can enter a maximum of one (1) admin group name at once. The user can execute the command multiple times to add membership to more than one admin group. The admin group name must have been configured or the command is failed. Admin groups are supported on an SDP of type GRE and of type MPLS (BGP/RSVP/LDP). They are also supported on an SDP with the mixed-lsp-mode option enabled.

The no form of this command removes this SDP membership to the specified admin group.

Platforms

7705 SAR Gen 2

sdp-include

Syntax

[no] sdp-include group-name

Context

[Tree] (config>service>pw-template sdp-include)

Full Context

configure service pw-template sdp-include

Description

This command configures SDP admin group constraints for a pseudowire template.

The admin group name must have been configured or the command is failed. The user can execute the command multiple times to include or exclude more than one admin group. The sdp-include and sdp-exclude commands can only be used with the use-provisioned-sdp or prefer-provisioned-sdp options. If the same group name is included and excluded within the same pseudowire template, only the exclude option will be enforced.

Any changes made to the admin group sdp-include and sdp-exclude constraints will only be reflected in existing spoke-sdps after the following command has been executed:

tools>perform>service>eval-pw-template>allow-service-impact

When the service is bound to the pseudowire template, the SDP selection rules will enforce the admin group constraints specified in the sdp-include and sdp-exclude commands.

In the SDP selection process, all provisioned SDPs with the correct far-end IP address, the correct tunnel-far-end IP address, and the correct service label signaling are considered. The SDP with the lowest admin metric is selected. If more than one SDP with the same lowest metric are found then the SDP with the highest sdp-id is selected. The type of SDP, GRE or MPLS (BGP/RSVP/LDP) is not a criterion in this selection.

The selection rule with SDP admin groups is modified such that the following admin-group constraints are applied upfront to prune SDPs that do not comply:

if one or more sdp-include statement is part of the PW template, then an SDP that is a member of one or more of the included groups will be considered. With the sdp-include statement, there is no preference for an SDP that belongs to all included groups versus one that belongs to one or fewer of the included groups. All SDPs satisfying the admin-group constraint will be considered and the selection above based on the lowest metric and highest sdp-id is applied.
if one or more sdp-exclude statement is part of the PW template, then an sdp that is a member of any of the excluded groups will not be considered.

SDP admin group constraints can be configured on all router services that make use of the pseudowire template (BGP-AD VPLS service, BGP-VPLS service, and FEC129 VLL service). In the latter case, only support at a T-PE node is provided.

The no form of this command removes the SDP admin group constraints from the pseudowire template.

Parameters

group-name: Specifies the name of the SDP admin group. A maximum of 32 characters can be entered.

Platforms

7705 SAR Gen 2

sdp-mtu

Syntax

sdp-mtu orig-sdp-id size-inc start-octets end-octets [step step-size] [timeout timeout] [interval interval]

Context

[Tree] (oam sdp-mtu)

Full Context

oam sdp-mtu

Description

Performs MTU Path tests on an SDP to determine the largest path-mtu supported on an SDP. The size-inc parameter can be used to easily determine the path-mtu of a given SDP-ID. The forwarding class is assumed to be Best-Effort Out-of-Profile. The message reply is returned with IP/GRE encapsulation from the far-end router. OAM request messages sent within an IP/GRE SDP must have the 'DF’ IP header bit set to 1 to prevent message fragmentation.

To terminate an sdp-mtu in progress, use the CLI break sequence <Ctrl-C>.

Parameters

orig-sdp-id

Specifies the sdp-id to be used by sdp-ping, expressed as a decimal integer. The far-end address of the specified sdp-id is the expected responder-id within each reply received. The specified sdp-id defines the encapsulation of the SDP tunnel encapsulation used to reach the far end. This can be IP/GRE or MPLS. If orig-sdp-id is invalid or administratively down or unavailable, the SDP echo request message is not sent and an appropriate error message is displayed (once the interval timer expires, sdp-ping attempts to send the next request, if required).

Values: 1 to 32767

start-octets

Specifies the beginning size in octets of the first message sent for an incremental MTU test, expressed as a decimal integer.

Values: 40 to 9786

end-octets

Specifies the ending size in octets of the last message sent for an incremental MTU test, expressed as a decimal integer. The specified value must be greater than start-octets.

Values: 40 to 9786

step-size

Specifies the number of octets to increment the message size request for each message sent for an incremental MTU test, expressed as a decimal integer. The next size message is not sent until a reply is received or three messages have timed out at the current size.

If the incremented size exceeds the end-octets value, no more messages are sent.

Values: 1 to 512

Default: 32

timeout

Specifies the timeout parameter in seconds, expressed as a decimal integer. This value is used to override the default timeout value and is the amount of time that the router waits for a message reply after sending the message request. Upon the expiration of the message time out, the requesting router assumes that the message response is not received. A request timeout message is displayed by the CLI for each message request sent that expires. Any response received after the request times out is silently discarded.

Values: 1 to 10

Default: 5

interval

Specifies the interval parameter in seconds, expressed as a decimal integer. This parameter is used to override the default request message send interval and defines the minimum amount of time that must expire before the next message request is sent.

If the interval is set to 1 second, and the timeout value is set to 10 seconds, then the maximum time between message requests is 10 seconds and the minimum is 1 second. This depends upon the receipt of a message reply corresponding to the outstanding message request.

Values: 1 to 10

Default: 1

Platforms

7705 SAR Gen 2

Output

Output Example: SDP MTU Path Test

*A:Dut-A# oam sdp-mtu 1201 size-inc 512 3072 step 256
Size    Sent    Response
----------------------------
512     .        Success
768     .        Success
1024    .        Success
1280    .        Success
1536    .        Success
1792    .        Success
2048    .        Success
2304    .        Success
2560    .        Success
2816    .        Success
3072    .        Success

Maximum Response Size: 3072
*A:Dut-A#

sdp-ping

Syntax

sdp-ping orig-sdp-id [resp-sdp resp-sdp-id] [fc fc-name [profile { in | out}]] [size octets] [count send-count] [timeout timeout] [interval interval]

Context

[Tree] (oam sdp-ping)

[Tree] (config>saa>test>type sdp-ping)

Full Context

oam sdp-ping

configure saa test type sdp-ping

Description

This command tests SDPs for uni-directional or round trip connectivity and performs SDP MTU Path tests.

The sdp-ping command accepts an originating SDP-ID and an optional responding SDP-ID. The size, number of requests sent, message time-out and message send interval can be specified. All sdp-ping requests and replies are sent with PLP OAM-Label encapsulation, as a service-id is not specified.

For round trip connectivity testing, the resp-sdp keyword must be specified. If resp-sdp is not specified, a uni-directional SDP test is performed.

To terminate an sdp-ping in progress, use the CLI break sequence <Ctrl-C>.

An sdp-ping response message indicates the result of the sdp-ping message request. When multiple response messages apply to a single SDP echo request/reply sequence, the response message with the highest precedence is displayed. sdp-ping Response Messages shows the response messages sorted by precedence.

Table 2. sdp-ping Response Messages
Result of Request	Displayed Response Message	Precedence
Request time out without reply	Request Timeout	1
Request not sent due to non-existent orig-sdp-id	Orig-SDP Non-Existent	2
Request not sent due to administratively down orig-sdp-id	Orig-SDP Admin-Down	3
Request not sent due to operationally down orig-sdp-id	Orig-SDP Oper-Down	4
Request terminated by user before reply or time out	Request Terminated	5
Reply received, invalid origination-id	Far End: Originator-ID Invalid	6
Reply received, invalid responder-id	Far End: Responder-ID Error	7
Reply received, non-existent resp-sdp-id	Far End: Resp-SDP Non-Existent	8
Reply received, invalid resp-sdp-id	Far End: Resp-SDP Invalid	9
Reply received, resp-sdp-id down (admin or oper)	Far-end: Resp-SDP Down	10
Reply received, No Error	Success	11

Parameters

orig-sdp-id

Specifies the SDP ID to be used by sdp-ping, expressed as a decimal integer. The far-end address of the specified SDP-ID is the expected responder-id within each reply received. The specified SDP-ID defines the encapsulation of the SDP tunnel encapsulation used to reach the far end. This can be IP/GRE or MPLS. If orig-sdp-id is invalid or administratively down or unavailable for some reason, the SDP Echo Request message is not sent and an appropriate error message is displayed (once the interval timer expires, sdp-ping attempts to send the next request if required).

Values: 1 to 32767

resp-sdp-id

Specifies the return SDP-ID to be used by the far-end router for the message reply for round trip SDP connectivity testing. If resp-sdp-id does not exist on the far-end router, terminates on another router different than the originating router, or another issue prevents the far-end router from using resp-sdp-id, the SDP echo reply is sent using generic IP/GRE OAM encapsulation. The received forwarding class (as mapped on the ingress network interface for the far end) defines the forwarding class encapsulation for the reply message.

Values: 1 to 32767

Default: null. Use the non-SDP return path for message reply.

fc-name

Specifies the parameter to be used to indicate the forwarding class of the SDP encapsulation. The actual forwarding class encoding is controlled by the network egress DSCP or LSP-EXP mappings.

The DSCP or LSP-EXP mappings on the receive network interface controls the mapping back to the internal forwarding class used by the far-end router that receives the message request. The egress mappings of the egress network interface on the far-end router controls the forwarding class markings on the return reply message.

The DSCP or LSP-EXP mappings on the receive network interface controls the mapping of the message reply at the originating router. This is displayed in the response message output upon receipt of the message reply.

Values: be, l2, af, l1, h2, ef, h1, nc

Default: be

profile {in | out}

Specifies the profile state of the SDP encapsulation.

Default: out

octets

Specifies the size parameter in octets. This parameter is used to override the default message size for the sdp-ping request. Changing the message size is a method of checking the ability of an SDP to support a path-mtu. The size of the message does not include the SDP encapsulation, VC-Label (if applied) or any DLC headers or trailers.

When the OAM message request is encapsulated in an IP/GRE SDP, the IP 'DF’ (Do Not Fragment) bit is set. If any segment of the path between the sender and receiver cannot handle the message size, the message is discarded. MPLS LSPs are not expected to fragment the message either, as the message contained in the LSP is not an IP packet.

Values: 72 to 9786

Default: 72

send-count

Specifies the number of messages to send. The count parameter is used to override the default number of message requests sent. Each message request must either time out or receive a reply before the next message request is sent. The message interval value must have expired before the next message request is sent.

Values: 1 to 100

Default: 1

timeout

Specifies the time, in seconds, used to override the default timeout value and is the amount of time that the router waits for a message reply after sending the last probe for a specific test. Upon the expiration of time out, the test is marked complete and no more packets is processed for any of those request probes.

Values: 1 to 10

Default: 5

interval

Specifies the time, in seconds, used to override the default request message send interval and defines the minimum amount of time that must expire before the next message request is sent.

Values: 1 to 10

Default: 1

Platforms

7705 SAR Gen 2

Output

Single Response Round Trip Connectivity Test Output Example

A:router1> sdp-ping 10 resp-sdp 22 fc ef
Request Result: Sent - Reply Received
RTT:30ms

Err  SDP-ID Info            Local     Remote
__   SDP-ID:                10        22
__   Administrative State:  Up        Up
__   Operative State:       Up        Up
__   Path MTU               4470      4470
__   Response SDP Used:               Yes

Err  System IP Interface Info
Local Interface Name: "ESR-System-IP-Interface (Up to 32 chars)…"
__   Local IP Interface State:          Up
__   Local IP Address:                  10.10.10.11
__   IP Address Expected By Remote:     10.10.10.11
__   Expected Remote IP Address:        10.10.10.10
__   Actual Remote IP Address:          10.10.10.10

Err   FC Mapping Info      Local        Remote
__    Forwarding Class     Assured      Assured
__    Profile              In           In

Multiple Response Connectivity Tests — When the connectivity test count is greater than one (1), a single line is displayed per SDP echo request send attempt.

The request number is a sequential number starting with 1 and ending with the last request sent, incrementing by one (1) for each request. This should not be confused with the message-id contained in each request and reply message.

A response message indicates the result of the message request. Following the response message is the round trip time value. If any reply is received, the round trip time is displayed.

After the last reply has been received or response timed out, a total is displayed for all messages sent and all replies received. A maximum, minimum and average round trip time is also displayed. Error response and timed out requests do not apply towards the average round trip time.

Multiple Response Round Trip Connectivity Test Output Example

A:router1> sdp-ping 6 resp-sdp 101size 1514 count 5
Request        Response       RTT
----------     ----------     -------
     1         Success        10ms
     2         Success        15ms
     3         Success        10ms
     4         Success        20ms
     5         Success        5ms
Sent:    5    Received:    5
Min: 5ms       Max: 20ms      Avg: 12ms

search

Syntax

search base-dn

no search

Context

[Tree] (config>system>security>ldap>server search)

Full Context

configure system security ldap server search

Description

This command configures the LDAP search command. The search base-dn tells the server which part of the external directory tree to search. The search DN uses the same LDAP attribute as root-dn. For example, to search a public-key for an SSH generated for a Nokia vendor, one might use "dc=public-key,dc=nokia,dc=com”.

The no version of this command removes the search DN; as such, no search is possible on the LDAP server.

Parameters

base-dn: Specifies the base domain name used in the search, up to 512 characters.

Platforms

7705 SAR Gen 2

secondary

Syntax

secondary ip-address[/mask] [netmask ] [broadcast {all-ones | host-ones}] [igp-inhibit] [track-srrp srrp-instance]

no secondary ip-address[/mask]

Context

[Tree] (config>service>ies>if secondary)

Full Context

configure service ies interface secondary

Description

This command assigns a secondary IP address or IP subnet/broadcast address format to the interface.

The no form of this command reverts to the default.

Parameters

ip-address: The IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that is used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).

mask: The subnet mask in dotted decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted decimal mask. The mask parameter indicates the complete mask that is used in a logical and function to derive the local subnet of the IP address. Allowed values are dotted decimal addresses in the range 128.0.0.0 – 255.255.255.254.

Note:
A mask of 255.255.255.255 is reserved for system IP addresses.

netmask: Specifies a string of 0s and 1s that mask or screen out the network part of an IP address so that only the host computer part of the address remains.

broadcast

Overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert back to a broadcast address of host-ones.

The broadcast format on an IP interface can be specified when the IP address is assigned or changed.

This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) is received by the IP interface. (Default: host-ones)

all-ones: Specifies the broadcast address used by the IP interface for this IP address is 255.255.255.255, also known as the local broadcast.

host-ones: Specifies that the broadcast address used by the IP interface for this IP address is the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-address and the mask-length or mask with all the host bits set to binary one. This is the default broadcast address used by an IP interface. The broadcast parameter within the address command does not have a negate feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the address command must be executed with the broadcast parameter defined.

igp-inhibit: Signals that the given secondary IP interface should not be recognized as a local interface by the running IGP. For OSPF and IS-IS, this means that the specified secondary IP interfaces are not injected and used as passive interfaces and are not advertised as internal IP interfaces into the IGP’s link state database. For RIP, this means that these secondary IP interfaces do not source RIP updates.

track-srrp srrp-instance

Specifies the SRRP instance ID that this interface route needs to track.

Values: 1 to 4294967295

Platforms

7705 SAR Gen 2

secondary

Syntax

secondary ip-address[/mask] [ netmask] [broadcast {all-ones | host-ones}] [igp-inhibit] [ track-srrp srrp-instance]

no secondary ip-address[/mask]

Context

[Tree] (config>service>vprn>nw-if secondary)

[Tree] (config>service>vprn>if secondary)

Full Context

configure service vprn network-interface secondary

configure service vprn interface secondary

Description

This command assigns a secondary IP address to the interface. Up to 16 total primary and secondary IPv4 and IPv6 addresses can be assigned to network interfaces, and up to 256 to access interfaces. Each address can be configured in an IP address, IP subnet or broadcast address format.

Caution:

Configurations must not exceed 16 secondary IP addresses when IPsec, GRE, L2TPv3, or IP in IP protocols are active on an access interface.

Parameters

ip-address: The IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).

mask: The subnet mask in dotted decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted decimal mask. The mask parameter indicates the complete mask that will be used in a logical 'AND’ function to derive the local subnet of the IP address. Allowed values are dotted decimal addresses in the range 128.0.0.0 – 255.255.255.254. A mask of 255.255.255.255 is reserved for system IP addresses.

netmask: Specifies a string of 0s and 1s that mask or screen out the network part of an IP address so that only the host computer part of the address remains.

broadcast

The optional broadcast parameter overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert back to a broadcast address of host-ones.

The broadcast format on an IP interface can be specified when the IP address is assigned or changed. This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) will be received by the IP interface. (Default: host-ones)

all-ones: The all-ones keyword following the broadcast parameter specifies the broadcast address used by the IP interface for this IP address will be 255.255.255.255, also known as the local broadcast.

host-ones

The host-ones keyword following the broadcast parameter specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-address and the mask-length or mask with all the host bits set to binary one. This is the default used by an IP interface.

The broadcast parameter within the address command does not have a negate feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the address command must be executed with the broadcast parameter defined.

igp-inhibit: The optional igp-inhibit parameter signals that the given secondary IP interface should not be recognized as a local interface by the running IGP. For OSPF and IS-IS, this means that the specified secondary IP interfaces will not be injected and used as passive interfaces and will not be advertised as internal IP interfaces into the IGP’s link state database. For RIP, this means that these secondary IP interfaces will not source RIP updates.

track-srrp srrp-instance: Specifies the SRRP instance ID that this interface route needs to track.

Platforms

7705 SAR Gen 2

secondary

Syntax

[no] secondary path-name

Context

[Tree] (config>router>mpls>lsp secondary)

Full Context

configure router mpls lsp secondary

Description

This command specifies an alternative path that the LSP uses if the primary path is not available. This command is optional and is not required if the config router mpls lsp lsp-name primary path-name command is specified. After the switch over from the primary to the secondary, the system continuously tries to revert to the primary path. The switch back to the primary path is based on the retry-timer interval.

For RSVP-TE LSPs, up to eight secondary paths can be specified (or seven if a primary is configured). For SR-TE LSPs, up to three paths of any type (with a maximum of one primary) can be configured. By default, a secondary path is non-standby unless the standby keyword is configured. All non-standby secondary paths are considered equal and the first available path is used.

The system does not switch among secondary paths. The system starts the signaling (RSVP-TE) or programming (SR-TE) of all non-standby secondary paths at the same time. Retry counters are maintained for each unsuccessful attempt. After the retry limit is reached on a path, the system does not attempt to signal the path and administratively shuts down the path. The first successfully established non-standby secondary path is made the active path for the LSP.

The no form of this command removes the association between this path-name and lsp-name. All specific configurations for this association are deleted. The secondary path must be shut down prior to deleting it. The no secondary path-name command does not result in any action except a warning message on the console indicating that the secondary path is administratively up.

Parameters

path-name: Specifies the case-sensitive alphanumeric name label for the LSP path, up to 64 characters.

Platforms

7705 SAR Gen 2

secondary

Syntax

secondary {ip-address/mask | ip-address netmask} [ broadcast {all-ones | host-ones}] [igp-inhibit] [track-srrp srrp-instance]

no secondary {ip-address/mask | ip-address netmask}

Context

[Tree] (config>router>if secondary)

Full Context

configure router interface secondary

Description

This command assigns additional IP addresses to the interface. Up to 16 total primary and secondary IPv4 and IPv6 addresses can be assigned to network interfaces, and up to 256 to access interfaces. Each address can be configured in an IP address, IP subnet, or broadcast address format.

Caution:

Configurations must not exceed 16 secondary IP addresses when IPsec, GRE, L2TPv3, or IP in IP protocols are active on an access interface.

Parameters

ip-address

Specifies the IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation.

Values: 1.0.0.0 to 223.255.255.255

/: The forward slash is a parameter delimiter that separates the ip-address portion of the IP address from the mask that defines the scope of the local subnet. No spaces are allowed between the ip-addr, the "/” and the mask-length parameter. If a forward slash does not immediately follow the ip-addr, a dotted decimal mask must follow the prefix.

mask

Specifies the subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is specified in CIDR notation, a forward slash (/) separates the ip-address from the mask parameter. The mask parameter indicates the number of bits used for the network portion of the IP address; the remainder of the IP address is used to determine the host portion of the IP address. Allowed values are integers in the range 1 to 32. A mask length of 32 is reserved for system IP addresses.

Values: 1 to 32

netmask

Specifies the subnet mask in dotted decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted decimal mask. The mask parameter indicates the complete mask that will be used in a logical 'AND’ function to derive the local subnet of the IP address. A mask of 255.255.255.255 is reserved for system IP addresses.

Values: 128.0.0.0 to 255.255.255.255

broadcast

The optional broadcast parameter overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones, which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert back to a broadcast address of host-ones.

The broadcast parameter within the address command does not have a negate feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the address command must be executed with the broadcast parameter defined.

The broadcast format on an IP interface can be specified when the IP address is assigned or changed.

This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) will be received by the IP interface.

all-ones: The all-ones keyword following the broadcast parameter specifies that the broadcast address used by the IP interface for this IP address will be 255.255.255.255, also known as the local broadcast.

host-ones: The host-ones keyword following the broadcast parameter specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-address and the mask with all the host bits set to binary 1. This is the default broadcast address used by an IP interface.

igp-inhibit: The secondary IP address should not be recognized as a local interface by the running IGP.

srrp-instance: Specifies the SRRP instance ID that this interface route needs to track.

Platforms

7705 SAR Gen 2

secondary-config

Syntax

secondary-config file-url

no secondary-config

Context

[Tree] (bof secondary-config)

Full Context

bof secondary-config

Description

This command specifies the name and location of the secondary configuration file.

The system attempts to use the configuration as specified in secondary-config if the primary config cannot be located. If the secondary-config file cannot be located, the system attempts to obtain the configuration from the location specified in the tertiary-config.

Note that if an error in the configuration file is encountered, the boot process aborts.

The no form of this command removes the secondary-config configuration.

Parameters

file-url

Specifies the secondary configuration file location, expressed as a file URL.

Values


file-url	[local-url \| remote-url] (up to 180 characters)
local-url	[cflash-id/][file-path]
remote-url	[{ftp://\| tftp://} login:pswd@remote-locn/][file-path]
cflash-id	cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

Platforms

7705 SAR Gen 2

secondary-dns

Syntax

secondary-dns ip-address

no secondary-dns

Context

[Tree] (config>service>vprn>dns secondary-dns)

Full Context

configure service vprn dns secondary-dns

Description

This command configures the secondary DNS server for DNS name resolution. The secondary DNS server is used only if the primary DNS server does not respond.

DNS name resolution can be used when executing ping, traceroute, and service-ping, and also when defining file URLs. DNS name resolution is not supported when DNS names are embedded in configuration files.

The no form of this command removes the secondary DNS server from the configuration.

Default

no secondary-dns — No secondary DNS server is configured.

Parameters

ip-address

The IP or IPv6 address of the secondary DNS server.

Values


ipv4-address -a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x[-interface]
	x:x:x:x:x:x:d.d.d.d[-interface]
	x: [0 to FFFF]H
	d: [0 to 255]D
	interface - 32 characters max, for link local addresses.

Platforms

7705 SAR Gen 2

secondary-dns

Syntax

secondary-dns ip-address

no secondary-dns [ip-address]

Context

[Tree] (bof secondary-dns)

Full Context

bof secondary-dns

Description

This command configures the secondary DNS server for DNS name resolution. The secondary DNS server is used only if the primary DNS server does not respond.

DNS name resolution can be used when executing ping, traceroute, and service-ping, and also when defining file URLs. DNS name resolution is not supported when DNS names are embedded in configuration files.

The no form of this command removes the secondary DNS server from the configuration.

Default

no secondary-dns

Parameters

ip-address

Specifies the IP or IPv6 address of the secondary DNS server.

Values


ipv4-address	a.b.c.d
ipv6-address	x:x:x:x:x:x:x:x[-interface]
	x:x:x:x:x:x:d.d.d.d[-interface]
	x: [0 to FFFF]H
	d: [0 to 255]D
interface	up to 32 characters for link local addresses

Platforms

7705 SAR Gen 2

secondary-fast-retry-timer

Syntax

secondary-fast-retry-timer seconds

no secondary-fast-retry-timer

Context

[Tree] (config>router>mpls secondary-fast-retry-timer)

Full Context

configure router mpls secondary-fast-retry-timer

Description

This command specifies the value used as the fast retry timer for a secondary path. If the first attempt to set up a secondary path fails due to a path error, the fast retry timer will be started for the secondary path so that the path can be retried sooner. If the next attempt also fails, further retries for the path will use the configured value for LSP retry timer.

If retry-timer for the LSP is configured to be less than the MPLS secondary-fast-retry-timer, all retries for the secondary path will use the LSP retry-timer.

The no form of this command reverts to the default.

Default

no secondary-fast-retry-timer

Parameters

seconds

Specifies the value (in seconds), used as the fast retry timer for a secondary path

Values: 1 to 10

Platforms

7705 SAR Gen 2

secondary-image

Syntax

secondary-image file-url

no secondary-image

Context

[Tree] (bof secondary-image)

Full Context

bof secondary-image

Description

This command specifies the secondary directory location for runtime image file loading.

The system attempts to load all runtime image files configured in the primary-image first. If this fails, the system attempts to load the runtime images from the location configured in the secondary-image. If the secondary image load fails, the tertiary image specified in tertiary-image is used.

All runtime image files (*.tim files) must be located in the same directory.

The no form of this command removes the secondary-image configuration.

Parameters

file-url

Specifies the file URL; can be either local (this CPM) or a remote FTP server.

Values


file-url	{local-url \| remote-url} (up to 180 characters)
local-url	[cflash-id/][file-path]
remote-url	[{ftp://\| tftp://} login:pswd@remote-locn/][file-path]
cflash-id	cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

Platforms

7705 SAR Gen 2

secondary-ip-address

Syntax

secondary-ip-address ipv4-address

no secondary-ip-address

Context

[Tree] (config>router>bgp>orr>location secondary-ip-address)

Full Context

configure router bgp optimal-route-reflection location secondary-ip-address

Description

This command specifies the secondary IP address of a reference location used for BGP optimal route reflection. Up to three IPv4 addresses and three IPv6 addresses can be specified per location.

If the TE DB is unable to find a node in its topology database that matches the primary address, then the TE DB tries to find a node with the matching secondary address. If this attempt also fails, the TE DB then tries to find a node with the matching tertiary address.

The IP addresses specified for a location should be topologically "close” to a set of clients that should all receive the same optimal path for that location.

The no form of this command removes the secondary IP address information.

Default

no secondary-ip-address

Parameters

ipv4-address

Specifies the secondary IPv4 address of a location, expressed in dotted decimal notation.

Values: a.b.c.d

Platforms

7705 SAR Gen 2

secondary-ipv6-address

Syntax

secondary-ipv6-address ipv6-address

no secondary-ipv6-address

Context

[Tree] (config>router>bgp>orr>location secondary-ipv6-address)

Full Context

configure router bgp optimal-route-reflection location secondary-ipv6-address

Description

This command specifies the secondary IPv6 address of a reference location used for BGP optimal route reflection. Up to three IPv4 addresses and three IPv6 addresses can be specified per location.

If the TE DB is unable find a node in its topology database that matches a primary address of the location, then it tries to find a node matching a secondary address. If this attempt also fails, the TE DB tries to find a node matching a tertiary address.

The IP addresses specified for a location should be topologically "close” to a set of clients that should all receive the same optimal path for that location.

The no form of this command removes the secondary IPv6 address information.

Default

no secondary-ipv6-address

Parameters

ipv6-address

Specifies the secondary IPv6 address of a location.

Values

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)
x:x:x:x:x:x:d.d.d.d
x: [0 to FFFF]H
d: [0 to 255]D

Platforms

7705 SAR Gen 2

secondary-ports

Syntax

secondary-ports

Context

[Tree] (config>service>template>vpls-template>mac-move secondary-ports)

[Tree] (config>service>vpls>mac-move secondary-ports)

Full Context

configure service template vpls-template mac-move secondary-ports

configure service vpls mac-move secondary-ports

Description

This command opens configuration context for defining secondary vpls-ports. VPLS ports that were declared as primary prior to the execution of this command will be moved from primary port-level to secondary port-level. Changing a port to the tertiary level can only be done by first removing it from the primary port-level.

Platforms

7705 SAR Gen 2

secure-boot

Syntax

secure-boot

Context

[Tree] (admin>system>security secure-boot)

Full Context

admin system security secure-boot

Description

Commands in this context administratively provision secure boot.

Platforms

7705 SAR Gen 2

secure-nd

Syntax

[no] secure-nd

Context

[Tree] (config>service>ies>if>ipv6 secure-nd)

Full Context

configure service ies interface ipv6 secure-nd

Description

This command enables Secure Neighbor Discovery (SeND) on the IPv6 interface.

The no form of this command reverts to the default and disabled SeND.

Platforms

7705 SAR Gen 2

secure-nd

Syntax

[no] secure-nd

Context

[Tree] (config>service>vprn>if>ipv6 secure-nd)

Full Context

configure service vprn interface ipv6 secure-nd

Description

This command enables Secure Neighbor Discovery (SeND) on the IPv6 interface.

The no form of this command reverts to the default and disabled SeND.

Platforms

7705 SAR Gen 2

secure-nd

Syntax

[no] secure-nd

Context

[Tree] (config>router>if>ipv6 secure-nd)

Full Context

configure router interface ipv6 secure-nd

Description

This command enables Secure Neighbor Discovery (SeND) on the IPv6 interface.

The no form of this command reverts to the default and disabled SeND.

Platforms

7705 SAR Gen 2

secure-nd-export

Syntax

secure-nd-export

Context

[Tree] (admin>certificate secure-nd-export)

Full Context

admin certificate secure-nd-export

Description

This command exports IPv6 Secure Neighbor Discovery (SeND) certificates to the file cf[1..3]:\system-pki\secureNdKey in PKCS #7 DER format.

Platforms

7705 SAR Gen 2

secure-nd-import

Syntax

secure-nd-import input url-string format input-format [password password] [key-rollover]

Context

[Tree] (admin>certificate secure-nd-import)

Full Context

admin certificate secure-nd-import

Description

This command imports IPv6 Secure Neighbor Discovery (SeND) certificates from a file, and saves them to cf[1..3]:\system-pki\secureNdKey in PKCS #7 DER format.

Parameters

url-string

Specifies the name of an input file up to 99 characters.

Values


local-url	<cflash-id>\<file-path>
cflash-id	cf1:\| cf2:\| cf3:

input-format

Specifies the input file format.

Values: pkcs12, pem, or der

password

Specifies the password to decrypt the input file if it is an encrypted PKCS#12 file.

Values: 32 characters maximum

Platforms

7705 SAR Gen 2

security

Syntax

security

Context

[Tree] (config>system security)

Full Context

configure system security

Description

Commands in this context configure a number of central security settings, such as DDoS protection, users, authorization profiles, and certificates. Access to these commands should be restricted to highly trusted users and device administrators.

Platforms

7705 SAR Gen 2

security-association

Syntax

security-association security-entry-id authentication-key hex-string encryption-key hex-string spi spi transform transform-id direction direction

no security-association security-entry-id direction direction

Context

[Tree] (config>router>if>ipsec>ipsec-tunnel>manual-keying security-association)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>manual-keying security-association)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>manual-keying security-association)

[Tree] (config>service>vprn>if>sap>ipsec-tunnel>manual-keying security-association)

Full Context

configure router interface ipsec ipsec-tunnel manual-keying security-association

configure service ies interface ipsec ipsec-tunnel manual-keying security-association

configure service vprn interface ipsec ipsec-tunnel manual-keying security-association

configure service vprn interface sap ipsec-tunnel manual-keying security-association

Description

This command configures the information required for manual keying SA creation.

The no form of this command removes the security-association parameters from the configuration.

Parameters

security-entry-id

Specifies the ID of an SA entry.

Values: 1 to 16

authentication-key hex-string

Specifies an authentication key.

Values: none or 0x0 to 0xFFFFFFFF...(max 128 hex nibbles)

encryption-key hex-string

Specifies the key used for the encryption algorithm.

Values: none or 0x0 to 0xFFFFFFFF...(max 64 hex nibbles)

spi spi

Specifies the Security Parameter Index (SPI) used to look up the instruction to verify and decrypt the incoming IPsec packets when the direction is inbound. When the direction is outbound, the SPI that will be used in the encoding of the outgoing packets. The remote node can use this SPI to lookup the instruction to verify and decrypt the packet.

Values: 256 to 16383

transform transform-id

Specifies the transform entry that will be used by this SA entry. This object should be specified for all the entries created which are manual SAs. If the value is dynamic, then this value is irrelevant and will be zero.

Values: 1 to 2048

direction: Specifies the direction of an IPsec tunnel.

Platforms

7705 SAR Gen 2

security-association

Syntax

security-association spi spi authentication-key authentication-key encryption-key encryption-key [crypto]

no security-association spi spi

Context

[Tree] (config>grp-encryp>encryp-keygrp security-association)

Full Context

configure group-encryption encryption-keygroup security-association

Description

This command is used to create a security association for a specific SPI value in a key group. The command is also used to enter the authentication and encryption key values for the security association, or to delete a security association.

The SPI value used for the security association is a node-wide unique value, meaning that no two security associations in any key group on the node may share the same SPI value.

Keys are entered in cleartext. After configuration, they are never displayed in their original, cleartext form. Keys are displayed in an encrypted form, which is indicated by the system-appended crypto keyword when an info or an admin>save command is run. For security reasons, keys encrypted on one node are not usable on other nodes (that is, keys are not exchangeable between nodes).

The no form of the command removes the security association and related key values from the list of security associations for the key group. If the no form of the command is attempted using the same SPI value that is configured for active-outbound-sa, then a warning is issued and the command is blocked. If the no form of the command is attempted on the last SPI in the key group and the key group is configured on a service, then the command is blocked.

Parameters

spi

Specifies the SPI ID of the SPI being referenced for the security association.

Values: 1 to 127

authentication-key: Specifies the authentication key for the SPI, in hexadecimal format. The number of characters in the hexadecimal string must be 64 or 128, depending on whether the authentication algorithm is set to sha256 or sha512, respectively.

encryption-key: Specifies the encryption key for the SPI, in hexadecimal format. The number of characters in the hexadecimal string must be 32 or 64, depending on whether the encryption algorithm is set to aes128 or aes256, respectively.

crypto: Displays the keys showing on the CLI info display in an encrypted form.

Platforms

7705 SAR Gen 2

security-parameter

Syntax

security-parameter sec

no security-parameter

Context

[Tree] (config>service>ies>if>ipv6>secure-nd security-parameter)

Full Context

configure service ies interface ipv6 secure-nd security-parameter

Description

This command configures the security parameter used in the generation of a Cryptographically Generated Address (CGA).

Parameters

sec

Specifies the security parameter.

Values: 0 to 1

Platforms

7705 SAR Gen 2

security-parameter

Syntax

security-parameter sec

[no] security-parameter

Context

[Tree] (config>service>vprn>if>send security-parameter)

Full Context

configure service vprn interface ipv6 secure-nd security-parameter

Description

This command configures the security parameter used in the generation of a Cryptographically Generated Address (CGA).

Parameters

sec

Specifies the security parameter.

Values: 0 to 1

Platforms

7705 SAR Gen 2

security-parameter

Syntax

security-parameter sec

no security-parameter

Context

[Tree] (config>router>if>ipv6>secure-nd security-parameter)

Full Context

configure router interface ipv6 secure-nd security-parameter

Description

This command configures the security parameter used in the generation of a Cryptographically Generated Address (CGA).

Parameters

sec

Specifies the security parameter.

Values: 0 to 1

Platforms

7705 SAR Gen 2

security-policy

Syntax

security-policy security-policy-id [create]

no security-policy security-policy-id

Context

[Tree] (config>router>ipsec security-policy)

[Tree] (config>service>vprn>ipsec security-policy)

Full Context

configure router ipsec security-policy

configure service vprn ipsec security-policy

Description

This command configures a security policy to use for an IPsec tunnel.

The no form of this command removes the security policy ID from the configuration.

Parameters

security-policy-id

specifies a value to be assigned to a security policy.

Values: 1 to 32768

create: Keyword used to create the security policy instance. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7705 SAR Gen 2

security-policy

Syntax

security-policysecurity-policy-id [strict-match]

no security-policy

Context

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel security-policy)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel security-policy)

[Tree] (config>router>if>ipsec>ipsec-tunnel security-policy)

[Tree] (config>service>vprn>if>sap>ipsec-tunnel security-policy)

Full Context

configure service ies interface ipsec ipsec-tunnel security-policy

configure service vprn interface ipsec ipsec-tunnel security-policy

configure router interface ipsec ipsec-tunnel security-policy

configure service vprn interface sap ipsec-tunnel security-policy

Description

This command configures an IPsec security policy. The policy may then be associated with static IPsec tunnels defined in the same routing instance.

With strict-match parameter enabled, when a CREATE_CHILD exchange request is received for a static IPsec tunnel, and this request is not a re-key request, then ISA matches the received TSi and TSr with the configured security policy. This can be a match only when a received TS (in TSi or TSr) address range matches exactly with the subnet in a security policy entry.

If there is no match, then the setup fails, and TS_UNACCEPTABLE is sent.

If there is a match, but there is an existing CHILD_SA for the matched security policy, then the setup fails, and NO_PROPOSAL_CHOSEN.

If there is a match, and there is not CHILD_SA for the matched entry, then the subnet is sent in the matched security-policy entry as TSi and TSr, and the CHILD_SA is created.

Default

no security-policy

Parameters

security-policy-id

Specifies the IPsec security policy entry that the tunnel will use.

Values: 1 to 32768

strict-match: Enables strict match of security-policy entry.

Platforms

7705 SAR Gen 2

segment

Syntax

segment [segment-id] [create]

no segment segment-id

Context

[Tree] (conf>router>segment-routing>sr-policies>policy>seg-list segment)

Full Context

configure router segment-routing sr-policies static-policy segment-list segment

Description

This command creates the context to configure a segment inside a segment-list of a statically-defined segment routing policy candidate path.

A segment list of a statically-defined SR policy candidate path of type sr-mpls can only accept a segment of type mpls-label.

A segment list of a statically-defined SR policy candidate path of type srv6 can only accept a segment of type srv6-sid. However, you can mix SRv6 segments derived from both classic SRv6 and micro-segment SRv6 locators.

The no form of this command deletes the segment context.

Default

no segment

Parameters

segment-id

Specifies the segment ID number.

Values: 1 to 11 (for segment ID type mpls-label); 1 to 7 (for segment ID type srv6-sid) in a classic SRv6 policy candidate path; 1 to 24 (for segment ID type srv6-sid) in a micro-segment SRv6 policy candidate path

create: Keyword used to create the list.

Platforms

7705 SAR Gen 2

segment-list

Syntax

segment-list segment-list

no segment-list

Context

[Tree] (config>saa>test>type-multi-line>lsp-ping>sr-policy segment-list)

Full Context

configure saa test type-multi-line lsp-ping sr-policy segment-list

Description

This command configures the segment list ID.

The no form of this command removes the configuration.

Parameters

segment-list

Specifies the segment list number.

Values: 1 to 32

Platforms

7705 SAR Gen 2

segment-list

Syntax

segment-list [1..32] [create]

no segment-list list

Context

[Tree] (conf>router>segment-routing>sr-policies>policy segment-list)

Full Context

configure router segment-routing sr-policies static-policy segment-list

Description

This command creates the context to configure a segment list for the statically-defined segment routing policy candidate path.

Up to 32 segment lists are supported per policy.

The no form of this command deletes the segment list.

Parameters

create: Keyword used to create the segment list.

Platforms

7705 SAR Gen 2

segment-list

Syntax

segment-list segment-list-id

no segment-list

Context

[Tree] (config>oam-pm>session>ip>tunnel>mpls>sr-policy segment-list)

Full Context

configure oam-pm session ip tunnel mpls sr-policy segment-list

Description

This command configures the segment list ID for the specific policy.

The no form of this command removes segment list ID.

Default

no segment-list

Parameters

segment-list-id

Specifies the segment list ID.

Values: 1 to 32

Platforms

7705 SAR Gen 2

segment-routing

Syntax

segment-routing

Context

[Tree] (config>router>bgp segment-routing)

Full Context

configure router bgp segment-routing

Description

Commands in this context configure options related to BGP segment routing (prefix SID support).

Platforms

7705 SAR Gen 2

segment-routing

Syntax

segment-routing

no segment-routing

Context

[Tree] (config>router>isis segment-routing)

Full Context

configure router isis segment-routing

Description

Commands in this context configure segment routing parameters within a given IGP instance.

Segment routing adds to IS-IS and OSPF routing protocols the ability to perform shortest path routing and source routing using the concept of abstract segment. A segment can represent a local prefix of a node, a specific adjacency of the node (interface or next-hop), a service context, or a specific explicit path over the network. For each segment, the IGP advertises an identifier referred to as Segment ID (SID).

When segment routing is used together with MPLS data plane, the SID is a standard MPLS label. A router forwarding a packet using segment routing will thus push one or more MPLS labels.

Segment routing using MPLS labels can be used in both shortest path routing applications and in traffic engineering applications. This feature implements the shortest path forwarding application.

After segment routing is successfully enabled in the IS-IS or OSPF instance, the router will perform the following operations:

Advertise the Segment Routing Capability Sub-TLV to routers in all areas/levels of this IGP instance. However, only neighbors with which it established an adjacency interprets the SID or label range information and use it for calculating the label to swap to or push for a given resolved prefix SID.
Advertise the assigned index for each configured node SID in the new prefix SID sub-TLV with the N-flag (node-SID flag) set. Then the segment routing module programs the incoming label map (ILM) with a pop operation for each local node SID in the data path.
Assign and advertise automatically an adjacency SID label for each formed adjacency over a network IP interface in the new adjacency SID sub-TLV. The segment routing module programs the incoming label map (ILM) with a pop operation, in effect with a swap to an implicit null label operation, for each advertised adjacency SID.
Resolve received prefixes and if a prefix SID sub-TLV exists, the Segment Routing module programs the ILM with a swap operation and also an LTN with a push operation both pointing to the primary/LFA NHLFE. An SR tunnel is also added to the TTM.

When the user enables segment routing in a given IGP instance, the main SPF and LFA SPF are computed normally and the primary next-hop and LFA backup next-hop for a received prefix are added to RTM without the label information advertised in the prefix SID sub-TLV.

Platforms

7705 SAR Gen 2

segment-routing

Syntax

[no] segment-routing

Context

[Tree] (config>router>ospf segment-routing)

Full Context

configure router ospf segment-routing

Description

Commands in this context configure segment routing parameters within an IGP instance.

Segment routing adds to IS-IS, OSPF, or OSPF3 routing protocols the ability to perform shortest path routing and source routing using the concept of abstract segment. A segment can represent a local prefix of a node, a specific adjacency of the node (interface or next hop), a service context, or a specific explicit path over the network. For each segment, the IGP advertises an identifier referred to as a segment ID (SID).

When segment routing is used together with the MPLS data plane, the SID is a standard MPLS label. A router forwarding a packet using segment routing will thus push one or more MPLS labels.

Segment routing using MPLS labels can be used in both shortest path routing applications and traffic engineering applications. This feature implements the shortest path forwarding application.

After segment routing is successfully enabled in the IS-IS, OSPF, or OSPF3 instance, the router will perform the following operations:

Advertise the Segment Routing Capability sub-TLV to routers in all areas or levels of the IGP instance. However, only neighbors with which the IGP instance established an adjacency will interpret the SID and label range information and use it for calculating the label to swap to or push for a particular resolved prefix SID.
Advertise the assigned index for each configured node SID in the new prefix SID sub-TLV with the N-flag (node SID flag) set. The segment routing module then programs the incoming label map (ILM) with a pop operation for each local node SID in the data path.
Automatically assign and advertise an adjacency SID label for each formed adjacency over a network IP interface in the new adjacency SID sub-TLV. The segment routing module programs the incoming label map (ILM) with a pop operation, in effect with a swap to an implicit null label operation, for each advertised adjacency SID.
Resolve received prefixes, and if a prefix SID sub-TLV exists, the segment routing module programs the ILM with a swap operation and programs an LSP ID to NHLFE (LTN) with a push operation, both pointing to the primary/LFA NHLFE. An SR tunnel is also added to the TTM.

When the user enables segment routing in an IGP instance, the main SPF and LFA SPF are computed normally and the primary next hop and LFA backup next hop for a received prefix are added to the RTM without the label information advertised in the prefix SID sub-TLV.

Platforms

7705 SAR Gen 2

segment-routing

Syntax

segment-routing

Context

[Tree] (config>router segment-routing)

Full Context

configure router segment-routing

Description

This command creates a context to configure protocol-independent parameters relating to segment routing.

Platforms

7705 SAR Gen 2

sel-mcast-advertisement

Syntax

[no] sel-mcast-advertisement

Context

[Tree] (config>service>vpls>bgp-evpn sel-mcast-advertisement)

Full Context

configure service vpls bgp-evpn sel-mcast-advertisement

Description

This command enables the advertisement of BGP EVPN Selective Multicast Ethernet Tag (SMET) routes.

The no form of this command disables the advertisement of BGP EVPN SMET routes.

Default

no sel-mcast-advertisement

Platforms

7705 SAR Gen 2

selection-criteria

Syntax

selection-criteria [best-port | highest-count | highest-weight] [slave-to-partner] [ subgroup-hold-time hold-time]

no selection-criteria

Context

[Tree] (config>lag selection-criteria)

Full Context

configure lag selection-criteria

Description

This command specifies which selection criteria should be used to select the active sub-group. If there is a tie for highest-count or highest-weight, the LAG will prefer the port with the lowest priority. If that does not break the tie, the currently active subgroup will stay active (that is, non-revertive behavior).

The no form of this command reverts to the default value.

Default

selection-criteria highest-count

Parameters

highest-count: Selects a sub-group with the highest number of eligible members as an active sub-group (not applicable to "power-off” mode of operations).

highest-weight: Selects a sub-group with the highest aggregate weight as an active subgroup (not applicable to "power-off” mode of operations). Aggregate weight is calculated as the sum of (65535 - port priority) all ports within a sub-group.

best-port: Selects a sub-group containing the port with highest priority port as an active subgroup. In case of equal port priorities, the sub-group containing the port with the lowest port-id is chosen.

slave-to-partner: The slave-to-partner keyword specifies that it, together with the selection criteria, should be used to select the active sub-group. An eligible member is a LAG-member link which can potentially become active. This means it is operationally up (not disabled) for use by the remote side. The slave-to-partner keyword can be used to control whether or not this latter condition is taken into account.

hold-time

Applicable with LACP enabled. Specifies the optional delay timer for switching to a newly selected active sub-group from the existing active sub-group. The timer delay applies only if the existing sub-group remains operationally up.

Values


not specified	Equivalent to specifying a value of 0. Specifies no delay and to switchover immediately to a new candidate active sub-group.
0 to 2000	Integer specifying the timer value in 10ths of a second.
infinite	Do not switchover from existing active sub-group if the subgroup remains UP. Manual switchover possible using tools perform lag force command.

Platforms

7705 SAR Gen 2

selective-label-ip

Syntax

selective-label-ip {no-install | route-table-install-only}

no selective-label-ip

Context

[Tree] (config>router>bgp selective-label-ip)

Full Context

configure router bgp selective-label-ip

Description

This command configures selective-label-ip for the BGP level.

The no-install option conserves labeled route table space on BGP-LU next-hop-self route reflectors. This option causes BGP-LU routes to be reflected downstream via the ABR with the next-hop-self update. BGP-LU routes are not installed to local MPLS tables or routing tables for use by local services.

The route-table-install-only option conserves labeled route table space on BGP-LU next-hop-self route reflectors and allows these routes to be used for IP transport, unlike the no-install option. When the route-table-install-only option is used, learned BGP-LU routes are also reflected downstream via the ABR with the next-hop-self update. BGP-LU routes are not installed to local MPLS tables for use by local services. These routes are installed to the RTM and used for the best route selection process.

Note: If local services need to use BGP-LU routes, the no-install and route-table-install-only options should not be used.

The default no form of this command installs BGP-LU routes to the datapath for local services and makes them available to the RTM for IP next-hop selection.

Default

no selective-label-ip

Parameters

no-install: Specifies that BGP-LU routes are not installed to local MPLS tables or routing tables.

route-table-install-only: Specifies the installation of BGP-LU routes to the RTM. BGP-LU routes are not installed to local MPLS tables for use by local services.

Platforms

7705 SAR Gen 2

selective-label-ip-prioritization

Syntax

[no] selective-label-ip-prioritization

Context

[Tree] (config>router>bgp selective-label-ip-prioritization)

Full Context

configure router bgp selective-label-ip-prioritization

Description

This command enables selective-label IP prioritization for BGP labeled IPv4 and IPv6 routes.

When this command is configured, every received labeled IPv4 and IPv6 route that is potentially usable by a local service is automatically prioritized for fast control plane reconvergence. When the reachability of a BGP next-hop changes, these labeled IPv4 and IPv6 routes are updated into the route table first, along with other routes manually tagged as high priority by import policies.

A /32 or /128 labeled unicast route (and associated BGP-LU tunnel) is determined to be potentially usable by a local service if one of the following conditions is met:

the route matches the far-end address of a user-provisioned SDP of an Layer 2 service and the SDP is configured to use BGP tunnels as transport
the route matches the BGP next-hop address of a BGP-EVPN or IP VPN route, and this VPN route is either imported into a local service or readvertised by the router acting as a next-hop-self route-reflector or a model-B ASBR

The no form of this command disables selective-label IP prioritization for BGP.

Default

no selective-label-ip-prioritization

Platforms

7705 SAR Gen 2

selective-label-ipv4-install

Syntax

[no] selective-label-ipv4-install

Context

[Tree] (config>router>bgp>group>neighbor selective-label-ipv4-install)

[Tree] (config>router>bgp>group selective-label-ipv4-install)

[Tree] (config>router>bgp selective-label-ipv4-install)

Full Context

configure router bgp group neighbor selective-label-ipv4-install

configure router bgp group selective-label-ipv4-install

configure router bgp selective-label-ipv4-install

Description

This command enables selective download for BGP label-ipv4 routes.

When this command is configured so that it applies to a BGP session, label-ipv4 routes received on this session are marked as invalid if they are not needed for any eligible service. A /32 label-ipv4 route is determined to be required if one of the following applies:

It matches the far-end address of a manually configured or auto-created SDP Layer 2 VLL or VPLS service and the SDP is configured to use BGP tunnels as transport.
It matches the IPv4 BGP next hop of a BGP-EVPN route and this EVPN route is either imported into a VPLS service or re-advertised by the router acting as a next-hop-self route-reflector or a model-B ASBR.
It matches the IPv4 BGP next hop of a VPN-IPv4 route and this VPN-IP route is either imported into a VPRN service or re-advertised by the router acting as a next-hop-self route-reflector or a model-B ASBR.
It matches the IPv4 address in the IPv4-mapped IPv6 address of a VPN IPv6 route and this VPN-IP route is either imported into a VPRN service or re-advertised by the router acting as a next-hop-self route-reflector or a model-B ASBR.

The no form of this command at the top (config>router>bgp) level disables the selective installation functionality. The no form of this command at the group or neighbor level causes the setting to be inherited from a higher level configuration.

Default

no selective-label-ipv4-install

Platforms

7705 SAR Gen 2

selective-learned-fdb

Syntax

[no] selective-learned-fdb

Context

[Tree] (config>service>vpls selective-learned-fdb)

Full Context

configure service vpls selective-learned-fdb

Description

This command determines which line cards FDB entries are allocated on for MAC addresses in the VPLS service in which the command is configured.

By default, FDB entries for MAC addresses in VPLS services are allocated on all line cards in the system. Enabling selective-learned-fdb causes FDB entries to be allocated only on the line cards on which the service has a configured object, which includes all line cards:

on which a SAP is configured
which have ports configured in a LAG SAP
which have ports configured in an Ethernet tunnel SAP
which have ports configured on a network interface (which also may be on a LAG) when the service has a mesh or spoke-SDP, VXLAN or EVPN-MPLS configured

Only MAC addresses with a type "L” or "Evpn” in the show output displaying the FDB can be allocated selectively, unless a MAC address configured as a conditional static MAC address is learned dynamically on an object other than its monitored object; this can be displayed with type "L” or "Evpn” but is allocated as global because of the conditional static MAC configuration.

The no form of this command returns the FDB MAC address entry allocation mode to its default where FDB entries for MAC addresses are allocated on all line cards in the system.

Default

no selective-learned-fdb

Platforms

7705 SAR Gen 2

send

Syntax

send {broadcast | multicast | none | version-1 | both}

no send

Context

[Tree] (config>service>vprn>ripng>group send)

[Tree] (config>service>vprn>rip>group send)

[Tree] (config>service>vprn>ripng send)

[Tree] (config>service>vprn>rip send)

[Tree] (config>service>vprn>ripng>group>neighbor send)

[Tree] (config>service>vprn>rip>group>neighbor send)

Full Context

configure service vprn ripng group send

configure service vprn rip group send

configure service vprn ripng send

configure service vprn rip send

configure service vprn ripng group neighbor send

configure service vprn rip group neighbor send

Description

This command configures the type of RIP messages sent to RIP neighbors. This control can be issued at the global, group or interface level. The default behavior sends RIPv2 messages with the multicast (224.0.0.9) destination address.

If version-1 is specified, the router only listens for and accepts packets sent to the broadcast address.

The no form of this command resets the type of messages sent back to the default value.

Default

no send

Parameters

broadcast: Send RIPv2 formatted messages to the broadcast address.

multicast: Send RIPv2 formatted messages to the multicast address.

none: Do not send any RIP messages (i.e. silent listener).

version-1: Send RIPv1 formatted messages to the broadcast address.

both: Send both RIP v1 & RIP v2 updates to the broadcast address.

Platforms

7705 SAR Gen 2

send

Syntax

send

Context

[Tree] (config>system>security>keychain>direction>uni send)

Full Context

configure system security keychain direction uni send

Description

This command specifies the send nodal context to sign TCP segments that are being sent by the router to another device.

Platforms

7705 SAR Gen 2

send

Syntax

send option-number

no send

Context

[Tree] (config>system>security>keychain>tcp-option-number send)

Full Context

configure system security keychain tcp-option-number send

Description

This command configures the TCP option number accepted in TCP packets sent.

Default

send 254

Parameters

option-number

Specifies an enumerated integer that indicates the TCP option number to be used in the TCP header.

Values: 253, 254, tcp-ao

Platforms

7705 SAR Gen 2

send

Syntax

send {broadcast | multicast | none | version-1}

no send

Context

[Tree] (config>router>rip>group send)

[Tree] (config>router>rip send)

[Tree] (config>router>rip>group>neighbor send)

Full Context

configure router rip group send

configure router rip send

configure router rip group neighbor send

Description

This command specifies the type of RIP messages sent to RIP neighbors.

If version-1 is specified, the router need only listen for and accept packets sent to the broadcast address.

This control can be issued at the global, group or interface level.

The no form of the command reverts to the default value.

Default

send version-1

Parameters

broadcast: Specifies send RIPv2 formatted messages to the broadcast address.

multicast: Specifies send RIPv2 formatted messages to the multicast address.

none: Specifies not to send any RIP messages (i.e. silent listener).

version-1: Specifies send RIPv1 formatted messages to the broadcast address.

Platforms

7705 SAR Gen 2

send

Syntax

send {none | ripng | unicast}

no send

Context

[Tree] (config>router>ripng>group>neighbor send)

[Tree] (config>router>ripng>group send)

[Tree] (config>router>ripng send)

Full Context

configure router ripng group neighbor send

configure router ripng group send

configure router ripng send

Description

This command specifies if RIPng are sent to RIP neighbors or not and what type of IPv6 address is to be used to deliver the messages.

This control can be issued at the global, group or interface level.

The no form of the command reverts to the default value.

Default

send ripng

Parameters

ripng: Specifies RIPng messages to be sent to the standard multicast address (FF02::9).

none: Specifies not to send any RIPng messages (i.e. silent listener).

unicast: Specifies to send RIPng updates as unicast messages to the defined unicast address configured through the unicast-address command. This option is only allowed within the neighbor context.

Platforms

7705 SAR Gen 2

send-chain

Syntax

[no] send-chain

Context

[Tree] (config>ipsec>cert-profile>entry send-chain)

Full Context

configure ipsec cert-profile entry send-chain

Description

Commands in this context configure the send-chain in the cert-profile entry.

The configuration of this command is optional, by default system will only send the certificate specified by cert command in the selected entry to the peer. This command allows system to send additional CA certificates to the peer. These additional CA certificates must be in the certificate chain of the certificate specified by the cert command in the same entry.

Platforms

7705 SAR Gen 2

send-chain

Syntax

[no] send-chain

Context

[Tree] (config>system>security>tls>cert-profile>entry send-chain)

Full Context

configure system security tls cert-profile entry send-chain

Description

This command enables the sending of certificate authority (CA) certificates, and enters the context to configure send-chain information.

By default, the system only sends the TLS server certificate or TLS client certificate specified by the cert command. If CA certificates are to be sent using send-chain, they must be in the chain of certificates specified by the config>system>security>pki>ca-profile command. The specification of the send-chain is not necessary for a working TLS profile if the TLS peer has the CA certificate used to sign the server or client certificate in its own trust anchor.

For example, given a TLS client running on SR OS, the ROOT CA certificate resides on the TLS server, but the subsequent SUB-CA certificate needed to complete the chain resides within SR OS. The send-chain command allows these SUB-CA certificates to be sent from SR OS to the peer to be authenticated using the ROOT CA certificate that resides on the peer.

The no form of the command disables the send-chain.

Default

no send-chain

Platforms

7705 SAR Gen 2

send-count

Syntax

send-count send-count

no send-count

Context

[Tree] (config>saa>test>type-multi-line>lsp-ping send-count)

[Tree] (config>saa>test>type-multi-line>lsp-ping>sr-policy send-count)

Full Context

configure saa test type-multi-line lsp-ping send-count

configure saa test type-multi-line lsp-ping sr-policy send-count

Description

This command configures the number of messages to send. The send-count value is used to override the default number of message requests sent. Each message request must either time out or receive a reply before the next message request is sent. The message interval value must be expired before the next message request is sent.

The no form of this command reverts to the default value.

Default

send-count 1

Parameters

send-count

Specifies the send count in number of packets.

Values: 1 to 100

Default: 1

Platforms

7705 SAR Gen 2

send-default

Syntax

send-default [ipv4] [ ipv6] [export-policy export-policy]

no send-default

Context

[Tree] (config>router>bgp send-default)

[Tree] (config>router>bgp>group>neighbor send-default)

[Tree] (config>router>bgp>group send-default)

Full Context

configure router bgp send-default

configure router bgp group neighbor send-default

configure router bgp group send-default

Description

This command enables the advertisement of a default route. When this command is configured to apply to an IBGP or EBGP session, the default route for IPv4 or IPv6 is automatically added to the Adj_RIB-OUT of that peer. The advertised default routes are unrelated to any default routes installed in the FIB of the local router.

If a BGP export policy allows an active default route in the FIB of the local router to be advertised and conflict with this command, the artificially generated default route overrides the advertisement of the installed default route.

The artificially generated default route is not matched by BGP export policies. To modify its attributes or decide whether it should be advertised (based on a conditional expression), a route policy must be created and referenced by the export-policy parameter. Only conditional entries with an action and no from or to criteria are parsed. If there are no such entries, only the default action is applied.

The no form of this command restores the default behavior. At the group and neighbor levels, the default behavior is to inherit the configuration from a higher level. At the instance level, the default behavior is to neither generate nor inject a default route.

Default

no send-default

Parameters

ipv4: Generates and advertises an IPv4 default route (0/0).

ipv6: Generates and advertises an IPv6 default route (::/0).

export-policy: Specifies the name of a route policy, up to 64 characters. Only the route modifications in the matching conditional-expression entry or the default action are applied. These modifications change the attributes of the advertised default routes.

Platforms

7705 SAR Gen 2

send-flush-on-failure

Syntax

[no] send-flush-on-failure

Context

[Tree] (config>service>vpls send-flush-on-failure)

Full Context

configure service vpls send-flush-on-failure

Description

This command enables sending out flush-all-from-me messages to all LDP peers included in affected VPLS, in the event of physical port failures or "operationally down” events of individual SAPs. This feature provides an LDP-based mechanism for recovering a physical link failure in a dual-homed connection to a VPLS service. This method provides an alternative to RSTP solutions where dual homing redundancy and recovery, in the case of link failure, is resolved by RSTP running between a PE router and CE devices. If the endpoint is configured within the VPLS and send-flush-on-failure is enabled, flush-all-from-me messages will be sent out only when all spoke-SDPs associated with the endpoint go down.

This feature cannot be enabled on management VPLS.

Default

no send-flush-on-failure

Platforms

7705 SAR Gen 2

send-idr-after-eap-success

Syntax

[no] send-idr-after-eap-success

Context

[Tree] (config>ipsec>ike-policy send-idr-after-eap-success)

Full Context

configure ipsec ike-policy send-idr-after-eap-success

Description

This command enables the system to add the Identification Responder (IDr) payload in the last IKE authentication response after an Extensible Authentication Protocol (EAP) Success packet is received. When disabled, the system will not include IDr payload.

The no form of this command disables sending the IDr payload in the last IKE.

Default

send-idr-after-eap-success

Platforms

7705 SAR Gen 2

send-orf

Syntax

send-orf [comm-id]

no send-orf [comm-id]

Context

[Tree] (config>router>bgp>group>outbound-route-filtering>extended-community send-orf)

[Tree] (config>router>bgp>group>neighbor>outbound-route-filtering>extended-community send-orf)

[Tree] (config>router>bgp>outbound-route-filtering>extended-community send-orf)

Full Context

configure router bgp group outbound-route-filtering extended-community send-orf

configure router bgp group neighbor outbound-route-filtering extended-community send-orf

configure router bgp outbound-route-filtering extended-community send-orf

Description

This command instructs the router to negotiate the send capability in the BGP outbound route filtering (ORF) negotiation with a peer.

This command also causes the router to send a community filter, prefix filter, or AS path filter configured as an inbound filter on the BGP session to its peer as an ORF Action ADD.

The no form of this command causes the router to remove the send capability in the BGP ORF negotiation with a peer.

The no form also causes the router to send an ORF remove action for a community filter, prefix filter, or AS path filter configured as an inbound filter on the BGP session to its peer.

If the comm-id parameters are not exclusively route target communities then the router will extract appropriate route targets and use those. If, for some reason, the comm-id parameters specified contain no route targets, then the router will not send an ORF.

Default

no send-orf

Parameters

comm-id

Specifies up to 32 community policies, which must consist exclusively of route target extended communities. If it is not specified, then the ORF policy is automatically generated from configured route target lists, accepted client route target ORFs and locally configured route targets.

Values

[target: {ip-address:comm-val | 2byte-asnumber:ext-comm-val | 4byte-asnumber:comm-val}

where:

ip-address — a.b.c.d
comm-val — 0 to 65535
2byte-asnumber — 0 to 65535
ext-comm-val — 0 to 4294967295
4byte-asnumber — 0 to 4294967295

Platforms

7705 SAR Gen 2

send-queries

Syntax

[no] send-queries

Context

[Tree] (config>service>vpls>sap>igmp-snooping send-queries)

[Tree] (config>service>vpls>spoke-sdp>igmp-snooping send-queries)

[Tree] (config>service>vpls>mesh-sdp>mld-snooping send-queries)

[Tree] (config>service>vpls>sap>mld-snooping send-queries)

[Tree] (config>service>vpls>mesh-sdp>igmp-snooping send-queries)

[Tree] (config>service>vpls>spoke-sdp>mld-snooping send-queries)

Full Context

configure service vpls sap igmp-snooping send-queries

configure service vpls spoke-sdp igmp-snooping send-queries

configure service vpls mesh-sdp mld-snooping send-queries

configure service vpls sap mld-snooping send-queries

configure service vpls mesh-sdp igmp-snooping send-queries

configure service vpls spoke-sdp mld-snooping send-queries

Description

This command specifies whether to send IGMP general query messages on the SAP or SDP.

When send-queries is configured, all type of queries generate ourselves are of the configured version. If a report of a version higher than the configured version is received, the report will get dropped and a new wrong version counter will get incremented. If send-queries is not configured, the version command has no effect. The version used will be the version of the querier. This implies that, for example, when we have a v2 querier, we will never send out a v3 group or group-source specific query when a host wants to leave a certain group.

If mrouter-port is enabled on this SAP or spoke SDP, the send-queries command parameter cannot be set.

The no form of this command disables the IGMP general query messages.

Default

no send-queries

Platforms

7705 SAR Gen 2

send-queries

Syntax

[no] send-queries

Context

[Tree] (config>service>pw-template>igmp-snooping send-queries)

Full Context

configure service pw-template igmp-snooping send-queries

Description

This command specifies whether to send IGMP general query messages.

When send-queries is configured, all type of queries generated are of the configured version. If a report of a version higher than the configured version is received, the report will get dropped and a new wrong version counter will get incremented.

If send-queries is not configured, the version command has no effect. The version used on that SAP or SDP will be the version of the querier. This implies that, for example, when we have a v2 querier, we will never send out a v3 group or group-source specific query when a host wants to leave a certain group.

Default

no send-queries

Platforms

7705 SAR Gen 2

send-refresh

Syntax

send-refresh seconds

no send-refresh

Context

[Tree] (config>service>vpls>proxy-nd send-refresh)

[Tree] (config>service>vpls>proxy-arp send-refresh)

Full Context

configure service vpls proxy-nd send-refresh

configure service vpls proxy-arp send-refresh

Description

If enabled, this command will make the system send a refresh at the configured time. A refresh message is an ARP-request message that uses 0s as sender's IP for the case of a proxy-ARP entry. For proxy-ND entries, a refresh is a regular NS message using the chassis-mac as MAC source-address.

Default

no send-refresh

Parameters

seconds

Specifies the send-refresh in seconds.

Values: 120 to 86400

Platforms

7705 SAR Gen 2

send-release

Syntax

[no] send-release

Context

[Tree] (config>service>ies>if>sap>ipsec-gw>dhcp send-release)

[Tree] (config>service>ies>if>sap>ipsec-gw>dhcp6 send-release)

[Tree] (config>service>vprn>if>sap>ipsec-gw>dhcp6 send-release)

[Tree] (config>service>vprn>if>sap>ipsec-gw>dhcp send-release)

Full Context

configure service ies interface sap ipsec-gw dhcp send-release

configure service ies interface sap ipsec-gw dhcp6 send-release

configure service vprn interface sap ipsec-gw dhcp6 send-release

configure service vprn interface sap ipsec-gw dhcp send-release

Description

This command enables the system to send a DHCPv4/v6 release message when the IPsec tunnel is removed.

Default

no send-release

Platforms

7705 SAR Gen 2

send-to-ebgp

Syntax

send-to-ebgp family [ family]

no send-to-ebgp

Context

[Tree] (config>service>vprn>bgp>group>link-bandwidth send-to-ebgp)

[Tree] (config>service>vprn>bgp>group>neighbor>link-bandwidth send-to-ebgp)

Full Context

configure service vprn bgp group link-bandwidth send-to-ebgp

configure service vprn bgp group neighbor link-bandwidth send-to-ebgp

Description

This command configures BGP to allow link-bandwidth extended community to be sent in routes advertised to EBGP peers in the scope of the command, as long the routes belong to one of the listed address families.

The link-bandwidth extended community is encoded as a non-transitive type. This means that by default it should not be attached to any route advertised to an EBGP peer and it should be discarded when received in any route from an EBGP peer. This command overrides the standard behavior.

Up to three families may be configured.

The no form of this command restores the default behavior of stripping the link-bandwidth extended community from any route advertised to an EBGP peer.

Default

no send-to-ebgp

Parameters

family

Specifies the address families for which receiving the link-bandwidth extended community from EBGP peers should be supported.

Values

ipv4 — Adds a link-bandwidth extended community to unlabeled unicast IPv4 routes.

label-ipv4 — Adds a link-bandwidth extended community to labeled-unicast IPv4 routes.

ipv6 — Adds a link-bandwidth extended community to unlabeled unicast IPv6 routes.

Platforms

7705 SAR Gen 2

send-to-ebgp

Syntax

send-to-ebgp family [ family]

no send-to-ebgp

Context

[Tree] (config>router>bgp>group>neighbor>link-bandwidth send-to-ebgp)

[Tree] (config>router>bgp>group>link-bandwidth send-to-ebgp)

Full Context

configure router bgp group neighbor link-bandwidth send-to-ebgp

configure router bgp group link-bandwidth send-to-ebgp

Description

This command configures BGP to allow link-bandwidth extended community to be sent in routes advertised to EBGP peers in the scope of the command, as long the routes belong to one of the listed address families.

The link-bandwidth extended community is encoded as a non-transitive type. This means that by default it should not be attached to any route advertised to an EBGP peer and it should be discarded when received in any route from an EBGP peer. This command overrides the standard behavior.

Up to six families may be configured.

The no form of this command restores the default behavior of stripping the link-bandwidth extended community from any route advertised to an EBGP peer.

Default

no send-to-ebgp

Parameters

family

Specifies the address families for which receiving the link-bandwidth extended community from EBGP peers should be supported.

Values

ipv4 — Adds a link-bandwidth extended community to unlabeled unicast IPv4 routes.

label-ipv4 — Adds a link-bandwidth extended community to labeled-unicast IPv4 routes.

vpn-ipv4 — Adds a link-bandwidth extended community to IPv4 VPN (SAFI 128) routes.

ipv6 — Adds a link-bandwidth extended community to unlabeled unicast IPv6 routes.

label-ipv6 — Adds a link-bandwidth extended community to labeled-unicast IPv6 routes.

vpn-ipv6 — Adds a link-bandwidth extended community to IPv6 VPN (SAFI 128) routes.

Platforms

7705 SAR Gen 2

send-tunnel-encap

Syntax

send-tunnel-encap [mpls] [mplsoudp]

no send-tunnel-encap

Context

[Tree] (config>service>epipe>bgp-evpn>mpls send-tunnel-encap)

[Tree] (config>service>vpls>bgp-evpn>mpls send-tunnel-encap)

[Tree] (config>service>vprn>bgp-evpn>mpls send-tunnel-encap)

Full Context

configure service epipe bgp-evpn mpls send-tunnel-encap

configure service vpls bgp-evpn mpls send-tunnel-encap

configure service vprn bgp-evpn mpls send-tunnel-encap

Description

This command configures the encapsulation to be advertised with the EVPN routes for the service. The encapsulation is encoded in RFC 5512-based tunnel encapsulation extended communities.

When used in the bgp-evpn>mpls context, the supported options are none (no send-tunnel-encap), mpls, mplsoudp or both.

When used in the bgp-evpn>vxlan context, the supported options are send-tunnel-encap (the router signals a VXLAN value) or no send-tunnel-encap (no encapsulation extended community is sent).

Default

send-tunnel-encap mpls (in the config>service>vpls>bgp-evpn>mpls context)

send-tunnel-encap (in the config>service>vpls>bgp-evpn>vxlan context)

Parameters

mpls: Specifies the MPLS-over-UDP encapsulation value in the RFC 5512 encapsulation extended community.

mplsoudp: Specifies the MPLS encapsulation value in the RFC 5512 encapsulation extended community.

Platforms

7705 SAR Gen 2

sensor-group

Syntax

sensor-group name [ create]

no sensor-group name

Context

[Tree] (config>system>telemetry>sensor-groups sensor-group)

Full Context

configure system telemetry sensor-groups sensor-group

Description

Commands in this context configure sensor-related commands.

The no form of this command removes the configuration.

Parameters

name: Specifies the sensor group name, up to 32 characters.

create: Keyword used to create a sensor group.

Platforms

7705 SAR Gen 2

sensor-group

Syntax

sensor-group name

no sensor-group

Context

[Tree] (config>system>telemetry>persistent-subscriptions>subscription sensor-group)

Full Context

configure system telemetry persistent-subscriptions subscription sensor-group

Description

This command assigns an existing sensor group to the specified persistent subscription. If no valid paths exist in the sensor group, the configuration is accepted; however, no gRPC connection is established when persistent subscription is activated.

The no form of this command removes the configuration.

Parameters

name: Specifies the sensor group name, up to 32 characters.

Platforms

7705 SAR Gen 2

sensor-groups

Syntax

sensor-groups

Context

[Tree] (config>system>telemetry sensor-groups)

Full Context

configure system telemetry sensor-groups

Description

Commands in this context configure a sensor group.

Platforms

7705 SAR Gen 2

serial-notify

Syntax

[no] serial-notify

Context

[Tree] (debug>router>rpki-session>packet serial-notify)

Full Context

debug router rpki-session packet serial-notify

Description

This command enables debugging for serial notify RPKI packets.

The no form of this command disables debugging for serial notify RPKI packets.

Platforms

7705 SAR Gen 2

serial-query

Syntax

[no] serial-query

Context

[Tree] (debug>router>rpki-session>packet serial-query)

Full Context

debug router rpki-session packet serial-query

Description

This command enables debugging for serial query RPKI packets.

The no form of this command disables debugging for serial query RPKI packets.

Platforms

7705 SAR Gen 2

server

Syntax

server ipv6z-address [ipv6z-address]

no server [ipv6z-address]

Context

[Tree] (config>service>ies>if>ipv6>dhcp6-relay server)

Full Context

configure service ies interface ipv6 dhcp6-relay server

Description

This command specifies a list of servers where DHCP6 requests are forwarded. The list of servers can be entered as either IP addresses or fully qualified domain names. There must be at least one server specified for DHCP6 relay to work. If there are multiple servers, the request is forwarded to all servers in the list.

The no form of this command reverts to the default.

Parameters

ipv6z-address

Specifies up to eight non-global IPv4 addresses including a zone index as defined by the InetAddressIPv4z textual convention.

Values


ipv6z-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x: [0 to FFFF]H
	d: [0 to 255]D

Platforms

7705 SAR Gen 2

server

Syntax

server server1 [server2]

Context

[Tree] (config>service>vprn>if>dhcp server)

[Tree] (config>service>ies>if>dhcp server)

Full Context

configure service vprn interface dhcp server

configure service ies interface dhcp server

Description

This command specifies a list of servers where requests are forwarded. The list of servers can be entered as either IP addresses or fully qualified domain names. There must be at least one server specified for DHCP relay to work. If there are multiple servers then the request is forwarded to all servers in the list.

There can be a maximum of 8 DHCP servers configured.

The no form of this command reverts to the default.

Parameters

server: Specifies up to eight DHCP server IP addresses.

Platforms

7705 SAR Gen 2

server

Syntax

server server-index name server-name

no server server-index

Context

[Tree] (config>aaa>radius-srv-plcy>servers server)

Full Context

configure aaa radius-server-policy servers server

Description

This command adds a RADIUS server.

The no form of this command removes a RADIUS server.

Parameters

index

Specifies the index for the RADIUS server. The index determines the sequence in which the servers are queried for authentication requests. Servers are queried in order from lowest to highest index.

Values: 1 to 5

server-name: Specifies the server name, up to 32 characters.

Platforms

7705 SAR Gen 2

server

Syntax

server server-name [address ip-address] [secret key] [hash | hash2| custom] [create]

no server server-name

Context

[Tree] (config>router>radius-server server)

[Tree] (config>service>vprn>radius-server server)

Full Context

configure router radius-server server

configure service vprn radius-server server

Description

This command either specifies an external RADIUS server in the corresponding routing instance or enters configuration context of an existing server. The configured server could be referenced in the radius-server-policy.

The no form of this command removes the parameters from the server configuration.

Parameters

server-name: Specifies the name of the external RADIUS server.

ip-address: Specifies the IPv4 or IPv6 IP address of the external RADIUS server.

key: Specifies the shared secret key of the external RADIUS server, up to 64 characters.

hash: Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2: Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom: Specifies the custom encryption to management interface.

Platforms

7705 SAR Gen 2

server

Syntax

server index address ip-address secret key [{hash | hash2 | custom}] [port port]

no server index

Context

[Tree] (config>service>vprn>aaa>rmt-srv>tacplus server)

[Tree] (config>system>security>tacplus server)

Full Context

configure service vprn aaa remote-servers tacplus server

configure system security tacplus server

Description

This command adds a TACACS+ server and configures the TACACS+ server IP address, index, and key values.

Up to five TACACS+ servers can be configured at any one time. TACACS+ servers are accessed in order from lowest index to the highest index for authentication requests.

The no form of this command removes the server from the configuration.

Default

No TACACS+ servers are configured.

Parameters

index

Specifies the index for the TACACS+ server. The index determines the sequence in which the servers are queried for authentication requests. Servers are queried in order from the lowest index to the highest index.

Values: 1 to 5

ip-address

Specifies the IP address of the TACACS+ server. Two TACACS+ servers cannot have the same IP address. An error message is generated if the server address is a duplicate.

Values


ipv4-address	a.b.c.d (host bits must be 0)
ipv6-address	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x: [0..FFFF]H
	d: [0..255]D

key

Specifies the secret key, up to 128 characters, for access to the TACACS+ server. This secret key must match the password on the TACACS+ server.

Values: Up to 128 characters in length.

hash: Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2: Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom: Specifies the custom encryption to management interface.

port

Specifies the port ID.

Values: 0 to 65535

Platforms

7705 SAR Gen 2

server

Syntax

server ipv6-address [ ipv6-address]

no server

Context

[Tree] (config>service>vprn>router-advert>dns-options server)

[Tree] (config>service>vprn>router-advert>if>dns-options server)

Full Context

configure service vprn router-advertisement dns-options server

configure service vprn router-advertisement interface dns-options server

Description

This command specifies the IPv6 DNS servers to include in the RDNSS option in Router Advertisements. When specified at the router advertisement level this applies to all interfaces that have include-dns enabled, unless the interfaces have more specific dns-options configured.

Parameters

ipv6-address: Specifies the IPv6 address of the DNS server(s), up to a maximum of four, specified as eight 16-bit hexadecimal pieces.

Platforms

7705 SAR Gen 2

server

Syntax

server ip-address[ip-address] router router-instance

server ip-address [ip-address] service-name service-name

no server

Context

[Tree] (config>service>vprn>if>sap>ipsec-gw>dhcp server)

[Tree] (config>service>ies>if>sap>ipsec-gw>dhcp server)

Full Context

configure service vprn interface sap ipsec-gw dhcp server

configure service ies interface sap ipsec-gw dhcp server

Description

This command specifies up to eight DHCPv4 server addresses for DHCPv4-based address assignment. If multiple server addresses are specified, the first advertised DHCPv4 address received is chosen.

Default

no server

Parameters

ip-address

Specifies up to eight unicast IPv4 addresses.

Values


ipv4-address	a.b.c.d

router-instance

Specifies the router instance ID used to reach the configured server address.

This variant of this command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic). The server ip-address service-name service-name variant can be used in all configuration modes.

Values

{router-name | vprn-svc-id}


vprn-svc-id:	1 to 2147483647
router-name:	router-name is an alias for input only. The router-name gets replaced with an id automatically by SR OS in the configuration).

Default: Base

service-name: Specifies the name of the IES or VPRN service used to reach the configured server address, up to 64 characters.

Platforms

7705 SAR Gen 2

server

Syntax

server ipv6-address[ipv6-address] router router-instance

server ipv6-address [ ipv6-address] service-name service-name

no server

Context

[Tree] (config>service>vprn>if>sap>ipsec-gw>dhcp6 server)

[Tree] (config>service>ies>if>sap>ipsec-gw>dhcp6 server)

Full Context

configure service vprn interface sap ipsec-gw dhcp6 server

configure service ies interface sap ipsec-gw dhcp6 server

Description

This command specifies up to eight DHCPv6 server addresses for DHCPv6-based address assignment. If multiple server addresses are specified, the first advertised DHCPv6 address received is chosen.

Default

no server

Parameters

ipv6-address

Specifies up to eight unicast global unicast IPv6 addresses.

Values


ipv6-address	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x - [0..FFFF]H
	d - [0..255]D

router-instance

Specifies the router instance ID used to reach the configured server address.

This variant of this command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic). The server ip-address service-name service-name variant can be used in all configuration modes.

Values

{router-name | vprn-svc-id}


vprn-svc-id:	1 to 2147483647
router-name:	router-name is an alias for input only. The router-name gets replaced with an id automatically by SR OS in the configuration).

Default: Base

service-name: Specifies the name of the IES or VPRN service used to reach the configured server address, up to 64 characters.

Platforms

7705 SAR Gen 2

server

Syntax

server

Context

[Tree] (config>test-oam>twamp server)

Full Context

configure test-oam twamp server

Description

This command configures the node for TWAMP server functionality.

Platforms

7705 SAR Gen 2

server

Syntax

server server [server]

Context

[Tree] (config>router>if>dhcp server)

Full Context

configure router interface dhcp server

Description

This command specifies a list of servers where requests will be forwarded. The list of servers can be entered as either IP addresses or fully qualified domain names. There must be at least one server specified for DHCP relay to work. If there are multiple servers then the request is forwarded to all of the servers in the list. There can be a maximum of eight DHCP servers configured.

The flood command is applicable only in the VPLS case. There is a scenario with VPLS where the VPLS node only wants to add Option 82 information to the DHCP request to provider per-subscriber information, but it does not do full DHCP relay. In this case, the server is set to "flood". This means the DHCP request is still a broadcast and is sent through the VPLS domain. A node running at Layer 3 further upstream then can perform the full Layer 3 DHCP relay function.

Default

no server

Parameters

server: Specifies the DHCP server IP address. A maximum of eight servers can be specified in a single statement.

Platforms

7705 SAR Gen 2

server

Syntax

server ipv6-address [ipv6-address]

no server

Context

[Tree] (config>router>router-advert>if>dns-options server)

[Tree] (config>router>router-advert>dns-options server)

Full Context

configure router router-advertisement interface dns-options server

configure router router-advertisement dns-options server

Description

This command specifies the IPv6 DNS servers to include in the RDNSS option in Router Advertisements. When specified at the router advertisement level this applies to all interfaces that have include-dns enabled, unless the interfaces have more specific dns-options configured.

Parameters

ipv6-address: Specifies the IPv6 address of the DNS servers as eight 16-bit hexadecimal pieces. A maximum of four ipv6 addresses can be specified in a single statement.

Platforms

7705 SAR Gen 2

server

Syntax

server [routerrouter-instance | service-name service-name] {ip-address | ipv6-address |ptp} [key-id key-id | authentication-keychain keychain-name] [version version] [prefer]

no server [routerrouter-instance | service-name service-name] {ip address | ipv6-address | ptp}

Context

[Tree] (config>system>time>ntp server)

Full Context

configure system time ntp server

Description

This command configures the node to operate in client mode with the NTP server specified in the address field of this command.

If the internal PTP process is used as a source of time for System Time and OAM time then it must be specified as a server for NTP. If PTP is specified, the prefer parameter must be specified. After PTP has established a UTC traceable time from an external grandmaster it is always the source for time into NTP, even if PTP goes into time holdover.

Using the internal PTP time source for NTP promotes the internal NTP server to stratum 1 level, which may impact the NTP network topology.

The no form of this command removes the server with the specified address from the configuration.

Parameters

router-instance

Specifies the routing context that contains the interface in the form of router-name or service-id.

Values

router-name — Base | Management

service-id — 1 to 2147483647

Default: Base

service name: Specifies the service name for the VPRN, up to 64 characters. CPM routing instances are not supported.

ip-address

Configures the IPv4 address of an external NTP server.

Values: a.b.c.d

ipv6-address

Configures the IPv6 address of an external NTP server.

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)
x:x:x:x:x:x:d.d.d.d
x: [0 to FFFF] H
d: [0 to 255] D

key-id

Specifies the key ID that identifies the configured authentication key and authentication type used by this node to transmit NTP packets to an NTP server. If an NTP packet is received by this node, the authentication key-id, type, and key value must be valid, otherwise the packet is rejected and an event/trap generated. This is an optional parameter.

Values: 1 to 255

keychain-name: Identifies the keychain name, up to 32 characters.

version

Configures the NTP version number that is expected by this node. This is an optional parameter.

Values: 2 to 4

Default: 4

ptp: Configures the internal PTP process as a time server into the NTP process. The prefer parameter is mandatory with this server option.

prefer: Specifies that, when configuring more than one peer, one remote system can be configured as the preferred peer. When a second peer is configured as preferred, the new entry overrides the old entry.

Platforms

7705 SAR Gen 2

server

Syntax

server

Context

[Tree] (config>system>security>ssh>key-re-exchange server)

Full Context

configure system security ssh key-re-exchange server

Description

This command enables the key re-exchange context for the SSH server.

Platforms

7705 SAR Gen 2

server

Syntax

server index address ip-address secret key [hash | hash2 | custom] [tls-client-profile profile] [authenticator {md5 | sm3}]

no server index

Context

[Tree] (config>service>vprn>aaa>rmt-srv>radius server)

[Tree] (config>system>security>radius server)

Full Context

configure service vprn aaa remote-servers radius server

configure system security radius server

Description

This command adds a RADIUS server and configures the IP address, index, and key values.

Up to five RADIUS servers can be configured at any one time. For authentication requests, RADIUS servers are accessed in order from the lowest to highest index until a response from a server is received. A higher indexed server is only queried if no response is received from a lower indexed server (which implies that the server is not available). If a response from a server is received, no other RADIUS servers are queried. It is assumed that there are multiple identical servers configured as backups and that the servers do not have redundant data.

The no form of this command removes the server from the configuration.

Default

no server

Parameters

index

Specifies the index for the RADIUS server. The index determines the sequence in which the servers are queried for authentication requests. Servers are queried in order from lowest to highest index.

Values: 1 to 5

ip-address

Specifies the IP address of the RADIUS server. Two RADIUS servers cannot have the same IP address. An error message is generated if the server address is a duplicate.

Values


ipv4-address	a.b.c.d (host bits must be 0)
ipv6-address	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x: [0..FFFF]H
	d: [0..255]D

key: Specifies the secret key to access the RADIUS server, up to 64 characters. This secret key must match the password on the RADIUS server.

hash: Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2: Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, cleartext form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

custom: Specifies the custom encryption to management interface.

tls-client-profile: Specifies the TLS profile for the RADIUS server.

profile: Specifies the TLS profile name, up to 32 characters.

md5: Specifies the MD5 hash algorithm for the RADIUS server.

sm3: Specifies the SM3 hash algorithm for the RADIUS server.

Platforms

7705 SAR Gen 2

server

Syntax

server server-index [ create]

no server server-index

Context

[Tree] (config>system>security>ldap server)

Full Context

configure system security ldap server

Description

This command configures an LDAP server. Up to five servers can be configured, which can then work in a redundant manner.

The no version of this command removes the server connection.

Parameters

server-index

Specifies a unique LDAP server connection.

Values: 1 to 5

Platforms

7705 SAR Gen 2

server

Syntax

server [ip-address | fqdn] [port port]

no server

Context

[Tree] (config>system>security>pki>est-profile server)

Full Context

configure system security pki est-profile server

Description

Commands in this context configure EST server parameters.

The no form of the command reverts to the default value.

Parameters

ip-address

Specifies the IP address of the server.

Values


ipv4-address	a.b.c.d (host bits must be 0)
ipv6-address	x:x:x:x:x:x:x:x
	x:x:x:x:x:x:d.d.d.d
	x: [0..FFFF]H
	d: [0..255]D

fqdn: Specifies to use the Fully Qualified Domain Name (FQDN) of the EST server, up to 255 characters.

port

Specifies the port number of the EST server.

Values: 1 to 65535

Default: 443

Platforms

7705 SAR Gen 2

server

Syntax

server

Context

[Tree] (config>system>security>ssh>authentication-method server)

Full Context

configure system security ssh authentication-method server

Description

Commands in this context configure, at the system level, the authentication method that the SSH server accepts for the session.

Platforms

7705 SAR Gen 2

server

Syntax

server

Context

[Tree] (config>system>security>user>ssh-auth-method server)

Full Context

configure system security user ssh-authentication-method server

Description

Commands in this context configure, at the user level, the authentication method accepted by the SSH server for the session. The user-level configuration overrides the system-level configuration.

Platforms

7705 SAR Gen 2

server-address

Syntax

server-address ip-address [version version-number] [normal | preferred]

[interval seconds]

no server-address ip-address

Context

[Tree] (config>system>time>sntp server-address)

Full Context

configure system time sntp server-address

Description

This command creates an SNTP server for unicast client mode.

Parameters

ip-address

Specifies the IP address of the SNTP server.

Values: a.b.c.d

version-number

Specifies the SNTP version supported by this server.

Values: 1 to 3

Default: 3

normal | preferred

Specifies the preference value for this SNTP server. When more than one time-server is configured, one server can have preference over others. The value for that server should be set to preferred. Only one server in the table can be a preferred server.

Default: normal

seconds

Specifies the frequency at which this server is queried.

Values: 64 to 1024

Default: 64

Platforms

7705 SAR Gen 2

server-cipher-list

Syntax

server-cipher-list

Context

[Tree] (config>system>security>ssh server-cipher-list)

Full Context

configure system security ssh server-cipher-list

Description

Commands in this context configure a list of allowed ciphers by the SSH server.

Platforms

7705 SAR Gen 2

server-cipher-list

Syntax

server-cipher-list name [create]

no server-cipher-list name

Context

[Tree] (config>system>security>tls server-cipher-list)

Full Context

configure system security tls server-cipher-list

Description

This command creates the cipher list that is compared against cipher lists sent by the client to the server in the client hello message. The list contains all ciphers that are supported and desired by SR OS for use in the TLS session. The first common cipher found in both the server and client cipher lists will be chosen. As such, the most desired ciphers should be added at the top of the list.

The no form of the command removes the cipher list.

Parameters

name: Specifies the name of the server cipher list, up to 32 characters in length.

create: Keyword used to create the server cipher list.

Platforms

7705 SAR Gen 2

server-group-list

Syntax

server-group-list name [create]

no server-group-list name

Context

[Tree] (config>system>security>tls server-group-list)

Full Context

configure system security tls server-group-list

Description

This command configures a list of TLS 1.3-supported group suite codes that the server sends in a server Hello message.

The no form of this command removes the server group list.

Parameters

name: Specifies the name of the server group list, up to 32 characters.
create: Keyword used to create the server group list.

Platforms

7705 SAR Gen 2

server-host-key-list

Syntax

server-host-key-list

Context

[Tree] (config>system>security>ssh server-host-key-list)

Full Context

configure system security ssh server-host-key-list

Description

Commands in this context configure the list of host key algorithms negotiated by the SR OS acting as the SSH server.

Platforms

7705 SAR Gen 2

server-id

Syntax

server-id duid-en hex hex-string

server-id duid-en string ascii-string

server-id duid-ll

no server-id

Context

[Tree] (config>service>vprn>dhcp6>server server-id)

[Tree] (config>router>dhcp6>server server-id)

Full Context

configure service vprn dhcp6 local-dhcp-server server-id

configure router dhcp6 local-dhcp-server server-id

Description

This command allows the operator to customize the server-id attribute of a DHCPv6 message (such as DHCPv6 advertise and reply). By default, the server-id uses DUID-ll derived from the chassis link layer address. Operators have the option to use a unique identifier by using the duid-en (vendor based on an enterprise number). There is a maximum length associated with the customizable hex-string and ascii-string.

The no form of this command reverts to the default.

Default

server-id duid-ll

Parameters

hex-string

Specifies a DUID system ID in a hex format.

Values: 0x0 to 0xFFFFFFFF (maximum 116 hex nibbles)

ascii-string: Specifies a DUID system ID in an ASCII format, up to 58 characters.

duid-ll: Specifies that the DUID system ID is derived from the system link layer address.

duid-en: Specifies the enterprise number.

Platforms

7705 SAR Gen 2

server-kex-list

Syntax

server-kex-list

Context

[Tree] (config>system>security>ssh server-kex-list)

Full Context

configure system security ssh server-kex-list

Description

This command configures SSH KEX algorithms for SR OS as an SSH server.

An empty list is the default list that the SSH KEX advertises. The default list contains the following:

ecdh-sha2-nistp512

ecdh-sha2-nistp384

ecdh-sha2-nistp256

diffie-hellman-group16-sha512

diffie-hellman-group14-sha256

diffie-hellman-group14-sha1

diffie-hellman-group-exchange-sha1

diffie-hellman-group1-sha1

Platforms

7705 SAR Gen 2

server-mac-list

Syntax

server-mac-list

Context

[Tree] (config>system>security>ssh server-mac-list)

Full Context

configure system security ssh server-mac-list

Description

This command allows the user to configure SSH MAC algorithms for SR OS as an SSH server.

Platforms

7705 SAR Gen 2

server-shutdown

Syntax

[no] server-shutdown

Context

[Tree] (config>system>security>ssh server-shutdown)

Full Context

configure system security ssh server-shutdown

Description

This command enables the SSH servers running on the system.

Default

no server-shutdown

Platforms

7705 SAR Gen 2

server-signature-list

Syntax

server-signature-list name [create]

no server-signature-list name

Context

[Tree] (config>system>security>tls server-signature-list)

Full Context

configure system security tls server-signature-list

Description

This command configures a list of TLS 1.3-supported signature suite codes for the digital signature that the server sends in a server Hello message.

The no form of this command removes the server signature list.

Parameters

name: Specifies the name of the server signature list, up to 32 characters.
create: Keyword used to create the server signature list.

Platforms

7705 SAR Gen 2

server-timeout

Syntax

server-timeout seconds

no server-timeout

Context

[Tree] (config>port>ethernet>dot1x server-timeout)

Full Context

configure port ethernet dot1x server-timeout

Description

This command configures the period during which the router waits for the RADIUS server to respond to its access request message. When this timer expires, the router will re-send the access request message, up to the specified number times.

The no form of this command returns the value to the default.

Default

server-timeout 30

Parameters

seconds

Specifies the server timeout period, in seconds.

Values: 1 to 300

Platforms

7705 SAR Gen 2

server-tls-profile

Syntax

server-tls-profile name [create]

no server-tls-profile name

Context

[Tree] (config>system>security>tls server-tls-profile)

Full Context

configure system security tls server-tls-profile

Description

This command creates a TLS server profile. This profile can be used by applications that support TLS for encryption. The applications should not send any PDUs until the TLS handshake has been successful.

The no form of the command removes the TLS server profile.

Parameters

name: Specifies the name of the TLS server profile, up to 32 characters in length.

create: Keyword used to create the TLS server profile.

Platforms

7705 SAR Gen 2

servers

Syntax

servers

Context

[Tree] (config>aaa>radius-srv-plcy servers)

Full Context

configure aaa radius-server-policy servers

Description

Commands in this context configure radius-server-policy parameters.

Platforms

7705 SAR Gen 2

service

Syntax

service service-id

no service

Context

[Tree] (config>service>vpls>sap>msap-defaults service)

Full Context

configure service vpls sap msap-defaults service

Description

This command sets default service for all subscribers created based on trigger packets received on the given capture SAP in case the corresponding VSA is not included in the RADIUS authentication response. This command is applicable to capture SAP only.

The no form of this command reverts to the default.

Parameters

service-id

Specifies the service ID as an integer or a name.

Values

service-id - 1 to 2147483648

service-name - up to 64 characters

Platforms

7705 SAR Gen 2

service

Syntax

service service-id preference preference

no service service-id

Context

[Tree] (config>router>dns>redirect-vprn service)

Full Context

configure router dns redirect-vprn service

Description

This command configures the VPRN DNS redirection for the specified service.

The no form of this command removes the service from the VPRN DNS resolution configuration.

Parameters

service-id

Specifies the unique service identification number or string identifying the service in the service domain.

Values

service-id: 1 to 2147483647

svc-name: 64 characters maximum

preference

Specifies the service preference.

Values: 0 to 255

Platforms

7705 SAR Gen 2

service

Syntax

[no] service service-id

Context

[Tree] (config>log>services-all-events service)

Full Context

configure log services-all-events service

Description

This command enables access to the entire system-wide set of log events (VPRN and non-VPRN) in the logs configured within the management VPRN specified by the service ID.

The no form of the command enables the display of VPRN events only.

Parameters

service-id

Identifies the VPRN.

Values

{id | svc-name}


id:	1 to 2147483647
svc-name:	up to 64 characters

Platforms

7705 SAR Gen 2

service

Syntax

service service-id

service name service-name

no service

Context

[Tree] (config>system>security>pki>ca-profile>ocsp service)

Full Context

configure system security pki ca-profile ocsp service

Description

This command specifies the service or routing instance that used to contact OCSP responder. This applies to OCSP responders that either configured in CLI or defined in AIA extension of the certificate to be verified.

The responder-url will also be resolved by using the DNS server configured in the configured routing instance.

With VPRN services, the system checks whether the specified service ID or service name is an existing VPRN service at the time of CLI configuration. Otherwise the configuration fails.

Parameters

service-id

Specifies an existing service ID to be used in the match criteria.

This variant of this command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic). The service name service-name variant can be used in all configuration modes.

Values: service-id: 1 to 2147483647 base-router: 0

name service-name: Identifies the service, up to 64 characters.

Platforms

7705 SAR Gen 2

service-id

Syntax

service-id service-id

no service-id

Context

[Tree] (config>subscr-mgmt>loc-user-db>ipoe>host>host-ident service-id)

Full Context

configure subscriber-mgmt local-user-db ipoe host host-identification service-id

Description

This command specifies the service ID to match for a host lookup. When the LUDB is accessed using a DHCPv4 server, the SAP ID is matched against the Nokia vendor-specific sub-option in DHCP Option 82.

The no form of this command removes the service ID from the configuration.

Parameters

service-id

Specifies an existing service ID or service name.

Values

service-id — 1 to 2147483647

service-name — up to 64 characters

Platforms

7705 SAR Gen 2

service-id

Syntax

[no] service-id

Context

[Tree] (config>service>vpls>sap>dhcp>option>vendor service-id)

[Tree] (config>service>vprn>if>dhcp>option>vendor service-id)

Full Context

configure service vpls sap dhcp option vendor-specific-option service-id

configure service vprn interface dhcp option vendor-specific-option service-id

Description

This command enables the sending of the service ID in the Nokia vendor-specific sub-option of the DHCP relay packet.

The no form of this command disables the sending of the service ID in the Nokia vendor-specific sub-option of the DHCP relay packet.

Platforms

7705 SAR Gen 2

service-id

Syntax

[no] service-id

Context

[Tree] (config>router>if>dhcp>option>vendor-specific-option service-id)

Full Context

configure router interface dhcp option vendor-specific-option service-id

Description

This command enables the sending of the service ID in the Nokia vendor-specific sub-option of the DHCP relay packet.

The no form of this command disables the sending of the service ID in the Nokia vendor-specific sub-option of the DHCP relay packet.

Default

no service-id

Platforms

7705 SAR Gen 2

service-id

Syntax

service-id service-id

no service-id

Context

[Tree] (config>redundancy>mc>peer>mcr>l3-ring>ibc service-id)

Full Context

configure redundancy multi-chassis peer mc-ring l3-ring in-band-control-path service-id

Description

This command specifies the service ID if the interface used for the inband control connection belongs to a VPRN service. If not specified, the service-id is zero and the interface must belong to the Base router. This command supersedes the configuration of a service name.

The no form of this command removes the service ID from the IBC configuration.

Parameters

service-id

Specifies a service ID or an existing service name.

Values: 1 to 214748364 - Only supported in 'classic' configuration-mode (configure>system>management-interface>configuration-mode classic)

Platforms

7705 SAR Gen 2

service-id

Syntax

service-id service-id

no service-id

Context

[Tree] (config>redundancy>mc>peer>mcr>l3ring>node>cv service-id)

Full Context

configure redundancy multi-chassis peer mc-ring l3-ring ring-node connectivity-verify service-id

Description

This command specifies the service ID of the SAP used for the ring-node connectivity verification of this ring node. This command supersedes the configuration of a service name.

The no form of the command removes the service ID from the CV configuration.

Default

no service-id

Parameters

service-id

Specifies the service ID or an existing service name.

Values: 1 to 2147483647- Only supported in "classic” configuration mode (configure system management-interface configuration-mode classic)

Platforms

7705 SAR Gen 2

service-id-lag-hashing

Syntax

[no] service-id-lag-hashing

Context

[Tree] (config>system>load-balancing service-id-lag-hashing)

Full Context

configure system load-balancing service-id-lag-hashing

Description

This command enables enhanced VLL LAG service ID hashing. This command improves the LAG spraying of VLL service packets and is applied only when both ECMP and LAG hashing are performed by the same router. By default, the ECMP interface and LAG link for all packets on the VLL service are selected based on a direct modulo operation of the service ID. This command enhances distribution and hashes the service ID prior to the LAG link modulo operation when an ECMP link modulo operation is performed.

The no form of the command preserves the default behavior of VLL LAG service ID hashing.

Default

no service-id-lag-hashing

Platforms

7705 SAR Gen 2

service-id-range

Syntax

service-id-range start service-id end service-id

no service-id-range

Context

[Tree] (config>service>md-auto-id service-id-range)

Full Context

configure service md-auto-id service-id-range

Description

This command specifies the range of IDs used by SR OS to automatically assign an ID to services that are created in model-driven interfaces without an ID explicitly specified by the user or client.

A service created with an explicitly-specified ID cannot use an ID in this range. In the classic CLI and SNMP, the ID range cannot be changed while objects exist inside the previous or new range. In MD interfaces, the range can be changed, which causes any previously existing objects in the previous ID range to be deleted and re-created using a new ID in the new range.

The no form of this command removes the range values.

See the config>service md-auto-id command for further details.

Default

no service-id-range

Parameters

start service-id

Specifies the lower value of the ID range. The value must be less than or equal to the end value.

Values: 1 to 2147483647

end service-id

Specifies the upper value of the ID range. The value must be greater than or equal to the start value.

Values: 1 to 2147483647

Platforms

7705 SAR Gen 2

service-mtu

Syntax

service-mtu octets

no service-mtu

Context

[Tree] (config>service>vpls service-mtu)

[Tree] (config>service>template>vpls-template service-mtu)

Full Context

configure service vpls service-mtu

configure service template vpls-template service-mtu

Description

This command configures the service payload (Maximum Transmission Unit – MTU), in bytes, for the service. This MTU value overrides the service-type default MTU. The service-mtu defines the payload capabilities of the service. It is used by the system to validate the SAP and SDP binding’s operational state within the service.

The service MTU and a SAP’s service delineation encapsulation overhead (4 bytes for a dot1q tag) is used to derive the required MTU of the physical port or channel on which the SAP was created. If the required payload is larger than the port or channel MTU, then the SAP will be placed in an inoperative state. If the required MTU is equal to or less than the port or channel MTU, the SAP will be able to transition to the operative state.

When binding an SDP to a service, the service MTU is compared to the path MTU associated with the SDP. The path MTU can be administratively defined in the context of the SDP. The default or administrative path MTU can be dynamically reduced due to the MTU capabilities discovered by the tunneling mechanism of the SDP or the egress interface MTU capabilities based on the next hop in the tunnel path. If the service MTU is larger than the path MTU, the SDP binding for the service will be placed in an inoperative state. If the service MTU is equal to or less than the path MTU, then the SDP binding will be placed in an operational state.

If a service MTU, port or channel MTU, or path MTU is dynamically or administratively modified, then all associated SAP and SDP binding operational states are automatically re-evaluated.

For i-VPLS and Epipes bound to a b-VPLS, the service-mtu must be at least 18 bytes smaller than the b-VPLS service MTU to accommodate the PBB header.

The no form of this command returns the default service-mtu for the indicated service type to the default value.

Default

service-mtu 1514

Parameters

octets

The following table displays MTU values for specific VC types.

Table 3. MTU Values
VC-Type	Example Service MTU	Advertised MTU
Ethernet	1514	1500
Ethernet (with preserved dot1q)	1518	1504
VPLS	1514	1500
VPLS (with preserved dot1q)	1518	1504
VLAN (dot1p transparent to MTU value)	1514	1500
VLAN (qinq with preserved bottom qtag)	1518	1504

The size of the MTU in octets, expressed as a decimal integer

Values: 1 to 9194

Platforms

7705 SAR Gen 2

service-mtu

Syntax

service-mtu octets

no service-mtu

Context

[Tree] (config>service>epipe service-mtu)

Full Context

configure service epipe service-mtu

Description

This command configures the service payload in bytes, for the service. The configured Maximum Transmission Unit (MTU) value overrides the service-type default MTU. The service-mtu command defines the payload capabilities of the service. It is used by the system to validate the operational state of the SAP and SDP binding within the service.

The service MTU and a SAP’s service delineation encapsulation overhead (4 bytes for a dot1q tag) is used to derive the required MTU of the physical port or channel on which the SAP was created. If the required payload is larger than the port or channel MTU, the SAP is placed in an inoperative state. If the required MTU is equal to or less than the port or channel MTU, the SAP transitions to the operative state.

When binding an SDP to a service, the service MTU is compared to the path MTU associated with the SDP. The path MTU can be administratively defined in the context of the SDP. The default or administrative path MTU can be dynamically reduced due to the MTU capabilities discovered by the tunneling mechanism of the SDP or the egress interface MTU capabilities based on the next hop in the tunnel path. If the service MTU is larger than the path MTU, the SDP binding for the service is placed in an inoperative state. If the service MTU is equal to or less than the path MTU, the SDP binding is placed in an operational state.

If a service MTU, port or channel MTU, or path MTU is dynamically or administratively modified, all associated SAP and SDP binding operational states are automatically reevaluated.

Binding operational states are automatically reevaluated.

For I-VPLS and Epipes bound to a B-VPLS, the service MTU must be at least 18 bytes smaller than the B-VPLS service MTU to accommodate the PBB header.

Because this connects a Layer 2 to a Layer 3 service, adjust the service MTU under the Epipe service. The MTU that is advertised from the Epipe side is service MTU minus EtherHeaderSize.

Note:

In the configure>service>epipe context, the adv-service-mtu command can be used to override the configured MTU value used in T-LDP signaling to the far-end of an Epipe spoke-sdp. The adv-service-mtu command is also used to validate the value signaled by the far-end PE. For more information, see adv-service-mtu command.

The no form of this command returns the default service-mtu for the indicated service type to the default value.

By default, if no service-mtu is configured, the MTU value is (1514 - 14) = 1500.

Default

no service-mtu 1508 (for Apipe, Fpipe)

no service-mtu 1500 (for Ipipe)

no service-mtu 1524 (for Epipe)

MTU Values lists the MTU values for specific VC types.

Table 4. MTU Values
SAP VC-Type	Example: Service MTU	Advertised MTU
Ethernet	1514	1500
Ethernet (with preserved dot1q)	1518	1504
VPLS	1514	1500
VPLS (with preserved dot1q)	1518	1504
VLAN (dot1p transparent to MTU value)	1514	1500
VLAN (qinq with preserved bottom qtag)	1518	1504

Parameters

octets

Specifies the MTU size in octets, expressed as a decimal integer.

Values

1 to 9782

1 to 9800 (for Epipe only)

Platforms

7705 SAR Gen 2

service-name

Syntax

service-name service-name

no service-name

Context

[Tree] (config>redundancy>mc>peer>mcr>l3ring>node>cv service-name)

Full Context

configure redundancy multi-chassis peer mc-ring l3-ring ring-node connectivity-verify service-name

Description

This command specifies the service name of the SAP used for ring-node connectivity verification of this ring node. This command supersedes the configuration of a service ID.

The no form of this command removes the service name from the CV configuration.

Default

no service-name

Parameters

service-name: Specifies a service name, up to 64 characters.

Platforms

7705 SAR Gen 2

service-range

Syntax

service-range startid-endid [start-vlan-id startvid]

no service-range

Context

[Tree] (config>service>vpls>vpls-group service-range)

Full Context

configure service vpls vpls-group service-range

Description

This command configures the service ID and implicitly the VLAN ID ranges to be used as input variables for related VPLS and SAP templates to pre-provision "data” VPLS instances and related SAPs using the service ID specified in the command. If the start-vlan-id is not specified then the service-range values are used for vlan-ids. The data SAPs will be instantiated on all the ports used to specify SAP instances under the related control VPLS.

Modifications of the service id and vlan ranges are allowed with the following restrictions.

service-range increase can be achieved in two ways:
- Allowed when vpls-group is in shutdown state
- By creating a new vpls-group
service-range decrease can be achieved in two ways:
- Allowed when vpls-group is in shutdown state; when shutdown command is executed the associated service instances are deleted.
- Allowed when vpls-group is in no shutdown state and has completed successfully instantiating services.
- In both cases, only the services that do not have user configured SAPs will be deleted. Otherwise the above commands are rejected. Existing declarations or registrations do not prevent service deletion.
start-vlan-id change can be achieved in two ways:
- Allowed when vpls-group is in shutdown state
- At the time of range decrease by increasing the start-vlan-id which can be done when vpls-group is in no shutdown state and has completed successfully instantiating services

The no form of this command removes the specified ranges and deletes the pre-provisioned VPLS instances and related SAPs. The command will fail if any of the VPLS instances in the affected ranges have a provisioned SAP.

Default

no service-range

Parameters

startid-endid

Specifies the range of service IDs

Values: 1 to 2147483647

startvid

Specifies the starting VLAN ID; it provides a way to set aside a service ID range that is not the same as the VLAN range and allows for multiple MVRP control-VPLSs to control same VLAN range on different ports.

Values: 1 to 4094

Platforms

7705 SAR Gen 2

service-request

Syntax

[no] service-request

Context

[Tree] (config>service>vprn>aaa>remote-servers>tacplus service-request)

[Tree] (config>system>security>tacplus service-request)

Full Context

configure service vprn aaa remote-servers tacplus service-request

configure system security tacplus service-request

Description

This command enables Nokia services to be requested from the TACACS+ server.

The no form of this command disables Nokia services from being requested from the TACACS+ server.

Default

no service-request

Platforms

7705 SAR Gen 2

services-all-events

Syntax

services-all-events

Context

[Tree] (config>log services-all-events)

Full Context

configure log services-all-events

Description

Commands in this context control which log events are present in VPRN logs.

By default, the event streams for VPRN logs contain only events that are associated with the particular VPRN.

Access to the entire system-wide set of events (VPRN and non-VPRN) can be enabled using the services-all-events command.

Platforms

7705 SAR Gen 2

session

Syntax

session session-name [test-family [ ethernet | ip | mpls] [session-type {proactive | on-demand}] create]

no session session-name

Context

[Tree] (config>oam-pm session)

Full Context

configure oam-pm session

Description

This command creates the individual session containers that houses the test specific configuration parameters. Since this session context provides only a container abstract to house the individual test functions, it cannot be shut down. Individual tests sessions within the container may be shut down. No values, parameters, or configuration within this context may be changed if any individual test is active. Changes may only be made when all tests within the context are shut down. The only exception to this is the description value.

The no form of this command deletes the session.

Parameters

session-name: Specifies the session name, up to 32 characters.

test-family

Indicates the type family and sets the context for the individual parameters.

Values

ethernet — Specifies that the test is based on the Ethernet layer.

ip — Specifies that the test is based on the IP layer.

mpls — Specifies that the test is based on the MPLS layer.

session-type

Specifies how to set the Type bit in the Flags byte, and influences how different test criteria may be applied to the individual test. Not all test families carry this information in the PDU.

Values

proactive — Sets the type to always on, with an immediate start and no stop.

on-demand — Sets the type to on-demand, with an immediate start and no stop, or a stop based on the offset.

Default: proactive

create: Creates the PM session.

Platforms

7705 SAR Gen 2

session-limits

Syntax

session-limits

Context

[Tree] (config>service>nat>nat-policy session-limits)

Full Context

configure service nat nat-policy session-limits

Description

Commands in this context configure session limits for the NAT policy.

Platforms

7705 SAR Gen 2

session-parameters

Syntax

session-parameters

Context

[Tree] (config>router>ldp session-parameters)

Full Context

configure router ldp session-parameters

Description

Commands in this context configure peer specific parameters.

Platforms

7705 SAR Gen 2

session-sender-type

Syntax

session-sender-type {twamp-light | stamp}

Context

[Tree] (config>oam-pm>session>ip>twamp-light session-sender-type)

Full Context

configure oam-pm session ip twamp-light session-sender-type

Description

This command configures the type of test packet format to transmit.

Default

session-sender-type twamp-light

Parameters

twamp-light: Specifies TWAMP-Light transmission, packet formatting, and packet processing. TWAMP-Light test packets do not allow TLVs.
stamp: Specifies STAMP transmission, packet formatting, and packet processing. STAMP test packets support TLVs.

Platforms

7705 SAR Gen 2

set-time

Syntax

set-time date time

Context

[Tree] (admin set-time)

Full Context

admin set-time

Description

This command sets the local system time.

The time entered should be accurate for the time zone configured for the system. The system will convert the local time to UTC before saving to the system clock which is always set to UTC. This command does not take into account any daylight saving offset if defined.

If SNTP or NTP is enabled (no shutdown) then this command cannot be used.

Parameters

date

Specifies the local date and time accurate to the minute in the YYYY/MM/DD format.

Values

YYYY is the four-digit year

MM is the two-digit month

DD is the two-digit date

time

Specifies the time (accurate to the second) in the hh:mm[:ss] format. If no seconds value is entered, the seconds are reset to :00.

Values: hh is the two-digit hour in 24 hour format (00=midnight, 12=noon)mm is the two-digit minute

Default: 0

Platforms

7705 SAR Gen 2

severity

Syntax

severity {eq | neq | lt | lte | gt | gte} severity-level

no severity

Context

[Tree] (config>service>vprn>log>filter>entry>match severity)

Full Context

configure service vprn log filter entry match severity

Description

This command adds an event severity level as a match criterion. Only one severity command can be entered per event filter entry. The latest severity command overwrites the previous command.

The no form of this command removes the severity match criterion.

Default

no severity

Parameters

eq | neq | lt | lte | gt | gte

Specifies the type of match. Valid operators are listed below.

Values

Table 5. Valid Operators
Operator	Notes
eq	equal to
neq	not equal to
lt	less than
lte	less than or equal to
gt	greater than
gte	greater than or equal to

severity-name

The ITU severity level name. Severity Levels lists severity names and corresponding numbers per ITU standards M.3100 X.733 & X.21 severity levels.

Table 6. Severity Levels
Severity Number	Severity Name
1	cleared
2	indeterminate (info)
3	critical
4	major
5	minor
6	warning

Values: cleared, intermediate, critical, major, minor, warning

Platforms

7705 SAR Gen 2

severity

Syntax

severity {eq | neq | lt | lte | gt | gte} severity-level

no severity

Context

[Tree] (config>log>filter>entry>match severity)

Full Context

configure log filter entry match severity

Description

This command adds an event severity level as a match criterion. Only one severity command can be entered per event filter entry. The latest severity command overwrites the previous command.

The no form of this command removes the severity match criterion.

Parameters

eq | neq | lt | lte | gt | gte

Specifies the match type. Valid operators are listed in Valid Operators.

Table 7. Valid Operators
Operator	Notes
eq	equal to
neq	not equal to
lt	less than
lte	less than or equal to
gt	greater than
gte	greater than or equal to

severity-name

Specifies the ITU severity level name. ITU Severity Information lists severity names and corresponding numbers per ITU standards M.3100 X.733 & X.21 severity levels.

Table 8. ITU Severity Information
Severity Number	Severity Name
1	cleared
2	indeterminate (info)
3	critical
4	major
5	minor
6	warning

Values: cleared, intermediate, critical, major, minor, warning

Platforms

7705 SAR Gen 2

sf-offset

Syntax

sf-offset offset-value

no sf-offset

Context

[Tree] (config>service>vprn>isis>if>level sf-offset)

Full Context

configure service vprn isis interface level sf-offset

Description

If the pre-FEC error rate of the associated DWDM port crosses the configured sf-threshold, this offset-value is added to the IS-IS interface metric. This parameter is only effective if the interface is associated with a DWDM port and the sf-threshold value is configured under that port.

The no form of this command reverts the offset value to 0.

Default

no sf-offset

Parameters

offset-value

Specifies the amount the interface metric is increased by if the sf-threshold is crossed.

Values: 0 to 16777215

Platforms

7705 SAR Gen 2

sf-offset

Syntax

sf-offset offset-value

no sf-offset

Context

[Tree] (config>router>isis>if>level sf-offset)

Full Context

configure router isis interface level sf-offset

Description

If the pre-FEC error rate of the associated DWDM port crosses the configured sf-threshold, this offset-value is added to the IS-IS interface metric. This parameter is only effective if the interface is associated with a DWDM port and the sf-threshold value is configured under that port.

The no form of this command reverts the offset value to 0.

Default

no sf-offset

Parameters

offset-value

Specifies the amount the interface metric is increased by if the sf-threshold is crossed.

Values: 0 to 16777215

Platforms

7705 SAR Gen 2

sf-threshold

Syntax

sf-threshold threshold[multiplier multiplier]

no sf-threshold

Context

[Tree] (config>port>ethernet>crc-monitor sf-threshold)

Full Context

configure port ethernet crc-monitor sf-threshold

Description

This command specifies the error rate at which to declare the Signal Fail condition on an Ethernet interface. The value represents M*10E-N errored frames over total frames received over W seconds of the sliding window. The CRC errors on the interface are sampled once per second. A default of 10 seconds is used when there is no additional window-size configured. The multiplier keyword is optional. If the multiplier keyword is omitted or no sf-threshold is specified the multiplier will return to the default value of 1.

Default

no sf-threshold

Parameters

threshold

Specifies the threshold value.

Values: 1 to 9

multiplier

Specifies the multiplier value.

Values: 1 to 9

Platforms

7705 SAR Gen 2

sgt-qos

Syntax

sgt-qos

Context

[Tree] (config>router sgt-qos)

[Tree] (config>service>vprn sgt-qos)

Full Context

configure router sgt-qos

configure service vprn sgt-qos

Description

Commands in this context configure DSCP/dot1p remarking for self-generated traffic.

Platforms

7705 SAR Gen 2

sham-link

Syntax

sham-link ip-int-name ip-address

Context

[Tree] (config>service>vprn>ospf>area sham-link)

Full Context

configure service vprn ospf area sham-link

Description

This command is similar to a virtual link with the exception that metric must be included in order to distinguish the cost between the MPLS-VPRN link and the backdoor.

Parameters

ip-int-name: The local interface name used for the sham-link. This is a mandatory parameter and interface names must be unique within the group of defined IP interfaces for config>router>if, config>service>ies>if and config>service>vprn>if commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters, the entire string must be enclosed between double quotes. If the IP interface name does not exist or does not have an IP address configured, an error message will be returned.

ip-address: The IP address of the sham-link neighbor in IP address dotted decimal notation. This parameter is the remote peer of the sham link’s IP address used to set up the sham-link. This is a mandatory parameter and must be a valid IP address.

Platforms

7705 SAR Gen 2

sham-neighbor

Syntax

sham-neighbor [ip-address]

no sham-neighbor

Context

[Tree] (debug>router>ospf sham-neighbor)

Full Context

debug router ospf sham-neighbor

Description

This command enables debugging of the OSPFv2 sham-link neighbor.

Parameters

ip-address: Debugs the sham-link neighbor identified by this IP address.

Platforms

7705 SAR Gen 2

shell

Syntax

shell -password password

no shell

Context

[Tree] (environment shell)

Full Context

environment shell

Description

This command allows Nokia technical support to access the shell commands. shell commands are used only by Nokia technical support for troubleshooting.

The no form of this command disables the shell commands.

Parameters

password: Specifies the password to access the shell commands, up to 256 characters.

Platforms

7705 SAR Gen 2

shortcut-local-ttl-propagate

Syntax

[no] shortcut-local-ttl-propagate

Context

[Tree] (config>router>ldp shortcut-local-ttl-propagate)

[Tree] (config>router>mpls shortcut-local-ttl-propagate)

Full Context

configure router ldp shortcut-local-ttl-propagate

configure router mpls shortcut-local-ttl-propagate

Description

This command configures the TTL handling of locally generated packets for all LSP shortcuts originating on this ingress LER. It applies to all LDP or RSVP LSPs that are used to resolve static routes, BGP routes, and IGP routes.

The user can enable or disable the propagation of the TTL from the header of an IP packet into the header of the resulting MPLS packet independently for local and transit packets forwarded over an LSP shortcut.

Local IP packets include ICMP Ping, traceroute, and OAM packets, that are destined to a route that is resolved to the LSP shortcut. Transit IP packets are all IP packets received on any IES interface and destined to a route that is resolved to the LSP shortcut

By default, the feature propagates the TTL from the header of locally generated IP packets into the label stack of the resulting MPLS packets forwarded over the LSP shortcut. This is referred to as Uniform mode.

When the no form of this command is enabled, TTL propagation is disabled on all locally generated IP packets, including ICMP Ping, traceroute, and OAM packets, that are destined to a route that is resolved to the LSP shortcut. In this case, a TTL of 255 is programmed onto the pushed label stack. This is referred to as Pipe mode.

Default

shortcut-local-ttl-propagate

Platforms

7705 SAR Gen 2

shortcut-transit-ttl-propagate

Syntax

[no] shortcut-transit-ttl-propagate

Context

[Tree] (config>router>mpls shortcut-transit-ttl-propagate)

[Tree] (config>router>ldp shortcut-transit-ttl-propagate)

Full Context

configure router mpls shortcut-transit-ttl-propagate

configure router ldp shortcut-transit-ttl-propagate

Description

This command configures the TTL handling of transit packets for all LSP shortcuts originating on this ingress LER. It applies to all LDP or RSVP LSPs that are used to resolve static routes, BGP routes, and IGP routes.

The user can enable or disable the propagation of the TTL from the header of an IP packet into the header of the resulting MPLS packet independently for local and transit packets forwarded over an LSP shortcut.

By default, the feature propagates the TTL from the header of transit IP packets into the label stack of the resulting MPLS packets forwarded over the LSP shortcut. This is referred to as Uniform mode.

When the no form of the command is enabled, TTL propagation is disabled on all transit IP packets received on any IES interface and destined to a route that is resolved to the LSP shortcut. In this case, a TTL of 255 is programmed onto the pushed label stack. This is referred to as Pipe mode.

Default

shortcut-transit-ttl-propagate

Platforms

7705 SAR Gen 2

shortcut-tunnel

Syntax

shortcut-tunnel

Context

[Tree] (config>router>bgp>next-hop-resolution shortcut-tunnel)

Full Context

configure router bgp next-hop-resolution shortcut-tunnel

Description

This command creates the context to configure the tunnel types that can be used to resolve unlabeled IPv4 and IPv6 BGP routes.

The following tunnel types are supported for resolving IPv4 routes and IPv6 routes with IPv4-mapped IPv6 next-hop addresses: bgp, ldp, rsvp, sr-isis, sr-ospf, sr-policy and sr-te. In this context:

bgp — refers to IPv4 tunnels created by receiving BGP label-unicast IPv4 routes for /32 IPv4 prefixes.
ldp — refers to /32 and shorter length LDP FEC prefixes imported into the tunnel table. For IPv4 NLRI, BGP selects the LDP FEC that is the longest-prefix-match (LPM) of the BGP next-hop address. For IPv6 NLRI, BGP selects the /32 FEC that is an exact match of the BGP next-hop address.
rsvp — refers to RSVP tunnels in the tunnel table to IPv4 destinations. This option allows BGP to use the best metric RSVP LSP to the address of the BGP next-hop. This address can correspond to the system interface or to another loopback interface of the remote BGP router. In the case of multiple RSVP LSPs with the same lowest metric, BGP selects the LSP with the lowest tunnel id.
sr-isis — refers to segment routing tunnels (shortest path) to IPv4 destinations reachable by the IS-IS protocol. This option allows BGP to use the segment routing tunnel in the tunnel table submitted by the lowest preference IS-IS instance or (in case of a tie) the lowest numbered IS-IS instance.
sr-ospf — refers to segment routing tunnels (shortest path) to IPv4 destinations reachable by the OSPF protocol. This option allows BGP to use the segment routing tunnel in the tunnel table submitted by the lowest preference OSPF instance or (in case of a tie) the lowest numbered OSPF instance.
sr-policy — refers to segment routing policies with an IPv4 endpoint that are statically configured in the local router or learned through BGP routes (AFI 1/SAFI 73). For BGP to resolve the next hop of an unlabeled IPv4 or IPv6 route using a segment routing policy the highest numbered color extended community attached to the IPv4 or IPv6 route must match the color of the segment routing policy.
sr-te — refers to traffic engineered (TE) segment routing tunnels. This option allows BGP to use the best metric SR-TE tunnel to the address of the BGP next-hop. In the case of multiple SR-TE tunnels with the same lowest metric, BGP selects the tunnel with the lowest tunnel id.
udp — refers to MPLSoUDPoIPv4 tunnels set up by action of the BGP import policies.

The following tunnel types are supported for resolving IPv6 routes with IPv6 next-hops that are not IPv4-mapped IPv6 addresses: ldp, sr-isis, and sr-policy. In this context:

ldp — refers to /128 LDP FEC prefixes in the tunnel table. BGP selects the /128 FEC that is an exact match of the BGP next-hop address.
sr-isis — refers to segment routing tunnels (shortest path) to IPv6 destinations reachable by the IS-IS protocol. This option allows BGP to use the segment routing tunnel in the tunnel table submitted by the lowest preference IS-IS instance or (in case of a tie) the lowest numbered IS-IS instance.
sr-policy — refers to segment routing policies with a null IPv4 endpoint (0.0.0.0) that are statically configured in the local router or learned through BGP routes (AFI 1/SAFI 73). For BGP to resolve the next hop of an IPv6 route using a segment routing policy the highest numbered color extended community attached to the IPv6 route must match the color of the segment routing policy and its color bits must be set to '01' or '10'.

Platforms

7705 SAR Gen 2

show-ipsec-keys

Syntax

[no] show-ipsec-keys

Context

[Tree] (config>ipsec show-ipsec-keys)

Full Context

configure ipsec show-ipsec-keys

Description

This command enables user to optionally include IKE-SA or CHILD-SA keys in the output of debug ipsec or admin ipsec display-key.

The no form of this command disallows the user from including keys in the output.

Default

no show-ipsec-keys

Platforms

7705 SAR Gen 2

show-request

Syntax

show-request [ca ca-profile-name]

Context

[Tree] (admin>certificate>cmpv2 show-request)

Full Context

admin certificate cmpv2 show-request

Description

This command displays current the CMPv2 pending request toward the specified CA. If there is no pending request, the last pending request is displayed including the status (success/fail/rejected) and the receive time of last CMPv2 message from server.

The following information is included in the output:

Request type, original input parameter (password is not displayed), checkAfter and reason in of last PollRepContent, time of original command input.

Parameters

ca-profile-name: Specifies a ca-profile name, up to 32 characters. If not specified, the system will display pending requests of all ca-profiles.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>script-control>script-policy shutdown)

[Tree] (config>router>mpls>fwd-policies>fwd-policy>egress-statistics shutdown)

[Tree] (config>system>grpc-tunnel>tunnel>handler shutdown)

[Tree] (config>router>fad>flex-algo shutdown)

[Tree] (config>router>mpls>static-lsp shutdown)

[Tree] (config>system>telemetry>notification-bundling shutdown)

[Tree] (config>system>grpc-tunnel>tunnel shutdown)

[Tree] (config>system>telemetry>persistent-subscriptions>subscription shutdown)

[Tree] (config>system>time>ntp shutdown)

[Tree] (config>system>time>sntp shutdown)

[Tree] (config>system>lldp shutdown)

[Tree] (config>system>telemetry>destination-group>tcp-keepalive shutdown)

[Tree] (config>service>vpls>sap>dhcp6>ldra shutdown)

[Tree] (config>system>grpc-tunnel>destination-group>tcp-keepalive shutdown)

[Tree] (config>router>mpls>fwd-policies>fwd-policy>ingress-statistics shutdown)

[Tree] (config>system>script-control>script shutdown)

[Tree] (config>system>cron>sched shutdown)

Full Context

configure system script-control script-policy shutdown

configure router mpls forwarding-policies forwarding-policy egress-statistics shutdown

configure system grpc-tunnel tunnel handler shutdown

configure router flexible-algorithm-definitions flex-algo shutdown

configure router mpls static-lsp shutdown

configure system telemetry notification-bundling shutdown

configure system grpc-tunnel tunnel shutdown

configure system telemetry persistent-subscriptions subscription shutdown

configure system time ntp shutdown

configure system time sntp shutdown

configure system lldp shutdown

configure system telemetry destination-group tcp-keepalive shutdown

configure service vpls sap dhcp6 ldra shutdown

configure system grpc-tunnel destination-group tcp-keepalive shutdown

configure router mpls forwarding-policies forwarding-policy ingress-statistics shutdown

configure system script-control script shutdown

configure system cron schedule shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

The no form of this command places the entity into an administratively enabled state.

Default

shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>origin-validation>rpki-session shutdown)

[Tree] (config>router>pim>rp>ipv6>bsr-candidate shutdown)

[Tree] (config>router>igmp>if shutdown)

[Tree] (config>router>static-route-entry>indirect shutdown)

[Tree] (config>router>pim>rp>ipv6>embedded-rp shutdown)

[Tree] (config>router>if shutdown)

[Tree] (config>router>static-route-entry>next-hop shutdown)

[Tree] (config>router>igmp shutdown)

[Tree] (config>system>management-interface>cli>md-cli>environment>progress-indicator shutdown)

[Tree] (config>router>mld>if shutdown)

[Tree] (config>router>static-route-entry>black-hole shutdown)

[Tree] (config>router>pim>rp>rp-candidate shutdown)

[Tree] (config>router>pim shutdown)

[Tree] (config>router>pim>rp>ipv6>rp-candidate shutdown)

[Tree] (config>router>mld shutdown)

[Tree] (config>router>pim>interface shutdown)

[Tree] (config>router>pim>rp>bsr-candidate shutdown)

Full Context

configure router origin-validation rpki-session shutdown

configure router pim rp ipv6 bsr-candidate shutdown

configure router igmp interface shutdown

configure router static-route-entry indirect shutdown

configure router pim rp ipv6 embedded-rp shutdown

configure router interface shutdown

configure router static-route-entry next-hop shutdown

configure router igmp shutdown

configure system management-interface cli md-cli environment progress-indicator shutdown

configure router mld interface shutdown

configure router static-route-entry black-hole shutdown

configure router pim rp rp-candidate shutdown

configure router pim shutdown

configure router pim rp ipv6 rp-candidate shutdown

configure router mld shutdown

configure router pim interface shutdown

configure router pim rp bsr-candidate shutdown

Description

This command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Unlike other commands and parameters where the default state is not indicated in the configuration file, shutdown and no shutdown are always indicated in system-generated configuration files.

The no form of this command places the entity into an administratively enabled state.

Default

no shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>ies>if shutdown)

[Tree] (config>service>ies>if>spoke-sdp>control-channel-status shutdown)

[Tree] (config>service>ies shutdown)

[Tree] (config>service>ies>if>dhcp shutdown)

[Tree] (config>service>ies>if>vrrp shutdown)

[Tree] (config>service>ies>if>spoke-sdp shutdown)

[Tree] (config>service>ies>if>dhcp>proxy-server shutdown)

Full Context

configure service ies interface shutdown

configure service ies interface spoke-sdp control-channel-status shutdown

configure service ies shutdown

configure service ies interface dhcp shutdown

configure service ies interface vrrp shutdown

configure service ies interface spoke-sdp shutdown

configure service ies interface dhcp proxy-server shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Services are created in the administratively down (shutdown) state. When a no shutdown command is entered, the service becomes administratively up and then tries to enter the operationally up state. Default administrative states for services and service entities is described below in Special Cases.

The no form of this command places the entity into an administratively enabled state.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>redundancy>multi-chassis>peer>mc-lag shutdown)

[Tree] (config>redundancy>multi-chassis>peer>sync shutdown)

[Tree] (config>redundancy>multi-chassis>peer shutdown)

Full Context

configure redundancy multi-chassis peer mc-lag shutdown

configure redundancy multi-chassis peer sync shutdown

configure redundancy multi-chassis peer shutdown

Description

The shutdown command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they can be deleted.

Unlike other commands and parameters where the default state is not indicated in the configuration file, shutdown and no shutdown are always indicated in system generated configuration files.

Shutting down a subscriber interface will operationally shut down all child group interfaces and SAPs. Shutting down a group interface will operationally shut down all SAPs that are part of that group-interface.

The no form of this command puts an entity into the administratively enabled state.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vprn>rip>group shutdown)

[Tree] (config>service>vprn>if shutdown)

[Tree] (config>service>vprn>if>sap>ipsec-tunnel shutdown)

[Tree] (config>service>vprn>ospf shutdown)

[Tree] (config>service>vprn>isis>if shutdown)

[Tree] (config>service>vprn>ospf>area>if shutdown)

[Tree] (config>system>security>radius shutdown)

[Tree] (config>service>vprn>log>log-id shutdown)

[Tree] (config>service>vprn>isis shutdown)

[Tree] (config>service>vprn>ospf>area>sham-link shutdown)

[Tree] (config>service>vprn>bgp>group shutdown)

[Tree] (config>service>vprn>pim shutdown)

[Tree] (config>service>vprn>rip>group>neighbor shutdown)

[Tree] (config>service>vprn>bgp-ipvpn>mpls shutdown)

[Tree] (config>service>vprn>igmp>if shutdown)

[Tree] (config>service>vprn shutdown)

[Tree] (config>service>vprn>ospf3 shutdown)

[Tree] (config>service>vprn>ospf3>area>if shutdown)

[Tree] (config>service>vprn>ntp shutdown)

[Tree] (config>service>vprn>if>ipv6>vrrp shutdown)

[Tree] (config>service>vprn>nw-if shutdown)

[Tree] (config>service>vprn>if>sap shutdown)

[Tree] (config>service>vprn>aaa>rmt-srv>radius shutdown)

[Tree] (config>service>vprn>router-advert>if shutdown)

[Tree] (config>service>vprn>ospf3>area>virtual-link shutdown)

[Tree] (config>service>vprn>igmp shutdown)

[Tree] (config>service>vprn>rip shutdown)

[Tree] (config>service>vprn>pim>if shutdown)

[Tree] (config>service>vprn>pim>rp>bsr-candidate shutdown)

[Tree] (config>service>vprn>if>vrrp shutdown)

[Tree] (config>service>vprn>bgp-evpn>mpls shutdown)

[Tree] (config>service>vprn>pim>rp>ipv6>bsr-candidate shutdown)

[Tree] (config>service>vprn>bgp>group>neighbor shutdown)

[Tree] (config>service>vprn>bgp shutdown)

[Tree] (config>service>vprn>pim>rp>ipv6>rp-candidate shutdown)

[Tree] (config>service>vprn>pim>rp>ipv6>embedded-rp shutdown)

[Tree] (config>service>vprn>ospf>area>virtual-link shutdown)

Full Context

configure service vprn rip group shutdown

configure service vprn interface shutdown

configure service vprn interface sap ipsec-tunnel shutdown

configure service vprn ospf shutdown

configure service vprn isis interface shutdown

configure service vprn ospf area interface shutdown

configure system security radius shutdown

configure service vprn log log-id shutdown

configure service vprn isis shutdown

configure service vprn ospf area sham-link shutdown

configure service vprn bgp group shutdown

configure service vprn pim shutdown

configure service vprn rip group neighbor shutdown

configure service vprn bgp-ipvpn mpls shutdown

configure service vprn igmp interface shutdown

configure service vprn shutdown

configure service vprn ospf3 shutdown

configure service vprn ospf3 area interface shutdown

configure service vprn ntp shutdown

configure service vprn interface ipv6 vrrp shutdown

configure service vprn network-interface shutdown

configure service vprn interface sap shutdown

configure service vprn aaa remote-servers radius shutdown

configure service vprn router-advertisement interface shutdown

configure service vprn ospf3 area virtual-link shutdown

configure service vprn igmp shutdown

configure service vprn rip shutdown

configure service vprn pim interface shutdown

configure service vprn pim rp bsr-candidate shutdown

configure service vprn interface vrrp shutdown

configure service vprn bgp-evpn mpls shutdown

configure service vprn pim rp ipv6 bsr-candidate shutdown

configure service vprn bgp group neighbor shutdown

configure service vprn bgp shutdown

configure service vprn pim rp ipv6 rp-candidate shutdown

configure service vprn pim rp ipv6 embedded-rp shutdown

configure service vprn ospf area virtual-link shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Services are created in the administratively down (shutdown) state. When a no shutdown command is entered, the service becomes administratively up and then tries to enter the operationally up state. Default administrative states for services and service entities is described below in Special Cases.

The no form of this command places the entity into an administratively enabled state.

If the AS number was previously changed, the BGP AS number inherits the new value.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vprn shutdown)

[Tree] (config>service>vpls>mesh-sdp shutdown)

[Tree] (config>service>vpls shutdown)

[Tree] (config>service>vpls>sap shutdown)

[Tree] (config>service>ies>if>sap shutdown)

[Tree] (config>service>vpls>spoke-sdp shutdown)

Full Context

configure service vprn shutdown

configure service vpls mesh-sdp shutdown

configure service vpls shutdown

configure service vpls sap shutdown

configure service ies interface sap shutdown

configure service vpls spoke-sdp shutdown

Description

This command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Unlike other commands and parameters where the default state is not indicated in the configuration file, shutdown and no shutdown are always indicated in system-generated configuration files.

Default administrative states for services and service entities is described below in Special Cases.

The no form of this command places the entity into an administratively enabled state.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vpls>mac-move shutdown)

[Tree] (config>service>vpls>stp shutdown)

[Tree] (config>service>vpls>spoke-sdp shutdown)

[Tree] (config>service>vpls>mld-snooping shutdown)

[Tree] (config>service>vpls>interface shutdown)

[Tree] (config>service>vpls>sap>dhcp>proxy shutdown)

[Tree] (config>service>vpls>spoke-sdp>stp shutdown)

[Tree] (config>service>vpls>bgp-ad shutdown)

[Tree] (config>service>vpls>igmp-snooping shutdown)

[Tree] (config>service>vpls>sap>stp shutdown)

Full Context

configure service vpls mac-move shutdown

configure service vpls stp shutdown

configure service vpls spoke-sdp shutdown

configure service vpls mld-snooping shutdown

configure service vpls interface shutdown

configure service vpls sap dhcp proxy-server shutdown

configure service vpls spoke-sdp stp shutdown

configure service vpls bgp-ad shutdown

configure service vpls igmp-snooping shutdown

configure service vpls sap stp shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Services are created in the administratively down (shutdown) state. When a no shutdown command is entered, the service becomes administratively up and then tries to enter the operationally up state. Default administrative states for services and service entities is described below in Special Cases.

The no form of this command places the entity into an administratively enabled state.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>port>ethernet>ssm shutdown)

[Tree] (config>port-xc>pxc shutdown)

[Tree] (config>card>mda shutdown)

[Tree] (config>port>ethernet>dampening shutdown)

[Tree] (config>redundancy>multi-chassis>peer>mc-ep shutdown)

[Tree] (config>redundancy>multi-chassis>ipsec-domain shutdown)

[Tree] (config>port shutdown)

[Tree] (config>card shutdown)

[Tree] (config>redundancy>multi-chassis>peer>mc-ipsec>domain shutdown)

[Tree] (config>lag shutdown)

Full Context

configure port ethernet ssm shutdown

configure port-xc pxc shutdown

configure card mda shutdown

configure port ethernet dampening shutdown

configure redundancy multi-chassis peer mc-endpoint shutdown

configure redundancy multi-chassis ipsec-domain shutdown

configure port shutdown

configure card shutdown

configure redundancy multi-chassis peer mc-ipsec domain shutdown

configure lag shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within.

This command is supported on TDM satellite.

The no form of this command administratively enables an entity.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>mpls>lsp-history shutdown)

Full Context

configure router mpls lsp-history shutdown

Description

This command enables the collection of up to the last 100 significant events for each RSVP-TE and SR-TE LSP.

A shutdown of the lsp-history pauses the collection of events, but does not remove previously collected events from memory.

The no form of this command disables the collection of significant events for LSPs.

Default

no shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>port>ethernet>dot1x>macsec>sub-port shutdown)

Full Context

configure port ethernet dot1x macsec sub-port shutdown

Description

This command shuts down the MACsec under this sub-port specifically, including MKA negotiation. In the shutdown state, this port is not MACsec capable and all PDUs will be transmitted and expected without encryption and authentication.

The no form of this command puts the port in MACsec-enabled mode. A valid CA, different than any other CA configured on any other sub-port of this port and also a max-peer value larger than 0 must be configured. In MACsec-enabled mode, packets are sent in cleartext until the MKA session is up, and if the rx-must-be-encrypted is set on the port, all incoming packets with no MACsec encapsulations are dropped.

Default

shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>sdp shutdown)

[Tree] (config>service>pw-template>stp shutdown)

[Tree] (config>service>sdp>keep-alive shutdown)

Full Context

configure service sdp shutdown

configure service pw-template stp shutdown

configure service sdp keep-alive shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Services are created in the administratively down (shutdown) state. When a no shutdown command is entered, the service becomes administratively up and then tries to enter the operationally up state. Default administrative states for services and service entities is described below in Special Cases.

The no form of this command places the entity into an administratively enabled state.

Platforms

7705 SAR Gen 2

shutdown

Syntax

shutdown

[no] shutdown

Context

[Tree] (config>service>vpls>bgp-evpn>mpls shutdown)

[Tree] (config>service>epipe>bgp-evpn>mpls shutdown)

Full Context

configure service vpls bgp-evpn mpls shutdown

configure service epipe bgp-evpn mpls shutdown

Description

This command controls the administrative state of EVPN-MPLS, EVPN-VXLAN, or EVPN-SRv6 in the service.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vpls>proxy-nd shutdown)

[Tree] (config>service>vpls>proxy-arp shutdown)

Full Context

configure service vpls proxy-nd shutdown

configure service vpls proxy-arp shutdown

Description

This command enables and disables the proxy-ARP and proxy-nd functionality. ARP/GARP/ND messages will be snooped and redirected to the CPM for lookup in the proxy-ARP/proxy-ND table. The proxy-ARP/proxy-ND table is populated with IP->MAC pairs received from different sources (EVPN, static, dynamic). When the shutdown command is issued, it flushes the dynamic/EVPN dup proxy-ARP/proxy-ND table entries and instructs the system to stop snooping ARP/ND frames. All the static entries are kept in the table as inactive, regardless of their previous Status.

Default

shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>epipe>site shutdown)

[Tree] (config>service>epipe>spoke-sdp shutdown)

[Tree] (config>service>epipe shutdown)

[Tree] (config>service>epipe>sap shutdown)

Full Context

configure service epipe site shutdown

configure service epipe spoke-sdp shutdown

configure service epipe shutdown

configure service epipe sap shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Services are created in the administratively down (shutdown) state. When a no shutdown command is entered, the service becomes administratively up and then tries to enter the operationally up state. Default administrative states for services and service entities is described as follows in Special Cases.

The no form of this command places the entity into an administratively enabled state.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>epipe>bgp-vpws shutdown)

Full Context

configure service epipe bgp-vpws shutdown

Description

This command administratively enables/disables the local BGP VPWS instance. On de-activation an MP-UNREACH-NLRI is sent for the local NLRI.

The no form of this command enables the BGP VPWS addressing and the related BGP advertisement. The associated BGP VPWS MP-REACH-NLRI will be advertised in an update message and the corresponding received NLRIs must be considered to instantiate the data plane.

Default

shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vpls>bgp-vpls shutdown)

Full Context

configure service vpls bgp-vpls shutdown

Description

This command administratively enables/disables the local BGP VPLS instance. On de-activation an MP-UNREACH-NLRI must be sent for the local NLRI.

The no form of this command enables the BGP VPLS addressing and the related BGP advertisement. The associated BGP VPLS MP-REACH-NLRI will be advertised in an update message and the corresponding received NLRIs must be considered to instantiate the data plane. RT, RD usage: same as in the BGP AD solution, if the values are not configured here, the value of the VPLS-id from under the bgp-ad node is used. If VPLS-id value is not configured either the MH site cannot be activated – i.e. no shutdown returns an error. Same applies if a pseudowire template is not specified under the BGP node.

Default

shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>ies>if>ipv6>secure-nd shutdown)

Full Context

configure service ies interface ipv6 secure-nd shutdown

Description

This command enables or disables Secure Neighbor Discovery (SeND) on the interface.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>security>tacplus shutdown)

[Tree] (config>service>vprn>aaa>rmt-srv>tacplus shutdown)

Full Context

configure system security tacplus shutdown

configure service vprn aaa remote-servers tacplus shutdown

Description

This command administratively disables the TACACS+ protocol operation. Shutting down the protocol does not remove or change the configuration other than the administrative state.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

The no form of this command administratively enables the protocol which is the default state.

Default

no shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vprn>static-route-entry>next-hop shutdown)

[Tree] (config>service>vprn>static-route-entry>black-hole shutdown)

[Tree] (config>service>vprn>static-route-entry>ipsec-tunnel shutdown)

[Tree] (config>service>vprn>static-route-entry>grt shutdown)

[Tree] (config>service>vprn>static-route-entry>indirect shutdown)

Full Context

configure service vprn static-route-entry next-hop shutdown

configure service vprn static-route-entry black-hole shutdown

configure service vprn static-route-entry ipsec-tunnel shutdown

configure service vprn static-route-entry grt shutdown

configure service vprn static-route-entry indirect shutdown

Description

This command causes the static route to be placed in an administratively down state and removed from the active route-table

Default

no shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vprn>if>send shutdown)

Full Context

configure service vprn interface ipv6 secure-nd shutdown

Description

This command enables or disables Secure Neighbor Discovery (SeND) on the interface.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>ldp>targ-session>peer shutdown)

[Tree] (config>router>ldp>targ-session>peer-template shutdown)

[Tree] (config>router>ldp>if-params>if shutdown)

[Tree] (config>router>ldp>if-params>if>ipv6 shutdown)

[Tree] (config>router>ldp>aggregate-prefix-match shutdown)

[Tree] (config>router>ldp>if-params>if>ipv4 shutdown)

[Tree] (config>router>ldp shutdown)

Full Context

configure router ldp targeted-session peer shutdown

configure router ldp targeted-session peer-template shutdown

configure router ldp interface-parameters interface shutdown

configure router ldp interface-parameters interface ipv6 shutdown

configure router ldp aggregate-prefix-match shutdown

configure router ldp interface-parameters interface ipv4 shutdown

configure router ldp shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted. For an LDP interface, the shutdown command exists under the main interface context and under each of the interface IPv4 and IPv6 contexts.

shutdown under the interface context brings down both IPv4 and IPv6 Hello adjacencies and stops Hello transmission in both contexts.
shutdown under the interface IPv4 or IPv6 contexts brings down the Hello adjacency and stops Hello transmission in that context only.

The user can also delete the entire IPv4 or IPv6 context under the interface with the no ipv4 or no ipv6 command which in addition to bringing down the Hello adjacency will delete the configuration.

The no form of this command administratively enables an entity.

Unlike other commands and parameters where the default state is not indicated in the configuration file, the shutdown and no shutdown states are always indicated in system generated configuration files.

Default

no shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>ldp>targeted-session>auto-tx>ipv4 shutdown)

[Tree] (config>router>ldp>targeted-session>auto-rx>ipv4 shutdown)

Full Context

configure router ldp targeted-session auto-tx ipv4 shutdown

configure router ldp targeted-session auto-rx ipv4 shutdown

Description

This command administratively disables the capabilities associated with automatically sending targeted Hello messages through the auto-tx command or processing targeted Hello messages through the auto-rx command.

The no form of this command administratively enables the capabilities associated with the auto-tx and auto-rx commands.

Default

no shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>mpls>lsp>secondary shutdown)

[Tree] (config>router>mpls>interface shutdown)

[Tree] (config>router>mpls shutdown)

[Tree] (config>router>mpls>lsp>primary shutdown)

Full Context

configure router mpls lsp secondary shutdown

configure router mpls interface shutdown

configure router mpls shutdown

configure router mpls lsp primary shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

MPLS is not enabled by default and must be explicitly enabled (no shutdown).

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

The no form of this command places the entity into an administratively enabled state.

Default

no shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>mpls>pce-initiated-lsp>sr-te shutdown)

Full Context

configure router mpls pce-initiated-lsp sr-te shutdown

Description

This command administratively enables or disables the sr-te context for PCE initiated LSPs. A shutdown of the sr-te context under pce-initiated-lsp causes an error to be generated for new PCInitate messages, and existing PCE-initiated LSPs are taken to the oper-down state.

The no form of this command administratively enables the sr-te context for PCE initiated LSP.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>mpls>if>label-map shutdown)

Full Context

configure router mpls interface label-map shutdown

Description

This command disables the label map definition. This drops all packets that match the specified in-label specified in the label-map in-label command.

The no form of this command administratively enables the defined label map action.

Default

no shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>mpls>lsp-template shutdown)

[Tree] (config>router>mpls>lsp shutdown)

Full Context

configure router mpls lsp-template shutdown

configure router mpls lsp shutdown

Description

This command disables the existing LSP including the primary and any standby secondary paths.

To shutdown only the primary enter the config router mpls lsp lsp-name primary path-name shutdown command.

To shutdown a specific standby secondary enter the config router mpls lsp lsp-name secondary path-name shutdown command. The existing configuration of the LSP is preserved.

Use the no form of this command to restart the LSP. LSPs are created in a shutdown state. Use this command to administratively bring up the LSP.

Default

shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>mpls>path shutdown)

Full Context

configure router mpls path shutdown

Description

This command disables the existing LSPs using this path. All services using these LSPs are affected. Binding information, however, is retained in those LSPs. Paths are created in the shutdown state.

The no form of this command administratively enables the path. All LSPs, where this path is defined as primary or defined as standby secondary, are (re)established.

Default

shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>pcep>pcc shutdown)

Full Context

configure router pcep pcc shutdown

Description

This command administratively disables the PCC or PCE process.

The following PCE parameters can only be modified when the PCEP session is shut down:

local-address
keepalive
dead-timer

The unknown-message-rate PCE parameter can be modified without shutting down the PCEP session.

The following PCC parameters can only be modified when the PCEP session is shut down:

local-address
keepalive
dead-timer
peer

The following PCC parameters can be modified without shutting down the PCEP session:

report-path-constraints
unknown-message-rate

Default

shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>rsvp shutdown)

[Tree] (config>router>rsvp>interface shutdown)

Full Context

configure router rsvp shutdown

configure router rsvp interface shutdown

Description

This command disables the RSVP protocol instance or the RSVP-related functions for the interface. The RSVP configuration information associated with this interface is retained. When RSVP is administratively disabled, all the RSVP sessions are torn down. The existing configuration is retained.

The no form of this command administratively enables RSVP on the interface.

Default

shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>mpls>fwd-policies>fwd-policy>nh-grp shutdown)

Full Context

configure router mpls forwarding-policies forwarding-policy next-hop-group shutdown

Description

This command shuts down an NHG entry in a forwarding policy.

When an NHG is shut down, it is removed from the data path entry of the forwarding policy.

The no form of this command brings up an NHG entry in a forwarding policy.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>mpls>fwd-policies>fwd-policy shutdown)

Full Context

configure router mpls forwarding-policies forwarding-policy shutdown

Description

This command shuts down the forwarding policy.

The no form of this command enables the forwarding policy.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>mpls>fwd-policies shutdown)

Full Context

configure router mpls forwarding-policies shutdown

Description

This command shuts down the forwarding-policies context; causing all forwarding policies to be removed from the data path, however they remain in the MPLS forwarding database.

The no form of this command enables the forwarding-policies context.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>redundancy>multi-chassis>peer>mc-ipsec>tunnel-group shutdown)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel shutdown)

[Tree] (config>service>ies>if>sap>ipsec-gw>dhcp6 shutdown)

[Tree] (config>ipsec>client-db shutdown)

[Tree] (config>service>vprn>if>sap>ipsec-gw>dhcp6 shutdown)

[Tree] (config>service>vprn>if>sap>ipsec-gw>lcl-addr-assign shutdown)

[Tree] (config>service>ies>if>sap>ipsec-gw shutdown)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel shutdown)

[Tree] (config>isa>tunnel-grp shutdown)

[Tree] (config>service>ies>if>sap>ipsec-gw>dhcp shutdown)

[Tree] (config>service>ies>if>sap>ipsec-gw>lcl-addr-assign shutdown)

[Tree] (config>service>vprn>if>sap>ipsec-gw shutdown)

[Tree] (config>service>vprn>if>sap>ip-tunnel shutdown)

[Tree] (config>service>ies>if>sap>ip-tunnel shutdown)

[Tree] (config>ipsec>client-db>client shutdown)

[Tree] (config>ipsec>cert-profile shutdown)

[Tree] (config>service>vprn>if>sap>ipsec-gw>dhcp shutdown)

Full Context

configure redundancy multi-chassis peer mc-ipsec tunnel-group shutdown

configure service ies interface ipsec ipsec-tunnel shutdown

configure service ies interface sap ipsec-gw dhcp6 shutdown

configure ipsec client-db shutdown

configure service vprn interface sap ipsec-gw dhcp6 shutdown

configure service vprn interface sap ipsec-gw local-address-assignment shutdown

configure service ies interface sap ipsec-gw shutdown

configure service vprn interface ipsec ipsec-tunnel shutdown

configure isa tunnel-group shutdown

configure service ies interface sap ipsec-gw dhcp shutdown

configure service ies interface sap ipsec-gw local-address-assignment shutdown

configure service vprn interface sap ipsec-gw shutdown

configure service vprn interface sap ip-tunnel shutdown

configure service ies interface sap ip-tunnel shutdown

configure ipsec client-db client shutdown

configure ipsec cert-profile shutdown

configure service vprn interface sap ipsec-gw dhcp shutdown

Description

This command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command.

The shutdown command administratively disables an entity. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>security>pki>ca-prof>auto-crl-update shutdown)

Full Context

configure system security pki ca-profile auto-crl-update shutdown

Description

This command disables the auto CRL update.

The no form of this command enables an auto CRL update. Upon no shutdown, if the configured CRL file does not exist, is invalid or is expired or if the schedule-type is next-update-based and current time passed (Next-Update_of_existing_CRL - pre-update-time), then system will start downloading CRL right away.

Default

shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>nat>outside>pool shutdown)

[Tree] (config>service>vprn>nat>outside>pool shutdown)

[Tree] (config>router>nat>inside>deterministic>address-map shutdown)

[Tree] (config>service>vprn>nat>inside>deterministic>address-map shutdown)

[Tree] (config>isa>nat-group shutdown)

Full Context

configure router nat outside pool shutdown

configure service vprn nat outside pool shutdown

configure router nat inside deterministic address-map shutdown

configure service vprn nat inside deterministic address-map shutdown

configure isa nat-group shutdown

Description

This command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command.

The shutdown command administratively disables an entity. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>mirror>mirror-dest shutdown)

[Tree] (config>mirror>mirror-source shutdown)

[Tree] (config>service>vprn>ip-mirror-interface>spoke-sdp shutdown)

[Tree] (config>service>vprn>ip-mirror-interface shutdown)

Full Context

configure mirror mirror-dest shutdown

configure mirror mirror-source shutdown

configure service vprn ip-mirror-interface spoke-sdp shutdown

configure service vprn ip-mirror-interface shutdown

Description

The shutdown command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command.

The shutdown command administratively disables an entity. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Unlike other commands and parameters where the default state is not indicated in the configuration file, shutdown and no shutdown are always indicated in system generated configuration files.

The no form of this command puts an entity into the administratively enabled state.

Default

See Special Cases below.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (debug>mirror-source shutdown)

Full Context

debug mirror-source shutdown

Description

This command enables mirror source debugging.

The no form of this command clears mirror source information.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>test-oam>twamp>server shutdown)

[Tree] (config>oam-pm>session>ip>twamp-light shutdown)

[Tree] (config>oam-pm>bin-group shutdown)

[Tree] (config>saa>test shutdown)

Full Context

configure test-oam twamp server shutdown

configure oam-pm session ip twamp-light shutdown

configure oam-pm bin-group shutdown

configure saa test shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Entities are created in the administratively down (shutdown) state. When a no shutdown command is entered, the entity becomes administratively up and then tries to enter the operationally up state.

The no form of this command administratively enables the entity.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>service>vprn>twamp-light>reflector shutdown)

[Tree] (config>router>twamp-light>reflector shutdown)

Full Context

configure service vprn twamp-light reflector shutdown

configure router twamp-light reflector shutdown

Description

This command disables or enables TWAMP Light functionality within the context where the configuration exists, either the base router instance or the service. Enabling the base router context enables the IES prefix list since the IES service uses the configuration under the base router instance.

The no form of this command allows the router instance or the service to accept TWAMP Light packets for processing.

Default

shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>filter>redirect-policy shutdown)

[Tree] (config>filter>log>summary shutdown)

[Tree] (config>filter>redirect-policy>destination shutdown)

Full Context

configure filter redirect-policy shutdown

configure filter log summary shutdown

configure filter redirect-policy destination shutdown

Description

Administratively enables/disabled (AdminUp/AdminDown) an entity. Downing an entity does not change, reset or remove any configuration settings or statistics. Many objects must be shutdown before they may be deleted.

The shutdown command administratively downs an entity. Administratively downing an entity changes the operational state of the entity to down.

Unlike other commands and parameters where the default state will not be indicated in the configuration file, shutdown and no shutdown are always indicated in system generated configuration files.

The no form of the command puts an entity into the administratively enabled state.

Default

no shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>if>ipv6>secure-nd shutdown)

Full Context

configure router interface ipv6 secure-nd shutdown

Description

This command enables or disables Secure Neighbor Discovery (SeND) on the interface.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>vrrp>policy shutdown)

[Tree] (config>router>if>ipv6>vrrp shutdown)

[Tree] (config>router>if>vrrp shutdown)

Full Context

configure vrrp policy shutdown

configure router interface ipv6 vrrp shutdown

configure router interface vrrp shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

The no form of this command administratively enables an entity.

Default

no shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown [active] [standby]

[no] shutdown [cflash-id]

Context

[Tree] (file shutdown)

Full Context

file shutdown

Description

This command shuts down (unmounts) the specified CPM(s).

Use the no shutdown [active] [standby] command to enable one or both CPM.

Use the no shutdown [cflash-id] command to enable a compact flash (cf1:, cf2:, or cf3:) on the CPM/CCM. The no shutdown command can be issued for a specific slot when no compact flash is present. When a flash card is installed in the slot, the card will be activated upon detection.

In redundant systems, use the no shutdown command on cf3: on both SF/CPMs or CCMs in order to facilitate synchronization. See the config>redundancy synchronize command.

Note:

The shutdown command must be issued prior to removing a flash card. If no parameters are specified, then the drive referred to by the current working directory will be shut down.

LED Status Indicators

LED Status Indicators lists the possible states for the compact flash and their LED status indicators.

Table 9. LED Status Indicators
State	Description
Operational	If a compact flash is present in a drive and operational (no shutdown), the respective LED is lit green. The LED flickers when the compact flash is accessed. Note: Do not remove the compact flash during a read/write operation.
Flash defective	If a compact flash is defective, the respective LED blinks amber to reflect the error condition and a trap is raised.
Flash drive shut down	When the compact flash drive is shut down and a compact flash present, the LED is lit amber. In this state, the compact flash can be ejected.
No compact flash present, drive shut down	If no compact flash is present and the drive is shut down the LED is unlit.
No compact flash present, drive enabled	If no compact flash is present and the drive is not shut down the LED is unlit.
Ejecting a compact flash	The compact flash drive should be shut down before ejecting a compact flash card. The LED should turn to solid (not blinking) amber. This is the only mode to safely remove the flash card. If a compact flash drive is not shut down before a compact flash is ejected, the LED blinks amber for approximately 5 seconds before shutting off.

The shutdown or no shutdown state is not saved in the configuration file. Following a reboot all compact flash drives are in their default state.

Default

no shutdown

Parameters

cflash-id

Specifies the compact flash slot ID to be shut down or enabled. If cflash-id is specified, the drive is shut down or enabled. If no cflash-id is specified, the drive referred to by the current working directory is assumed. If a slot number is not specified, then the active CPM is assumed.

Values: cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

Default: the current compact flash device

active: Specifies that all drives on the active CPM are shutdown or enabled.

standby

Specifies that all drives on the standby CPM are shutdown or enabled.

When both active and standby keywords are specified, then all drives on both CPM are shutdown.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>management-interface>remote-management shutdown)

[Tree] (config>system>management-interface>remote-management>manager shutdown)

Full Context

configure system management-interface remote-management shutdown

configure system management-interface remote-management manager shutdown

Description

This command administratively disables remote management.

The no form of this command administratively enables remote management.

Default

shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>alarms shutdown)

Full Context

configure system alarms shutdown

Description

This command enables or disables the Facility Alarm functionality. When enabled, the Facility Alarm sub-system tracks active and cleared facility alarms and controls the Alarm LEDs on the CPMs. When Facility Alarm functionality is enabled, the alarms are viewed using the show system alarms command(s).

Default

no shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>log>accounting-policy shutdown)

[Tree] (config>log>event-trigger>event>trigger-entry shutdown)

[Tree] (config>log>log-id shutdown)

[Tree] (config>log>event-handling>handler shutdown)

[Tree] (config>log>event-handling>handler>action-list>entry shutdown)

[Tree] (config>log>event-trigger>event shutdown)

Full Context

configure log accounting-policy shutdown

configure log event-trigger event trigger-entry shutdown

configure log log-id shutdown

configure log event-handling handler shutdown

configure log event-handling handler action-list entry shutdown

configure log event-trigger event shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

The no form of this command administratively enables an entity.

Default

no shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>netconf>listen shutdown)

Full Context

configure system netconf listen shutdown

Description

This command disables the NETCONF server. The shutdown command is blocked if there are any active NETCONF sessions. Use the admin disconnect command to disconnect all NETCONF sessions before shutting down the NETCONF service.

The no form of this command enables the NETCONF server.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>security>mgmt-access-filter>ipv6-filter shutdown)

[Tree] (config>system>security>keychain>direction>uni>send>entry shutdown)

[Tree] (config>system>security>keychain>direction>uni>receive>entry shutdown)

[Tree] (config>system>security>keychain>direction>bi>entry shutdown)

[Tree] (config>system>security>keychain shutdown)

[Tree] (config>system>security>mgmt-access-filter>ip-filter shutdown)

Full Context

configure system security management-access-filter ipv6-filter shutdown

configure system security keychain direction uni send entry shutdown

configure system security keychain direction uni receive entry shutdown

configure system security keychain direction bi entry shutdown

configure system security keychain shutdown

configure system security management-access-filter ip-filter shutdown

Description

This command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. Many entities must be explicitly enabled using the no shutdown command. The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

The no form of this command puts an entity into the administratively enabled state.

Default

no shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>security>pki>ca-profile shutdown)

Full Context

configure system security pki ca-profile shutdown

Description

Use this command to enable or disable the ca-profile. The system verifies the configured cert-file and crl-file. If the verification fails, then the no shutdown command fails.

The ca-profile in a shutdown state cannot be used in certificate authentication.

Default

shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>security>ssh>key-re-exchange>client shutdown)

[Tree] (config>system>security>ssh>key-re-exchange>server shutdown)

Full Context

configure system security ssh key-re-exchange client shutdown

configure system security ssh key-re-exchange server shutdown

Description

This command stops the key exchange. It sets the minutes and bytes to infinity so there will not be any key exchange during the PDU transmission.

Default

no shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>security>ldap>server shutdown)

[Tree] (config>system>security>ldap shutdown)

Full Context

configure system security ldap server shutdown

configure system security ldap shutdown

Description

In the ldap context, this command enables or disabled LDAP protocol operations.

In the server context, this command enables or disables the LDAP server. To perform no shutdown, an LDAP server address is required. To change the address, the user first needs to shut down the server.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>grpc>gnmi shutdown)

Full Context

configure system grpc gnmi shutdown

Description

This command stops the gNMI service.

The no form of this command starts the gNMI service.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>grpc shutdown)

Full Context

configure system grpc shutdown

Description

This command stops the gRPC server. This closes all of the associated TCP connections and immediately purges all RIB entries that were programmed using the RibApi Service.

The shutdown command is not blocked if there are active gRPC sessions. Shutting down gRPC will terminate all active gRPC sessions.

The no form of this command starts the gRPC server.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>grpc>tcp-keepalive shutdown)

Full Context

configure system grpc tcp-keepalive shutdown

Description

This command stops the TCP keepalives from being sent to all gRPC clients.

The no form of this command restarts the sending of TCP keepalives to all gRPC clients.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>snmp>streaming shutdown)

Full Context

configure system snmp streaming shutdown

Description

This command administratively disables proprietary SNMP request/response bundling and TCP-based transport mechanism for optimizing network management of the router nodes.

The no form of the command administratively re-enables SNMP request/response bundling and TCP-based transport mechanism.

Default

shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>snmp shutdown)

Full Context

configure system snmp shutdown

Description

This command administratively disables SNMP agent operations. System management can then only be performed using the command line interface (CLI). Shutting down SNMP does not remove or change configuration parameters other than the administrative state. This command does not prevent the agent from sending SNMP notifications to any configured SNMP trap destinations. SNMP trap destinations are configured under the config>log>snmp-trap-group context.

This command is automatically invoked in the event of a reboot when the processing of the configuration file fails to complete or when an SNMP persistent index file fails while the bof persist on command is enabled.

The no form of the command administratively enables SNMP which is the default state.

Default

no shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>security>tls>cert-profile shutdown)

Full Context

configure system security tls cert-profile shutdown

Description

This command disables the certificate profile. When the certificate profile is disabled, it will not be sent to the TLS server.

The no form of the command enables the certificate profile and allows it to be sent to the TLS server.

Default

shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>system>security>tls>client-tls-profile shutdown)

[Tree] (config>system>security>tls>server-tls-profile shutdown)

Full Context

configure system security tls client-tls-profile shutdown

configure system security tls server-tls-profile shutdown

Description

This command administratively enables or disables the TLS profile. If the TLS profile is shut down, the TLS operational status will be down. Therefore, if the TLS profile is shut down, any application using TLS should not attempt to send any PDUs.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>bgp>group shutdown)

[Tree] (config>router>bgp>segment-routing shutdown)

[Tree] (config>router>bgp shutdown)

[Tree] (config>router>bgp>group>neighbor shutdown)

Full Context

configure router bgp group shutdown

configure router bgp segment-routing shutdown

configure router bgp shutdown

configure router bgp group neighbor shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

The no form of this command administratively enables an entity.

Unlike other commands and parameters where the default state is not indicated in the configuration file, the shutdown and no shutdown states are always indicated in system generated configuration files.

Default administrative states for services and service entities are described in Special Cases.

The no form of this command places an entity in an administratively enabled state.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>isis>segment-routing shutdown)

[Tree] (config>router>isis>segm-rtng>mapping-server shutdown)

[Tree] (config>router>isis>igp-shortcut shutdown)

[Tree] (config>router>isis>interface shutdown)

[Tree] (config>router>isis shutdown)

Full Context

configure router isis segment-routing shutdown

configure router isis segment-routing mapping-server shutdown

configure router isis igp-shortcut shutdown

configure router isis interface shutdown

configure router isis shutdown

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

The no form of this command administratively enables an entity.

Default

shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>isis>flex-algos shutdown)

Full Context

configure router isis flexible-algorithms shutdown

Description

This command enables IS-IS flexible algorithms. If it is enabled with the no shutdown command the router starts supporting the flexible algorithms IGP LSDB extensions. Flexible algorithm IGP LSDB extensions are by default not enabled.

The no form of this command enables the router to support flexible algorithms.

Default

shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>ospf>flex-algos shutdown)

Full Context

configure router ospf flexible-algorithms shutdown

Description

This command enables OSPFv2 flexible algorithms. If no shutdown is configured, the router enables support for the flexible algorithms IGP LSDB extensions. Flexible algorithm IGP LSDB extensions are disabled by default.

The no form of this command enables the router to support flexible algorithms.

Default

shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>ospf3>area>virtual-link shutdown)

[Tree] (config>router>ospf>igp-shortcut shutdown)

[Tree] (config>router>ospf shutdown)

[Tree] (config>router>ospf>area>virtual-link shutdown)

[Tree] (config>router>ospf3 shutdown)

[Tree] (config>router>ospf3>area>interface shutdown)

[Tree] (config>router>ospf>segm-rtng shutdown)

[Tree] (config>router>ospf>segm-rtng>mapping-server shutdown)

Full Context

configure router ospf3 area virtual-link shutdown

configure router ospf igp-shortcut shutdown

configure router ospf shutdown

configure router ospf area virtual-link shutdown

configure router ospf3 shutdown

configure router ospf3 area interface shutdown

configure router ospf segment-routing shutdown

configure router ospf segment-routing mapping-server shutdown

Description

The shutdown command administratively disables the entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics. The operational state of the entity is disabled as well as the operational state of any entities contained within.

Many objects must be shut down before they may be deleted. Many entities must be explicitly enabled using the no shutdown command.

Unlike other commands and parameters where the default state is not indicated in the configuration file, shutdown and no shutdown are always indicated in system generated configuration files.

The no form of this command puts an entity into the administratively enabled state.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>rip>group>neighbor shutdown)

[Tree] (config>router>rip shutdown)

[Tree] (config>router>ripng>group>neighbor shutdown)

[Tree] (config>router>ripng shutdown)

[Tree] (config>router>ripng>group shutdown)

[Tree] (config>router>rip>group shutdown)

Full Context

configure router rip group neighbor shutdown

configure router rip shutdown

configure router ripng group neighbor shutdown

configure router ripng shutdown

configure router ripng group shutdown

configure router rip group shutdown

Description

This command administratively disables an entity. Downing an entity does not change, reset or remove any configuration settings or statistics. Many objects must be shutdown before they may be deleted.

The shutdown command administratively downs an entity. Administratively downing an entity changes the operational state of the entity to down and the operational state of any entities contained within the administratively down entity.

Unlike other commands and parameters where the default state will not be indicated in the configuration file, shutdown and no shutdown are always indicated in system generated configuration files.

The no form of the command puts an entity into the administratively enabled state.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>segment-routing>maintenance-policy shutdown)

Full Context

configure router segment-routing maintenance-policy shutdown

Description

This command deactivates all segment routing policies and removes the associated entries from the forwarding plane of the router.

The no form of this command enables all segment routing policies so that they can be revalidated and reinstalled as necessary.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>segment-routing>sr-policies shutdown)

Full Context

configure router segment-routing sr-policies shutdown

Description

This command deactivates all segment routing policies and removes the associated entries from the forwarding plane of the router.

It is necessary to execute this shutdown if you want to make a change to the reserved-label-block reference.

The no form of this command enables all segment routing policies so that they can be revalidated and reinstalled as necessary.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (conf>router>segment-routing>sr-policies>policy>seg-list shutdown)

Full Context

configure router segment-routing sr-policies static-policy segment-list shutdown

Description

This command deactivates a segment-list. If this is done on an active policy with more than one segment list, then traffic forwarded by the policy will be diverted to the remaining segment-lists.

The no form of this command enables the segment list so that it can be validated and installed as necessary.

Default

shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (conf>router>segment-routing>sr-policies>policy shutdown)

Full Context

configure router segment-routing sr-policies static-policy shutdown

Description

This command deactivates the associated static policy and causes another policy for the same (color, endpoint) combination to be promoted as the active path, assuming there is another valid policy.

It is necessary to execute this shutdown if you want to make critical configuration changes to the static policy.

The no form of this command enables the static policy so that it can be validated and installed as necessary.

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>port>ethernet>dot1x>per-host-authentication shutdown)

Full Context

configure port ethernet dot1x per-host-authentication shutdown

Description

This command administratively configures per-host authentication on the port.

The no form of this command administratively enables per-host authentication on the port.

Default

no shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>port>ethernet>dot1x shutdown)

Full Context

configure port ethernet dot1x shutdown

Description

This command administratively configures the 802.1x functionality (consisting of packet extraction and processing on the CPM) on the port.

The no form of this command administratively enables the 802.1x functionality on the port.

Default

no shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>bgp>egress-peer-engineering shutdown)

Full Context

configure router bgp egress-peer-engineering shutdown

Description

This command administratively enables or disables BGP-EPE. If enabled, peer node SIDs and peer adjacency SIDs are advertised in BGP-LS.

The no form of this command places the entity into an administratively enabled state and prevents peer node SIDs and peer adjacency SIDs from being advertised in BGP-LS.

Default

no shutdown

Platforms

7705 SAR Gen 2

shutdown

Syntax

[no] shutdown

Context

[Tree] (config>router>bgp>group>egress-engineering shutdown)

Full Context

configure router bgp group egress-engineering shutdown

Description

This command administratively enables or disable egress engineering on a BGP neighbor or group of neighbors.

If this command is enabled along with the egress-peer-engineering command in BGP, SIDs in the form of MPLS labels are allocated for the segments toward the neighbor and to all links (adjacencies). These adjacencies are then advertised in BGP LS.

The no form of this command places the entity into an administratively enabled state.

Default

no shutdown

Platforms

7705 SAR Gen 2