s Commands – Part II

Context

[Tree] (config>router>isis>segm-rtng>adjacency-set sid)

[Tree] (config>router>ospf>segm-rtng>adjacency-set sid)

Full Context

configure router isis segment-routing adjacency-set sid

configure router ospf segment-routing adjacency-set sid

Description

This command allows a static SID value to be assigned to an adjacency set in IS-IS or OSPF segment routing.

The label option specifies the value is assigned to an MPLS label.

The no form of this command removes the adjacency SID.

Parameters

label value

Specifies the value of adjacency SID label.

Values

18432 to 524287 | 1048575 (FP4 only)

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis>segm-rtng>mapping-server sid-map)

Full Context

configure router isis segment-routing mapping-server sid-map

Description

This command configures the Segment Routing mapping server database in IS-IS.

The user enters the node SID index for one or a range of prefixes by specifying the first index value and optionally a range value can be entered. The default value for the range option is 1. Only the first prefix in a consecutive range of prefixes must be entered. The user can enter the first prefix with a mask lower than 32 and the SID or label binding TLV is advertised, but the routers will not resolve these prefix SIDs and will generate a trap.

By setting the S-flag, the user can indicate to the IS-IS routers in the rest of the network that the flooding scope of the SID or label binding TLV is the entire domain. In that case, a router receiving the TLV advertisement should leak it between ISIS levels. If leaked from level 2 to level 1, the D-flag must be set and once set the TLV cannot be leaked back into level 2. Otherwise, the S-flag is clear by default and the TLV must not be leaked by routers that receive the mapping server advertisement.

Note that the SR OS does not leak this TLV between IS-IS instances and does not support the multi-topology SID/Label Binding TLV format.

In addition, the user can specify the mapping server own flooding scope for the generated SID or label binding TLV using the level option. This option allows the user to narrow the flooding scope configured under the router IS-IS level-capability for a one or more SID or label binding TLVs if required. The default flooding scope of the mapping server is Layer 1 or Layer 2, which can be narrowed by the value configured under the router IS-IS level-capability.

The A-flag and M-flag are not supported by the mapping server feature. The mapping client ignores the flags.

Each time a prefix or a range of prefixes is configured in the SR mapping database in any routing instance, the router issues for this prefix or range of prefixes, a prefix-SID sub-TLV within a ISIS SID or label binding TLV in that instance. The flooding scope of the TLV from the mapping server is determined as explained above. No further check of the reachability of that prefix in the mapping server route table is performed. Additionally, no check is performed if the SID index is a duplicate of an existing prefix in the local IGP instance database or if the SID index is out of range with the local SRGB.

The no form of this command deletes the range of node SIDs beginning with the specified index value.

Parameters

index

Specifies the node SID index for the IS-IS prefix that is advertised in a SID/Label Binding TLV.

Values

0 to 4294967295

value

Specifies the node SID range for the IS-IS prefix that is advertised in a SID/Label Binding TLV.

Values

0 to 65535

ip-address/mask

Specifies the IP address and mask.

Values

ip-address: a.b.c.d. (host bits must be 0)

mask: 0 to 32

ip-address netmask

Specifies the IP address netmask.

Values

a.b.c.d. (network bits all 1 and host bits all 0)

set-flags

Specifies the flooding scope of the SID/Label binding TLV.

Default

S-flag clear

The TLV is not leaked by routers receiving the mapping server advertisement

level {1 | 2| 1/2}

Configures the mapping server own flooding scope for the generated SID/Label binding TLV.

Default

1/2

clear-n-flag

Specifies whether the node-sid flag (N-flag) should be cleared in a SID Label Binding TLV.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ospf>segm-rtng>mapping-server sid-map)

Full Context

configure router ospf segment-routing mapping-server sid-map

Description

This command configures the Segment Routing mapping server database in OSPF.

The user enters the node SID index for one or a range of prefixes by specifying the first index value and optionally a range value. The default value for the range option is 1. Only the first prefix in a consecutive range of prefixes must be entered. If the user enters the first prefix with a mask lower than 32, the OSPF Extended Prefix Range TLV is advertised but a router which receives it will not resolve SID and instead originates a trap.

The user specifies the mapping server own flooding scope for the generated OSPF Extended Prefix Range TLV using the scope option. There is no default value. If the scope is a specific area, then the TLV is flooded only in that area.

An ABR that propagates an intra-area OSPF Extended Prefix Range TLV flooded by the mapping server in that area into other areas, sets the inter-area flag (IA-flag). The ABR also propagates the TLV if received with the inter-area flag set from other ABR nodes but only from the backbone to leaf areas and not vice-versa. However, if the exact same TLV is advertised as an intra-area TLV in a leaf area, the ABR will not flood the inter-area TLV into that leaf area.

Each time a prefix or a range of prefixes is configured in the SR mapping database in any routing instance, the router issues for this prefix, or range of prefixes, a prefix-SID sub-TLV within a OSPF Extended Prefix Range TLV in that instance. The flooding scope of the TLV from the mapping server is determined as previously explained. No further check of the reachability of that prefix in the mapping server route table is performed and no check if the SID index is duplicate with some existing prefix in the local IGP instance database or if the SID index is out of range with the local SRGB.

The no form of this command deletes the range of node SIDs beginning with the specified index value.

Default

no prefix-sid-range

Parameters

index index-value

Specifies the index.

Values

0 to 4294967295

range range-value

Specifies the range.

Values

1 to 65535

prefix ip-address/mask

Specifies the IP address in dotted decimal notation.

Values

ip-address/mask:

• ip-address a.b.c.d (host bits must be 0)

mask: 0 to 132

netmask

Specifies the netmask.

Values

netmask — a.b.c.d (network bits all 1 and host bits all 0)

area area-id

Configures the mapping server own flooding scope for the generated OSPF Extended Prefix Range TLV.

Values

ip-address | 0 to 4294967295

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis>interface sid-protection)

Full Context

configure router isis interface sid-protection

Description

This command enables or disables adjacency SID protection by LFA and remote LFA.

While LFA and remote LFA Fast-Reroute (FRR) protection is enabled for all node SIDs and local adjacency SIDs when the user enables the loopfree-alternates option in IS-IS or OSPF at the LER and LSR, there are applications where the user wants traffic to never divert from the strict hop computed by CSPF for a SR-TE LSP. In that case, the user can disable protection for all adjacency SIDs formed over a given network IP interface using this command.

The protection state of an adjacency SID is advertised in the B-FLAG of the IS-IS or OSPF Adjacency SID sub-TLV.

Default

sid-protection

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ospf>area>interface sid-protection)

Full Context

configure router ospf area interface sid-protection

Description

This command enables or disables adjacency SID protection by LFA and remote LFA.

LFA and remote LFA Fast-Reroute (FRR) protection is enabled for all node SIDs and local adjacency SIDs when the user enables the loopfree-alternate option in IS-IS or OSPF at the LER and LSR. However, may be applications where the user never wants traffic to divert from the strict hop computed by CSPF for an SR-TE LSP. In this case, the user can disable protection for all adjacency SIDs formed over a particular network IP interface using this command.

The protection state of an adjacency SID is advertised in the B-FLAG of the IS-IS or OSPF Adjacency SID sub-TLV.

Default

sid-protection

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe>spoke-sdp-fec signaling)

Full Context

configure service epipe spoke-sdp-fec signaling

Description

This command enables a user to configure this router as the active or passive T-PE for signaling this MS-PW, or to automatically select whether this T-PE is active or passive based on the prefix. In an active role, this endpoint initiates MS-PW signaling without waiting for a T-LDP label mapping message to arrive from the far end T-PE. In a passive role, it will wait for the initial label mapping message from the far end before sending a label mapping for this end of the PW. In auto mode, if the SAII has the greater prefix value, then the router will initiate MS-PW signaling without waiting for a label mapping message from the far end. However, if the TAII has the greater value prefix, then the router will assume that the far end T-PE will initiate MS-PW signaling and will wait for that label mapping message before responding with a T-LDP label mapping message for the MS-PW in the reverse direction.

The no form of this command means that the router T-PE automatically selects the which router will initiate MS-PW signaling based on the prefix values configured in the SAII and TAII of the spoke SDP, as previously described.

Default

signaling auto

Parameters

signaling

Configures this router as the active T-PE for signaling this MS-PW.

Values

auto, master

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>sdp signaling)

Full Context

configure service sdp signaling

Description

This command specifies the signaling protocol used to obtain the ingress and egress pseudowire labels in frames transmitted and received on the SDP. When signaling is off then labels are manually configured when the SDP is bound to a service. The signaling value can only be changed while the administrative status of the SDP is down. Additionally, the signaling can only be changed on an SDP if that SDP is not in use by BGP-AD or BGP-VPLS. BGP signaling can only be enabled if that SDP does not already have pseudowires signaled over it.

The no form of this command is not applicable. To modify the signaling configuration, the SDP must be administratively shut down and then the signaling parameter can be modified and re-enabled.

Default

signaling tldp

Parameters

off

Ingress and egress signal auto-labeling is not enabled. If this parameter is selected, then each service using the specified SDP must manually configure VPN labels. This configuration is independent of the SDP’s transport type, GRE, MPLS (RSVP or LDP).

tldp

Ingress and egress pseudowire signaling using T-LDP is enabled. Default value used when BGP AD automatically instantiates the SDP.

bgp

Ingress and egress pseudowire signaling using BGP is enabled. Default value used when BGP VPLS automatically instantiates the SDP.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>tls>client-tls-profile signature-list)

Full Context

configure system security tls client-tls-profile signature-list

Description

This command assigns an existing TLS 1.3 signature list to the TLS client profile.

The no form of this command removes the signature list from the client profile.

Default

no signature-list

Parameters

name

Specifies the name of the signature list, up to 32 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>tls>server-tls-profile signature-list)

Full Context

configure system security tls server-tls-profile signature-list

Description

This command assigns an existing TLS 1.3 signature list to the TLS server profile.

The no form of this command removes the signature list from the server profile.

Default

no signature-list

Parameters

name

Specifies the name of the signature list, up to 32 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr significant-change)

Full Context

configure log accounting-policy custom-record significant-change

Description

This command configures the significant change required to generate the record. The custom record is only generated when the change in the reference counters equals or exceeds the configured (non-zero) significant change value. Only the reference counters for which there are corresponding counters configured under the related queues and policers are used for the significant change comparison. For reference queues and policers, the change applies to the sum of all configured reference queue and policer counters. When no reference counters are configured or significant-change is zero, the significant change reporting is not active.

Default

significant-change 0

Parameters

delta

Specifies the delta change (significant change) that is required for the custom record to be written to the XML file.

Values

0 to 4294967295 (For custom-record-aa-sub only values 0 or 1 are supported.)

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn single-sfm-overload)

Full Context

configure service vprn single-sfm-overload

Description

This command configures OSPF, OSPFv3 and IS-IS to set overload when the router has fewer than the full set of SFMs functioning, which reduces forwarding capacity. Setting overload enables a router to still participate in exchanging routing information, but routes all traffic away from it.

The no form of this command configures the router to not set overload if an SFM fails.

Default

no single-sfm-overload

Parameters

holdoff-time

Specifies the delay between detecting SFM failures and setting overload.

Values

1 to 600 seconds

Default

0 seconds

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router single-sfm-overload)

Full Context

configure router single-sfm-overload

Description

This command configures OSPF, OSPFv3 and IS-IS to set overload when the router has fewer than the full set of SFMs functioning, which reduces forwarding capacity. Setting overload enables a router to still participate in exchanging routing information, but routes all traffic away from it.

The no form of this command configures the router to not set overload if an SFM fails.

Default

no single-sfm-overload

Parameters

holdoff-time

Specifies the delay between detecting SFM failures and setting overload.

Values

1 to 600 seconds

Default

0 seconds

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls site)

Full Context

configure service vpls site

Description

This command configures a VPLS site.

The no form of this command removes the name from the configuration.

Parameters

name

Specifies a site name up to 32 characters in length.

create

This keyword is mandatory while creating a VPLS site.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe site)

Full Context

configure service epipe site

Description

This command configures a Epipe site.

The no form of this command removes the name from the configuration.

Parameters

name

Specifies a site name up to 32 characters in length.

create

This keyword is mandatory while creating a Epipe service.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>redundancy>bgp-multi-homing site-activation-timer)

Full Context

configure redundancy bgp-multi-homing site-activation-timer

Description

This command defines the amount of time the service manager will keep the local sites in standby status, waiting for BGP updates from remote PEs before running the DF election algorithm to decide whether the site should be unblocked. The timer is started when one of the following event occurs only if the site is operationally up:

• Manual site activation using "no shutdown” at site-id level or at member object(s) level (for example, SAP(s) or PW(s)

• Site activation after a failure

The no form of this command sets the value to 2.

Default

no site-activation-timer

Parameters

seconds

Specifies the timer, in seconds.

Values

1 to 100

Platforms

7705 SAR Gen 2

Context

[Tree] (config>redundancy>bgp-multi-homing site-activation-timer)

Full Context

configure redundancy bgp-multi-homing site-activation-timer

Description

This command defines the amount of time the service manager will keep the local sites in standby status, waiting for BGP updates from remote PEs before running the DF election algorithm to decide whether the site should be unblocked. The timer is started when one of the following events occurs if the site is operationally up:

• Manual site activation using the no shutdown command at site-id level or at member object(s) level (SAP(s) or PW(s))

• Site activation after a failure

Default

no site-activation-timer

Parameters

seconds

Specifies the standby status in seconds.

Values

0 to 100

Default

2

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>site site-activation-timer)

Full Context

configure service vpls site site-activation-timer

Description

This command configures the time-period the system keeps the local sites in standby status, waiting for BGP updates from remote PEs before running the DF (designated-forwarder) election algorithm to decide whether the site should be unblocked. This timer if terminated if an update is received for which the remote PE has transitioned from DF to non-DF.

The no form of this command removes the value from the configuration.

Default

site-activation-timer 2

Parameters

seconds

Specifies the site activation timer in seconds.

Values

0 to 100

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe>site site-activation-timer)

Full Context

configure service epipe site site-activation-timer

Description

This command configures the time-period the system keeps the local sites in standby status, waiting for BGP updates from remote PEs before running the DF (designated-forwarder) election algorithm to decide whether the site should be unblocked. This timer is terminated if an update is received for which the remote PE has transitioned from DF to non-DF.

The no form of this command removes the value from the configuration.

Default

site-activation-timer 2

Parameters

seconds

Specifies the site activation timer in seconds.

Values

0 to 100

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>site site-id)

Full Context

configure service vpls site site-id

Description

This command configures the identifier for the site in this service.

Parameters

value

Specifies the site identifier.

Values

1 to 65535

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe>site site-id)

Full Context

configure service epipe site site-id

Description

This command configures the identifier for the site in this service. It must match between services but it is local to the service.

Parameters

value

Specifies the site identifier.

Values

1 to 65535

Platforms

7705 SAR Gen 2

Context

[Tree] (config>redundancy>bgp-multi-homing site-min-down-timer)

Full Context

configure redundancy bgp-multi-homing site-min-down-timer

Description

This command configures the BGP multi-homing site minimum down time. When this value is set and the site goes operationally down, it remains operationally down for at least the length of time configured by this timer, regardless of whether other state changes might cause the site to go operationally up. This timer is restarted every time the site transitions from operationally up to down.

This timer is optimized in the following circumstances:

• If the site goes down on the DF but there are no BGP multi-homing peers with the same site in an up state, this timer is not used.

• If the site goes down on the DF but there are no active BGP multi-homing peers, this timer is not used.

• If this timer is active and a BGP multihoming update is received from the DF indicating its site is down, this timer is immediately terminated and the BGP multihoming algorithm is triggered to determine whether this PE should become the DF.

The no form of this command removes the value from the configuration.

Default

no site-min-down-timer

Parameters

seconds

Specifies the time, in seconds, that a BGP multi-homing site remains operationally down after a transition from up to down.

Values

1 to 100

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>site site-min-down-timer)

Full Context

configure service vpls site site-min-down-timer

Description

This command configures the BGP multi-homing site minimum down time. When set to a non-zero value, if the site goes operationally down it will remain operationally down for at least the length of time configured for the site-min-down-timer, regardless of whether other state changes would have caused it to go operationally up. This timer is restarted every time that the site transitions from up to down. Setting this parameter to zero allows the minimum down timer to be disabled for this service.

The above operation is optimized in the following circumstances:

• If the site goes down on the designated forwarder but there are no BGP multi-homing peers with the same site in an operationally up state, then the site-min-down-timer is not started and is not used.

• If the site goes down on the designated forwarder but there are no active BGP multi-homing peers, then the site-min-down-timer is not started and is not used.

• If the site-min-down-timer is active and a BGP multi-homing update is received from the designated forwarder indicating its site has gone down, the site-min-down-timer is immediately terminated and this PE becomes the designated forwarder if the BGP multi-homing algorithm determines it should be the designated forwarder.

The no form of this command reverts to the default value.

Default

Taken from the value of site-min-down-timer configured for Multi-Chassis BGP multi-homing under the config>redundancy>bgp-multi-homing context.

Parameters

min-down-time

Specifies the time, in seconds, that a BGP multi-homing site remains operationally down after a transition from up to down.

Values

0 to 100 seconds

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe>site site-min-down-timer)

Full Context

configure service epipe site site-min-down-timer

Description

This command configures the BGP multi-homing site minimum down time. When set to a non-zero value, if the site goes operationally down it will remain operationally down for at least the length of time configured for the site-min-down-timer, regardless of whether other state changes would have caused it to go operationally up. This timer is restarted every time that the site transitions from up to down. Setting this parameter to zero allows the minimum down timer to be disabled for this service.

The preceding operation is optimized in the following circumstances:

• If the site goes down on the designated forwarder but there are no BGP multi-homing peers with the same site in an operationally up state, then the site-min-down-timer is not started and is not used.

• If the site goes down on the designated forwarder but there are no active BGP multi-homing peers, then the site-min-down-timer is not started and is not used.

• If the site-min-down-timer is active and a BGP multi-homing update is received from the designated forwarder indicating its site has gone down, the site-min-down-timer is immediately terminated and this PE becomes the designated forwarder if the BGP multi-homing algorithm determines it should be the designated forwarder.

The no form of this command reverts to default value.

Default

Taken from the value of site-min-down-timer configured for Multi-Chassis BGP multi-homing under the config>redundancy>bgp-multi-homing context.

Parameters

min-down-time

Specifies the time, in seconds, that a BGP multi-homing site remains operationally down after a transition from up to down.

Values

0 to 100

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe>site site-preference)

Full Context

configure service epipe site site-preference

Description

This command defines the value to advertise in the VPLS preference field of the BGP VPWS and BGP Multi-homing NLRI extended community. This value can be changed without having to shutdown the site itself. The site-preference is only applicable to VPWS services.

When not configured, the default is zero, indicating that the VPLS preference is not in use.

Default

no site-preference, value=0

Parameters

preference-value

Specifies the preference value to advertise in the NLRI L2 extended community for this site.

Values

1 to 65535

primary

Sets the site-preference to 65535.

backup

Sets the site-preference to 1.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>saa>test>type-multi-line>lsp-ping size)

[Tree] (config>saa>test>type-multi-line>lsp-ping>sr-policy size)

Full Context

configure saa test type-multi-line lsp-ping size

configure saa test type-multi-line lsp-ping sr-policy size

Description

This command configures the MPLS echo request packet size.

The no form of this command reverts to the default value.

Default

size 1

Parameters

octets

Specifies the size in octets. The request payload is padded with zeros to the specified size.

Values

1 to 9786

Default

1

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>management-interface>cli>md-cli>environment>history size)

Full Context

configure system management-interface cli md-cli environment history size

Description

This command configures the maximum size of the command history.

Parameters

number

Specifies the maximum size of the command history. A value of 0 disables the command history.

Values

0 to 1000

Platforms

7705 SAR Gen 2

Context

[Tree] (sleep)

Full Context

sleep

Description

This command causes the console session to pause operation (sleep) for 1 second (default) or for the specified number of seconds.

Default

sleep 1

Parameters

seconds

Specifies the number of seconds for the console session to sleep, expressed as a decimal integer.

Values

1 to 100

Default

1

Platforms

7705 SAR Gen 2

Context

[Tree] (config>mirror>mirror-dest slice-size)

Full Context

configure mirror mirror-dest slice-size

Description

This command enables mirrored frame truncation and specifies the maximum size, in bytes, of a mirrored frame that can be transmitted to the mirror destination.

This command enables mirroring larger frames than the destination packet decode equipment can handle. It also allows conservation of mirroring resources by limiting the size of the packet stream through the router and the core network.

When defined, the mirror slice-size creates a threshold that truncates a mirrored frame to a specific size. For example, if the value of 256 bytes is defined, a frame larger than 256 bytes will only have the first 256 bytes transmitted to the mirror destination. The original frame is not affected by the truncation. The mirrored frame size may increase if encapsulation information is added during transmission through the network core or out the mirror destination SAP to the packet/protocol decode equipment.

The actual capability of the router to transmit a sliced or non-sliced frame is also dictated by the mirror destination SDP path-mtu or the mirror destination SAP physical MTU. Packets that require a larger MTU than the mirroring destination supports are discarded if the defined slice-size does not truncate the packet to an acceptable size.

Notes:

• When configuring IP mirroring, packet slice is rejected as an incorrect option as it will cause IP packets to be rejected by the next hop with an IP header verification error.

• Slice-size is not supported by CEM encap-types or IP-mirroring.

The no form of this command disables mirrored packet truncation.

Parameters

slice-size

Specifies the number of bytes to which mirrored frames are truncated, expressed as a decimal integer.

Values

128 to 9216

Platforms

7705 SAR Gen 2

Context

[Tree] (config>qos>sap-ingress>mac-criteria>entry>match snap-oui)

Full Context

configure qos sap-ingress mac-criteria entry match snap-oui

Description

Configures an IEEE 802.3 LLC SNAP Ethernet frame OUI zero or non-zero value to be used as a service ingress QoS policy match criterion.

The no form of this command removes the criterion from the match criteria.

Default

no snap-oui

Parameters

zero

Specifies to match packets with the 3-byte OUI field in the SNAP-ID set to zero.

non-zero

Specifies to match packets with the 3-byte OUI field in the SNAP-ID not set to zero.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>mgmt-access-filter>mac-filter>entry>match snap-oui)

Full Context

configure system security management-access-filter mac-filter entry match snap-oui

Description

This command configures an IEEE 802.3 LLC SNAP Ethernet Frame OUI zero or non-zero value to be used as a MAC filter match criterion.

The no form of this command removes the criterion from the match criteria.

Default

no snap-oui

Parameters

zero

Specifies to match packets with the three-byte OUI field in the SNAP-ID set to zero.

non-zero

Specifies to match packets with the three-byte OUI field in the SNAP-ID not set to zero.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>qos>sap-ingress>mac-criteria>entry>match snap-pid)

Full Context

configure qos sap-ingress mac-criteria entry match snap-pid

Description

Configures an IEEE 802.3 LLC SNAP Ethernet frame PID value to be used as a service ingress QoS policy match criterion.

This is a 2-byte protocol id that is part of the IEEE 802.3 LLC SNAP Ethernet Frame that follows the 3-byte OUI field.

The snap-pid field, etype field, ssap, and dsap fields are mutually exclusive and cannot be part of the same match criteria.

The snap-pid match criteria is independent of the OUI field within the SNAP header. Two packets with different 3-byte OUI fields, but the same PID field, will both match the same policy entry based on a snap-pid match criteria.

The no form of this command removes the snap-pid value as the match criteria.

Default

no snap-pid

Parameters

snap-pid

The 2-byte snap-pid value to be used as a match criterion in hexadecimal.

Values

0x0000 to 0xFFFF

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>mgmt-access-filter>mac-filter>entry>match snap-pid)

Full Context

configure system security management-access-filter mac-filter entry match snap-pid

Description

This command configures an IEEE 802.3 LLC SNAP Ethernet Frame PID value to be used as a MAC filter match criterion.

This is a two-byte protocol id that is part of the IEEE 802.3 LLC SNAP Ethernet Frame that follows the three-byte OUI field.

The snap-pid field, etype field, ssap and dsap fields are mutually exclusive and may not be part of the same match criteria. Refer to the 7705 SAR Gen 2 Router Configuration Guide for information about MAC Match Criteria Exclusivity Rules fields that are exclusive based on the frame format.

The no form of this command removes the snap-pid value as the match criteria.

Default

no snap-pid

Parameters

pid-value

Specifies the two-byte snap-pid value to be used as a match criterion in hexadecimal.

Values

0x0000 to 0xFFFF

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn snmp)

Full Context

configure service vprn snmp

Description

Commands in this context configure SNMP parameters for this VPRN.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>user snmp)

Full Context

configure system security user snmp

Description

This command creates the context to configure SNMP group membership for a specific user and defines encryption and authentication parameters.

All SNMPv3 users must be configured with the commands available in this CLI node.

The OS always uses the configured SNMPv3 user name as the security user name.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system snmp)

[Tree] (config>system>security snmp)

Full Context

configure system snmp

configure system security snmp

Description

This command creates the context to configure SNMPv1, SNMPv2, and SNMPv3 parameters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>log snmp-trap-group)

Full Context

configure service vprn log snmp-trap-group

Description

This command creates the context to configure a group of SNMP trap receivers and their operational parameters for a specific log-id.

A group specifies the types of SNMP traps and specifies the log ID that will receive the group of SNMP traps. The user must configure a trap group before SNMP traps can be sent.

To suppress the generation of all alarms and traps, see the event-control command. To suppress alarms and traps that are sent to this log-id, see the filter command. After alarms and traps are generated, they can be directed to one or more SNMP trap groups. Log events that can be forwarded as SNMP traps are always defined on the main event source.

The no form of this command deletes the SNMP trap group.

Parameters

log-id | log-name

Specifies the log ID or name (up to 32 characters).

Values

log-id: 1 to 100

name log-name

Specifies an optional log name of a log configured in the log-id context, up to 32 characters, that can be used to refer to the log after it is created. Alarms and traps cannot be sent to the trap receivers until a valid log-id exists.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log snmp-trap-group)

Full Context

configure log snmp-trap-group

Description

This command creates the context to configure a group of SNMP trap receivers and their operational parameters for a specified log-id.

A group specifies the types of SNMP traps and the log ID which that will receive the SNMP trap group. The user must configure a trap to send SNMP traps.

To suppress the generation of all alarms and traps, see the event-control command. To suppress alarms and traps that are sent to this log ID, see the filter command. When alarms and traps are generated, they can be directed to one or more SNMP trap groups. Log events that can be forwarded as SNMP traps are always defined at the main event source.

The no form of this command deletes the SNMP trap group.

Parameters

log-id | log-name

Specifies the log ID or log name (up to 32 characters).

Values

log-id: 1 to 100

name log-name

Specifies an optional log name of a log configured in the log-id context, up to 32 characters, that can be used to refer to the log after it is created. Alarms and traps cannot be sent to the trap receivers until a valid log-id exists.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>sap>dhcp snoop)

[Tree] (config>service>vpls>spoke-sdp>dhcp snoop)

[Tree] (config>service>vpls>mesh-sdp>dhcp snoop)

Full Context

configure service vpls sap dhcp snoop

configure service vpls spoke-sdp dhcp snoop

configure service vpls mesh-sdp dhcp snoop

Description

This command enables snooping of DHCP or DHCP6 messages on the SAP or SDP. Enabling DHCP or DHCP6 snooping on interfaces (SAPs and SDP bindings) is required where DHCP or DHCP6 messages important to lease state table population are received, or where Option 82 information is to be inserted. This includes interfaces that are in the path to receive messages from either DHCP or DHCP6 servers or from subscribers.

The no form of this command disables DHCP or DHCP6 snooping on the specified SAP or SDP binding.

Default

no snoop

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>time sntp)

Full Context

configure system time sntp

Description

This command creates the context to edit the Simple Network Time Protocol (SNTP).

SNTP can be configured in either broadcast or unicast client mode. SNTP is a compact, client-only version of the NTP. SNTP can only receive the time from SNTP/NTP servers. It cannot be used to provide time services to other systems.

The system clock is automatically adjusted at system initialization time or when the protocol first starts up.

When the time differential between the SNTP/NTP server and the system is more than 2.5 seconds, the time on the system is gradually adjusted.

SNTP is created in an administratively enabled state (no shutdown).

The no form of the command removes the SNTP instance and configuration. SNTP does not need to be administratively disabled when removing the SNTP instance and configuration.

Default

sntp

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>bgp socket)

Full Context

debug router bgp socket

Description

This command logs all TCP socket events to the debug log.

The no form of this command disables debugging.

Parameters

neighbor ip-address

Debugs only events affecting the specified BGP neighbor.

Values

ipv4-address:

• a.b.c.d (host bits must be 0)

ipv6-address:

• x:x:x:x:x:x:x:x [-interface] (eight 16-bit pieces)

• x:x:x:x:x:x:d.d.d.d [-interface]

• x: [0 to FFFF]H

• d: [0 to 255]D

• interface: up to 32 characters for link local addresses

group name

Debugs only events affecting the specified peer group name, up to 64 characters, and associated neighbors.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>dhcp6>server>lease-hold-time-for solicited-release)

[Tree] (config>router>dhcp>server>lease-hold-time-for solicited-release)

[Tree] (config>service>vprn>dhcp6>server>lease-hold-time-for solicited-release)

[Tree] (config>service>vprn>dhcp>server>lease-hold-time-for solicited-release)

Full Context

configure router dhcp6 local-dhcp-server lease-hold-time-for solicited-release

configure router dhcp local-dhcp-server lease-hold-time-for solicited-release

configure service vprn dhcp6 local-dhcp-server lease-hold-time-for solicited-release

configure service vprn dhcp local-dhcp-server lease-hold-time-for solicited-release

Description

This command enables the server to hold up a lease even in case of solicited release; for example, when the server receives a normal DHCP release message.

The no form of this command disables the ability of the server to hold up a lease when a solicited release is received.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>mesh-sdp>mld-snooping>static>group source)

[Tree] (config>service>vpls>spoke-sdp>mld-snooping>static>group source)

[Tree] (config>service>vpls>sap>igmp-snooping>static>group source)

[Tree] (config>service>vpls>spoke-sdp>igmp-snooping>static>group source)

[Tree] (config>service>vpls>mesh-sdp>igmp-snooping>static>group source)

[Tree] (config>service>vpls>sap>mld-snooping>static>group source)

Full Context

configure service vpls mesh-sdp mld-snooping static group source

configure service vpls spoke-sdp mld-snooping static group source

configure service vpls sap igmp-snooping static group source

configure service vpls spoke-sdp igmp-snooping static group source

configure service vpls mesh-sdp igmp-snooping static group source

configure service vpls sap mld-snooping static group source

Description

This command specifies a IPv4 or IPv6 unicast address that sends data on an interface. This enables a multicast receiver host to signal a router the group to receive multicast traffic from, and from the sources that the traffic is expected.

The source command is mutually exclusive with the specification of individual sources for the same group.

The source command in combination with the group is used to create a specific (S,G) static group entry.

Static (s,g) entries cannot be entered when a starg is already created.

Use the no form of this command to remove the source from the configuration.

Parameters

ip-address

Specifies the IPv4 unicast address

src-ipv6-address

Specifies the IPv6 unicast address.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if>sap>ip-tunnel source)

[Tree] (config>service>vprn>if>sap>ip-tunnel source)

Full Context

configure service ies interface sap ip-tunnel source

configure service vprn interface sap ip-tunnel source

Description

This command configures the source IPv4 or IPv6 address to use for an IP tunnel. This configuration applies to the outer IP header of the encapsulated packets. The IPv4 or IPv6 address must belong to the one of the IP subnets associated with the public SAP interface of the tunnel-group. The source address, remote-ip address and backup-remote-ip address of a tunnel must all belong to the same address family (IPv4 or IPv6). When the source address contains an IPv6 address it must be a global unicast address.

The no form of this command deletes the source address from the tunnel configuration. The tunnel must be administratively shutdown before issuing the no source command.

Default

no source

Parameters

Ip-address

Specifies an IPv4 address or an IPv6 address.

Values

ipv4-address	a.b.c.d
ipv6-address		x:x:x:x:x:x:x:x (eight 16-bit pieces)
		x:x:x:x:x:x:d.d.d.d
	x	[0..FFFF]H
	d	[0..255]D

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>igmp>ssm-translate>grp-range source)

Full Context

configure service vprn igmp ssm-translate grp-range source

Description

This command specifies the source IP address for the group range. Whenever a (*,G) report is received in the range specified by grp-range start and end parameters, it is translated to an (S,G) report with the value of this object as the source address.

Parameters

ip-address

Specifies the IP address that will be sending data.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>igmp>if>static>group source)

Full Context

configure service vprn igmp interface static group source

Description

This command specifies an IPv4 unicast address that sends data on an interface. This enables a multicast receiver host to signal a router the group is to receive multicast traffic from, and from the sources that the traffic is expected.

The source command is mutually exclusive with the specification of individual sources for the same group.

The source command in combination with the group is used to create a specific (S,G) static group entry.

Use the no form of this command to remove the source from the configuration.

Parameters

ip-address

Specifies the IPv4 unicast address.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>mld>if>static>group source)

Full Context

configure service vprn mld interface static group source

Description

This command specifies an IPv6 unicast address that sends data on an interface. This enables a multicast receiver host to signal a router the group to receive multicast traffic from, and from the sources that the traffic is expected.

The source command is mutually exclusive with the specification of individual sources for the same group.

The source command, in combination with the group, is used to create a specific (S,G) static group entry.

The no form of this command removes the source from the configuration.

Parameters

src-ipv6-address

Specifies the IPv6 unicast address.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>mld>ssm-translate>grp-range source)

Full Context

configure service vprn mld ssm-translate grp-range source

Description

This command specifies the source IP address for the group range. Whenever a (*,G) report is received in the range specified by grp-range start and end parameters, it is translated to an (S,G) report with the value of this object as the source address.

Parameters

ip-address

Specifies the IP address that will be sending data.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>igmp>if>ssm-translate>grp-range source)

[Tree] (config>router>igmp>ssm-translate>grp-range source)

Full Context

configure router igmp interface ssm-translate grp-range source

configure router igmp ssm-translate grp-range source

Description

This command specifies the source IP address for the group range. Whenever a (*,G) report is received in the range specified by grp-range start and end parameters, it is translated to an (S,G) report with the value of this object as the source address.

Parameters

ip-address

Specifies the IP address that will be sending data.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>igmp>if>static>group source)

Full Context

configure router igmp interface static group source

Description

This command specifies a IPv4 unicast address that sends data on an interface. This enables a multicast receiver host to signal a router the group to receive multicast traffic from, and from the source(s) that the traffic is expected.

The source command is mutually exclusive with the specification of individual sources for the same group.

The source command in combination with the group is used to create a specific (S,G) static group entry.

The no form of the command removes the source from the configuration.

Parameters

ip-address

Specifies the IPv4 unicast address.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mld>if>static>group source)

Full Context

configure router mld interface static group source

Description

This command specifies an IPv6 unicast address that sends data on an interface. This enables a multicast receiver host to signal a router the group to receive multicast traffic from, and from the source(s) that the traffic is expected.

The source command is mutually exclusive with the specification of individual sources for the same group.

The source command, in combination with the group, is used to create a specific (S,G) static group entry.

The no form of this command removes the source from the configuration.

Parameters

src-ipv6-address

Specifies the IPv6 unicast address.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mld>if>ssm-translate>grp-range source)

[Tree] (config>router>mld>ssm-translate>grp-range source)

Full Context

configure router mld interface ssm-translate grp-range source

configure router mld ssm-translate grp-range source

Description

This command specifies the source IP address for the group range. Whenever a (*,G) report is received in the range specified by grp-range start and end parameters, it is translated to an (S,G) report with the value of this object as the source address.

The no form of this command removes the IPv6 address form the group range configuration.

Parameters

ipv6-address

Specifies the IPv6 address that will be sending data.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>oam-pm>session>ip source)

Full Context

configure oam-pm session ip source

Description

This command defines the source IP address that the session controller (launch point) uses for the test. The source address must be a local resident IP address in the context; otherwise, the response packets are processed by the TWAMP Light application. Only source addresses configured as part of TWAMP tests can process the reflected TWAMP packets from the session reflector.

The no form of this command removes the source address parameters.

Parameters

source

Indicates the launch point.

ip-address

Specifies the source IP address that the session controller (launch point) uses for the test.

Values

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x:	[0 to FFFF]H
	d:	[0 to 255]D

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>if>ipv6>dhcp6-relay source-address)

[Tree] (config>service>ies>if>ipv6>dhcp6-relay source-address)

Full Context

configure service vprn interface ipv6 dhcp6-relay source-address

configure service ies interface ipv6 dhcp6-relay source-address

Description

This command configures the source IPv6 address of the DHCPv6 relay messages.

The no form of this command reverts to the default.

Parameters

ipv6-address

Specifies the source IPv6 address of the DHCPv6 relay messages.

Values

ipv6-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x: [0 to FFFF]H
	d: [0 to 255]D

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>management-interface>remote-management source-address)

Full Context

configure system management-interface remote-management source-address

Description

This command configures the address local to this device that NISH uses to connect to this node.

If this command is also configured for a specific manager in the config>system> management-interface>remote-management>manager context, that configuration takes precedence.

The no form of this command causes the system to select the source address based on the selected routing instance of the manager.

Parameters

ip-address

Specifies the IP address that NISH managers use to connect to the node.

Values

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x - [0 to FFFF]H
	d - [0 to 255]D

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>management-interface>remote-management>manager source-address)

Full Context

configure system management-interface remote-management manager source-address

Description

This command configures the address local to this device that this NISH manager uses to connect to this node.

This command takes precedence over the command configured in the global context (config>system>management-interface>remote-management).

The no form of this command causes the source address to be inherited from the global context (config>system>management-interface>remote-management).

Parameters

ip-address

Specifies the IP address that NISH managers use to connect to the node.

Values

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x - [0 to FFFF]H
	d - [0 to 255]D

Platforms

7705 SAR Gen 2

Context

[Tree] (config>redundancy>multi-chassis>peer source-address)

Full Context

configure redundancy multi-chassis peer source-address

Description

This command specifies the source address used to communicate with the multi-chassis peer.

The no form of this command reverts to the default.

Parameters

ip-address

Specifies the source address used to communicate with the multi-chassis peer.

Values

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x - [0 to FFFF]H
	d - [0 to 255]D

Platforms

7705 SAR Gen 2

Context

[Tree] (config>aaa>radius-srv-plcy>servers source-address)

Full Context

configure aaa radius-server-policy servers source-address

Description

This command configures the source address of the RADIUS packet. The system IP address must be configured in order for the RADIUS client to work. See "Configuring a System Interface” in the 7705 SAR Gen 2 Router Configuration Guide.

The no form of this command reverts to the default value.

Parameters

ip-address

Specifies the source address of RADIUS packet.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn source-address)

Full Context

configure service vprn source-address

Description

Commands in this context specify the source address and application that should be used in all unsolicited packets.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>filter>redirect-policy>dest>ping-test source-address)

Full Context

configure filter redirect-policy destination ping-test source-address

Description

This command configures the source address to use in the IP packet of the ping test for this destination.

Default

no source-address

Parameters

ip-address

The source address of the IP packet. This can be IPv4 only for an IPv4 destination and IPv6 only for an IPv6 destination.

Values

ipv4-address:	a.b.c.d.
ipv6-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x: [0 to FFFF]H
	d: [0 to 255]D

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security source-address)

Full Context

configure system security source-address

Description

This command configures the IP source address that is used in all unsolicited packets sent by the application.

The configured source address applies only to packets transmitted in-band (for example, a network port on an IOM). Packets transmitted out-of-band on the management interface on the CPM Ethernet port use the address of the CPM Ethernet port as the IP source address in the packet.

When a source address is specified for the ptp application, the port-based 1588 hardware timestamping assist function will be applied to PTP packets matching the IPv4 address of the router interface used to ingress the 7705 SAR Gen 2 or IP address specified in this command. If the IP address is removed, then the port-based 1588 hardware timestamping assist function will only be applied to PTP packets matching the IPv4 address of the router interface.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>policy-options>policy-statement>entry>from source-address)

Full Context

configure router policy-options policy-statement entry from source-address

Description

This command specifies the source address that is embedded in the join or prune packet as a filter criterion.

The no form of this command removes the criterion from the configuration.

This command specifies a multicast data source address as a match criterion for this entry.

Default

no source-address

Parameters

ip-address

Specifies the IP prefix for the IP match criterion in dotted decimal notation.

Values

ipv4-address:

• a.b.c.d

ipv6-address:

• x:x:x:x:x:x:x:x

• x:x:x:x:x:x:d.d.d.d

• x: [0 to FFFF]H

• d: [0 to 255]D

prefix-list-name

The prefix list name. Allowed values are any string up to 64 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>pim source-address)

[Tree] (config>service>vprn>pim source-address)

Full Context

configure router pim source-address

configure service vprn pim source-address

Description

Commands in this context configure the source IP address for PIM messages.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>management-interface>remote-management source-port)

Full Context

configure system management-interface remote-management source-port

Description

This command configures the TCP port local to this device that NISH uses to send packets to this node.

If this command is also configured for a specific manager in the config>system> management-interface>remote-management>manager context, that configuration takes precedence.

The no form of this command causes the system to select the default gRPC port, 57400.

Default

source-port grpc

Parameters

port

Specifies the TCP source port.

Values

1 to 65535

grpc

Keyword that specifies the default gRPC protocol port as the source port.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>management-interface>remote-management>manager source-port)

Full Context

configure system management-interface remote-management manager source-port

Description

This command configures the TCP port local to this device that this NISH manager uses to send packets to this node.

This command takes precedence over the same command configured in the global context (config>system>management-interface>remote-management).

The no form of this command causes the source port to be inherited from the global context (config>system>management-interface>remote-management).

Parameters

port

Specifies the TCP source port.

Values

1 to 65535

Default

57400

grpc

Keyword that specifies the default gRPC protocol port as the source port.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>oam-pm>session>ip source-udp-port)

Full Context

configure oam-pm session ip source-udp-port

Description

This command should only be used when the source UDP port for the session-sender twamp-test packet must be specified.

The no form of this command means the session-sender automatically assigns the source UDP port from the available dynamic (private) UDP range.

Parameters

udp-port-number

Specifies the UDP source port.

Values

64374 to 64383

Platforms

7705 SAR Gen 2

Context

[Tree] (config>ipsec>tnl-temp sp-reverse-route)

Full Context

configure ipsec tunnel-template sp-reverse-route

Description

This command enables the system to automatically create a reverse route based on dynamic LAN-to-LAN tunnel’s TSi in private service.

If ignore-default-route is specified, the system ignores any full range traffic selector when creating a reverse route. Otherwise, the system refuses to create a CHILD_SA if any full range traffic selector is included in TSi.

The no form of this command disables sp-reverse-route.

Default

no sp-reverse-route

Parameters

ignore-default-route

Specifies to ignore any full range traffic selector in TSi.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>management-interface>cli>md-cli>environment>command-completion space)

Full Context

configure system management-interface cli md-cli environment command-completion space

Description

This command enables completion on the space character.

The no form of this command reverts to the default value.

Default

space

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>pw-routing spe-address)

Full Context

configure service pw-routing spe-address

Description

This command configures a single S-PE Address for the node to be used for dynamic MS-PWs. This value is used for the pseudowire switching point TLV used in LDP signaling, and is the value used by pseudowire status signaling to indicate the PE that originates a pseudowire status message. Configuration of this parameter is mandatory to enable dynamic MS-PW support on a node.

If the S-PE Address is not configured, spoke-sdps that use dynamic MS-PWs and pw-routing local-prefixes cannot be configured on a T-PE. Furthermore, the node will send a label release for any label mappings received for FEC129 AII type 2.

The S-PE Address cannot be changed unless the dynamic ms-pw configuration is removed. Furthermore, changing the S-PE Address will also result in all dynamic MS-PWs for which this node is an S-PE being released. It is recommended that the S-PE Address should be configured for the life of an MS-PW configuration after reboot of the router.

The no form of this command removes the configured S-PE Address.

Default

no spe-address

Parameters

global-id

Specifies a 4-octet value that is unique to the service provider. For example, the global ID can contain the 2-octet or 4-octet value of the provider's Autonomous System Number (ASN).

Values

<global-id:prefix>:	<global-id>:{<prefix>| <ipaddress>}
global-id	1 to 4294967295
prefix	1 to 4294967295
ipaddress	a.b.c.d

Platforms

7705 SAR Gen 2

Context

[Tree] (config>port>ethernet speed)

Full Context

configure port ethernet speed

Description

For ports that support multiple speeds, this command configures the port speed to be used. This applies to the following:

• fast Ethernet when autonegotiate is disabled

• 10/100/1000 Ethernet when autonegotiate is disabled

• 10/1G ports supporting 10G SFP+ or 1G SFP

• 40/100G ports supporting QSFP28s on non-connector-based MDAs

If the port is configured to autonegotiate this parameter is ignored. Speed cannot be configured for ports that are part of a Link Aggregation Group (LAG).

Default

dependent on port type

Parameters

10

Sets the link to 10 Mb/s speed.

100

Sets the link to 100 Mb/s speed.

1000

Sets the link to 1000 Mb/s speed.

10000

Sets the link to 10000 Mb/s speed.

25000

Sets the link to 25000 Mb/s speed.

40000

Sets the link to 40000 Mb/s speed.

50000

Sets the link to 50000 Mb/s speed.

100000

Sets the link to 100000 Mb/s speed.

Platforms

7705 SAR Gen 2

Context

[Tree] (bof speed)

Full Context

bof speed

Description

This command configures the speed for the CPM management Ethernet port when autonegotiation is disabled in the running configuration and the Boot Option File (BOF).

If the port is configured to autonegotiate, this parameter is ignored.

Available speed options are dependent on the specific CPM variant in the system.

Default

speed 100

Parameters

speed

Sets the link speed, in Mb/s.

Values

10, 100, 1000

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>isis spf)

Full Context

debug router isis spf

Description

This command enables debugging for IS-IS SFP.

The no form of the command disables debugging.

Parameters

system-id

When specified, only the specified system-id is debugged. A 6-octet system identifier (xxxx.xxxx.xxxx).

level-number

Specifies the interface level (1, 2, or 1 and 2).

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>ospf3 spf)

[Tree] (debug>router>ospf spf)

Full Context

debug router ospf3 spf

debug router ospf spf

Description

This command enables debugging for OSPF SPF. Information regarding overall SPF start and stop times will be shown. To see detailed information regarding the SPF calculation of a given route, the route must be specified as an optional argument.

Parameters

type

Specifies the area to debug.

Values

intra-area, inter-area, external

dest-addr

Specifies the destination IP address to debug.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>isis>timers spf-wait)

Full Context

configure service vprn isis timers spf-wait

Description

This command configures the maximum interval, in milliseconds, between two consecutive SPF calculations. Timers that determine when to initiate the first, second, and subsequent SPF calculations after a topology change occurs are controlled with this command.

Subsequent SPF runs (if required) occur at exponentially increasing intervals of the spf-second-wait interval. For example, if the spf-second-wait interval is 1000, the next SPF will run after 2000 milliseconds, and the next SPF after 4000 milliseconds, and so on, until it reaches the spf-wait value. The SPF interval remains at the spf-wait value until no more SPF runs are scheduled in that interval. After a full interval without any SPF runs, the SPF interval drops back to the spf-initial-wait value.

The no form of this command reverts to the default value.

Default

spf-wait 10000 spf-initial-wait 1000 spf-second-wait 1000

Parameters

spf-wait

Specifies the maximum interval, in milliseconds, between two consecutive SPF calculations.

Values

10 to 120000

initial-wait

Specifies the initial SPF calculation delay, in milliseconds, after a topology change.

Values

10 to 100000

second-wait

Specifies the hold time, in milliseconds, between the first and second SPF calculation.

Values

10 to 100000

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>ospf3>timers spf-wait)

[Tree] (config>service>vprn>ospf>timers spf-wait)

Full Context

configure service vprn ospf3 timers spf-wait

configure service vprn ospf timers spf-wait

Description

This command configures the maximum interval between two consecutive SPF calculations, in milliseconds. Timers that determine when to initiate the first, second, and subsequent SPF calculations after a topology change occurs are controlled with this command.

Subsequent SPF runs (if required) occur at exponentially increasing intervals of the spf-second-wait interval. For example, if the spf-second-wait interval is 1000, the next SPF will run after 2000 milliseconds, and the next SPF after 4000 milliseconds, and so on, until it reaches the spf-wait value. The SPF interval stays at the spf-wait value until there are no more SPF runs scheduled in that interval. After a full interval without any SPF runs, the SPF interval drops back to spf-initial-wait value.

The no form of this command reverts to the default.

Default

spf-wait 10000 spf-initial-wait 1000 spf-second-wait 1000

Parameters

max-spf-wait

Specifies the maximum interval, in milliseconds, between two consecutive SPF calculations.

Values

10 to 120000

spf-initial-wait

Specifies the initial SPF calculation delay, in milliseconds, after a topology change.

Values

10 to 100000

spf-second-wait

Specifies the hold time, in milliseconds, between the first and second SPF calculation.

Values

10 to 100000

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>optimal-route-reflection spf-wait)

Full Context

configure router bgp optimal-route-reflection spf-wait

Description

This command controls the interval between consecutive SPF calculations performed by the TE DB in support of BGP optimal route reflection. The time parameters of this command implement an exponential back-off algorithm.

The no form of this command causes a return to default values.

Default

no spf-wait

Parameters

max-wait

Specifies the maximum interval in seconds between two consecutive SPF calculations.

Values

1 to 600

Default

60

initial-wait initial-wait

Specifies the initial SPF calculation delay in seconds after a topology change.

Values

1 to 300

Default

5

second-wait second-wait

Specifies the delay in seconds between the first and second SPF calculation.

Values

1 to 300

Default

15

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis>timers spf-wait)

Full Context

configure router isis timers spf-wait

Description

This command configures the maximum interval between two consecutive SPF calculations, in milliseconds. Timers that determine when to initiate the first, second, and subsequent SPF calculations after a topology change occurs are controlled with this command.

Subsequent SPF runs (if required) occur at exponentially increasing intervals of the spf-second-wait interval. For example, if the spf-second-wait interval is 1000, the next SPF will run after 2000 milliseconds, and the next SPF after 4000 milliseconds, and so on, until it reaches the spf-wait value. The SPF interval stays at the spf-wait value until there are no more SPF runs scheduled in that interval. After a full interval without any SPF runs, the SPF interval drops back to the spf-initial-wait value.

The no form of this command reverts to the default value.

Default

spf-wait 10000 spf-initial-wait 1000 spf-second-wait 1000

Parameters

spf-wait

Specifies the maximum interval, in milliseconds, between two consecutive SPF calculations.

Values

10 to 120000

initial-wait

Specifies the initial SPF calculation delay, in milliseconds, after a topology change.

Values

10 to 100000

second-wait

Specifies the hold time, in milliseconds, between the first and second SPF calculation.

Values

10 to 100000

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ospf3>timers spf-wait)

[Tree] (config>router>ospf>timers spf-wait)

Full Context

configure router ospf3 timers spf-wait

configure router ospf timers spf-wait

Description

This command configures the maximum interval between two consecutive SPF calculations, in milliseconds. Timers that determine when to initiate the first, second, and subsequent SPF calculations after a topology change occurs are controlled with this command.

Subsequent SPF runs (if required) occurs at exponentially increasing intervals of the spf-second-wait interval. For example, if the spf-second-wait interval is 1000, the next SPF will run after 2000 milliseconds, and the next SPF after 4000 milliseconds, and so on, until it reaches the spf-wait value. The SPF interval stays at the spf-wait value until there are no more SPF runs scheduled in that interval. After a full interval without any SPF runs, the SPF interval drops back to the spf-initial-wait value.

The timer must be entered in increments of 100 milliseconds. Values entered that do not match this requirement are rejected.

Default

spf-wait 10000 spf-initial-wait 1000 spf-second-wait 1000

Parameters

max-spf-wait

Specifies the maximum interval, in milliseconds, between two consecutive SPF calculations.

Values

10 to 120000

spf-initial-wait

Specifies the initial SPF calculation delay, in milliseconds, after a topology change.

Values

10 to 100000

spf-second-wait

Specifies the hold time, in milliseconds, between the first and second SPF calculation.

Values

10 to 100000

Platforms

7705 SAR Gen 2

Context

[Tree] (config>ipsec>static-sa spi)

Full Context

configure ipsec static-sa spi

Description

This command configures the SPI key value for an IPsec manual SA.

This command specifies the SPI (Security Parameter Index) used to lookup the instruction to verify and decrypt the incoming IPsec packets when the value of the direction command is inbound.

The SPI value specifies the SPI that will be used in the encoding of the outgoing packets when the when the value of the direction command is outbound. The remote node can use this SPI to lookup the instruction to verify and decrypt the packet.

If no spi is selected, then this static SA cannot be used.

The no form of this command reverts to the default value.

Default

no spi

Parameters

spi

Specifies the security parameter index for this SA.

Values

256 to 16383

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>bgp>group>neighbor split-horizon)

[Tree] (config>service>vprn>bgp>group split-horizon)

[Tree] (config>service>vprn>bgp split-horizon)

Full Context

configure service vprn bgp group neighbor split-horizon

configure service vprn bgp group split-horizon

configure service vprn bgp split-horizon

Description

This command enables the use of split-horizon. When applied globally, to a group, or a specific peer, split-horizon prevents routes from being reflected back to a peer that sends the best route. It applies to routes of all address families and to any type of sending peer; confed-EBGP, EBGP and IBGP.

The configuration default is no split-horizon, meaning that no effort is taken to prevent a best route from being reflected back to the sending peer.

The no form of this command disables split horizon command which allows the lower level to inherit the setting from an upper level.

Default

no split-horizon

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>rip split-horizon)

[Tree] (config>service>vprn>rip>group split-horizon)

[Tree] (config>service>vprn>rip>group>neighbor split-horizon)

[Tree] (config>service>vprn>ripng>group>neighbor split-horizon)

[Tree] (config>service>vprn>ripng split-horizon)

[Tree] (config>service>vprn>ripng>group split-horizon)

Full Context

configure service vprn rip split-horizon

configure service vprn rip group split-horizon

configure service vprn rip group neighbor split-horizon

configure service vprn ripng group neighbor split-horizon

configure service vprn ripng split-horizon

configure service vprn ripng group split-horizon

Description

This command enables the use of split-horizon. RIP uses split horizon with poison reverse to protect from such problems as "counting to infinity”. Split horizon with poison reverse means that routes learned from a neighbor through a given interface are advertised in updates out of the same interface but with a metric of 16 (infinity).

The no form of this command disables the split-horizon command, which allows the lower level to inherit the setting from an upper level.

Default

split-horizon enable

Parameters

enable

Enables split horizon and poison reverse.

disable

Enables split horizon without poison reverse. This allows the routes to be readvertised on interfaces other than the interface that learned the route, with the advertised metric equaling an increment of the metric-in value.This configuration parameter can be set at three levels: global level (applies to all groups and neighbor interfaces), group level (applies to all neighbor interfaces in the group) or neighbor level (only applies to the specified neighbor interface). The most specific value is used. In particular, if no value is set (no split-horizon), the lower level inherits the setting from the less-specific level.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp split-horizon)

[Tree] (config>router>bgp>group split-horizon)

[Tree] (config>router>bgp>group>neighbor split-horizon)

Full Context

configure router bgp split-horizon

configure router bgp group split-horizon

configure router bgp group neighbor split-horizon

Description

This command enables the use of split-horizon. Split-horizon prevents routes from being reflected back to a peer that sends the best route. It applies to routes of all address families and to any type of sending peer; confed-EBGP, EBGP and IBGP.

The configuration default is no split-horizon, meaning that no effort is taken to prevent a best route from being reflected back to the sending peer.

Default

no split-horizon

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ripng>group>neighbor split-horizon)

[Tree] (config>router>rip split-horizon)

[Tree] (config>router>ripng>group split-horizon)

[Tree] (config>router>ripng split-horizon)

[Tree] (config>router>rip>group>neighbor split-horizon)

[Tree] (config>router>rip>group split-horizon)

Full Context

configure router ripng group neighbor split-horizon

configure router rip split-horizon

configure router ripng group split-horizon

configure router ripng split-horizon

configure router rip group neighbor split-horizon

configure router rip group split-horizon

Description

This command enables the use of split-horizon.

RIP uses split-horizon with poison-reverse to protect from such problems as "counting to infinity”. Split-horizon with poison reverse means that routes learned from a neighbor through a given interface are advertised in updates out of the same interface but with a metric of 16 (infinity).

The split-horizon disable command enables split horizon without poison reverse. This allows the routes to be re-advertised on interfaces other than the interface that learned the route, with the advertised metric equaling an increment of the metric-in value.

This configuration parameter can be set at three levels: global level (applies to all groups and neighbor interfaces), group level (applies to all neighbor interfaces in the group) or neighbor level (only applies to the specified neighbor interface). The most specific value is used. In particular if no value is set (no split-horizon), the setting from the less specific level is inherited by the lower level.

The no form of the command disables split horizon command which allows the lower level to inherit the setting from an upper level.

Default

enabled

Parameters

enable

Specifies enable split horizon and poison reverse.

disable

Specifies disable split horizon allowing routes to be re-advertised on the same interface on which they were learned with the advertised metric incremented by the metric-in value.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls split-horizon-group)

Full Context

configure service vpls split-horizon-group

Description

This command creates a new split horizon group for the VPLS instance. Traffic arriving on a SAP or spoke-SDP within this split horizon group will not be copied to other SAPs or spoke-SDPs in the same split horizon group.

A split horizon group must be created before SAPs and spoke-SDPs can be assigned to the group.

The split horizon group is defined within the context of a single VPLS. The same group-name can be re-used in different VPLS instances.

Up to 30 split horizon groups can be defined per VPLS instance. Half are supported in i-VPLS.

The no form of this command removes the group name from the configuration.

Default

A split horizon group is by default not created as a residential-group.

Parameters

group-name

Specifies the name of the split horizon group to which the SDP belongs

residential-group

Defines a split horizon group as a residential split horizon group (RSHG). Doing so entails that:

a) SAPs which are members of this Residential Split Horizon Group will have:

• Double-pass queuing at ingress as default setting (can be disabled)

• STP disabled (cannot be enabled)

• ARP reply agent enabled per default (can be disabled)

• MAC pinning enabled per default (can be disabled)

• Downstream broadcast packets are discarded thus also blocking the unknown, flooded traffic

• Downstream multicast packets are allowed when IGMP snooping is enabled

b) Spoke SDPs which are members of this Residential Split Horizon Group will have:

• Downstream multicast traffic supported

• Double-pass queuing is not applicable

• STP is disabled (can be enabled)

• ARP reply agent is not applicable (dhcp-lease-states are not supported on spoke-SDPs)

• MAC pinning enabled per default (can be disabled)

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>bgp-evpn>mpls split-horizon-group)

Full Context

configure service vpls bgp-evpn mpls split-horizon-group

Description

This command allows the user to configure an explicit split-horizon-group for all BGP-EVPN MPLS or SRv6 destinations that can be shared by other SAPs and/or spoke SDPs. The use of explicit split-horizon-groups for EVPN-MPLS or SRv6 and spoke SDPs allows the integration of VPLS and EVPN-MPLS or SRv6 networks.

If the split-horizon-group command for bgp-evpn>mpls/srv6 contexts is not used, the default split-horizon-group (that contains all the EVPN destinations) is still used, but it is not possible to refer to it on SAPs/spoke SDPs. User-configured split-horizon-groups can be configured within the service context. The same group-name can be associated to SAPs, spoke SDPs, pw-templates, pw-template-bindings and EVPN-MPLS or SRv6 destinations. The configuration of bgp-evpn>mpls/srv6> split-horizon-group is only allowed if bgp-evpn>mpls/srv6 is shutdown; no changes are allowed when bgp-evpn>mpls/srv6 is no shutdown.

When the SAPs and/or spoke SDPs (manual or BGP-AD-discovered) are configured within the same split-horizon-group as the EVPN-MPLS or SRv6 endpoints, MAC addresses are still learned on them but they are not advertised in BGP-EVPN. If provider-tunnel is enabled in the bgp-evpn service, the SAPs and SDP bindings that share the same split-horizon-group of the EVPN-MPLS provider-tunnel are brought operationally down if the point-to-multipoint tunnel is operationally up.

Default

no split-horizon-group

Parameters

name

Specifies the split-horizon-group name.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>site split-horizon-group)

Full Context

configure service vpls site split-horizon-group

Description

This command configures the value of split-horizon group associated with this site.

The no form of this command reverts the default.

Default

no split-horizon-group

Parameters

group-name

Specifies a split-horizon group name

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>pw-template split-horizon-group)

Full Context

configure service pw-template split-horizon-group

Description

This command creates a new split horizon group (SGH).

Comparing a "residential” SGH and a "regular” SHG is that a residential SHG:

• Has different defaults for the SAP or SDP that belong to this group (ARP reply agent enabled (SAP only), MAC pinning enabled). These can be disabled in the configuration.

• Does not allow enabling spanning tree (STP) on a SAP. It is allowed on an SDP.

• Does not allow for downstream broadcast (broadcast/unknown unicast) on a SAP. It is allowed on an SDP.

• On a SAP, downstream multicast is only allowed when IGMP is enabled (for which an MFIB state exists; only IP multicast); on a SDP, downstream mcast is allowed.

When the feature was initially introduced, residential SHGs were also using ingress shared queuing by default to increase SAP scaling.

A residential SAP (SAP that belongs to a RSHG) is used to scale the number of SAPs in a single VPLS instance. The limit depends on the hardware used and is higher for residential SAPs (where there is no need for egress multicast replication on residential SAPs) than for regular SAPs. Therefore, residential SAPs are useful in residential aggregation environments (for example, triple play networks) with a VLAN/subscriber model.

The no form of the command removes the group name from the configuration.

Parameters

group-name

Specifies the name of the split horizon group to which the SDP belongs.

residential-group

Defines a split horizon group as a residential split horizon group (RSHG). Doing so entails that:

• SAPs which are members of this Residential Split Horizon Group will have:

  • Double-pass queuing at ingress as default setting (can be disabled)

  • STP disabled (cannot be enabled)

  • ARP reply agent enabled per default (can be disabled)

  • MAC pinning enabled per default (can be disabled)

  • Downstream Broadcast packets are discarded thus also blocking the unknown, flooded traffic

  • Downstream Multicast packets are allowed when IGMP snooping is enabled

• Spoke SDPs which are members of this Residential Split Horizon Group will have:

  • Downstream multicast traffic supported

  • Double-pass queuing is not applicable

  • STP is disabled (can be enabled)

  • ARP reply agent is not applicable on the 7705 SAR Gen 2 (dhcp-lease-states are not supported on spoke SDPs)

  • MAC pinning enabled per default (can be disabled)

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls spoke-sdp)

Full Context

configure service vpls spoke-sdp

Description

This command binds a service to an existing service destination point (SDP). A spoke-SDP is treated like the equivalent of a traditional bridge "port” where flooded traffic received on the spoke-SDP is replicated on all other "ports” (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received.

The SDP has an operational state which determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service will be down.

The SDP must already be defined in the config>service>sdp context in order to associate an SDP with a VPLS service. If the sdp sdp-id is not already configured, an error message is generated. If the sdp-id does exist, a binding between that sdp-id and the service is created.

SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router.

Default

No sdp-id is bound to a service.

Parameters

sdp-id

Specifies the SDP identifier

Values

1 to 17407

vc-id

Specifies the virtual circuit identifier

Values

1 to 4294967295

vc-type

This command overrides the default VC type signaled for the spoke or mesh binding to the far end of the SDP. The VC type is a 15 bit-quantity containing a value which represents the type of VC. The actual signaling of the VC type depends on the signaling parameter defined for the SDP. If signaling is disabled, the vc-type command can still be used to define the dot1q value expected by the far-end provider equipment. A change of the bindings VC type causes the binding to signal the new VC type to the far end when signaling is enabled. VC types are derived according to IETF draft-martini-l2circuit-trans-mpls.

The VC type value for Ethernet is 0x0005.

The VC type value for an Ethernet VLAN is 0x0004.

Values

ether, vlan

ether

Defines the VC type as Ethernet. The ethernet and vlan keywords are mutually exclusive. When the VC type is not defined then the default is Ethernet for spoke-SDP bindings. Defining Ethernet is the same as executing no vc-type and restores the default VC type for the spoke-SDP binding. (hex 5)

vlan

Defines the VC type as VLAN. The ethernet and vlan keywords are mutually exclusive. When the VC type is not defined then the default is Ethernet for spoke-SDP bindings. The VLAN VC-type inserts one dot1q tag within each encapsulated Ethernet packet transmitted to the far end and strips one dotQ tag, if a tag is present, from traffic received on the pseudowire.

Note: The system expects a symmetrical configuration with its peer, specifically it expects to remove the same number of VLAN tags from received traffic as it adds to transmitted traffic. As some of the related configuration parameters are local and not communicated in the signaling plane, an asymmetrical behavior cannot always be detected and so cannot be blocked. Consequently, protocol extractions will not necessarily function for asymmetrical configurations as they would with a symmetrical configurations resulting in an unexpected operation.

group-name

Specifies the name of the split horizon group to which the SDP belongs

endpoint

Specifies the service endpoint to which this SDP bind is attached. The service ID of the SDP binding must match the service ID of the service endpoint.

no endpoint

Removes the association of a spoke-SDP with an explicit endpoint name

root-leaf-tag

Specifies a tagging spoke-SDP under an E-Tree VPLS. When a tag SDP binding is required, it is created with a root-leaf-tag flag. Only VLAN tag SDP bindings are supported. The VLAN type must be set to VC VLAN type. The root-leaf-tag parameter indicates this SDP binding is a tag SDP that will use a default VID tag of 1 for root and 2 for leaf. The SDP binding tags egress E-Tree traffic with root and leaf VIDs as appropriate. Root and leaf VIDs are only significant between peering VPLS but the values must be consistent on each end. On ingress a tag SDP binding removes the VID tag on the interface between VPLS in the same E-Tree service. The tag SDP receives root tagged traffic and marks the traffic with a root indication internally. This option is not available on BGP EVPN-enabled E-Tree services.

leaf-ac

Specifies an access (AC) spoke-SDP binding under a E-Tree VPLS as a leaf access (AC) SDP. The default E-Tree SDP binding type is a root-ac if leaf-ac or root-leaf-tag is not specified at SDP creation. This option is only available when the VPLS is designated as an E-Tree VPLS. BGP EVPN-enabled E-Tree VPLS services support the leaf-ac option.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if spoke-sdp)

[Tree] (config>service>vprn>if spoke-sdp)

Full Context

configure service ies interface spoke-sdp

configure service vprn interface spoke-sdp

Description

This command binds a service to an existing service destination point (SDP).

A spoke SDP is treated like the equivalent of a traditional bridge "port” where flooded traffic received on the spoke SDP is replicated on all other "ports” (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received.

The SDP has an operational state which determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service is down.

The SDP must already be defined in the config>service>sdp context in order to associate an SDP with an IES service. If the sdp sdp-id is not already configured, an error message is generated. If the sdp-id does exist, a binding between that sdp-id and the service is created.

SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.

Class-based forwarding is not supported on a spoke SDP used for termination on an IES or VPRN services. All packets are forwarded over the default LSP.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router. The spoke SDP must be shut down first before it can be deleted from the configuration.

Default

no spoke-sdp

Parameters

sdp-id

Specifies the SDP identifier. Allowed values are integers in the range of 1 and 17407 for existing SDPs.

vc-id

Specifies the virtual circuit identifier.

Values

1 to 4294967295

vc-type

Specifies the encapsulation and pseudowire type for the spoke SDP.

Values

ether: specifies Ethernet pseudowire as the type of virtual circuit (VC) associated with the SDP binding

ipipe: specifies Ipipe pseudowire as the type of virtual circuit (VC) associated with the SDP binding

Default

ether

create

Keyword used to create the spoke SDP. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>site spoke-sdp)

Full Context

configure service vpls site spoke-sdp

Description

This command binds a service to an existing service destination point (SDP).

The no form of this command removes the parameter from the configuration.

Parameters

sdp-id

Specifies the SDP identifier

Values

1 to 17407

vc-id

Specifies the virtual circuit identifier.

Values

1 to 429496729

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe spoke-sdp)

Full Context

configure service epipe spoke-sdp

Description

This command binds a service to an existing service destination point (SDP). A spoke SDP is treated like the equivalent of a traditional bridge "port” where flooded traffic received on the spoke SDP is replicated on all other "ports” (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received.

The SDP has an operational state which determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service will be down.

The SDP must already be defined in the config>service>sdp context in order to associate an SDP with an Epipe, VPLS, VPRN, VPRN service. If the sdp sdp-id is not already configured, an error message is generated. If the sdp-id does exist, a binding between that sdp-id and the service is created.

SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.

This command can also be used to associate a GRE tunnel carrying Ethernet payload with an Epipe and terminate it on a PW port referenced within the same Epipe service. The spoke SDP represents a L2oGRE tunnel with SDP delivery type set to eth-gre-bridged. With this configuration, the vc-id is unused since there is no multiplexing of Ethernet payload within the same tunnel. The vc-id value is included only to maintain the expected spoke SDP structure within an EPIPE service. For L2oGRE tunnels, the vc-id can be set to any arbitrary value within its configurable range.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router.

Default

No sdp-id is bound to a service.

Parameters

sdp-id

The SDP identifier.

Values

1 to 17407

vc-id

The virtual circuit identifier. The VC-ID is not used with L2TPv3 SDPs or L2oGRE tunnels, however it must be configured.

Values

1 to 4294967295

vc-type

This command overrides the default VC type signaled for the spoke or mesh binding to the far end of the SDP. The VC type is a 15 bit-quantity containing a value which represents the type of VC. The actual signaling of the VC type depends on the signaling parameter defined for the SDP. If signaling is disabled, the vc-type command can still be used to define the dot1q value expected by the far-end provider equipment. A change of the bindings VC type causes the binding to signal the new VC type to the far end when signaling is enabled.

VC types are derived according to IETF draft-martini-l2circuit-trans-mpls.

The VC type value for Ethernet is 0x0005.

The VC type value for an Ethernet VLAN is 0x0004.

Values

ethernet

ether

Defines the VC type as Ethernet. The ethernet and vlan keywords are mutually exclusive. When the VC type is not defined then the default is Ethernet for spoke SDP bindings. Defining Ethernet is the same as executing no vc-type and restores the default VC type for the spoke SDP binding.

vlan

Defines the VC type as VLAN. The top VLAN tag, if a VLAN tag is present, is stripped from traffic received on the pseudowire, and a VLAN tag is inserted when forwarding into the pseudowire. The ethernet and vlan keywords are mutually exclusive. When the VC type is not defined then the default is Ethernet for spoke SDP bindings.

The VLAN VC-type requires at least one dot1q tag within each encapsulated Ethernet packet transmitted to the far end.

Note: The system expects a symmetrical configuration with its peer, specifically it expects to remove the same number of VLAN tags from received traffic as it adds to transmitted traffic. As some of the related configuration parameters are local and not communicated in the signaling plane, an asymmetrical behavior cannot always be detected and so cannot be blocked. Consequently, protocol extractions will not necessarily function for asymmetrical configurations as they would with a symmetrical configurations resulting in an unexpected operation.

no-endpoint

Removes the association of a spoke SDP with an explicit endpoint name.

endpoint-name

Specifies the name of the service endpoint.

icb

Specifies the spoke SDP as an inter-chassis backup SDP binding.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>mac-move>secondary-ports spoke-sdp)

[Tree] (config>service>vpls>mac-move>primary-ports spoke-sdp)

Full Context

configure service vpls mac-move secondary-ports spoke-sdp

configure service vpls mac-move primary-ports spoke-sdp

Description

This command declares a specified spoke-SDP as a primary (or secondary) VPLS port.

Parameters

spoke-id

Specifies the SDP ID to configure as the primary VPLS port

Values

1 to 17407

vc-id

Specifies the virtual circuit identifier

Values

1 to 4294967295

Platforms

7705 SAR Gen 2

Context

[Tree] (config>mirror>mirror-dest spoke-sdp)

[Tree] (config>mirror>mirror-dest>remote-source spoke-sdp)

Full Context

configure mirror mirror-dest spoke-sdp

configure mirror mirror-dest remote-source spoke-sdp

Description

This command binds an existing (mirror) service distribution path (SDP) to the mirror destination service ID.

Spoke SDPs are used to send and receive mirrored traffic between mirror source and destination routers in a remote mirroring solution. A spoke SDP configured in the remote-source context (remote-src>spoke-sdp) is used on the destination router. A spoke SDP configured in the mirror service context (mirror-dest>spoke-sdp) is used on the source router.

The destination node should be configured with remote-src>spoke-sdp entries when using L2TPv3, MPLS-TP or LDP IPv6 LSP SDPs in the remote mirroring solution. For all other types of SDPs, remote-source>far-end entries should be used.

Spoke SDPs are not applicable when routable LI encapsulation is employed (mirror-dest>encap).

A mirror destination service that is configured for a destination router must not be configured as for a source router.

The no form of this command removes the SDP binding from the mirror destination service.

Default

An SDP ID is bound to a mirror destination service ID. If no SDP is bound to the service, the mirror destination will be local and cannot be sent to another router over the core network.

Parameters

sdp-id:vc-id

Specifies a locally unique SDP identification (ID) number. The SDP ID must exist. If the SDP ID does not exist, an error will occur and the command will not execute.

For mirror services, the vc-id defaults to the service-id. However, there are scenarios where the vc-id is being used by another service. In this case, the SDP binding cannot be created. So, to avoid this, the mirror service SDP bindings now accepts vc-ids.

Values

1 to 17407

no-endpoint

Removes the association of a SAP or a SDP with an explicit endpoint name.

name

Specifies the name of the endpoint associated with the SAP.

icb

Indicates that the SDP is of type Inter-Chassis Backup (ICB). This is a special pseudowire used for MC-LAG and pseudowire redundancy application.

An explicitly named endpoint can have a maximum of one SAP and one ICB. Once a SAP is added to the endpoint, only one more object of type ICB SDP is allowed. The ICB SDP cannot be added to the endpoint if the SAP is not part of a MC-LAG instance. This means that all other SAP types cannot exist on the same endpoint as an ICB SDP since non Ethernet SAP cannot be part of a MC-LAG instance. Conversely, a SAP which is not part of a MC-LAG instance cannot be added to an endpoint which already has an ICB SDP.

An explicitly named endpoint, which does not have a SAP object, can have a maximum of four SDPs, which can include any of the following: a single primary SDP, one or many secondary SDPs with precedence, and a single ICB SDP.

Default

Null. The user should explicitly configure this option at create time. The user can remove the ICB type simply by retyping the SDP configuration without the icb keyword.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>ip-mirror-interface spoke-sdp)

Full Context

configure service vprn ip-mirror-interface spoke-sdp

Description

This command binds a service to an existing SDP.

The SDP must already be defined in the config>service>sdp context in order to associate an SDP with the VPRN service. SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router. The spoke SDP must be shut down before it can be deleted from the configuration.

Parameters

sdp-id

Specifies SDP identifier.

Values

1 to 32767

vc-id

Specifies the virtual circuit identifier.

Values

1 to 4294967295

create

Keyword used to create an IP mirror interface.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe spoke-sdp-fec)

Full Context

configure service epipe spoke-sdp-fec

Description

This command binds a service to an existing service destination point (SDP), using a dynamic MS-PW.

A spoke SDP is treated like the equivalent of a traditional bridge "port” where flooded traffic received on the spoke SDP is replicated on all other "ports” (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received.

The SDP has an operational state which determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service will be down.

When using dynamic MS-PWs, the particular SDP to bind-to is automatically selected based on the Target Attachment Individual Identifier (TAII) and the path to use, specified under spoke SDP FEC. The selected SDP will terminate on the first hop S-PE of the MS-PW. Therefore, an SDP must already be defined in the config>service>sdp context that reaches the first hop router of the MS-PW. The router will in order to associate an SDP with a service. If an SDP to that is not already configured, an error message is generated. If the sdp-id does exist, a binding between that sdp-id and the service is created.

It differs from the spoke-sdp command in that the spoke-sdp command creates a spoke SDP binding that uses a pseudowire with the PW ID FEC. However, the spoke-sdp-fec command enables pseudowires with other FEC types to be used. Only the Generalized ID FEC (FEC129) may be specified using this command.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router.

Parameters

spoke-sdp-fec-id

An unsigned integer value identifying the spoke SDP.

Values

1 to 4294967295

fec-type

An unsigned integer value for the type of the FEC used by the MS-PW.

Values

129 to 130

aii-type

An unsigned integer value for the Attachment Individual Identifier (AII) type used to identify the MS-PW endpoints.

Values

1 to 2

endpoint-name

Specifies the name of the service endpoint.

no endpoint

Adds or removes a spoke SDP association.

icb

Configures the spoke SDP as an inter-chassis backup SDP binding.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>pim spt-switchover-threshold)

Full Context

configure service vprn pim spt-switchover-threshold

Description

This command configures a shortest path tree (SPT tree) switchover threshold for a group prefix.

Parameters

grp-ip-address

Specifies the multicast group address.

grp-ipv6-address

Specifies the multicast group address.

prefix-length

Specifies the address prefix length.

Values

grp-ipv6-address	: x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x [0 to FFFF]H
	d [0 to 255]D
prefix-length	[1 to 128]

mask

Defines the mask of the multicast-ip-address.

Values

4 to 32

netmask

The subnet mask in dotted decimal notation.

Values

0.0.0.0 to 255.255.255.255 (network bits all 1 and host bits all 0)

spt-threshold

Specifies the configured threshold in kilobits per second (kb/s) for the group to which this (S,G) belongs. For a group G configured with a threshold, switchover to SPT for an (S,G) is attempted only if the (S,G)'s rate exceeds this configured threshold.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>pim spt-switchover-threshold)

Full Context

configure router pim spt-switchover-threshold

Description

This command configures shortest path (SPT) tree switchover thresholds for group prefixes.

PIM-SM routers with directly connected routers receive multicast traffic initially on a shared tree rooted at the Rendezvous Point (RP). Once the traffic arrives on the shared tree and the source of the traffic is known, a switchover to the SPT tree rooted at the source is attempted.

For a group that falls in the range of a prefix configured in the table, the corresponding threshold value determines when the router should switch over from the shared tree to the source specific tree. The switchover is attempted only if the traffic rate on the shared tree for the group exceeds the configured threshold.

In the absence of any matching prefix in the table, the default behavior is to switchover when the first packet is seen. In the presence of multiple prefixes matching a given group, the most specific entry is used.

The no form of this command removes the parameters from the PIM configuration.

Parameters

grp-ipv4-prefix

Specifies the group IPv4 multicast address in dotted decimal notation.

Values

a.b.c.d

ipv4-prefix-length

Specifies the length of the IPv4 prefix.

Values

4 to 32

netmask

Specifies the netmask associated with the IPv4 prefix, expressed in dotted decimal notation. Network bits must be 1, and host bits must be 0.

Values

a.b.c.d

grp-ipv6-prefix

Specifies the group IPv6 multicast address in hexadecimal notation.

Values

xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

xx — 0 to FF (hex)

ipv6-prefix-length

Specifies the length of the IPv6 prefix.

Values

8 to 128

spt-threshold

Specifies the configured threshold in kilobits per second (kb/s) for a group prefix. A switchover is attempted only if the traffic rate on the shared tree for the group exceeds this configured threshold. When the infinity keyword is specified, no switchover will occur at any time, regardless of the traffic level is detected.

Values

1 to 4294967294, infinity

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-isis)

[Tree] (config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-isis)

[Tree] (config>service>vprn>bgp-ipvpn>mpls>auto-bind-tunnel>resolution-filter sr-isis)

[Tree] (config>service>vprn>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-isis)

Full Context

configure service epipe bgp-evpn mpls auto-bind-tunnel resolution-filter sr-isis

configure service vpls bgp-evpn mpls auto-bind-tunnel resolution-filter sr-isis

configure service vprn bgp-ipvpn mpls auto-bind-tunnel resolution-filter sr-isis

configure service vprn bgp-evpn mpls auto-bind-tunnel resolution-filter sr-isis

Description

This command selects the Segment Routing (SR) tunnel type programed by an IS-IS instance in TTM.

When the sr-isis value (or sr-ospf) is enabled, an SR tunnel to the BGP next hop is selected in the TTM from the lowest-numbered IS-IS (OSPF) instance.

The no form of this command disables the SR-ISIS setting for the auto-bind tunnel.

Default

no sr-isis

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>static-route-entry>indirect>tunnel-next-hop>resolution-filter sr-isis)

Full Context

configure router static-route-entry indirect tunnel-next-hop resolution-filter sr-isis

Description

This command enables the use of SR-ISIS sourced tunnel entries in the TTM to resolve the associated static route next hop.

Default

no sr-isis

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>sdp sr-isis)

Full Context

configure service sdp sr-isis

Description

This command configures an MPLS SDP of LSP type ISIS Segment Routing. The SDP of LSP type sr-isis can be used with the far-end option. The signaling protocol for the service labels for an SDP using an SR tunnel can be configured to static (off), T-LDP (tldp), or BGP (bgp).

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>next-hop-resolution>shortcut-tunn>family>resolution-filter sr-isis)

[Tree] (config>router>bgp>next-hop-resolution>labeled-routes>transport-tunnel>family>resolution-filter sr-isis)

Full Context

configure router bgp next-hop-resolution shortcut-tunnel family resolution-filter sr-isis

configure router bgp next-hop-resolution labeled-routes transport-tunnel family resolution-filter sr-isis

Description

This command selects the Segment Routing (SR) tunnel type programmed by an IS-IS instance in TTM for next-hop resolution of BGP routes and labeled routes. This option allows BGP to use the segment- routing tunnel in the tunnel table submitted by the lowest preference IS-IS instance or, in case of a tie, the lowest numbered IS-IS instance.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>oam-pm>session>ip>tunnel>mpls sr-isis)

Full Context

configure oam-pm session ip tunnel mpls sr-isis

Description

This command configures the specification of sr-isis specific tunnel information that is used to transport the test packets. Entering this context removes all other tunnel type options configured under the configure oam-pm session ip tunnel mpls context. Only a single mpls type can be configured for an OAM-PM session.

The no form of this command deletes the context and all configurations under it.

Parameters

ipv4-address

Specifies IPv4 address.

Values

ipv4-address: a.b.c.d (host bits must be 0)

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>auto-bind-tunnel>res-filter sr-isis)

Full Context

configure service vprn auto-bind-tunnel resolution-filter sr-isis

Description

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>policy-options>policy-statement>default-action sr-label-index)

[Tree] (config>router>policy-options>policy-statement>entry>action sr-label-index)

Full Context

configure router policy-options policy-statement default-action sr-label-index

configure router policy-options policy-statement entry action sr-label-index

Description

This command associates a BGP segment-routing label index value with all /32 BGP labeled IPv4 routes matching the entry or policy default-action.

The sr-label-index action only takes effect in BGP peer import policies (and only on received /32 label-ipv4 routes) and in route-table-import policies associated with the label-ipv4 RIB.

The prefer-igp applies only in a route-table-import policy. If prefer-igp is specified and BGP segment-routing uses prefix-sid-range global, then BGP tries, as a first priority, to use the IGP segment routing label index for the IGP route matched by the route-table-import policy. If the IGP route does not have an SID index, or prefer-igp is not configured or prefix-sid-range is not global, BGP tries to use the label index value specified by this command.

When this action occurs in a policy applied as a peer-import policy, it can add a prefix SID attribute to a received /32 label-ipv4 route that was not sent with this attribute, or it can replace the received prefix SID attribute with a new one.

If this command specifies an index value that causes a SID conflict with another BGP route, then all conflicting BGP routes are re-advertised with label values based on dynamic allocation rather than SID-based allocation.

If this command specifies an index value that causes a SID conflict with an IGP route, the BGP route is re-advertised with a label value based on dynamic allocation rather than an SID-based allocation.

The no form of this command causes matched BGP routes to be advertised without any new or changed prefix SID attributes.

Default

no sr-label-index

Parameters

value

Specifies the BGP segment routing label index to associate with the matched route or routes.

Values

0 to 52487

param-name

Specifies the type parameter variable name, up to 32 characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes. Policy parameters must start and end with at-signs (@); for example, "@variable@”.

prefer-igp

A keyword that is applicable only in route-table-import policies, to instruct BGP to borrow the SID index from the IGP route if it has an SID index and the prefix-sid-range is global.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls-labels sr-labels)

Full Context

configure router mpls-labels sr-labels

Description

This command configures the range of the Segment Routing Global Block (SRGB). It is a label block which is used for assigning labels to segment routing prefix SIDs originated by this router. This range is carved from the system dynamic label range and is not instantiated by default.

This is a reserved label and once configured it cannot be used by other protocols such as RSVP, LDP, and BGP to assign a label dynamically.

Default

no sr-labels

Parameters

start-value

Specifies the start label value in the SRGB

Values

18432 to 524287 within dynamic label range | 1048575 (FP4 or FP5 only)

end-value

Specifies the end label value in the SRGB

Values

18432 to 524287 within dynamic label range | 1048575 (FP4 or FP5 only)

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>policy-options>policy-statement>entry>action sr-maintenance-policy)

[Tree] (config>router>policy-options>policy-statement>default-action sr-maintenance-policy)

Full Context

configure router policy-options policy-statement entry action sr-maintenance-policy

configure router policy-options policy-statement default-action sr-maintenance-policy

Description

This command applies a named segment routing maintenance policy to the matching routes. It is only used for SR policy routes. The named policy must exist under the config>router>segment-routing context.

The no form of this command removes the specified maintenance policy.

Parameters

maintenance-policy-name

Specifies the name of the maintenance policy, up to 32 characters and cannot start with a space or underscore.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>segment-routing sr-mpls)

Full Context

configure router segment-routing sr-mpls

Description

Commands in this context configure the SR MPLS properties.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ttl-propagate sr-mpls-local)

Full Context

configure router ttl-propagate sr-mpls-local

Description

This command configures TTL or hop-limit propagation for all segment routing MPLS tunnels carrying IPv4 or IPv6 packets. This applies to IPv4 and IPv6 packets of IGP, BGP unlabelled (except 6PE), and static routes in the base router whose next hop is resolved to a Segment Routing MPLS (SR-MPLS) tunnel of any of the following types: SR-ISIS, SR-OSPF, SR-OSPF3, SR-TE LSP, and SR policy.

This command configures TTL or hop-limit propagation for CPM originated IP packets. Use the sr-mpls-transit command to configure TTL or hop-limit propagation for transit IP packets.

Default

sr-mpls-local all

Parameters

none

Keyword to specify that the IP TTL or hop limit is not propagated into the segment routing transport label stack.

all

Keyword to specify that the IP TTL or hop limit is propagated to all labels in the segment routing transport label stack.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ttl-propagate sr-mpls-transit)

Full Context

configure router ttl-propagate sr-mpls-transit

Description

This command configures TTL or hop-limit propagation for all segment routing MPLS tunnels carrying IPv4 or IPv6 packets. This applies to IPv4 and IPv6 packets of IGP, BGP unlabelled (except 6PE), and static routes in the base router whose next hop is resolved to a Segment Routing MPLS (SR-MPLS) tunnel of any of the following types: SR-ISIS, SR-OSPF, SR-OSPF3, SR-TE LSP, and SR policy.

This command configures TTL or hop-limit propagation for transit IP packets. Transit IP packets are packets of base router prefixes received on an access interface or a network interface (with or without tunnel encapsulation) and whose FIB lookup results in forwarding them over an SR-MPLS tunnel. Use the sr-mpls-local command to configure TTL or hop-limit propagation for CPM originated IP packets.

Default

sr-mpls-transit all

Parameters

none

Keyword to specify that the IP TTL or hop limit is not propagated into the segment routing transport label stack.

all

Keyword to specify that the IP TTL or hop limit is propagated to all labels in the segment routing transport label stack.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>bgp-ipvpn>mpls>auto-bind-tunnel>resolution-filter sr-ospf)

[Tree] (config>service>epipe>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-ospf)

[Tree] (config>service>vprn>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-ospf)

[Tree] (config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-ospf)

Full Context

configure service vprn bgp-ipvpn mpls auto-bind-tunnel resolution-filter sr-ospf

configure service epipe bgp-evpn mpls auto-bind-tunnel resolution-filter sr-ospf

configure service vprn bgp-evpn mpls auto-bind-tunnel resolution-filter sr-ospf

configure service vpls bgp-evpn mpls auto-bind-tunnel resolution-filter sr-ospf

Description

This command selects the Segment Routing (SR) tunnel type programed by an OSPF instance in TTM.

When the sr-ospf (or sr-isis) value is enabled, an SR tunnel to the BGP next hop is selected in the TTM from the lowest-numbered IS-IS (OSPF) instance.

The no form of this command disables the SR-OSPF setting for the auto-bind tunnel.

Default

no sr-ospf

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>static-route-entry>indirect>tunnel-next-hop>resolution-filter sr-ospf)

Full Context

configure router static-route-entry indirect tunnel-next-hop resolution-filter sr-ospf

Description

This command enables the use of SR-OSPF sourced tunnel entries in the TTM to resolve the associated static route next hop.

Default

no sr-ospf

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>sdp sr-ospf)

Full Context

configure service sdp sr-ospf

Description

This command configures an MPLS SDP of LSP type OSPF Segment Routing. The SDP of LSP type sr-ospf can be used with the far-end option. The signaling protocol for the service labels for an SDP using an SR tunnel can be configured to static (off), T-LDP (tldp), or BGP (bgp).

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>next-hop-resolution>shortcut-tunn>family>resolution-filter sr-ospf)

[Tree] (config>router>bgp>next-hop-resolution>labeled-routes>transport-tunnel>family>resolution-filter sr-ospf)

Full Context

configure router bgp next-hop-resolution shortcut-tunnel family resolution-filter sr-ospf

configure router bgp next-hop-resolution labeled-routes transport-tunnel family resolution-filter sr-ospf

Description

This command selects the Segment Routing (SR) tunnel type programmed by an OSPF instance in TTM for next-hop resolution of BGP routes and labeled routes. This option allows BGP to use the segment routing tunnel in the tunnel table submitted by the lowest preference OSPF instance or, in case of a tie, the lowest numbered OSPF instance.

The no form of this command disables the use of SR-OSPF tunneling for next-hop resolution.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>oam-pm>session>ip>tunnel>mpls sr-ospf)

Full Context

configure oam-pm session ip tunnel mpls sr-ospf

Description

This commmand configures the specification of sr-ospfv3 specific tunnel information that is used to transport the test packets. Entering this context removes all other tunnel type options configured under the configure oam-pm session ip tunnel mpls context. Only a single mpls type can be configured for an OAM-PM session.

The no form of this command deletes the context and all configurations under it.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>auto-bind-tunnel>res-filter sr-ospf)

Full Context

configure service vprn auto-bind-tunnel resolution-filter sr-ospf

Description

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-ospf3)

[Tree] (config>service>vprn>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-ospf3)

[Tree] (config>service>epipe>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-ospf3)

[Tree] (config>service>vprn>bgp-ipvpn>mpls>auto-bind-tunnel>resolution-filter sr-ospf3)

Full Context

configure service vpls bgp-evpn mpls auto-bind-tunnel resolution-filter sr-ospf3

configure service vprn bgp-evpn mpls auto-bind-tunnel resolution-filter sr-ospf3

configure service epipe bgp-evpn mpls auto-bind-tunnel resolution-filter sr-ospf3

configure service vprn bgp-ipvpn mpls auto-bind-tunnel resolution-filter sr-ospf3

Description

This command selects the Segment Routing (SR) tunnel type programed by an OSPFv3 instance in TTM.

When the sr-ospf3 (or sr-isis) command is enabled, an SR tunnel to the BGP next hop is selected in the TTM from the lowest-numbered IS-IS (OSPFv3) instance.

The no form of this command disables the OSPFv3 setting for the auto-bind tunnel.

Default

no sr-ospf3

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>next-hop-resolution>labeled-routes>transport-tunnel>family>resolution-filter sr-ospf3)

[Tree] (config>router>bgp>next-hop-resolution>shortcut-tunn>family>resolution-filter sr-ospf3)

Full Context

configure router bgp next-hop-resolution labeled-routes transport-tunnel family resolution-filter sr-ospf3

configure router bgp next-hop-resolution shortcut-tunnel family resolution-filter sr-ospf3

Description

This command selects the IPv6 segment routing tunnel type programmed by an OSPFv3 instance in the TTMv6 for next-hop resolution of BGP routes and labeled routes. This option allows BGP to use the segment routing tunnel in the tunnel table submitted by the lowest preference OSPFv3 instance or, in case of a tie, the lowest-numbered OSPFv3 instance.

The no form of this command disables the use of SR-OSPF3 for next-hop resolution.

Default

no sr-ospf3

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>auto-bind-tunnel>res-filter sr-ospf3)

Full Context

configure service vprn auto-bind-tunnel resolution-filter sr-ospf3

Description

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>segment-routing sr-policies)

Full Context

configure router segment-routing sr-policies

Description

This command creates the context to configure segment routing policies. A segment routing policy specifies traffic to be matched by the policy and actions to take on the matched traffic by applying the instructions encoded in one or more segment lists.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>bgp-ipvpn>mpls>auto-bind-tunnel>resolution-filter sr-policy)

[Tree] (config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-policy)

[Tree] (config>service>epipe>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-policy)

[Tree] (config>service>vprn>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-policy)

Full Context

configure service vprn bgp-ipvpn mpls auto-bind-tunnel resolution-filter sr-policy

configure service vpls bgp-evpn mpls auto-bind-tunnel resolution-filter sr-policy

configure service epipe bgp-evpn mpls auto-bind-tunnel resolution-filter sr-policy

configure service vprn bgp-evpn mpls auto-bind-tunnel resolution-filter sr-policy

Description

This command selects the tunnel type for the SR policy.

The sr-policy value instructs BGP to search for an SR policy with a non-null endpoint and color value that matches the BGP next hop and color extended community value of the EVPN route.

The no form of this command disables the SR policy setting for the auto-bind tunnel.

Default

no sr-policy

Platforms

7705 SAR Gen 2

Context

[Tree] (config>saa>test>type-multi-line>lsp-ping sr-policy)

Full Context

configure saa test type-multi-line lsp-ping sr-policy

Description

This command configures the SR policy target FEC.

Parameters

color color

Specifies the color ID.

Values

0 to 4294967295

endpoint ip-address

Specifies the endpoint address.

Values

ipv4-address: a.b.c.d
ipv6-address: x:x:x:x:x:x:x:x (eight 16-bit pieces)
		x:x:x:x:x:x:d.d.d.d
		x - [0 to FFFF]H
		d - [0 to 255]D

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>auto-bind-tunnel>res-filter sr-policy)

Full Context

configure service vprn auto-bind-tunnel resolution-filter sr-policy

Description

Platforms

7705 SAR Gen 2

Context

[Tree] (config>oam-pm>session>ip>tunnel>mpls sr-policy)

Full Context

configure oam-pm session ip tunnel mpls sr-policy

Description

Commands in this context identify the SR policy used to tunnel IP packets for session tests.

The no form of this command disables the SR policy used to tunnel IP packets.

Default

no sr-policy

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp sr-policy-import)

Full Context

configure router bgp sr-policy-import

Description

This command instructs BGP to import all statically-configured non-local segment routing policies from the segment routing DB into the BGP RIB so that they can be advertised, as originated routes, towards BGP peers supporting the sr-policy-ipv4 address family.

The no form of this command instructs BGP to not import any statically defined segment routing policies into BGP.

Default

no sr-policy-import

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-te)

[Tree] (config>service>epipe>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-te)

[Tree] (config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter sr-te)

[Tree] (config>service>vprn>bgp-ipvpn>mpls>auto-bind-tunnel>resolution-filter sr-te)

Full Context

configure service vprn bgp-evpn mpls auto-bind-tunnel resolution-filter sr-te

configure service epipe bgp-evpn mpls auto-bind-tunnel resolution-filter sr-te

configure service vpls bgp-evpn mpls auto-bind-tunnel resolution-filter sr-te

configure service vprn bgp-ipvpn mpls auto-bind-tunnel resolution-filter sr-te

Description

This command selects the Segment Routing (SR) Traffic Engineered (SR-TE) LSP programmed in TTM.

The sr-te value instructs the system to search for the best metric SR-TE LSP to the address of the BGP next hop. The LSP metric is provided by MPLS in the tunnel table. In the case of multiple SR-TE LSPs with the same lowest metric, BGP selects the LSP with the lowest tunnel ID.

The no form of this command disables the SR-TE LSP setting for the auto-bind tunnel.

Default

no sr-te

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls>pce-initiated-lsp sr-te)

Full Context

configure router mpls pce-initiated-lsp sr-te

Description

This command enables support for SR-TE PCE-initiated LSPs.

The no form of this command removes SR-TE PCE-initiated LSP support. All PCE-initiated SR-TE LSPs are deleted.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls>tunnel-table-pref sr-te)

Full Context

configure router mpls tunnel-table-pref sr-te

Description

This command configures the tunnel table preference for an SR-TE LSP tunnel type away from its default value.

The tunnel table preference applies to the next-hop resolution of BGP routes of the following families: EVPN, IPv4, IPv6, VPN-IPv4, VPN-IPv6, label-IPv4, and label-IPv6 in the tunnel table.

This feature does not apply to a VPRN, VPLS, or VLL service with explicit binding to an SDP that enabled the mixed-lsp-mode option. The tunnel preference in such an SDP is fixed and is controlled by the service manager. The configuration of the tunnel table preference parameter does not modify the behavior of such an SDP and the services that bind to it.

It is recommended to not set two or more tunnel types to the same preference value. In such a situation, the tunnel table prefers the tunnel type which was first introduced in SR OS implementation historically.

The no form of this command reverts to the default value.

Default

sr-te 8

Parameters

value

Specifies the tunnel table preference value for SR-TE LSP.

Values

1 to 255

Default

8

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>static-route-entry>indirect>tunnel-next-hop>resolution-filter sr-te)

Full Context

configure router static-route-entry indirect tunnel-next-hop resolution-filter sr-te

Description

The sr-te value instructs the code to search for the set of lowest metric SR-TE LSPs to the address of the indirect next-hop. The LSP metric is provided by MPLS in the tunnel table. The static route treats a set of SR-TE LSPs with the same lowest metric as an ECMP set. The user has the option of configuring a list of SR-TE LSP names to be used exclusively instead of searching in the tunnel table. In that case, all LSPs must have the same LSP metric in order for the static route to use them as an ECMP set. Otherwise, only the LSPs with the lowest common metric value are selected.

Default

no sr-te

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>next-hop-resolution>shortcut-tunn>family>resolution-filter sr-te)

[Tree] (config>router>bgp>next-hop-resolution>labeled-routes>transport-tunnel>family>resolution-filter sr-te)

Full Context

configure router bgp next-hop-resolution shortcut-tunnel family resolution-filter sr-te

configure router bgp next-hop-resolution labeled-routes transport-tunnel family resolution-filter sr-te

Description

This command selects the Segment Routing (SR) tunnel type programmed by a traffic engineered (TE) instance in TTM for next-hop resolution. In the case of multiple SR-TE tunnels with the same lowest metric, BGP selects the tunnel with the lowest tunnel ID.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ospf>traffic-engineering-options sr-te)

Full Context

configure router ospf traffic-engineering-options sr-te

Description

This command configures the advertisement of TE attributes of each link on a per-application basis. Two applications are supported in SR OS: RSVP-TE and SR-TE. Although the legacy mode of advertising TE attributes is supported, additional configurations are possible.

The no form of this command deletes the context.

Default

no sr-te

Parameters

legacy

Advertises the TE attributes for MPLS-enabled SR links using TE Opaque LSAs.

Note:

Do not configure the legacy mode if the network has both RSVP-TE and SR-TE attributes and the links are not congruent.

application-specific-link-attributes

Advertises TE information for MPLS-enabled SR links using the new Application Specific Link Attributes (ASLA) TLVs.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>oam-pm>session>ip>tunnel>mpls sr-te)

Full Context

configure oam-pm session ip tunnel mpls sr-te

Description

This command configures specification of SR-TE specific tunnel information that is used to transport the test packets. Entering this context removes all other tunnel type options configured under the configure oam-pm session ip tunnel mpls context. Only a single mpls type can be configured for an OAM-PM session.

The no form of this command removes the SR-TE LSP name from the configuration.

Default

no override

Parameters

tcp-port

Specifies the source TCP port to be used in the test TCP header.

Values

0 to 65535

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>auto-bind-tunnel>res-filter sr-te)

Full Context

configure service vprn auto-bind-tunnel resolution-filter sr-te

Description

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>sdp sr-te-lsp)

Full Context

configure service sdp sr-te-lsp

Description

This command configures an MPLS SDP of LSP type SR-TE.

The user can specify up to 16 SR-TE LSP names. The destination address of all LSPs must match that of the SDP far-end option. Service data packets are sprayed over the set of LSPs in the SDP using the same procedures as for tunnel selection in ECMP. Each SR-TE LSP can, however, have up to 32 next-hops at the ingress LER when the first segment is a node SID-based SR tunnel. Thus, the service data packet is forwarded over one of a maximum of 16x32 next-hops.

The tunnel-far-end option is not supported. In addition, the mixed-lsp-mode option does not support the sr-te tunnel type.

The signaling protocol for the service labels for an SDP using a SR-TE LSP can be configured to static (off), T-LDP (tldp), or BGP (bgp).

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls sr-te-resignal)

Full Context

configure router mpls sr-te-resignal

Description

Commands in this context configure the re-optimization parameters of SR-TE LSPs.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>snmp src-access-list)

Full Context

configure system security snmp src-access-list

Description

This command configures a list of source IP addresses used to validate SNMPv1 and SNMPv2c requests after the list is associated with one or more SNMPv1 and SNMPv2c communities.

A source access list referenced by one or more community instances is used to verify the source IP addresses of an SNMP request using the community, regardless of the VPRN/VRF interface (or "Base” interface) on which the request arrived. For example, if an SNMP request arrives on an interface in VPRN "100" but the request is referencing a community, the source IP address in the packet is validated against the source address list configured for the community. This occurs regardless of whether the request is destined to a VPRN interface address and the VPRN has SNMP access enabled, or the request is destined to the base system address via GRT leaking. If the source IP address of the request message does not match the IP address of any of the src-host entries contained in the list, the request is discarded and logged as an SNMP authentication failure.

A maximum of 16 source access lists can be configured. Each source access lists can contain a maximum of 16 source hosts.

The no form of this command removes the named source access list. Users cannot remove a source access list that is referenced by one or more community instances.

Parameters

list-name

Specifies the name or key of the source access list. This parameter must begin with a letter (a-z or A-Z).

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>snmp>src-access-list src-host)

Full Context

configure system security snmp src-access-list src-host

Description

This command configures a source IP address entry used to validate SNMPv1 and SNMPv2c requests.

The no form of this command removes the specified entry.

Parameters

host-name

Specifies a name for the entry, up to 32 characters.

ip-address

Specifies an allowed IPv4 or IPv6 source address for SNMP requests.

Values

ipv4-address —	a.b.c.d (host bits must be 0)
ipv6-address —	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x — 0 to FFFF (hexadecimal)
	d — 0 to 255 (decimal)

Platforms

7705 SAR Gen 2

Context

[Tree] (config>redundancy>mc>peer>mcr>l3ring>node>cv src-ip)

Full Context

configure redundancy multi-chassis peer mc-ring l3-ring ring-node connectivity-verify src-ip

Description

This command specifies the source IP address used in ring-node connectivity verification of this ring node.

The no form of this command reverts to the default.

Parameters

ip-address

Specifies the source IP address used in ring-node connectivity verification of this ring node.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>qos>sap-ingress>ip-criteria>entry>match src-ip)

[Tree] (config>qos>sap-egress>ip-criteria>entry>match src-ip)

Full Context

configure qos sap-ingress ip-criteria entry match src-ip

configure qos sap-egress ip-criteria entry match src-ip

Description

This command configures a source IPv4 address range to be used as an SAP QoS policy match criterion.

To match on the source IPv4 or IPv6 address, specify the address and its associated mask; for example, 10.1.0.0/16. The conventional notation of 10.1.0.0 255.255.0.0 can also be used for IPv4.

The no form of this command removes the source IPv4 or IPv6 address match criterion.

Default

no src-ip

Parameters

ip-address

Specifies the source IPv4 address specified in dotted decimal notation.

Values

ip-address: a.b.c.d

mask

Specifies the length in bits of the subnet mask.

Values

1 to 32

ipv4-address-mask

Specifies the subnet mask in dotted decimal notation.

Values

a.b.c.d (dotted quad equivalent of mask length)

prefix-list-name

Specifies the IPv4 prefix list name, a string of up to 32 printable ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>qos>sap-ingress>ipv6-criteria>entry>match src-ip)

[Tree] (config>qos>sap-egress>ipv6-criteria>entry>match src-ip)

Full Context

configure qos sap-ingress ipv6-criteria entry match src-ip

configure qos sap-egress ipv6-criteria entry match src-ip

Description

This command configures a source IPv6 address range to be used as an SAP QoS policy match criterion.

To match on the source IPv6 address, specify the address and its associated mask, for example, 2001:db8:1000::/64.

The no form of this command removes the source IPv6 address match criterion.

Default

no src-ip

Parameters

ipv6-address

Specifies the IPv6 address for the IP match criterion in hexadecimal digits.

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d x: [0 to FFFF]H d: [0 to 255]D

prefix-length

Specifies the IPv6 prefix length for the IPv6 address expressed as a decimal integer.

Values

1 to 128

ipv6-address-mask

Specifies the IPv6 address mask.

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

ipv6-prefix-list-name

Specifies the IPv6 prefix list name, a string of up to 32 printable ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>qos>network>ingress>ipv6-criteria>entry>match src-ip)

[Tree] (config>qos>network>ingress>ip-criteria>entry>match src-ip)

[Tree] (config>qos>network>egress>ip-criteria>entry>match src-ip)

[Tree] (config>qos>network>egress>ipv6-criteria>entry>match src-ip)

Full Context

configure qos network ingress ipv6-criteria entry match src-ip

configure qos network ingress ip-criteria entry match src-ip

configure qos network egress ip-criteria entry match src-ip

configure qos network egress ipv6-criteria entry match src-ip

Description

This command configures a source IPv4 or IPv6 address range to be used as a network QoS policy match criterion.

To match on the source IPv4 or IPv6 address, specify the address and its associated mask, for example, when specifying an IPv4 address, 10.1.0.0/16 or 10.1.0.0 255.255.0.0 can be used.

The no form of this command removes the source IPv4 or IPv6 address match criterion.

Parameters

ip-address

Specifies the source IPv4 address specified in dotted decimal notation.

Values

ip-address: a.b.c.d

mask

Specifies the length in bits of the subnet mask.

Values

1 to 32

ipv4-address-mask

Specifies the subnet mask in dotted decimal notation.

Values

a.b.c.d (dotted quad equivalent of mask length)

ip-prefix-list-name

Specifies an IPv4 prefix list which contains IPv4 address prefixes to be matched.

Values

A string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

ipv6-address

Specifies the IPv6 prefix for the IP match criterion in hex digits.

Values

ipv6-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x: [0 to FFFF]H
	d: [0 to 255]D

mask

Specifies the length of the ipv6-address expressed as a decimal integer.

Values

1 to 128

ipv6-address-mask

Specifies the eight 16-bit hexadecimal pieces representing bit match criteria.

Values

x:x:x:x:x:x:x (eight 16-bit pieces)

ipv6-prefix-list-name

Specifies an IPv6 prefix list which contains IPv6 address prefixes to be matched.

Values

A string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>filter>ipv6-exception>entry>match src-ip)

[Tree] (config>filter>ipv6-filter>entry>match src-ip)

[Tree] (config>filter>ip-exception>entry>match src-ip)

Full Context

configure filter ipv6-exception entry match src-ip

configure filter ipv6-filter entry match src-ip

configure filter ip-exception entry match src-ip

Description

This command configures a source IPv4 or IPv6 address range to be used as an IP filter or IP exception match criterion.

To match on the source IPv4 or IPv6 address, specify the address and its associated mask, for example, 10.1.0.0/16 for IPv4. The conventional notation of 10.1.0.0 255.255.0.0 may also be used for IPv4.

The no form of the command removes the source IP address match criterion.

Default

no src-ip

Parameters

ip-address

Specifies the destination IPv4 address specified in dotted decimal notation.

Values

a.b.c.d

mask

Specifies the length in bits of the subnet mask.

Values

1 to 32

ipv4-address-mask

Specifies the subnet mask in dotted decimal notation.

Values

a.b.c.d (dotted quad equivalent of mask length)

ip-prefix-listoripv6-prefix-list prefix-list-name

Specifies to use a list of IP prefixes, which is a string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

ipv6-address

Specifies an IPv6 prefix for the IP match criterion in hex digits.

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0..FFFF]H

d: [0..255]D

prefix-length

Specifies whether a the IPv6 prefix length for the specified ipv6-address expressed as a decimal integer.

Values

1 to 128

ipv6-address-mask

Specifies eight 16-bit hexadecimal pieces representing bit match criteria.

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0..FFFF]H

d: [0..255]D

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>mgmt-access-filter>ip-filter>entry src-ip)

Full Context

configure system security management-access-filter ip-filter entry src-ip

Description

This command configures a source IP address range or an IP prefix list to be used as a management access filter match criterion.

The no form of this command removes the source IP address match criterion.

Default

no src-ip

Parameters

ip-prefix

Specifies the IP prefix for the IP match criterion in dotted decimal notation.

mask

Specifies the subnet mask length expressed as a decimal integer.

Values

1 to 32 (mask length), 0.0.0.0 to 255.255.255.255 (dotted decimal)

netmask

Specifies the dotted quad equivalent of the mask length.

Values

0.0.0.0 to 255.255.255.255

ip-prefix-list-name

Specifies the IP prefix list used as a match criterion for the source IP address. It is a string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes .

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>mgmt-access-filter>ipv6-filter>entry src-ip)

Full Context

configure system security management-access-filter ipv6-filter entry src-ip

Description

This command configures a source IPv6 address range or an IPv6 prefix list to be used as a management access filter match criterion.

The no form of this command removes the source IPv6 address match criterion.

Default

no src-ip

Parameters

ipv6-address/prefix-length

Specifies the IPv6 address for the IPv6 match criterion in dotted decimal notation. An IPv6 IP address is written as eight 4-digit (16-bit) hexadecimal numbers separated by colons. One string of zeros per address can be left out, so that 2001:db8::0:217A is the same as 2001:db8:0:0:0:0:0:217A.

Values

ipv6-address	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x: [0..FFFF]H
	d: [0..255]D
prefix-length	1 to 128

ipv6-prefix-list-name

Specifies the IPv6 prefix list used a match criterion for the source IP address. It is a string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes .

Platforms

7705 SAR Gen 2

Context

[Tree] (config>saa>test>type-multi-line>lsp-ping>sr-policy src-ip-address)

[Tree] (config>saa>test>type-multi-line>lsp-ping src-ip-address)

Full Context

configure saa test type-multi-line lsp-ping sr-policy src-ip-address

configure saa test type-multi-line lsp-ping src-ip-address

Description

This command configures the source IP address. This option is used when an OAM packet must be generated from a different address than the node’s system interface address. For example, when the OAM packet is sent over an LDP LSP and the LDP LSR-ID of the corresponding LDP session to the next hop is set to an address other than the system interface address.

The no form of this command removes the configuration.

Parameters

ip-address

Specifies the source IP address.

Values

ipv4-address: a.b.c.d
ipv6-address: x:x:x:x:x:x:x:x (eight 16-bit pieces)
		x:x:x:x:x:x:d.d.d.d
		x - [0 to FFFF]H
		d - [0 to 255]D

Platforms

7705 SAR Gen 2

Context

[Tree] (config>redundancy>mc>peer>mcr>l3ring>node>cv src-mac)

Full Context

configure redundancy multi-chassis peer mc-ring l3-ring ring-node connectivity-verify src-mac

Description

This command specifies the source MAC address used for the ring-node connectivity verification of this ring node.

If all zeros are specified, the MAC address of the system management processor (CPM) is used.

The no form of this command reverts to the default.

Parameters

ieee-address

Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff where aa, bb, cc, dd, ee, and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>qos>sap-ingress>mac-criteria>entry>match src-mac)

Full Context

configure qos sap-ingress mac-criteria entry match src-mac

Description

This command configures a source MAC address or range to be used as a service ingress QoS policy match criterion.

The no form of this command removes the source mac as the match criteria.

Default

no src-mac

Parameters

ieee-address

Enter the 48-bit IEEE MAC address to be used as a match criterion.

Values

HH:HH:HH:HH:HH:HH or HH-HH-HH-HH-HH-HH where H is a hexadecimal digit

ieee-address-mask

This 48-bit mask can be configured using the following formats:

Table 1. Format Styles to Configure Mask

Format Style	Format Syntax	Example
Decimal	DDDDDDDDDDDDDD	281474959933440
Hexadecimal	0xHHHHHHHHHHHH	0x0FFFFF000000
Binary	0bBBBBBBB...B	0b11110000...B

To configure all packets with a source MAC OUI value of 00-03-FA to be subject to a match condition, the entry should be specified as: 003FA000000 0xFFFFFF000000

Values

0x00000000000000 to 0xFFFFFFFFFFFF (hex)

Default

0xFFFFFFFFFFFF (hex) (exact match)

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>mgmt-access-filter>mac-filter>entry>match src-mac)

Full Context

configure system security management-access-filter mac-filter entry match src-mac

Description

This command configures a source MAC address or range to be used as a MAC filter match criterion.

The no form of this command removes the source mac as the match criteria.

Default

no src-mac

Parameters

ieee-address

Specifies the 48-bit IEEE mac address to be used as a match criterion.

Values

HH:HH:HH:HH:HH:HH or HH-HH-HH-HH-HH-HH where H is a hexadecimal digit

ieee-address-mask

Specifies a 48-bit mask that can be configured using the formats listed in ieee-address-mask Formats:

Table 2. ieee-address-mask Formats

Format Style	Format Syntax	Example
Decimal	DDDDDDDDDDDDDD	281474959933440
Hexadecimal	0xHHHHHHHHHHHH	0x0FFFFF000000
Binary	0bBBBBBBB...B	0b11110000...B

To configure so that all packets with a source MAC OUI value of 00-03-FA are subject to a match condition then the entry should be specified as: 003FA000000 0xFFFFFF000000

Default

0xFFFFFFFFFFFF (exact match)

Values

0x00000000000000 to 0xFFFFFFFFFFFF

Platforms

7705 SAR Gen 2

Context

[Tree] (config>qos>sap-ingress>ipv6-criteria>entry>match src-port)

[Tree] (config>qos>sap-egress>ipv6-criteria>entry>match src-port)

[Tree] (config>qos>sap-egress>ip-criteria>entry>match src-port)

[Tree] (config>qos>sap-ingress>ip-criteria>entry>match src-port)

Full Context

configure qos sap-ingress ipv6-criteria entry match src-port

configure qos sap-egress ipv6-criteria entry match src-port

configure qos sap-egress ip-criteria entry match src-port

configure qos sap-ingress ip-criteria entry match src-port

Description

This command configures a source TCP or UDP port number or port range for a SAP QoS policy match criterion.

The no form of this command removes the source port match criterion.

Default

no src-port

Parameters

{lt | gt | eq} src-port-number

The TCP or UDP port numbers to match, specified as less than (lt), greater than (gt), or equal to (eq) to the source port value, specified as a decimal integer.

Values

1 to 65535 (decimal)

range startend

The range of TCP or UDP port values to match, specified as between the start and end source port values inclusive.

Values

1 to 65535 (decimal)

Platforms

7705 SAR Gen 2

Context

[Tree] (config>qos>network>ingress>ip-criteria>entry>match src-port)

[Tree] (config>qos>network>egress>ipv6-criteria>entry>match src-port)

[Tree] (config>qos>network>egress>ip-criteria>entry>match src-port)

[Tree] (config>qos>network>ingress>ipv6-criteria>entry>match src-port)

Full Context

configure qos network ingress ip-criteria entry match src-port

configure qos network egress ipv6-criteria entry match src-port

configure qos network egress ip-criteria entry match src-port

configure qos network ingress ipv6-criteria entry match src-port

Description

This command configures a source TCP or UDP port number, port range, or a port list for a network QoS policy match criterion.

The no form of this command removes the source port match criterion.

Default

no src-port

Parameters

lt

Keyword used to specify TCP or UDP port numbers to match that are less than the source port value.

gt

Keyword used to specify TCP or UDP port numbers to match that are greater than the source port value.

eq

Keyword used to specify TCP or UDP port numbers to match that are equal to the source port value.

src-port-number

The source port value, specified as a decimal integer.

Values

1 to 65535

port-list-name

Specifies a port list name, up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

start

Specifies the starting range of TCP or UDP source port values to match.

Values

1 to 65535

end

Specifies the end range of TCP or UDP source port values to match.

Values

1 to 65535

Platforms

7705 SAR Gen 2

Context

[Tree] (config>filter>ip-exception>entry>match src-port)

[Tree] (config>filter>ip-filter>entry>match src-port)

[Tree] (config>filter>ipv6-exception>entry>match src-port)

[Tree] (config>filter>ipv6-filter>entry>match src-port)

Full Context

configure filter ip-exception entry match src-port

configure filter ip-filter entry match src-port

configure filter ipv6-exception entry match src-port

configure filter ipv6-filter entry match src-port

Description

This command configures a source TCP, UDP, or SCTP port number, port range, or port match list for an IP filter or IP exception match criterion. An entry containing Layer 4 non-zero match criteria will not match non-initial (2nd, 3rd, and so on) fragments of a fragmented packet since only the first fragment contains the Layer 4 information. Similarly an entry containing "src-port eq 0" match criterion, may match non-initial fragments when the source port value is not present in a packet fragment and other match criteria are also met.

The no form of the command removes the source port match criterion.

Default

no src-port

Parameters

lt | gt | eq

Specifies the operator to use relative to src-port-number for specifying the port number match criteria.

lt specifies that all port numbers less than src-port-number match.

gt specifies that all port numbers greater than src-port-number match.

eq specifies that src-port-number must be an exact match.

src-port-number

Specifies the source port number to be used as a match criteria expressed as a decimal integer, and in hexadecimal or binary format. Below shows decimal integer only.

Values

0 to 65535

port-list-name

Specifies to use a list of ports referred to by port-list-name, which is a string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

src-port-number src-port-number

Specifies inclusive port range between two src-port-number values.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>mgmt-access-filter>ipv6-filter>entry src-port)

[Tree] (config>system>security>mgmt-access-filter>ip-filter>entry src-port)

Full Context

configure system security management-access-filter ipv6-filter entry src-port

configure system security management-access-filter ip-filter entry src-port

Description

This command restricts ingress management traffic to either the CPM/CCM Ethernet port or any other logical port (for example LAG) on the device.

When the source interface is configured, only management traffic arriving on those ports satisfy the match criteria.

The no form of this command reverts to the default value.

Default

no src-port