t Commands

Context

[Tree] (config>system>management-interface>cli>md-cli>environment>command-completion tab)

Full Context

configure system management-interface cli md-cli environment command-completion tab

Description

This command enables completion on the tab character.

The no form of this command reverts to the default value.

Default

tab

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>proxy-arp table-size)

[Tree] (config>service>vpls>proxy-nd table-size)

Full Context

configure service vpls proxy-arp table-size

configure service vpls proxy-nd table-size

Description

This command adds a table-size limit per service. By default, the table-size limit is 250; it can be set up to 16k entries per service. A non-configurable implicit high watermark of 95% and low watermark of 90% exists, per service and per system. When those watermarks are reached, a syslog/trap is triggered. When the system/service limit is reached, entries for a specified IP can be replaced (a different MAC can be learned and added) but no new IP entries will be added, regardless of the type (Static, evpn, dynamic). If the user attempts to change the table-size value to a value that cannot accommodate the number of existing entries, the attempt will fail.

Default

table-size 250

Parameters

table-size

Specifies the table-size as number of entries for the service.

Values

1 to 16384

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>aaa>rmt-srv tacplus)

Full Context

configure service vprn aaa remote-servers tacplus

Description

This command creates the context to configure TACACS+ authentication on the VPRN.

Configure multiple server addresses for each router for redundancy.

The no form of this command removes the TACACS+ configuration.

Parameters

create

Keyword to create the TACACS+ configuration.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security tacplus)

Full Context

configure system security tacplus

Description

This command creates the context to configure TACACS+ authentication on the router.

Configure multiple server addresses for each router for redundancy.

The no form of this command removes the TACACS+ configuration.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>password>enable-admin-control tacplus-map-to-priv-lvl)

Full Context

configure system security password enable-admin-control tacplus-map-to-priv-lvl

Description

When tacplus-map-to-priv-lvl is enabled, and tacplus authorization is enabled with the use-priv-lvl option, typing enable-admin starts an interactive authentication exchange from the node to the TACACS+ server. The start message (service=enable) contains the user-id and the requested admin-priv-lvl. Successful authentication results in the use of a new profile (as configured under config>system>security>tacplus>priv-lvl-map).

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>static-route-entry tag)

Full Context

configure service vprn static-route-entry tag

Description

This command associates a 4-byte route-tag with the static route. The tag value can be used in route policies to control distribution of the static route into other protocols.

The tag specified at this level of the static route causes tag values configured under the next-hop, black-hole, and indirect contexts of the static route to be ignored.

The no form of this command removes the tag association.

Default

no tag

Parameters

tag

Specifies an integer value.

Values

1 to 4294967295

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>static-route-entry>ipsec-tunnel tag)

[Tree] (config>service>vprn>static-route-entry>next-hop tag)

[Tree] (config>service>vprn>static-route-entry>indirect tag)

Full Context

configure service vprn static-route-entry ipsec-tunnel tag

configure service vprn static-route-entry next-hop tag

configure service vprn static-route-entry indirect tag

Description

This command adds a 32-bit integer tag to the associated static route.

The tag value can be used in route policies to control distribution of the route into other protocols.

Default

no tag

Parameters

tag-value

Specifies an integer tag value.

Values

32 bit integer

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>isis>if tag)

Full Context

configure service vprn isis interface tag

Description

This command configures a route tag to the specified IP address of an interface.

Parameters

tag

Specifies the tag value.

Values

1 to 4294967295

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>static-route-entry>next-hop tag)

[Tree] (config>router>static-route-entry tag)

[Tree] (config>router>static-route-entry>black-hole tag)

[Tree] (config>router>static-route-entry>indirect tag)

Full Context

configure router static-route-entry next-hop tag

configure router static-route-entry tag

configure router static-route-entry black-hole tag

configure router static-route-entry indirect tag

Description

This command associates a 4-byte route-tag with the static route. The tag value can be used in route policies to control distribution of the static route into other protocols.

The tag specified at this level of the static route causes tag values configured under the next-hop, black-hole and indirect contexts of the static route to be ignored.

The no form of this command removes the tag association.

Default

no tag

Parameters

tag

Specifies an integer tag value.

Values

1 to 4294967295

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis>interface tag)

Full Context

configure router isis interface tag

Description

This command configures a route tag to the specified IP address of an interface.

The no form of this command removes the tag value from the configuration.

Parameters

tag

Specifies a route tag.

Values

1 to 4294967295

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis>interface tag)

Full Context

configure router isis interface tag

Description

This command configures a route tag to the specified IP address of an interface.

The no form of this command removes the tag value from the configuration.

Default

no tag

Parameters

tag

Specifies a route tag.

Values

1 to 4294967295

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>policy-options>policy-statement>entry>from tag)

Full Context

configure router policy-options policy-statement entry from tag

Description

This command matches the tag value in static or IGP routes. A decimal or hexadecimal value of 4 octets can be entered. For IS-IS, OSPF, and static routes, all four octets can be used. For RIP and RIPng, only the two most significant octets are used if more than two octets are configured.

The no form of this command removes the tag field match criterion.

Default

no tag

Parameters

tag

Matches the configured tag value.

Values

Accepts decimal or hexadecimal formats:

• IS-IS, OSPF and static routes: 0x0 – 0xFFFFFFFF or 1 – 4294967295

• RIP and RIPng: 0x0 – 0xFFFF or 1 – 65535

no-tag

Specifies that no tag value is set.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>policy-options>policy-statement>default-action tag)

[Tree] (config>router>policy-options>policy-statement>entry>action tag)

Full Context

configure router policy-options policy-statement default-action tag

configure router policy-options policy-statement entry action tag

Description

This command assigns a tag to routes matching the entry, which is then applied to IGP routes. A decimal or hexadecimal value of 4 octets can be entered.

For IS-IS and OSPF, all four octets can be used.

For RIP and RIPng, only the two most significant octets are used if more than two octets are configured.

The no form of this command removes the tag.

Default

no tag

Parameters

tag

Assigns an IS-IS, OSPF, RIP or RIPng tag to routes matching the entry.

Values

Accepts decimal or hexadecimal formats:

IS-IS and OSPF: 0x0–0xFFFFFFFF or 1–4294967295

RIP and RIPng: 0x0–0xFFFF or 1–65535

name — The tag parameter variable name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes. Policy parameters must start and end with at-signs (@); for example, "@variable@”.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe>spoke-sdp-fec taii-type2)

Full Context

configure service epipe spoke-sdp-fec taii-type2

Description

taii-type2 configures the target attachment individual identifier for the SDP SDP. This is only applicable to FEC129 AII type 2.

This command is blocked in CLI if this end of the spoke SDP is configured for single-sided auto configuration (using the auto-config command).

Parameters

global-id

Specifies a global ID of this router T-PE. This value must correspond to one of the global_id values configured for a local-prefix under config>service>pw-routing>local-prefix context.

Values

1 to 4294967295

prefix

Speecifies prefix on this router T-PE that the spoke SDP SDP is associated with. This value must correspond to one of the prefixes configured under config>service>pw-routing>local-prefix context.

Values

an IPv4-formatted address a.b.c.d or 1 to 4294967295

ac-id

Specifies an unsigned integer representing a locally unique identifier for the spoke SDP.

Values

1 to 4294967295

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>grpc-tunnel>tunnel target-name)

Full Context

configure system grpc-tunnel tunnel target-name

Description

This command assigns a target name that the node will register with.

The no form of this command removes the target name.

Default

no target-name

Parameters

node-name

Keyword to register the tunnel with the node name configured using the configure system name command.

user-agent

Keyword to register the tunnel with the user agent name string defined as node-name:vendor:model:software-version.

custom-string

Assigns an arbitrary string as the target name.

name

Specifies a string, up to 64 characters, that defines the target name.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>port>dwdm>coherent target-power)

Full Context

configure port dwdm coherent target-power

Description

This command configures the target transmit optical power for the port.

Default

target-power 1.00

Parameters

power

Specifies the desired average output power in dBm.

Values

-20.00 to 3.00

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>grpc-tunnel>tunnel>handler target-type)

Full Context

configure system grpc-tunnel tunnel handler target-type

Description

This command assigns a server as a handler for all tunnel sessions.

The no form of this command disables the tunnel handler server.

Default

no target-type

Parameters

grpc-server

Keyword that assigns the gRPC server as a handler for all tunnels sessions. The gRPC-tunnel protocol value corresponds to "GNMI_GNOI”.

ssh-server

Keyword that assigns the SSH server as a handler for all tunnels sessions. The gRPC-tunnel protocol value corresponds to "SSH”.

custom-type

Keyword that assigns an arbitrary string as the target type.

type

Specifies a string, up to 255 characters, defining the client to serve as a handler for all tunnel sessions. Values used by gRPC tunnel protocol, such as "GNMI_GNOI” or "SSH” can also be used.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ldp targeted-session)

Full Context

configure router ldp targeted-session

Description

This command configures targeted LDP sessions. Targeted sessions are LDP sessions between non-directly connected peers. Hello messages are sent directly to the peer platform instead of to all the routers on this subnet multicast address. The user can configure different default parameters for IPv4 and IPv6 LDP targeted hello adjacencies.

The discovery messages for an indirect LDP session are addressed to the specified peer and not to the multicast address.

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>pcep>pcc task)

[Tree] (debug>router>pcep>pcc>conn task)

Full Context

debug router pcep pcc task

debug router pcep pcc connection task

Description

This command enables debugging for PCC or connection task events.

The no form of this command disables debugging.

Parameters

detail

Keyword used to specify detailed information about PCC or connection task events.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>filter>ipv6-filter>entry>match tcp-ack)

[Tree] (config>filter>ip-filter>entry>match tcp-ack)

Full Context

configure filter ipv6-filter entry match tcp-ack

configure filter ip-filter entry match tcp-ack

Description

This command configures an IP filter match criterion based on the Acknowledgment (ACK) TCP Flag bit, defined in RFC 793, as being set or not in the TCP header of an IP packet.

The no form of the command removes the criterion from the match entry.

Default

no tcp-ack

Parameters

true

Specifies matching on IP packets that have the selected TCP flag bit set in the TCP header.

false

Specifies matching on IP packets that do not have the selected TCP flag bit set in the TCP header.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>filter>ipv6-filter>entry>match tcp-cwr)

[Tree] (config>filter>ip-filter>entry>match tcp-cwr)

Full Context

configure filter ipv6-filter entry match tcp-cwr

configure filter ip-filter entry match tcp-cwr

Description

This command configures an IP filter match criterion based on the Congestion Window Reduced (CWR) TCP Flag bit, defined in RFC 3168, as being set or not in the TCP header of an IP packet.

The no form of the command removes the criterion from the match entry.

Default

no tcp-cwr

Parameters

true

Specifies matching on IP packets that have the selected TCP flag bit set in the TCP header.

false

Specifies matching on IP packets that do not have the selected TCP flag bit set in the TCP header.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>filter>ip-filter>entry>match tcp-ece)

[Tree] (config>filter>ipv6-filter>entry>match tcp-ece)

Full Context

configure filter ip-filter entry match tcp-ece

configure filter ipv6-filter entry match tcp-ece

Description

This command configures an IP filter match criterion based on the ECN-Echo (ECE) TCP Flag bit, defined in RFC 3168, as being set or not in the TCP header of an IP packet.

The no form of the command removes the criterion from the match entry.

Default

no tcp-ece

Parameters

true

Specifies matching on IP packets that have the selected TCP flag bit set in the TCP header.

false

Specifies matching on IP packets that do not have the selected TCP flag bit set in the TCP header.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>nat>nat-policy>timeouts tcp-established)

Full Context

configure service nat nat-policy timeouts tcp-established

Description

This command configures the idle timeout applied to a TCP session in the established state.

Default

tcp-established hrs 2 min 4

Parameters

hours

Specifies the timeout hours field.

Values

1 to 24

minutes

Specifies the timeout minutes field.

Values

1 to 59

seconds

Specifies the timeout seconds field.

Values

1 to 59

Platforms

7705 SAR Gen 2

Context

[Tree] (config>filter>ipv6-filter>entry>match tcp-established)

[Tree] (config>filter>ip-filter>entry>match tcp-established)

Full Context

configure filter ipv6-filter entry match tcp-established

configure filter ip-filter entry match tcp-established

Description

This command matches packets with the TCP flag ACK or RST.

Default

tcp-established

Platforms

7705 SAR Gen 2

Context

[Tree] (config>filter>ip-filter>entry>match tcp-fin)

[Tree] (config>filter>ipv6-filter>entry>match tcp-fin)

Full Context

configure filter ip-filter entry match tcp-fin

configure filter ipv6-filter entry match tcp-fin

Description

This command configures an IP filter match criterion based on the FIN TCP Flag bit, defined in RFC 793, as being set or not in the TCP header of an IP packet.

The no form of the command removes the criterion from the match entry.

Default

no tcp-fin

Parameters

true

Specifies matching on IP packets that have the selected TCP flag bit set in the TCP header.

false

Specifies matching on IP packets that do not have the selected TCP flag bit set in the TCP header.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>grpc tcp-keepalive)

Full Context

configure system grpc tcp-keepalive

Description

Commands in this context configure the sending of TCP keepalives by the router towards all gRPC clients.

Enabling TCP keepalive speeds up the detection of certain failures. The TCP keepalives sent by the router are controlled by three commands: idle-time, interval, and retries. The router starts sending TCP keepalives when the connection has been idle (no TCP segments sent or received) for more than idle-time seconds. At that point, the router sends a probe (TCP ACK with a sequence number = current sequence number - 1) and expects a TCP ACK. It repeats this probe every interval seconds for the configured number of retries. If no response is received to any of the probes, the connection is immediately closed, which starts the purge timer if the TCP connection is currently supporting the RibApi service.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>grpc-tunnel>destination-group tcp-keepalive)

[Tree] (config>system>telemetry>destination-group tcp-keepalive)

Full Context

configure system grpc-tunnel destination-group tcp-keepalive

configure system telemetry destination-group tcp-keepalive

Description

Commands in this context configure TCP keepalive commands.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if>ipv6 tcp-mss)

[Tree] (config>service>ies>if tcp-mss)

Full Context

configure service ies interface ipv6 tcp-mss

configure service ies interface tcp-mss

Description

This command statically sets the TCP maximum segment size (MSS) for TCP connections originated from the associated IP interface to the specified value.

The no form of this command removes the static value and allows the TCP MSS value to be calculated based on the IP MTU value by subtracting the base IP and TCP header lengths from the IP MTU value (tcp_mss = ip_mtu – 40).

Default

no tcp-mss

Parameters

mss-value

The TCP MSS value that should be used in the TCP SYN packet during the three-way handshake negotiation of a TCP connection.

Note: 9158 = max-IP_MTU (9198)-40

Values

536 to 9746 (IPv4) 1220 to 9726 (IPv6)

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>if tcp-mss)

[Tree] (config>service>vprn>if>ipv6 tcp-mss)

[Tree] (config>service>vprn>nw-if tcp-mss)

Full Context

configure service vprn interface tcp-mss

configure service vprn interface ipv6 tcp-mss

configure service vprn network-interface tcp-mss

Description

This command statically sets the TCP maximum segment size (MSS) for TCP connections originated from the associated IP or network interface to the specified value.

The no form of this command removes the static value and allows the TCP MSS value to be calculated based on the IP MTU value by subtracting the base IP and TCP header lengths from the IP MTU value (tcp_mss = ip_mtu – 40).

Default

no tcp-mss

Parameters

mss-value

Specifies the TCP MSS value that should be used in the TCP SYN packet during the three-way handshake negotiation of a TCP connection.

Note: 9746 = max-IP_MTU (9786)-40

Values

384 to 9746 (IPv4 or network)

1220 to 9726(IPv6)

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>if>ipv6 tcp-mss)

[Tree] (config>router>if tcp-mss)

Full Context

configure router interface ipv6 tcp-mss

configure router interface tcp-mss

Description

This command statically sets the TCP maximum segment size (MSS) for TCP connections originated from the associated IP interface to the specified value.

The no form of this command removes the static value and allows the TCP MSS value to be calculated based on the IP MTU value by subtracting the base IP and TCP header lengths from the IP MTU value (tcp_mss = ip_mtu – 40).

Default

no tcp-mss

Parameters

mss-value

Specifies the TCP MSS value that should be used in the TCP SYN packet during the three-way handshake negotiation of a TCP connection.

9158 = max-IP_MTU (9198)-40

Values

536 to 9746 (IPv4) 1220 to 9726 (IPv6)

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>bgp tcp-mss)

[Tree] (config>router>bgp tcp-mss)

Full Context

configure service vprn bgp tcp-mss

configure router bgp tcp-mss

Description

This command configures an override for the TCP maximum segment size to use with a specific peer or set of peers (depending on the scope of the command).

The configured value controls two properties of the TCP connection as follows:

• TCP MSS option — The router advertises the TCP MSS option value in the TCP SYN packet it sends as part of the 3-way handshake. The advertised value may be lower than the configured value, depending on the IP MTU of the first hop IP interface. The peers are asked to abide by this value when sending TCP segments to the local router.

• TCP maximum segment size — The actual transmitted size may be lower than the configured value, depending on the TCP MSS option value signaled by the peers, the effect of path MTU discovery, or other factors.

The no form of this command removes the TCP MSS override values from the configuration.

Default

no tcp-mss

Parameters

mss-value

Specifies the The router uses the TCP SYN to advertise the TCP MSS option value towards its peer. MSS value, in bytes, to use with the peers that fall within the scope of the command.

Values

384 to 9746

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>bgp>group>neighbor tcp-mss)

[Tree] (config>service>vprn>bgp>group tcp-mss)

[Tree] (config>router>bgp>group tcp-mss)

[Tree] (config>router>bgp>group>neighbor tcp-mss)

Full Context

configure service vprn bgp group neighbor tcp-mss

configure service vprn bgp group tcp-mss

configure router bgp group tcp-mss

configure router bgp group neighbor tcp-mss

Description

This command configures an override for the TCP maximum segment size to use with a specific peer or set of peers (depending on the scope of the command).

The configured value controls two properties of the TCP connection as follows:

• TCP MSS option — The router advertises the TCP MSS option value in the TCP SYN packet it sends as part of the 3-way handshake. The advertised value may be lower than the configured value, depending on the IP MTU of the first hop IP interface. The peers are asked to abide by this value when sending TCP segments to the local router.

• TCP maximum segment size — The actual transmitted size may be lower than the configured value, depending on the TCP MSS option value signaled by the peers, the effect of path MTU discovery, or other factors.

The no form of this command removes the TCP MSS override values from the configuration.

Default

no tcp-mss

Parameters

mss-value

Specifies the TCP MSS value, in bytes, to use with the peers that fall within the scope of the command.

Values

384 to 9746

ip-stack

This keyword requests that TCP MSS be derived from mechanisms and configurations outside of BGP, including the configuration of tcp-mss at the IP interface level. It provides a method to override inheritance within the BGP configuration.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>nat>nat-policy tcp-mss-adjust)

Full Context

configure service nat nat-policy tcp-mss-adjust

Description

This command configures the value to adjust the TCP Maximum Segment Size (MSS) option.

The no form of the command returns the segment size to the default.

Default

no tcp-mss-adjust

Parameters

segment-size

Specifies the value to put into the TCP Maximum Segment Size (MSS) option if not already present, or if the present value is higher.

Values

160 to 10240

Platforms

7705 SAR Gen 2

Context

[Tree] (config>filter>ip-filter>entry>action tcp-mss-adjust)

[Tree] (config>filter>ipv6-filter>entry>action tcp-mss-adjust)

Full Context

configure filter ip-filter entry action tcp-mss-adjust

configure filter ipv6-filter entry action tcp-mss-adjust

Description

This command activates the adjustment of the TCP Maximum Segment Size (MSS) option of TCP packets matching the entry.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>filter>ipv6-filter>entry>match tcp-ns)

[Tree] (config>filter>ip-filter>entry>match tcp-ns)

Full Context

configure filter ipv6-filter entry match tcp-ns

configure filter ip-filter entry match tcp-ns

Description

This command configures an IP filter match criterion based on the Nonce Sum (NS) TCP Flag bit, defined in RFC 3540, as being set or not in the TCP header of an IP packet.

The no form of the command removes the criterion from the match entry.

Default

no tcp-ns

Parameters

true

Specifies matching on IP packets that have the selected TCP flag bit set in the TCP header.

false

Specifies matching on IP packets that do not have the selected TCP flag bit set in the TCP header.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>keychain tcp-option-number)

Full Context

configure system security keychain tcp-option-number

Description

Commands in this context configure the TCP option number to be placed in the TCP packet header.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>filter>ip-filter>entry>match tcp-psh)

[Tree] (config>filter>ipv6-filter>entry>match tcp-psh)

Full Context

configure filter ip-filter entry match tcp-psh

configure filter ipv6-filter entry match tcp-psh

Description

This command configures an IP filter match criterion based on the Push (PSH) TCP Flag bit, defined in RFC 793, as being set or not in the TCP header of an IP packet.

The no form of the command removes the criterion from the match entry.

Default

no tcp-psh

Parameters

true

Specifies matching on IP packets that have the selected TCP flag bit set in the TCP header.

false

Specifies matching on IP packets that do not have the selected TCP flag bit set in the TCP header.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>filter>ip-filter>entry>match tcp-rst)

[Tree] (config>filter>ipv6-filter>entry>match tcp-rst)

Full Context

configure filter ip-filter entry match tcp-rst

configure filter ipv6-filter entry match tcp-rst

Description

This command configures an IP filter match criterion based on the Reset (RST) TCP Flag bit, defined in RFC 793, as being set or not in the TCP header of an IP packet.

The no form of the command removes the criterion from the match entry.

Default

no tcp-rst

Parameters

true

Specifies matching on IP packets that have the selected TCP flag bit set in the TCP header.

false

Specifies matching on IP packets that do not have the selected TCP flag bit set in the TCP header.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ldp tcp-session-parameters)

Full Context

configure router ldp tcp-session-parameters

Description

Commands in this context configure parameters applicable to TCP transport session of an LDP session to remote peer.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>nat>nat-policy>timeouts tcp-syn)

Full Context

configure service nat nat-policy timeouts tcp-syn

Description

This command configures the timeout applied to a TCP session in the SYN state.

Default

tcp-syn sec 15

Parameters

hours

Specifies the timeout hours field.

Values

1 to 24

minutes

Specifies the timeout minutes field.

Values

1 to 59

seconds

Specifies the timeout seconds field.

Values

1 to 59

Platforms

7705 SAR Gen 2

Context

[Tree] (config>filter>ipv6-filter>entry>match tcp-syn)

[Tree] (config>filter>ip-filter>entry>match tcp-syn)

Full Context

configure filter ipv6-filter entry match tcp-syn

configure filter ip-filter entry match tcp-syn

Description

This command configures an IP filter match criterion based on the Synchronize (SYN) TCP Flag bit, defined in RFC 793, as being set or not in the TCP header of an IP packet.

The no form of the command removes the criterion from the match entry.

Default

no tcp-syn

Parameters

true

Specifies matching on IP packets that have the selected TCP flag bit set in the TCP header.

false

Specifies matching on IP packets that do not have the selected TCP flag bit set in the TCP header.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>nat>nat-policy>timeouts tcp-time-wait)

Full Context

configure service nat nat-policy timeouts tcp-time-wait

Description

This command configures the timeout applied to a TCP session in a time-wait state.

Default

no tcp-time-wait

Parameters

minutes

Specifies the timeout minutes field.

Values

1 to 4

seconds

Specifies the timeout seconds field.

Values

1 to 59

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>nat>nat-policy>timeouts tcp-transitory)

Full Context

configure service nat nat-policy timeouts tcp-transitory

Description

This command configures the idle timeout applied to a TCP session in a transitory state.

Default

tcp-transitory min 4

Parameters

hours

Specifies the timeout hours field.

Values

1 to 24

minutes

Specifies the timeout minutes field.

Values

1 to 59

seconds

Specifies the timeout seconds field.

Values

1 to 59

Platforms

7705 SAR Gen 2

Context

[Tree] (config>filter>ipv6-filter>entry>match tcp-urg)

[Tree] (config>filter>ip-filter>entry>match tcp-urg)

Full Context

configure filter ipv6-filter entry match tcp-urg

configure filter ip-filter entry match tcp-urg

Description

This command configures an IP filter match criterion based on the Urgent (URG) TCP Flag bit, defined in RFC 793, as being set or not in the TCP header of an IP packet.

The no form of the command removes the criterion from the match entry.

Default

no tcp-urg

Parameters

true

Specifies matching on IP packets that have the selected TCP flag bit set in the TCP header.

false

Specifies matching on IP packets that do not have the selected TCP flag bit set in the TCP header.

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>mpls>event te)

Full Context

debug router mpls event te

Description

This command debugs te events.

The no form of the command disables the debugging.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>rsvp>diffserv-te te-class)

Full Context

configure router rsvp diffserv-te te-class

Description

This command configures a TE class. A TE class is defined as:

TE Class = {Class Type (CT), LSP priority}

Eight TE classes are supported. There is no default TE class once Diff-Serv is enabled. The user has to explicitly define each TE class.

When Diff-Serv is disabled, there will be an internal use of the default CT (CT0) and eight pre-emption priorities as shown in Default Class Type.

The no form of this command deletes the TE class.

Parameters

te-class te-class-number

Specifies the TE class number.

Values

0 to 7

class-type ct-number

Specifies the Diff-Serv Class Type number. One or more system forwarding classes can be mapped to a CT.

Values

0 to 7

priority priority

Specifies the LSP priority.

Values

0 to 7

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>rsvp>interface te-down-threshold)

[Tree] (config>router>rsvp te-down-threshold)

Full Context

configure router rsvp interface te-down-threshold

configure router rsvp te-down-threshold

Description

This command configures the specific threshold levels per node and per interface. Threshold levels are for reserved bandwidth per interface. The te-threshold-update command is used to enable or disable threshold-based IGP TE updates. Any reserved bandwidth change per interface is compared with all the threshold levels and trigger an IGP TE update if a defined threshold level is crossed in either direction (LSP setup or teardown). Threshold-based updates must be supported with both ISIS and OSPF. A minimum of one and a maximum of 16 threshold levels is supported.

Threshold levels configured per node is inherited by all configured RSVP interfaces. Threshold levels defined under the RSVP interface is used to trigger IGP updates if non-default threshold levels are configured.

The no form of this command resets te-down-threshold to its default value.

Default

no te-down-threshold (equals following values 100 99 98 97 96 95 90 85 80 75 60 45 30 15 0)

Parameters

threshold-level

Specifies the threshold level.

Values

0 to 100

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls>interface te-metric)

Full Context

configure router mpls interface te-metric

Description

This command configures the TE metric used on the interface. This metric is in addition to the interface metric used by IGP for the shortest path computation.

This metric is flooded as part of the TE parameters for the interface using an opaque LSA or an LSP. The IS-IS TE metric is encoded as sub-TLV 18 as part of the extended IS reachability TLV. The metric value is encoded as a 24-bit unsigned integer. The OSPF TE metric is encoded as a sub-TLV Type 5 in the Link TLV. The metric value is encoded as a 32-bit unsigned integer.

When the use of the TE metric is enabled for an LSP, CSPF will first prune all links in the network topology which do not meet the constraints specified for the LSP path. Such constraints include bandwidth, admin-groups, and hop limit. Then, CSPF will run an SPF on the remaining links. The shortest path among the all SPF paths will be selected based on the TE metric instead of the IGP metric which is used by default.

The TE metric in CSPF LSP path computation can be configured by entering the command config>router>mpls>lsp>metric-type te.

Note that the TE metric is only used in CSPF computations for MPLS paths and not in the regular SPF computation for IP reachability.

The no form of this command reverts to the default value.

Default

no te-metric

The value of the IGP metric is advertised in the TE metric sub-TLV by IS-IS and OSPF.

Parameters

value

Specifies the metric value.

Values

1 to 16777215

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>rsvp te-threshold-update)

Full Context

configure router rsvp te-threshold-update

Description

This command is used to control threshold-based IGP TE updates. The te-threshold-update command must enable IGP TE update based only on bandwidth reservation thresholds per interface and must block IGP TE update on bandwidth changes for each reservation. Threshold levels can be defined using the te-up-threshold and te-down-threshold commands at the global RSVP or per-interface level.

The no form of this command should reset te-threshold-update to the default value and disable threshold based update.

Default

no te-threshold-update

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>rsvp>event te-threshold-update)

Full Context

debug router rsvp event te-threshold-update

Description

This command debugs the TE threshold update and the dark bandwidth threshold events.

The no form of this command disables the debugging.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>rsvp te-up-threshold)

[Tree] (config>router>rsvp>interface te-up-threshold)

Full Context

configure router rsvp te-up-threshold

configure router rsvp interface te-up-threshold

Description

This command configures the specific threshold levels per node and per interface. Threshold levels are for reserved bandwidth per interface. The te-threshold-update command is used to enable or disable threshold-based IGP TE updates. Any reserved bandwidth change per interface is compared with all the threshold levels and trigger an IGP TE update if a defined threshold level is crossed in either direction (LSP setup or teardown). Threshold-based updates must be supported with both ISIS and OSPF. A minimum of one and a maximum of 16 threshold levels must be supported.

Threshold levels configured per node is inherited by all configured RSVP interfaces. Threshold levels defined under the RSVP interface is used to trigger IGP updates if non-default threshold levels are configured.

The no form of this command resets te-up-threshold to its default value.

Default

no te-up-threshold (equals values of 0 15 30 45 60 75 80 85 90 95 96 97 98 99 100)

Parameters

threshold-level

Specifies the threshold level.

Values

0 to 100

Platforms

7705 SAR Gen 2

Context

[Tree] (admin tech-support)

Full Context

admin tech-support

Description

This command creates a system core dump. If the file-url is omitted, and a ts-location is defined, then the tech support file will have an automatic SR OS generated file name based on the system name and the date and time and will be saved to the directory indicated by the configured ts-location.

The format of the auto-generated filename is ts-XXXXX.YYYYMMDD.HHMMUTC.dat where:

• XXXXX: system name with special characters expanded to avoid problems with file systems (for example, a '.' is expanded to %2E.)

• YYYYMMDD: Date with leading zeros on year, month and day

• HHMM: Hours and Minutes in UTC time (24hr format, always 4 chars, with leading zeros on hours and minutes)

Parameters

file-url

Specifies the file URL location to save the binary file.

Values

local-url | remote-url
local-url	[cflash-id/][file-path] 200 chars max, including cflash-id
	directory length 99 chars max each
remote-url	[{ftp:// | tftp://}login:pswd@remote-locn/][file-path]
	199 chars max
remote-locn	[hostname | ipv4-address | ipv6-address]
ipv4-address	a.b.c.d
ipv6-address	x:x:x:x:x:x:x:x[-interface]
	x:x:x:x:x:x:d.d.d.d[-interface]
	x - [0 to FFFF]H
	d - [0 to 255]D
	interface - 32 chars max, for link local addresses
cflash-id	cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system telemetry)

[Tree] (admin>system telemetry)

Full Context

configure system telemetry

admin system telemetry

Description

Commands in this context configure the dial-out telemetry commands.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>management-interface>output-authorization telemetry-data)

Full Context

configure system security management-interface output-authorization telemetry-data

Description

This command controls output authorization of telemetry configuration and state data in gNMI Subscribe RPC responses.

When enabled, telemetry data output authorization is performed, which may significantly increase the system response time with command authorization requests, especially when remote AAA servers are used.

By default, authorization checks are not performed for telemetry data.

The no form of this command reverts to the default value.

Default

no telemetry-data

Platforms

7705 SAR Gen 2

Context

[Tree] (telnet)

Full Context

telnet

Description

This command opens a Telnet session to a remote host. In 7705 SAR Gen 2 networks, the Telnet servers limit Telnet clients to three login attempts; if unsuccessful, the Telnet client session is disconnected. The number is not user configurable.

If a source address is specified, it is used for the source IP address in the originated IP packets for the Telnet session.

Parameters

ip-address

Specifies the IP address or the DNS name (if DNS name resolution is configured).

Values

ipv4-address	a.b.c.d
ipv6-address	x:x:x:x:x:x:x:x[-interface] x:x:x:x:x:x:d.d.d.d[-interface]	x: [0 to FFFF]H d: [0 to 255]D ipv6-address interface: up to 32 characters, mandatory for link local addresses
dns-name	up to 128 characters

dns-name

Specifies the DNS name (if DNS name resolution is configured), up to 128 characters.

port

Specifies the TCP port number to use Telnet to the remote host, expressed as a decimal integer.

Values

1 to 65535

Default

23

router-instance

Specifies the router name or service ID used to identify the router instance.

Values

router-instance: router-name or vprn-svc-id
	router-name	"Base”, "management”, vpls-management”
	vprn-svc-id	1 to 2147483647

Default

Base

service-name

Specifies the service name, up to 64 characters.

source ip-address

Specifies the source IP address to use as the source of the Telnet packets.

Values

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x
	x:x:x:x:x:x:d.d.d.d
	x:	[0 to FFFF]H
	d:	[0 to 255]

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security telnet)

[Tree] (config>system>login-control telnet)

Full Context

configure system security telnet

configure system login-control telnet

Description

Commands in this context configure the Telnet parameters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>profile telnet-max-sessions)

[Tree] (config>system>security>cli-session-group telnet-max-sessions)

Full Context

configure system security profile telnet-max-sessions

configure system security cli-session-group telnet-max-sessions

Description

This command is used to limit the number of Telnet-based CLI sessions available to all users that are part of a particular profile, or to all users of all profiles that are part of the same cli-session-group.

The no form of this command disables the command and the profile/group limit is not applied on the number of sessions.

Default

no telnet-max-sessions

Parameters

number-of-sessions

Specifies the maximum number of allowed Telnet-based CLI sessions.

Values

0 to 50

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if>ipv6>vrrp telnet-reply)

Full Context

configure service ies interface ipv6 vrrp telnet-reply

Description

This command enables the non-owner master to reply to TCP port 23 Telnet requests directed at the virtual router instances IP addresses. The Telnet request can be received on any routed interface. Telnet must not have been disabled at the management security level (either on the parental IP interface or based on the Telnet source host address). Proper login and CLI command authentication is still enforced.

When telnet-reply is not enabled, TCP port 23 Telnet packets to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to Telnet requests regardless of the telnet-reply configuration.

The telnet-reply command is only available in non-owner VRRP nodal context. If the telnet-reply command is not executed, Telnet packets to the virtual router instance IP addresses will be silently discarded.

The no form of this command restores the default operation of discarding all Telnet packets destined to the non-owner virtual router instance IP addresses.

Default

no telnet-reply

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if>vrrp telnet-reply)

Full Context

configure service ies interface vrrp telnet-reply

Description

The telnet-reply command enables the non-owner master to reply to TCP port 23 Telnet Requests directed at the virtual router instances IP addresses. The Telnet request can be received on any routed interface. Telnet must not have been disabled at the management security level (either on the parental IP interface or based on the Telnet source host address). Proper login and CLI command authentication is still enforced.

When telnet-reply is not enabled, TCP port 23 Telnet packets to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to Telnet Requests regardless of the telnet-reply configuration.

The telnet-reply command is only available in non-owner VRRP nodal context. If the telnet-reply command is not executed, Telnet packets to the virtual router instance IP addresses will be silently discarded.

The no form of this command restores the default operation of discarding all Telnet packets destined to the non-owner virtual router instance IP addresses.

Default

no telnet-reply

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>if>vrrp telnet-reply)

[Tree] (config>service>vprn>if>ipv6>vrrp telnet-reply)

Full Context

configure service vprn interface vrrp telnet-reply

configure service vprn interface ipv6 vrrp telnet-reply

Description

This command enables the non-owner master to reply to TCP port 23 Telnet Requests directed at the virtual router instance’s IP addresses. The Telnet request can be received on any routed interface. Telnet must not have been disabled at the management security level (either on the parental IP interface or based on the Telnet source host address). Proper login and CLI command authentication is still enforced.

When telnet-reply is not enabled, TCP port 23 Telnet packets to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to Telnet Requests regardless of the telnet-reply configuration.

The telnet-reply command is only available in non-owner VRRP nodal context. If the telnet-reply command is not executed, Telnet packets to the virtual router instance IP addresses will be silently discarded.

The no form of this command restores the default operation of discarding all Telnet packets destined to the non-owner virtual router instance IP addresses.

Default

no telnet-reply

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>if>vrrp telnet-reply)

[Tree] (config>router>if>ipv6>vrrp telnet-reply)

Full Context

configure router interface vrrp telnet-reply

configure router interface ipv6 vrrp telnet-reply

Description

This command enables the non-owner master to reply to TCP port 23 Telnet requests directed at the virtual router instances’ IP addresses.

Non-owner virtual router instances are limited by the VRRP specifications to responding to ARP requests destined to the virtual router IP addresses and routing IP packets not addressed to the virtual router IP addresses. Many network administrators find this limitation frustrating when troubleshooting VRRP connectivity issues.

This limitation can be disregarded for certain applications. Ping, SSH and Telnet can each be individually enabled or disabled on a per-virtual-router-instance basis.

The telnet-reply command enables the non-owner master to reply to Telnet requests directed at the virtual router instances’ IP addresses. The Telnet request can be received on any routed interface. Telnet must not have been disabled at the management security level (either on the parental IP interface or based on the Telnet source host address). Correct login and CLI command authentication is still enforced.

When telnet-reply is not enabled, Telnet requests to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to Telnet requests regardless of the telnet-reply setting.

The telnet-reply command is only available in non-owner vrrp nodal context.

By default, Telnet requests to the virtual router instance IP addresses will be silently discarded.

The no form of the command configures discarding all Telnet request messages destined to the non-owner virtual router instance IP addresses.

Default

no telnet-reply — Telnet requests to the virtual router instance IP addresses are discarded.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security telnet-server)

Full Context

configure system security telnet-server

Description

This command enables Telnet servers running on the system.

Telnet servers are shut down by default. At system startup, only SSH servers are enabled.

Telnet servers in networks limit a Telnet clients to three retries to login. The Telnet server disconnects the Telnet client session after three retries.

The no form of this command disables Telnet servers running on the system.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security telnet6-server)

Full Context

configure system security telnet6-server

Description

This command enables Telnet IPv6 servers running on the system.

Telnet servers are shut down by default. At system startup, only SSH servers are enabled.

The no form of this command disables Telnet IPv6 servers running on the system.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls temp-flooding)

[Tree] (config>service>template>vpls-template temp-flooding)

Full Context

configure service vpls temp-flooding

configure service template vpls-template temp-flooding

Description

The temporary flooding is designed to minimize failover times by eliminating the time it takes to flush the MAC tables and if MVRP is enabled the time it takes for MVRP registration. Temporary flooding is initiated only upon xSTP TCN reception. During this procedure while the MAC flush takes place the frames received on one of the VPLS SAPs/pseudowires are flooded in a VPLS context which for MVRP case includes also the unregistered MVRP trunk ports. The MAC Flush action is initiated by the STP TCN reception or if MVRP is enabled for the data VPLS, by the reception of a MVRP New message for the SVLAN ID associated with the data VPLS. As soon as the MAC Flush is done, regardless of whether the temp-flooding timer expired or not, traffic will be delivered according to the regular FDB content which may be built from MAC Learning or based on MVRP registrations. This command provides a flood-time value that configures a fixed amount of time, in seconds, during which all traffic is flooded (BUM or known unicast) as a safety mechanism. Once the flood-time expires, traffic will be delivered according to the regular FDB content which may be built from MAC Learning or based on MVRP registrations. The temporary flooding timer should be configured in such a way to allow auxiliary processes like MAC Flush, MMRP and/or MVRP to complete/converge. The temporary flooding behavior applies to regular VPLS, VPLS instantiated with VPLS-template, IVPLS and BVPLS when MMRP is disabled.

The no form of this command disables the temporary flooding behavior.

Default

no temp-flooding

Parameters

flood-time

Specifies the flood time, in seconds

Values

3 to 600

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service template)

Full Context

configure service template

Description

This is the node for service templates.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>route-next-hop-policy template)

Full Context

configure router route-next-hop-policy template

Description

This command creates a template to configure the attributes of a Loop-Free Alternate (LFA) Shortest Path First (SPF) policy. An LFA SPF policy allows the user to apply specific criteria, such as admin group and SRLG constraints, to the selection of an LFA backup next-hop for a subset of prefixes that resolve to a specific primary next-hop.

The user first creates a route next-hop policy template under the global router context and then applies it to a specific OSPF or IS-IS interface in the global routing instance or in a VPRN instance.

A policy template can be used in both IS-IS and OSPF to apply the specific criteria to prefixes protected by LFA. Each instance of IS-IS or OSPF can apply the same policy template to one or more interface.

The commands within the route next-hop policy template use the begin-commit-abort model. The following are the steps to create and modify the template:

To create a template, the user enters the name of the new template directly under the route-next-hop-policy context.

1. To delete a template that is not in use, the user enters the no form for the template name under the route-next-hop-policy context.

2. The user enters the editing mode by executing the begin command under the route-next-hop-policy context. The user can then edit and change any number of route next-hop policy templates. However, the parameter value will still be stored temporarily in the template module until the commit is executed under the route-next-hop-policy context. Any temporary parameter changes will be lost if the user enters the abort command before the commit command.

3. The user is allowed to create or delete a template instantly once in the editing mode without the need to enter the commit command. Furthermore, the abort command, if entered, will have no effect on the prior deletion or creation of a template.

Once the commit command is issued, IS-IS or OSPF will re-evaluate the templates and if there are any net changes, it will schedule a new LFA SPF to re-compute the LFA next-hop for the prefixes associated with these templates.

Parameters

name

Specifies the name of the template, up to 32 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (environment terminal)

Full Context

environment terminal

Description

Commands in this context configure the terminal screen length for the current CLI session.

Platforms

7705 SAR Gen 2

Context

[Tree] (bof tertiary-config)

Full Context

bof tertiary-config

Description

This command specifies the name and location of the tertiary configuration file.

The system attempts to use the configuration specified in tertiary-config if both the primary and secondary config files cannot be located. If this file cannot be located, the system boots with the factory default configuration.

Note that if an error in the configuration file is encountered, the boot process aborts.

The no form of this command removes the tertiary-config configuration.

Parameters

file-url

Specifies the tertiary configuration file location, expressed as a file URL.

Values

file-url	{local-url | remote-url} (up to 180 characters)
local-url	[cflash-id/][file-path]
remote-url	[{ftp://| tftp://} login:pswd@remote-locn/][file-path]
cflash-id	cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>dns tertiary-dns)

Full Context

configure service vprn dns tertiary-dns

Description

This command configures the tertiary DNS server for DNS name resolution. The tertiary DNS server is used only if the primary DNS server and the secondary DNS server do not respond.

DNS name resolution can be used when executing ping, traceroute, and service-ping, and also when defining file URLs. DNS name resolution is not supported when DNS names are embedded in configuration files.

The no form of this command removes the tertiary DNS server from the configuration.

Default

no tertiary-dns — No tertiary DNS server is configured.

Parameters

ip-address

The IP or IPv6 address of the tertiary DNS server.

Values

ipv4-address -a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x[-interface]
	x:x:x:x:x:x:d.d.d.d[-interface]
	x: [0 to FFFF]H
	d: [0 to 255]D
	interface - 32 characters max, for link local addresses.

Platforms

7705 SAR Gen 2

Context

[Tree] (bof tertiary-dns)

Full Context

bof tertiary-dns

Description

This command configures the tertiary DNS server for DNS name resolution. The tertiary DNS server is used only if the primary DNS server and the secondary DNS server do not respond.

DNS name resolution can be used when executing ping, traceroute, and service-ping, and also when defining file URLs. DNS name resolution is not supported when DNS names are embedded in configuration files.

The no form of this command removes the tertiary DNS server from the configuration.

Default

no tertiary-dns

Parameters

ip-address

Specifies the IP or IPv6 address of the tertiary DNS server.

Values

ipv4-address	a.b.c.d
ipv6-address	x:x:x:x:x:x:x:x[-interface]
	x:x:x:x:x:x:d.d.d.d[-interface]
	x: [0 to FFFF]H
	d: [0 to 255]D
interface	32 chars max, for link local addresses

Platforms

7705 SAR Gen 2

Context

[Tree] (bof tertiary-image)

Full Context

bof tertiary-image

Description

This command specifies the tertiary directory location for runtime image file loading.

The system attempts to load all runtime image files configured in the primary-image first. If this fails, the system attempts to load the runtime images from the location configured in the secondary-image. If the secondary image load fails, the tertiary image specified in tertiary-image is used.

All runtime image files (*.tim files) must be located in the same directory.

The no form of this command removes the tertiary-image configuration.

Parameters

file-url

Specifies the file URL; can be either local (this CPM) or a remote FTP server.

Values

file-url	{local-url | remote-url} (up to 180 characters)
local-url	[cflash-id/][file-path]
remote-url	[{ftp://| tftp://} login:pswd@remote-locn/][file-path]
cflash-id	cf1:, cf1-A:, cf1-B:, cf2:, cf2-A:, cf2-B:, cf3:, cf3-A:, cf3-B:

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>orr>location tertiary-ip-address)

Full Context

configure router bgp optimal-route-reflection location tertiary-ip-address

Description

This command specifies the tertiary IP address of a reference location used for BGP optimal route reflection. Up to three IPv4 addresses and three IPv6 addresses can be specified per location.

If the TE DB is unable to find a node in its topology database that matches the primary address, then the TE DB tries to find a node with the matching secondary address. If this attempt also fails, the TE DB then tries to find a node with the matching tertiary address.

The IP addresses specified for a location should be topologically "close” to a set of clients that should all receive the same optimal path for that location.

The no form of this command removes the tertiary IP address information.

Default

no tertiary-ip-address

Parameters

ipv4-address

Specifies the tertiary IPv4 address of a location, expressed in dotted decimal notation.

Values

a.b.c.d

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>orr>location tertiary-ipv6-address)

Full Context

configure router bgp optimal-route-reflection location tertiary-ipv6-address

Description

This command specifies the tertiary IPv6 address of a reference location used for BGP optimal route reflection. Up to three IPv4 addresses and three IPv6 addresses can be specified per location.

If the TE DB is unable find a node in its topology database that matches a primary address of the location, then it tries to find a node matching a secondary address. If this attempt also fails, the TE DB tries to find a node matching a tertiary address.

The IP addresses specified for a location should be topologically "close” to a set of clients that should all receive the same optimal path for that location.

The no form of this command removes the tertiary IPv6 address information.

Default

no tertiary-ipv6-address

Parameters

ipv6-address

Specifies the tertiary IPv6 address of a location.

Values

ipv6-address:

• x:x:x:x:x:x:x:x (eight 16-bit pieces)

• x:x:x:x:x:x:d.d.d.d

• x: [0 to FFFF]H

• d: [0 to 255]D

Platforms

7705 SAR Gen 2

Context

[Tree] (config>saa test)

Full Context

configure saa test

Description

This command identifies a test and enables the context to provide the test parameters for the named test. After the creation of the test instance, the test can be started in the OAM context.

A test can only be modified while it is shut down.

The no form of this command removes the test from the configuration. To remove a test, it cannot be active at the time.

Parameters

test-name

Identifies the SAA test name, up to 32 characters.

test-owner

Specifies the owner, up to 32 characters, of an SAA operation. If a value is not specified, the default owner is used.

Default

"TiMOS CLI”

Platforms

7705 SAR Gen 2

Context

[Tree] (config>saa>test>trap-gen test-completion-enable)

Full Context

configure saa test trap-gen test-completion-enable

Description

This command enables the generation of a trap when an SAA test completes.

The no form of this command disables the trap generation.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>oam-pm>session>ip>twamp-light test-duration)

Full Context

configure oam-pm session ip twamp-light test-duration

Description

This command defines the length of time the test runs before stopping automatically. This optional command is only valid when a session has been configured with a session-type of on-demand. This is not an option when the session-type is configured as proactive. On-demand tests do not start until the config>oam-pm>session>start command has been issued and they stop when the config>oam-pm>session>stop command is issued.

The no form of this command removes a previously configured test-duration value and allows the TWAMP Light test to execute until it is stopped manually.

Parameters

seconds

Specifies the length of time, in seconds, that the TWAMP Light test runs.

Values

1 to 86400

Platforms

7705 SAR Gen 2

Context

[Tree] (config>saa>test>trap-gen test-fail-enable)

Full Context

configure saa test trap-gen test-fail-enable

Description

This command enables the generation of a trap when a test fails. In the case of a ping test, the test is considered failed (for trap generation) if the number of failed probes is at least the value of the test-fail-threshold parameter.

The no form of this command disables the trap generation.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>saa>test>trap-gen test-fail-threshold)

Full Context

configure saa test trap-gen test-fail-threshold

Description

This command configures the threshold for trap generation on test failure.

This command has no effect when test-fail-enable is disabled. This command is not applicable to SAA trace route tests.

The no form of this command returns the threshold value to the default.

Default

test-fail-threshold 1

Parameters

threshold

Specifies the number of consecutive test failures required to generate a trap.

Values

0 to 15

Platforms

7705 SAR Gen 2

Context

[Tree] (config test-oam)

Full Context

configure test-oam

Description

Commands in this context configure operations, administration, and maintenance (OAM) test parameters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>bgp>group third-party-nexthop)

[Tree] (config>service>vprn>bgp>group>neighbor third-party-nexthop)

[Tree] (config>service>vprn>bgp third-party-nexthop)

Full Context

configure service vprn bgp group third-party-nexthop

configure service vprn bgp group neighbor third-party-nexthop

configure service vprn bgp third-party-nexthop

Description

Use this command to enable the router to send third-party next-hop to EBGP peers in the same subnet as the source peer, as described in RFC 4271. If enabled when an IPv4 or IPv6 route is received from one EBGP peer and advertised to another EBGP peer in the same IP subnet, the BGP next-hop is left unchanged. Third-party next-hop is not done if the address family of the transport does not match the address family of the route.

The no form of this command prevents BGP from performing any third party next-hop processing toward any single-hop EBGP peers within the scope of the command. No third-party next-hop means the next-hop will always carry the IP address of the interface used to establish the TCP connection to the peer.

Default

no third-party-nexthop

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp third-party-nexthop)

[Tree] (config>router>bgp>group>neighbor third-party-nexthop)

Full Context

configure router bgp third-party-nexthop

configure router bgp group neighbor third-party-nexthop

Description

Use this command to enable the router to send third-party next-hop to EBGP peers in the same subnet as the source peer, as described in RFC 4271. If enabled when an IPv4 or IPv6 route is received from one EBGP peer and advertised to another EBGP peer in the same IP subnet, the BGP next-hop is left unchanged. Third-party next-hop is not done if the address family of the transport does not match the address family of the route.

The no form of this command prevents BGP from performing any third party next-hop processing toward any single-hop EBGP peers within the scope of the command. No third-party next-hop means the next-hop will always carry the IP address of the interface used to establish the TCP connection to the peer.

Default

no third-party-nexthop

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>pim>if three-way-hello)

Full Context

configure service vprn pim interface three-way-hello

Description

This command configures the compatibility mode for enabling the three way hello.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>pim>interface three-way-hello)

Full Context

configure router pim interface three-way-hello

Description

This command sets the compatibility mode to enable three-way hello. By default, the value is disabled on all interface which specifies that the standard two-way hello is supported. When enabled, the three-way hello is supported.

The no form of this command disables three-way hello.

Default

no three-way-hello

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>segment-routing>maintenance-policy threshold)

Full Context

configure router segment-routing maintenance-policy threshold

Description

This command configures the minimum number of S-BFD sessions that must be up in order to consider the SR policy candidate path to which the maintenance template is bound to be up. If it is below this number, then the policy candidate path is marked as BFD degraded by the system. This command is only valid in the ecmp-protected mode.

The no form of this command reverts to the default.

Default

threshold 1

Parameters

threshold

Specifies the minimum number of S-BFD sessions that must be up.

Values

1 to 32

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>dhcp6>server>pool thresholds)

[Tree] (config>router>dhcp6>server>pool thresholds)

[Tree] (config>router>dhcp6>server>pool>prefix thresholds)

[Tree] (config>service>vprn>dhcp6>server>pool>prefix thresholds)

Full Context

configure service vprn dhcp6 local-dhcp-server pool thresholds

configure router dhcp6 local-dhcp-server pool thresholds

configure router dhcp6 local-dhcp-server pool prefix thresholds

configure service vprn dhcp6 local-dhcp-server pool prefix thresholds

Description

Commands in this context configure pool level thresholds.

Default

thresholds

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system thresholds)

Full Context

configure system thresholds

Description

Commands in this context configure monitoring thresholds.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log throttle-rate)

Full Context

configure log throttle-rate

Description

This command configures the number of events and interval length to be applied to all event types that have throttling enabled by the event-control command and do not have a specific-throttle-rate configured.

The no form of this command reverts to the default values.

Default

throttle-rate 2000 interval 1

Parameters

events

Specifies the number of log events that can be logged within the specified interval for a specific event. Once the limit has been reached, any additional events of that type will be dropped, for example, the event drop count will be incremented. At the end of the throttle interval if any events have been dropped a trap notification will be sent.

Values

1 to 20000

Default

2000

seconds

Specifies the number of seconds that an event throttling interval lasts.

Values

1 to 1200

Default

1

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis>lfa ti-lfa)

Full Context

configure router isis loopfree-alternates ti-lfa

Description

This command enables the use of the Topology-Independent LFA (TI-LFA) algorithm in the LFA SPF calculation for this IS-IS instance.

The no form of this command disables the use of the TI-LFA algorithm in the LFA SPF calculation for this IS-IS instance.

Default

no ti-lfa

Parameters

value

Specifies the maximum number of labels allowed in the segment list of the TI-LFA repair tunnel. A higher value results in better coverage by TI-LFA at the expense of increased packet encapsulation overhead. The TI-LFA algorithm uses this value to limit the search for the Q-node from the P-node on the post-convergence path.

Values

0 to 3

Default

2

sids-value

Specifies the maximum number of SRv6 SIDs allowed in the segment list of the TI-LFA repair tunnel. A higher value results in better coverage by TI-LFA at the expense of increased packet encapsulation overhead. The TI-LFA algorithm uses this value to limit the search for the Q-node from the P-node on the post-convergence path.

Values

0 to 3

Default

1

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ospf>loopfree-alternates ti-lfa)

Full Context

configure router ospf loopfree-alternates ti-lfa

Description

This command enables the use of the Topology Independent Loop-Free Alternate (TI-LFA) algorithm in the LFA SPF calculation for this OSPF or OSPFv3 instance.

The no form of this command disables the use of the TI-LFA algorithm in the LFA SPF calculation in this OSPF or OSPFv3 instance.

Default

no ti-lfa

Parameters

max-sr-frr-labels [value]]

Specifies the maximum number of labels allowed in the segment list of the TI-LFA repair tunnel. A higher value results in better coverage by TI-LFA at the expense of increased packet encapsulation overhead. The TI-LFA algorithm uses this value to limit the search for the Q-node from the P-node on the post-convergence path.

Values

0 to 3

Default

2

Platforms

7705 SAR Gen 2

Context

[Tree] (config>qos>policer-control-policy tier)

Full Context

configure qos policer-control-policy tier

Description

This command is used to create, configure, and delete tiered arbiters. Two tiers are supported that always exist, specified as tier 1 and tier 2. Tiered arbiters enable the creation of a bandwidth control hierarchy for managing child policers in an arbitrary fashion. Each arbiter enables parenting of child policers within eight strict levels of priority and a maximum aggregate rate may be defined for the children that the arbiter will enforce. Arbiters created on tier 1 are automatically parented to the root arbiter that is always present. Arbiters created on tier 2 default to the root arbiter as parent but can also be explicitly parented to a tier 2 arbiter. Child policers associated with an instance of the policer-control-policy can be parented to any tiered arbiter or to the root arbiter.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>qos>scheduler-policy tier)

Full Context

configure qos scheduler-policy tier

Description

This command identifies the level of hierarchy that a group of schedulers are associated with. Within a tier level, a scheduler can be created or edited. Schedulers created within a tier can only be a child (take bandwidth from a scheduler in a higher tier). Tier levels increase sequentially with 1 being the highest tier. All tier 1 schedulers are considered to be root and cannot be a child of another scheduler. Schedulers defined in tiers other than 1 can also be root (parentless).

3 tiers (levels 1, 2, and 3) are supported.

The save config and show config commands only display information on scheduler tiers that contain defined schedulers. When all schedulers have been removed from a level, that level ceases to be included in output from these commands.

Parameters

tier

This parameter is required to indicate the group of schedulers to create or be edited. Tier levels cannot be created or deleted. If a value for level is given that is out-of-range, an error will occur and the current context of the CLI session will not change.

Values

1 to 3

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system time)

Full Context

configure system time

Description

Commands in this context configure the system time zone and time synchronization parameters.

Platforms

7705 SAR Gen 2

Context

[Tree] (environment time-display)

Full Context

environment time-display

Description

This command displays time stamps in the CLI session based on local time or Coordinated Universal Time (UTC).

The system keeps time internally in UTC and is capable of displaying the time in either UTC or local time based on the time zone configured.

This environment command only applies to times displayed in the current CLI session. This includes displays of event logs and all other places where a time stamp is displayed.

In event logs, the selected time is used to control the timestamps in the CLI output of show log log-id and in YANG state in the /state/log/log-id branch (for logs such as session, cli, memory, SNMP and NETCONF).

Also see the configure log log-id time-format command.

Default

time-display local

Parameters

local

Indicates that local time should be used.

utc

Indicates that UTC time should be used.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>management-interface>cli>md-cli>environment time-display)

Full Context

configure system management-interface cli md-cli environment time-display

Description

This command configures whether the time is displayed in coordinated Universal Time (UTC) or local time (as configured in config>system>time).

Default

time-display local

Parameters

local

Specifies that the local time zone is used.

utc

Specifies that UTC is used.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if>ipv6>icmp6 time-exceeded)

Full Context

configure service ies interface ipv6 icmp6 time-exceeded

Description

This command specifies whether time-exceeded ICMP messages should be sent. When enabled, ICMPv6 time-exceeded messages are generated by this interface.

When disabled, ICMPv6 time-exceeded messages are not sent.

The no form of this command reverts to the default.

Default

time-exceeded 100 10

Parameters

number

Specifies the number of time-exceeded ICMP messages are to be issued in the time frame specified by the seconds parameter.

Values

10 to 2000

seconds

Specifies the time frame, in seconds, that is used to limit the number of time-exceeded ICMP message to be issued.

Values

1 to 60

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>if>ipv6>icmp6 time-exceeded)

[Tree] (config>service>vprn>if>ipv6>icmp6 time-exceeded)

Full Context

configure router interface ipv6 icmp6 time-exceeded

configure service vprn interface ipv6 icmp6 time-exceeded

Description

This command configures rate for ICMPv6 time-exceeded messages.

Parameters

number

Limits the number of time-exceeded messages issued per the time frame specified in seconds parameter.

Values

10 to 2000

seconds

Determines the time frame, in seconds, that is used to limit the number of time-exceeded messages issued per time frame.

Values

1 to 60

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>log>log-id time-format)

Full Context

configure service vprn log log-id time-format

Description

This command specifies whether the time should be displayed in local or Coordinated Universal Time (UTC) format.

Default

time-format utc

Parameters

local

Specifies that timestamps are written in the system’s local time.

utc

Specifies that timestamps are written using the UTC value. This was formerly called Greenwich Mean Time (GMT) and Zulu time.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>log-id time-format)

Full Context

configure log log-id time-format

Description

This command specifies whether the time should be output in local or Coordinated Universal Time (UTC) format in the following event log locations:

• in the syslog TIMESTAMP field
• in the timestamp of log events inside log files on local storage devices

The timestamp in the filename of event log files is not affected by this command.

The output of show log log-id and the output of YANG state under /state/log/log-id are not affected by this command. See the environment time-display command.

Default

time-format utc

Parameters

local

Specifies that timestamps are written in the system’s local time.

utc

Specifies that timestamps are written using the UTC value. This was formerly called Greenwich Mean Time (GMT) and Zulu time.

Platforms

7705 SAR Gen 2

Context

[Tree] (environment time-stamp)

Full Context

environment time-stamp

Description

This command specifies whether the time-stamp should be displayed before the prompt.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>aaa>radius-srv-plcy>servers timeout)

Full Context

configure aaa radius-server-policy servers timeout

Description

This command configures the time the router waits for a response from a RADIUS server.

The no form of this command reverts to the default value.

Default

timeout sec 5

Parameters

seconds

Specifies the number of seconds for the timeout.

Values

1 to 59

minutes

Specifies the number of minutes for the timeout.

Values

1 to 5

Values

Max. value = 5 min 40 sec

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>aaa>rmt-srv>radius timeout)

[Tree] (config>system>security>radius timeout)

Full Context

configure service vprn aaa remote-servers radius timeout

configure system security radius timeout

Description

This command configures the number of seconds the router waits for a response from a RADIUS server.

The no form of this command reverts to the default value.

Default

timeout 3

Parameters

seconds

Specifies the number of seconds the router waits for a response from a RADIUS server, expressed as a decimal integer.

Values

1 to 90

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>aaa>rmt-srv>tacplus timeout)

[Tree] (config>system>security>tacplus timeout)

Full Context

configure service vprn aaa remote-servers tacplus timeout

configure system security tacplus timeout

Description

This command configures the number of seconds the router waits for a response from a TACACS+ server.

The no form of this command reverts to the default value.

Default

timeout 3

Parameters

seconds

Specifies the number of seconds the router waits for a response from a TACACS+ server, expressed as a decimal integer.

Values

1 to 90

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>file-trans-prof timeout)

Full Context

configure system file-transmission-profile timeout

Description

This command specifies timeout value in seconds for transport protocol. The timeout is the maximum waiting time to receive any data from the server (e.g., FTP or HTTP server).

Default

timeout 60

Parameters

seconds

Specifies the connection timeout (in seconds) for the file transmission.

Values

1 to 3600

Platforms

7705 SAR Gen 2

Context

[Tree] (config>saa>test>type-multi-line>lsp-ping>sr-policy timeout)

[Tree] (config>saa>test>type-multi-line>lsp-ping timeout)

Full Context

configure saa test type-multi-line lsp-ping sr-policy timeout

configure saa test type-multi-line lsp-ping timeout

Description

This command configures the number, in seconds, used to override the default timeout value and is the amount of time that the router waits for a message reply after sending the last probe for a specific test. Upon the expiration of the time out, the test is marked complete and no more packets are processed for any of the request probes.

The no form of this command reverts to the default value.

Default

timeout 5

Parameters

timeout

Specifies the timeout value in seconds.

Values

1 to 10

Default

5

Platforms

7705 SAR Gen 2

Context

[Tree] (config>filter>redirect-policy>dest>ping-test timeout)

Full Context

configure filter redirect-policy destination ping-test timeout

Description

Specifies the amount of time, in seconds, that is allowed for receiving a response from the far-end host. If a reply is not received within this time the far-end host is considered unresponsive.

Default

timeout 1

Parameters

seconds

Specifies the amount of time, in seconds, that is allowed for receiving a response from the far end host.

Values

1 to 60

Platforms

7705 SAR Gen 2

Context

[Tree] (config>vrrp>policy>priority-event>host-unreachable timeout)

Full Context

configure vrrp policy priority-event host-unreachable timeout

Description

This command defines the time, in seconds, that must pass before considering the far-end IP host unresponsive to an outstanding ICMP echo request message.

The timeout value is not directly related to the configured interval parameter. The timeout value may be larger, equal, or smaller, relative to the interval value.

If the timeout value is larger than the interval value, multiple ICMP echo request messages may be outstanding. Every ICMP echo request message transmitted to the far end host is tracked individually according to the message identifier and sequence number.

With each consecutive attempt to send an ICMP echo request message, the timeout timer is loaded with the timeout value. The timer decrements until:

• an internal error occurs preventing message sending (request unsuccessful)

• an internal error occurs preventing message reply receiving (request unsuccessful)

• a required route table entry does not exist to reach the IP address (request unsuccessful)

• a required ARP entry does not exist and ARP request timed out (request unsuccessful)

• a valid reply is received (request successful)

It is possible for a required ARP request to succeed or timeout after the message timeout timer expires. In this case, the message request is unsuccessful.

If an ICMP echo reply message is not received prior to the timeout period for a given ICMP echo request, that request is considered to be dropped and increments the consecutive message drop counter for the priority event.

If an ICMP echo reply message with the same sequence number as an outstanding ICMP echo request message is received prior to that message timing out, the request is considered successful. The consecutive message drop counter is cleared and the request message no longer is outstanding.

If an ICMP Echo Reply message with a sequence number equal to an ICMP echo request sequence number that had previously timed out is received, that reply is silently discarded while incrementing the priority event reply discard counter.

The no form of the command reverts to the default value.

Default

timeout 1

Parameters

seconds

The number of seconds before an ICMP echo request message is timed out. Once a message is timed out, a reply with the same identifier and sequence number is discarded.

Values

1 to 60

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>sdp>keep-alive timeout)

Full Context

configure service sdp keep-alive timeout

Description

This command configures the time interval that the SDP waits before tearing down the session.

Default

timeout 5

Parameters

timeout

Specifies the timeout time, in seconds.

Values

1 to 10

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>ldap timeout)

Full Context

configure system security ldap timeout

Description

The timeout value is the number of seconds that the SR OS will wait for a response from the current server that it is trying to establish a connection with. If the server does not reply within the configured timeout value, the SR OS will increment the retry counter by 1. The SR OS attempts to establish the connection to the current server up to the configured retry value before it moves to the next configured server.

The no form of this command reverts to the default value.

Default

timeout 3

Parameters

seconds

The length of time that the SR OS waits for a response from the server.

Values

1 to 90

Default

3

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>nat>nat-policy timeouts)

Full Context

configure service nat nat-policy timeouts

Description

This command configures session idle timeouts for this policy.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>isis timers)

Full Context

configure service vprn isis timers

Description

Commands in this context configure the IS-IS timer values.

Default

n/a

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>ospf timers)

[Tree] (config>service>vprn>ospf3 timers)

Full Context

configure service vprn ospf timers

configure service vprn ospf3 timers

Description

Commands in this context configure OSPF timers. Timers control the delay between receipt of a LSA requiring a Dijkstra (Shortest Path First (SPF)) calculation and the minimum time between successive SPF calculations.

Changing the timers affect CPU utilization and network reconvergence times. Lower values reduce convergence time but increase CPU utilization. Higher values reduce CPU utilization but increase reconvergence time.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>ripng>group>neighbor timers)

[Tree] (config>service>vprn>rip>group timers)

[Tree] (config>service>vprn>ripng timers)

[Tree] (config>service>vprn>rip>group>neighbor timers)

[Tree] (config>service>vprn>ripng>group timers)

[Tree] (config>service>vprn>rip timers)

Full Context

configure service vprn ripng group neighbor timers

configure service vprn rip group timers

configure service vprn ripng timers

configure service vprn rip group neighbor timers

configure service vprn ripng group timers

configure service vprn rip timers

Description

This command configures the values for the update, timeout, and flush timers:

• update timer

  Determines how often RIP updates are sent.

• timeout timer

  If a router is not updated by the time the timer expires, the route is declared invalid, but maintained in the RIP database.

• flush timer

  Determines how long a route is maintained in the RIP database, after it has been declared invalid. Once this timer expires it is flushed from the RIP database completely.

The no form of this command resets all timers to their default values of 30, 180, and 120 seconds respectively.

Default

no timers

Parameters

update

The RIP update timer value in seconds.

Values

1 to 600

Default

30

timeout

The RIP timeout timer value in seconds.

Values

1 to 1200

Default

180

flush

The RIP flush timer value in seconds.

Values

1 to 1200

Default

120

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>bgp timers)

Full Context

debug router bgp timers

Description

This command logs all BGP timer events to the debug log.

The no form of this command disables debugging.

Parameters

neighbor ip-address

Debugs only events affecting the specified BGP neighbor.

Values

ipv4-address:

• a.b.c.d (host bits must be 0)

ipv6-address:

• x:x:x:x:x:x:x:x [-interface] (eight 16-bit pieces)

• x:x:x:x:x:x:d.d.d.d [-interface]

• x: [0 to FFFF]H

• d: [0 to 255]D

• interface: up to 32 characters for link local addresses

group name

Debugs only events affecting the specified peer group name, up to 64 characters, and associated neighbors.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis timers)

Full Context

configure router isis timers

Description

This command configures the IS-IS timer values.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ospf timers)

[Tree] (config>router>ospf3 timers)

Full Context

configure router ospf timers

configure router ospf3 timers

Description

Commands in this context configure OSPF timers. Timers control the delay between receipt of a link state advertisement (LSA) requiring a Dijkstra (Shortest Path First (SPF)) calculation and the minimum time between successive SPF calculations.

Changing the timers affects CPU utilization and network re-convergence times. Lower values reduce convergence time but increase CPU utilization. Higher values reduce CPU utilization but increase re-convergence time.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>rip>group>neighbor timers)

[Tree] (config>router>rip timers)

[Tree] (config>router>ripng>group timers)

[Tree] (config>router>ripng>group>neighbor timers)

[Tree] (config>router>ripng timers)

[Tree] (config>router>rip>group timers)

Full Context

configure router rip group neighbor timers

configure router rip timers

configure router ripng group timers

configure router ripng group neighbor timers

configure router ripng timers

configure router rip group timers

Description

This command configures values for the update, timeout and flush RIP timers.

The RIP update timer determines how often RIP updates are sent.

If the route is not updated by the time the RIP timeout timer expires, the route is declared invalid but is maintained in the RIP database.

The RIP flush timer determines how long a route is maintained in the RIP database after it has been declared invalid. After the flush timer expires, the route is removed from the RIP database.

The no form of the command reverts to the default values.

Default

timers 30 180 120

Parameters

update

Specifies the RIP update timer value in seconds expressed as a decimal integer.

Values

1 to 600

timeout

Specifies the RIP timeout timer value in seconds expressed as a decimal integer.

Values

1 to 1200

flush

Specifies the RIP flush timer value in seconds expressed as a decimal integer.

Values

1 to 1200

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>management-interface>cli>md-cli>environment>prompt timestamp)

Full Context

configure system management-interface cli md-cli environment prompt timestamp

Description

This command displays the timestamp before the first prompt line.

The no form of this command suppresses the timestamp before the first prompt line.

Default

timestamp

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>syslog timestamp-format)

Full Context

configure log syslog timestamp-format

Description

This command controls the format of the syslog timestamp.

The no form of this command reverts to the default.

Default

no timestamp-format

Parameters

millisecond

Keyword to set the timestamp format to milliseconds.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>oam-pm>session>ip>twamp-light>loss timing)

Full Context

configure oam-pm session ip twamp-light loss timing

Description

This command defines various availability parameters but not the probe interval. A single TWAMP-Light frame is used to collect both delay and loss metrics; the interval is common to both and as such not unique per metric type. Any TWAMP light test that is attempting to become active validates the configuration of the timing parameter regardless of which statistics are being recorded.

The no form of this command restores the default values for all timing parameters and use those values to compute availability and set the loss frequency.

Default

timing frames-per-delta-t 1 consec-delta-t 10 chli-threshold 5

Parameters

frames

Defines the size of the small measurement window. Each delta-t is marked as available of unavailable based on the flr-threshold. The size of the delta-t measurement is the product of the number of frames and the interval. This value defaults to a different value thank single probe per metric approaches.

Values

1 to 50

Default

1

deltas

Specifies the number of consecutive delta-t small measurement intervals that make up the sliding window over which availability and unavailability are determined. Transitions from one state to another occurs when the consec-delta-t are now in a new state. The sliding window cannot exceed 100 seconds.

Values

2 to 10

Default

10

threshold

Specifies the number of consecutive high loss intervals (unavailable delta-t) that when equal to or exceeded increments the CHLI counter. A CHLI counter is an indication that the sliding window is available but has crossed a threshold consecutive of unavailable delta-t intervals. A CHLI can only be incremented once during a sliding window and, by default, is only incremented during times of availability.

Values

1 to 9

Default

5

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security tls)

Full Context

configure system security tls

Description

This command configures TLS parameters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>telemetry>destination-group tls-client-profile)

[Tree] (config>system>grpc-tunnel>destination-group tls-client-profile)

Full Context

configure system telemetry destination-group tls-client-profile

configure system grpc-tunnel destination-group tls-client-profile

Description

This command configures a TLS client profile to a destination group.

This command is mutually exclusive with the allow-unsecured-connection command.

The no form of this command removes the TLS client profile.

Default

no tls-client-profile

Parameters

name

Specifies the TLS client profile name, up to 32 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>log>syslog tls-client-profile)

[Tree] (config>log>syslog tls-client-profile)

Full Context

configure service vprn log syslog tls-client-profile

configure log syslog tls-client-profile

Description

This command specifies the Transport Layer Security (TLS) client profile used to encrypt syslog communications. When configured, syslog messages are sent using TLS.

Any change to this command results in a brief interruption of the event log, which may cause the loss of a few syslog messages.

The no form of this command removes TLS encryption of syslog communications and sends syslog messages over UDP.

Parameters

tls-client-profile

Specifies the name of a TLS profile configured in the config>system>security>tls context, up to 32 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>pcep>pcc>peer tls-client-profile)

Full Context

configure router pcep pcc peer tls-client-profile

Description

This command configures a TLS client profile on the PCC. When the TLS profile is configured, the PCC tries to establish a PCEP connection with the PCE over TLS. Because SR OS supports a strict TLS-only mode, both the PCE and PCC must support TLS. If a TLS failure occurs, the connection over TLS is closed and a new connection is retried within 60 seconds.

The no form of this command removes TLS encryption from the communication between this PCC and the PCE.

Default

no tls-client-profile

Parameters

profile-name

Specifies the TLS client profile name, up to 32 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>ldap>server tls-profile)

Full Context

configure system security ldap server tls-profile

Description

This command attaches a TLS client profile to the LDAP client. The parameter in the TLS profile is used to encrypt the LDAP connection to the server. Each LDAP server can use its own TLS profile.

When a TLS profile is assigned, the LDAP application will send encrypted PDUs from the client to the LDAP server. If TLS is operationally down, the LDAP application should not send any PDUs.

The no form of this command removes the TLS profile from LDAP and disables the TLS encryption from LDAP.

Parameters

tls-profile-name

Specifies the TLD profile for encryption.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>tls>server-tls-profile tls-re-negotiate-timer)

Full Context

configure system security tls server-tls-profile tls-re-negotiate-timer

Description

This command configures the timed interval after which the server is triggered to send a Hello request message to all clients and force a renegotiation of the symmetric encryption key. When an interval of 0 is configured, the server will never send a hello request message.

Default

tls-re-negotiate-timer 0

Parameters

timer-min

Specifies the interval, in minutes, after which the server is triggered to send a Hello request message.

Values

0 to 65000

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>grpc tls-server-profile)

Full Context

configure system grpc tls-server-profile

Description

This command adds a configured TLS server profile to the gRPC session. The TLS server is used for encryption of the gRPC session. gRPC will not transmit any PDUs if there is a TLS server profile assigned to it and the TLS connection is down.

The no form of this command removes the specified TLS server profile from the gRPC session.

Parameters

name

Specifies the name of the TLS server profile configured under the config>system>security>tls context.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>pcep>pcc>peer tls-wait-timer)

Full Context

configure router pcep pcc peer tls-wait-timer

Description

This command configures the time that the PCC waits before declaring a TLS handshake failure if the handshake is not established.

The no form of this command reverts to the default.

Default

tls-wait-timer 60

Parameters

tls-wait-timer

Specifies the time, in seconds.

Values

60 to 255

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>tls>server-cipher-list tls13-cipher)

[Tree] (config>system>security>tls>client-cipher-list tls13-cipher)

Full Context

configure system security tls server-cipher-list tls13-cipher

configure system security tls client-cipher-list tls13-cipher

Description

This command configures the TLS 1.3-supported ciphers that are used by the client and server.

The no form of this command removes the cipher suite.

Parameters

index

Specifies the index number, which provides the location of the cipher in the negotiation list. The lower index numbers are higher in the negotiation list, and the higher index numbers are at the bottom of the list.

Values

1 to 255

cipher-suite-code

Specifies the cipher suite code.

Values

tls-aes128-gcm-sha256

tls-aes256-gcm-sha384

tls-chacha20-poly1305-sha256

tls-aes128-ccm-sha256

tls-aes128-ccm8-sha256

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>tls>server-group-list tls13-group)

[Tree] (config>system>security>tls>client-group-list tls13-group)

Full Context

configure system security tls server-group-list tls13-group

configure system security tls client-group-list tls13-group

Description

This command configures the TLS 1.3-supported group suite codes sent by the client or server in their respective Hello messages.

SR OS supports the use of Elliptic-curve Diffie-Hellman Ephemeral (ECDHE) groups.

The no form of this command removes the group suite code.

Parameters

index

Specifies the index number , which provides the location of the group suite code in the client or server group list. The lower index numbers are higher in the list and the higher index numbers are at the bottom of the list.

Values

1 to 255

group-suite-code

Specifies the group suite code.

Values

tls-ecdhe-256

tls-ecdhe-384

tls-ecdhe-521

tls-x25519

tls-x448

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>tls>server-signature-list tls13-signature)

[Tree] (config>system>security>tls>client-signature-list tls13-signature)

Full Context

configure system security tls server-signature-list tls13-signature

configure system security tls client-signature-list tls13-signature

Description

This command configures the TLS 1.3-supported signature suite codes sent by the client or server in their respective Hello messages.

The no form of this command removes the signature suite code.

Parameters

index

Specifies the index number, which provides the location of the signature suite code in the client or server group list. The lower index numbers are higher in the list, and the higher index numbers are at the bottom of the list.

Values

1 to 255

signature-suite-code

Specifies the signature suite code.

Values

tls-rsa-pkcs1-sha256

tls-rsa-pkcs1-sha384

tls-rsa-pkcs1-sha512

tls-ecdsa-secp256r1-sha256

tls-ecdsa-secp384r1-sha384

tls-ecdsa-secp521r1-sha512

tls-rsa-pss-rsae-sha256

tls-rsa-pss-rsae-sha384

tls-rsa-pss-rsae-sha512

tls-rsa-pss-pss-sha256

tls-rsa-pss-pss-sha384

tls-rsa-pss-pss-sha512

tls-ed25519

tls-ed448

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls>lsp to)

Full Context

configure router mpls lsp to

Description

This command specifies the IP address or MPLS-TP node-id of the egress router for the LSP. This command is mandatory to create an LSP.

An IP address for which a route does not exist is allowed in the configuration. If the LSP signaling fails because the destination is not reachable, an error is logged and the LSP operational status is set to down.

For a non MPLS-TP LSP, the to ip-address can be an IP address of a network IP interface, the system interface, or a loopback interface of the egress router. When used in a SDP, if the LSP to address does not match the SDP address, the LSP is not included in the SDP definition.

For an MPLS-TP LSP, the to node-id may be either in 4-octet IPv4 address format, or a 32-bit unsigned integer. This command is mandatory to create an MPLS-TP LSP. A value of zero is invalid. This to address is used in the MPLS-TP LSP ID, and the MPLS-TP MEP ID for the LSP.

Default

no default

Parameters

ip-address

Specifies the IP address of the egress router. When the LSP type is sr-te, then an IPv6 address can be used.

Values

ipv4-address — a.b.c.d

ipv6-address — x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x — 0 to FFFF (hexadecimal)

d — 0 to 255 (decimal)

node-id a.b.c.d. | 1...4294967295

4-octet IPv4 formatted or unsigned 32-bit integer MPLS-TP node-id of the egress router.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls>static-lsp to)

Full Context

configure router mpls static-lsp to

Description

This command specifies the IP address of the egress router for the static LSP. When creating an LSP this command is required. The to IP address may be the address of a local interface, the system IP interface, or of a loopback interface of the egress router. When used in a SDP and the to address does not match the far-end SDP address, the LSP is not included in the SDP definition.

Parameters

ip-address

Specifies the system IP address of the egress router.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>accounting-policy to)

Full Context

configure log accounting-policy to

Description

This command specifies the destination for the accounting records selected for the accounting policy.

Parameters

file-id

Specifies the destination for the accounting records selected for this destination. The characteristics of the file ID must have already been defined in the config>log>file context. A file ID can only be used once.

The file is generated when the file policy is referenced. This command identifies the type of accounting file to be created. The file definition defines its characteristics.

If the to command is executed while the accounting policy is in operation, then it becomes active during the next collection interval.

Values

1 to 99

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>policy-options>policy-statement>entry to)

Full Context

configure router policy-options policy-statement entry to

Description

This command creates the context to configure export policy match criteria based on a route’s destination or the protocol into which the route is being advertised.

If no condition is specified, all route destinations are considered to match.

The to command context only applies to export policies. If it is used for an import policy, match criteria is ignored.

The no form of this command deletes export match criteria for the route policy statement entry.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>log-id to)

Full Context

configure log log-id to

Description

This command specifies a destination for the log event data.

The source of the data stream must be specified in the from command before configuring the destination with the to command.

The to command cannot be modified or re-entered. If the destination or maximum size of an SNMP or memory log needs to be modified, the log ID must be removed and then recreated.

Parameters

cli

Specifies that log events are directed to any subscribed CLI session. Subscribe to a CLI log from within a CLI session using the tools>perform>log>subscribe-to log-id log-id command. Events are sent to the CLI session for the duration of that CLI session, or until an unsubscribe-from command is issued. A local circular memory log is maintained for CLI logs.

console

Specifies that log events events are directed to the console port. If the console is not connected, all the entries are dropped.

file log-file-id

Specifies that log events are directed to a file with the specified log-file-id. The characteristics of the log-file-id referenced in this parameter must have already been defined in the config>log>file file-id context. When the file-id location parameter is modified, log files are not written to the new location until a rollover occurs or the log is manually cleared. A rollover can be forced by using the clear>log command. Subsequent log entries are then written to the new location. If a rollover does not occur or the log is not cleared, the old location continues to be used.

Values

1 to 99, name (up to 64 characters max)

memory

Specifies that log events are directed to a memory file. A memory file is a circular buffer; when the file is full, each new entry replaces the oldest entry in the log. If the optional size parameter is not configured, the default value is used.

Default

100

netconf

Specifies that log events are directed to a NETCONF session as notifications. A NETCONF client can subscribe to a NETCONF log using the configured netconf-stream stream-name for the log in a subscription request. One or more NETCONF sessions can subscribe to a NETCONF log or stream.

session

Specifies that log events are directed to the current console or telnet session. This command is only valid for the duration of the session. When the session is terminated, the to session configuration is removed. A log ID with a session destination is saved in the configuration file but the to session part is not stored.

size

Specifies the maximum size of the log data destination, in bytes.

Values

50 to 3000

snmp

Specifies that log events are directed to the snmp-trap-group associated with the log ID. A local circular memory log is maintained for SNMP logs.

syslog syslog-id

Specifies that log events are directed to the specified syslog collector. To remain consistent with the standards governing syslog, messages to syslog are truncated to 1024 bytes. The characteristics of the syslog-id referenced in this parameter must have already been defined in the config>log>syslog syslog-id context.

Values

1 to 10

Platforms

7705 SAR Gen 2

Context

[Tree] (config>oam-pm>session>ip>tunnel>mpls>rsvp-te-auto to)

Full Context

configure oam-pm session ip tunnel mpls rsvp-te-auto to

Description

This command configures the termination point of the RSV LSP. Configure the following three commands to identify an RSVP-TE Auto LSP: from, to, and lsp-template.When all three of these values are configured, the specific RSVP LSP can be identified and the test packets can be carried across the tunnel

The no form of this command removes the IPv4 address.

Parameters

ipv4-address

Specifies IPv4 address.

Values

ipv4-address: a.b.c.d (host bits must be 0)

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>keychain>direction>bi>entry tolerance)

[Tree] (config>system>security>keychain>direction>uni>receive>entry tolerance)

Full Context

configure system security keychain direction bi entry tolerance

configure system security keychain direction uni receive entry tolerance

Description

This command configures the amount of time that an eligible receive key should overlap with the active send key or to never expire.

Parameters

seconds

Specifies the duration that an eligible receive key overlaps with the active send key.

Values

0 to 4294967294 seconds

forever

Specifies that an eligible receive key overlap with the active send key forever.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>interface tos-marking-state)

[Tree] (config>service>ies>if tos-marking-state)

Full Context

configure service vprn interface tos-marking-state

configure service ies interface tos-marking-state

Description

This command is used to alter the default trusted state to a non-trusted state. When unset or reverted to the trusted default, the ToS field are not remarked by egress network IP interfaces unless the egress network IP interface has the remark-trusted state set, in which case the egress network interface treats all VPRN and network IP interface as untrusted.

When the ingress interface is set to untrusted, all egress network IP interfaces remark IP packets received on the network interface according to the egress marking definitions on each network interface. The egress network remarking rules also apply to the ToS field of IP packets routed using IGP shortcuts (tunneled to a remote next-hop). However, the tunnel QoS markings are always derived from the egress network QoS definitions.

Egress marking and remarking is based on the internal forwarding class and profile state of the packet once it reaches the egress interface. The forwarding class is derived from ingress classification functions. The profile of a packet is either derived from ingress classification or ingress policing.

The default marking state for network IP interfaces is trusted. This is equivalent to declaring no tos-marking-state on the network IP interface. When undefined or set to tos-marking-state trusted, the trusted state of the interface will not be displayed when using show config or show info unless the detail parameter is given. The save config command will not store the default tos-marking-state trusted state for network IP interfaces unless the detail parameter is also specified.

The no form of this command restores the trusted state to a network IP interface. This is equivalent to executing the tos-marking-state trusted command.

Default

tos-marking-state trusted

Parameters

trusted

The default prevents the ToS field to not be remarked by egress network IP interfaces unless the egress network IP interface has the remark-trusted state set.

untrusted

Specifies that all egress network IP interfaces will remark IP packets received on the network interface according to the egress marking definitions on each network interface.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>nw-if tos-marking-state)

Full Context

configure service vprn network-interface tos-marking-state

Description

This command is used to alter the default trusted state to a non-trusted state. When unset or reverted to the trusted default, the ToS field will not be remarked by egress network IP interfaces unless the egress network IP interface has the remark-trusted state set, in which case the egress network interface treats all VPRN and network IP interface as untrusted.

When the ingress interface is set to untrusted, all egress network IP interfaces will remark IP packets received on the network interface according to the egress marking definitions on each network interface. The egress network remarking rules also apply to the ToS field of IP packets routed using IGP shortcuts (tunneled to a remote next-hop). However, the tunnel QoS markings are always derived from the egress network QoS definitions. Egress marking and remarking is based on the internal forwarding class and profile state of the packet once it reaches the egress interface. The forwarding class is derived from ingress classification functions. The profile of a packet is either derived from ingress classification or ingress policing.

The default marking state for network IP interfaces is trusted. This is equivalent to declaring no tos-marking-state on the network IP interface. When undefined or set to tos-marking-state trusted, the trusted state of the interface will not be displayed when using show config or show info unless the detail parameter is given. The save config command will not store the default tos-marking-state trusted state for network IP interfaces unless the detail parameter is also specified.

The no tos-marking-state command is used to restore the trusted state to a network IP interface. This is equivalent to executing the tos-marking-state trusted command.

Default

tos-marking-state trusted

Parameters

trusted

The default prevents the ToS field to not be remarked by egress network IP interfaces unless the egress network IP interface has the remark-trusted state set.

untrusted

Specifies that all egress network IP interfaces will remark IP packets received on the network interface according to the egress marking definitions on each network interface.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>if tos-marking-state)

Full Context

configure router interface tos-marking-state

Description

This command is used on a network IP interface to alter the default trusted state to a non-trusted state. When unset or reverted to the trusted default, the ToS field will not be remarked by egress network IP interfaces unless the egress network IP interface has the remark-trusted state set, in which case the egress network interface treats all IES and network IP interface as untrusted. When the ingress network IP interface is set to untrusted, all egress network IP interfaces will remark IP packets received on the network interface according to the egress marking definitions on each network interface. The egress network remarking rules also apply to the ToS field of IP packets routed using IGP shortcuts (tunneled to a remote next-hop). However, the tunnel QoS markings are always derived from the egress network QoS definitions. Egress marking and remarking is based on the internal forwarding class and profile state of the packet once it reaches the egress interface. The forwarding class is derived from ingress classification functions. The profile of a packet is either derived from ingress classification or ingress policing. The default marking state for network IP interfaces is trusted. This is equivalent to declaring no tos-marking-state on the network IP interface. When undefined or set to tos-marking-state trusted, the trusted state of the interface will not be displayed when using show config or show info unless the detail parameter is given. The save config command will not store the default tos-marking-state trusted state for network IP interfaces unless the detail parameter is also specified.

The no form of this command is used to restore the trusted state to a network IP interface. This is equivalent to executing the tos-marking-state trusted command.

Default

tos-marking-state trusted

Parameters

trusted

Specifies that the default prevents the ToS field to not be remarked by egress network IP interfaces unless the egress network IP interface has the remark-trusted state set

untrusted

Specifies that all egress network IP interfaces will remark IP packets received on the network interface according to the egress marking definitions on each network interface.

Platforms

7705 SAR Gen 2

Context

[Tree] (traceroute)

Full Context

traceroute

Description

This command determines the route to a destination address. DNS lookups for the responding hosts are enabled by default.

Parameters

candidate-path

Specifies a candidate path of the SRv6 policy to traceroute. The candidate path does not need to be the currently active candidate path.

dest-port-udp-fixed

Specifies that the destination UDP port number should not increment with each packet transmitted. By default, the UDP traceroute starts with destination UDP port 33434 and each subsequent packet sent to this destination UDP port increases by 1. The next packet uses UDP seat port 33435, the next 33436, and so on.

For a UDP test, this parameter prevents the per-transmitted packet increment of the destination UDP port number. The TCP protocol does not increment the destination TCP port, using a single destination TCP port for all traceroute packets for the test.

decode

Perform additional original datagram parsing functions. This parameter must be used with the detail parameter.

detail

Specifies to display additional information about the resulting packet.

distinguisher

Specifies the distinguisher of the SRv6 policy candidate path to send the traceroute probe on. This parameter must be configured if protocol-owner is configured to bgp.

Values

1 to 4294967295

dns-name

Specifies the DNS name, up to 63 characters, of the far-end device on which to send the traceroute request message.

endpoint ipv6-address

Specifies an SRv6 policy for a specific endpoint as the target of the traceroute.

Values

ipv6-address:	x:x:x:x:x:x:x:x
	x:x:x:x:x:x:d.d.d.d
	x:	[0 to FFFF]H
	d:	[0 to 255]D

ip-address

Specifies the far-end IP address on which to send the traceroute request message in dotted decimal notation.

Values

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x
	x:x:x:x:x:x:d.d.d.d
	x:	[0 to FFFF]H
	d:	[0 to 255]D

max-ttl

Specifies the maximum Time-To-Live (TTL) value to include in the traceroute request, expressed as a decimal integer.

Values

1 to 255

Default

30

milliseconds

Specifies the time in milliseconds to wait for a response to a probe, expressed as a decimal integer.

Values

1 to 60000

Default

5000

min-ttl

Specifies the IP TTL in the initial traceroute packet to target a specific node or starting node along the path.

Values

1 to 255

Default

1

no-dns

Specifies that, when the no-dns keyword is specified, DNS lookups of the responding hosts are not performed, and only the IP addresses are printed.

original-datagram

Parse the returned original datagram including any IPv6 and SRH header information.

pad-size

Specifies the number of bytes added to the UDP or TCP payload.

Values

0 to 9786

Default

0

port-number

Specifies the transport protocol destination port number.

Values

1 to 65535

Default

33434

preference

Specifies the preference of the SRv6 policy candidate path to send the traceroute probe on.

Values

0 to 4294967295

Default

100

probes-per-hop

Specifies the number of probes per hop.

Values

1 to 10

Default

3

protocol-owner

Specifies the protocol owner of the SRv6 policy candidate path to traceroute.

Values

bgp — Specifies a BGP SRv6 policy.

static — Specifies a locally configured static SRv6 policy.

protocol udp | tcp

Sets the transport protocol for the traceroute packet. The TCP protocol is silently discarded on a targeted VRPN service. VPRN services only respond to UDP traceroutes.

Default

udp

router-or-service

Specifies the routing instance or service, by number. The router-instance parameter is the preferred parameter to specify the router or service.

Values

router-name: Base, management, vpls-management

vprn-svc-id: 1 to 2147483647

Default

Base

router-instance

Specifies the preferred method for entering a service name. Stored as the service name, this is the only service-linking function allowed for both mixed-mode and model-driven configuration modes.

Values

router-name: Base, management, vpls-management

vprn-svc-name: up to 64 characters

service-name

Specifies the alias function that allows the service name to be used, converted, and stored as service ID.

source ip-address

Specifies the source IP address to use as the source of the probe packets, in dotted decimal notation. If the IP address is not one of the device’s interfaces, an error is returned.

Values

ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x:	[0 to FFFF]H
	d:	[0 to 255]D

type-of-service

Specifies the Type-of-Service (ToS) bits in the IP header of the probe packets, expressed as a decimal integer.

Values

0 to 255

Default

0

srv6-policy

Keyword to specify that the traceroute probe is applied to an SRv6 policy matching a specific color and endpoint. The traceroute probe may optionally be targeted at a specific segment list of the SRv6 policy. When the segment list is not specified, the traceroute probe is sent on the lowest available segment list.

color-id

Specifies the SRv6 policy color ID.

Values

0 to 4294967295

segment-list

Specifies the SRv6 policy segment list to trace.

Values

1 to 32

Platforms

7705 SAR Gen 2

Output

ICMPv4 Type 3 symbols in CLI, ICMPv6 Type 1 symbols in CLI, and ICMPv6 Type 2 symbols in CLI describe the ICMPv4 Type 3, and the ICMPv6 Type 1 and 2 symbols in the CLI outputs. For references without a symbol in the form !<code>, see www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml.

The following output is an example of traceroute for an IPv4 prefix.

A:node-2# traceroute 192.168.xx.xx4
traceroute to 192.168.xx.xx4, 30 hops max, 40 byte packets
 1  192.168.xx.xx4 0.000 ms  0.000 ms  0.000 ms

The following output is an example of traceroute for an IPv4 prefix resolved to an IPv4 SR policy with ICMP tunneling enabled.

A:node-2# traceroute 11.21.1.6 detail no-dns 
traceroute to 11.21.1.6, 30 hops max, 40 byte packets
  1   1  10.10.11.3  3.36 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28303, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28306, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =  524283, Exp = 7, TTL =   1, S = 1
  1   2  10.10.11.3  3.68 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28303, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28306, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =  524283, Exp = 7, TTL =   1, S = 1
  1   3  10.10.11.3  4.18 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28303, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28306, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =  524283, Exp = 7, TTL =   1, S = 1
  2   1  10.10.10.5  3.77 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28506, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =  524283, Exp = 7, TTL =   2, S = 1
  2   2  10.10.10.5  8.02 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28506, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =  524283, Exp = 7, TTL =   2, S = 1
  2   3  10.10.10.5  4.72 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28506, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =  524283, Exp = 7, TTL =   2, S = 1
  3   1  11.21.1.6  5.33 ms
  3   2  11.21.1.6  4.77 ms
  3   3  11.21.1.6  4.07 ms

The following output is an example of traceroute for an IPv6 prefix resolved to an IPv4 SR policy with ICMP tunneling enabled.

A:node-2# traceroute fc00::b15:106 detail no-dns 
traceroute to fc00::b15:106, 30 hops max, 60 byte packets
  1   1  fc00::a0a:b03  3.41 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28303, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28306, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =       2, Exp = 7, TTL =   1, S = 1
  1   2  fc00::a0a:b03  2.58 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28303, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28306, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =       2, Exp = 7, TTL =   1, S = 1
  1   3  fc00::a0a:b03  3.90 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28303, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28306, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =       2, Exp = 7, TTL =   1, S = 1
  2   1  fc00::a0a:a05  4.65 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28506, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =       2, Exp = 7, TTL =   2, S = 1
  2   2  fc00::a0a:a05  4.85 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28506, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =       2, Exp = 7, TTL =   2, S = 1
  2   3  fc00::a0a:a05  4.78 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28506, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =       2, Exp = 7, TTL =   2, S = 1
  3   1  fc00::b15:106  2.89 ms
  3   2  fc00::b15:106  3.58 ms
  3   3  fc00::b15:106  4.15 ms

The following output is an example of traceroute for an IPv6 prefix resolved to an IPv6 SR-OSPF3 tunnel with ICMP tunneling enabled.

A:node-2# traceroute fc00::b14:106 detail 
traceroute to fc00::b14:106, 30 hops max, 60 byte packets
  1   1  fc00::a0a:402  (fc00::a0a:402)  4.38 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   29266, Exp = 7, TTL =   1, S = 1
  1   2  fc00::a0a:402  (fc00::a0a:402)  3.42 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   29266, Exp = 7, TTL =   1, S = 1
  1   3  fc00::a0a:402  (fc00::a0a:402)  4.19 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   29266, Exp = 7, TTL =   1, S = 1
  2   1  fc00::a0a:904  (fc00::a0a:904)  4.05 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   29466, Exp = 7, TTL =   1, S = 1
  2   2  fc00::a0a:904  (fc00::a0a:904)  3.62 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   29466, Exp = 7, TTL =   1, S = 1
  2   3  fc00::a0a:904  (fc00::a0a:904)  4.64 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   29466, Exp = 7, TTL =   1, S = 1
  3   1  fc00::b14:106  (fc00::b14:106)  3.35 ms
  3   2  fc00::b14:106  (fc00::b14:106)  4.02 ms
  3   3  fc00::b14:106  (fc00::b14:106)  3.30 ms

The following output is an example of traceroute for a label-ipv4 prefix resolved to an IPv6 SR-TE LSP with ICMP tunneling enabled (requires IPv4 system address).

A:node-2# traceroute 11.21.1.1 source 11.21.1.6 detail 
traceroute to 11.21.1.1 from 11.21.1.6, 30 hops max, 40 byte packets
  1   1  10.20.1.4  (10.20.1.4)  4.96 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =  524270, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =  524285, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =  524236, Exp = 7, TTL =   1, S = 1
  1   2  10.20.1.4  (10.20.1.4)  5.35 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =  524270, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =  524285, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =  524236, Exp = 7, TTL =   1, S = 1
  1   3  10.20.1.4  (10.20.1.4)  5.43 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =  524270, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =  524285, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =  524236, Exp = 7, TTL =   1, S = 1
  2   1  10.20.1.2  (10.20.1.2)  4.72 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =  524285, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =  524236, Exp = 7, TTL =   2, S = 1
  2   2  10.20.1.2  (10.20.1.2)  5.71 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =  524285, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =  524236, Exp = 7, TTL =   2, S = 1
  2   3  10.20.1.2  (10.20.1.2)  5.03 ms
         returned MPLS Label Stack Object
            entry  1:  MPLS Label =  524285, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =  524236, Exp = 7, TTL =   2, S = 1
  3   1  11.21.1.1  (11.21.1.1)  3.51 ms
  3   2  11.21.1.1  (11.21.1.1)  3.91 ms
  3   3  11.21.1.1  (11.21.1.1)  3.09 ms

The following output is an example of traceroute for a label-ipv6 prefix resolved to an IPv4 SR-TE LSP with ICMP tunneling enabled.

A:node-2# traceroute fc00::b15:101 detail 
traceroute to fc00::b15:101, 30 hops max, 60 byte packets
  1   1  fc00::a0a:404  (fc00::a0a:404)  3.36 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =  524270, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =  524285, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =       2, Exp = 7, TTL =   1, S = 1
  1   2  fc00::a0a:404  (fc00::a0a:404)  3.46 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =  524270, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =  524285, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =       2, Exp = 7, TTL =   1, S = 1
  1   3  fc00::a0a:404  (fc00::a0a:404)  3.77 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =  524270, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =  524285, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =       2, Exp = 7, TTL =   1, S = 1
  2   1  fc00::a0a:102  (fc00::a0a:102)  4.54 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =  524285, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =       2, Exp = 7, TTL =   2, S = 1
  2   2  fc00::a0a:102  (fc00::a0a:102)  4.70 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =  524285, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =       2, Exp = 7, TTL =   2, S = 1
  2   3  fc00::a0a:102  (fc00::a0a:102)  3.63 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =  524285, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =       2, Exp = 7, TTL =   2, S = 1
  3   1  fc00::b15:101  (fc00::b15:101)  3.40 ms
  3   2  fc00::b15:101  (fc00::b15:101)  3.15 ms
  3   3  fc00::b15:101  (fc00::b15:101)  3.23 ms

The following output is an example of traceroute for a vpn-ipv4 prefix resolved to an IPv6 SR-TE LSP with ICMP tunneling enabled (requires IPv4 system address).

A:node-2# traceroute router-instance "vprn.sr-te.4" 1.0.4.1 source 6.0.4.1 detail 
traceroute to 1.0.4.1 from 6.0.4.1, 30 hops max, 40 byte packets
  1   1  10.20.1.4  (10.20.1.4)  5.03 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28462, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28261, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =  524241, Exp = 7, TTL =   1, S = 1
  1   2  10.20.1.4  (10.20.1.4)  4.52 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28462, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28261, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =  524241, Exp = 7, TTL =   1, S = 1
  1   3  10.20.1.4  (10.20.1.4)  5.61 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28462, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28261, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =  524241, Exp = 7, TTL =   1, S = 1
  2   1  10.20.1.2  (10.20.1.2)  5.38 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28262, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28261, Exp = 7, TTL =   2, S = 0
             entry  3:  MPLS Label =  524241, Exp = 7, TTL =   2, S = 1
  2   2  10.20.1.2  (10.20.1.2)  5.39 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28262, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28261, Exp = 7, TTL =   2, S = 0
             entry  3:  MPLS Label =  524241, Exp = 7, TTL =   2, S = 1
  2   3  10.20.1.2  (10.20.1.2)  5.27 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28262, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28261, Exp = 7, TTL =   2, S = 0
             entry  3:  MPLS Label =  524241, Exp = 7, TTL =   2, S = 1
  3   1  1.0.4.1  (1.0.4.1)  4.09 ms
  3   2  1.0.4.1  (1.0.4.1)  4.47 ms
  3   3  1.0.4.1  (1.0.4.1)  4.13 ms

The following output is an example of traceroute for a vpn-ipv6 prefix resolved to an IPv6 SR-TE LSP with ICMP tunneling enabled.

A:node-2# traceroute router 5004 fc00::100:401 detail 
traceroute to fc00::100:401, 30 hops max, 60 byte packets
  1   1  fc00::a0a:404  (fc00::a0a:404)  5.45 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28462, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28261, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =  524241, Exp = 7, TTL =   1, S = 1
  1   2  fc00::a0a:404  (fc00::a0a:404)  5.14 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28462, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28261, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =  524241, Exp = 7, TTL =   1, S = 1
  1   3  fc00::a0a:404  (fc00::a0a:404)  5.31 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28462, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28261, Exp = 7, TTL =   1, S = 0
             entry  3:  MPLS Label =  524241, Exp = 7, TTL =   1, S = 1
  2   1  fc00::a0a:102  (fc00::a0a:102)  4.70 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28262, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28261, Exp = 7, TTL =   2, S = 0
             entry  3:  MPLS Label =  524241, Exp = 7, TTL =   2, S = 1
  2   2  fc00::a0a:102  (fc00::a0a:102)  5.20 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28262, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28261, Exp = 7, TTL =   2, S = 0
             entry  3:  MPLS Label =  524241, Exp = 7, TTL =   2, S = 1
  2   3  fc00::a0a:102  (fc00::a0a:102)  5.16 ms
         returned MPLS Label Stack Object
             entry  1:  MPLS Label =   28262, Exp = 7, TTL =   1, S = 0
             entry  2:  MPLS Label =   28261, Exp = 7, TTL =   2, S = 0
             entry  3:  MPLS Label =  524241, Exp = 7, TTL =   2, S = 1
  3   1  fc00::100:401  (fc00::100:401)  5.38 ms
  3   2  fc00::100:401  (fc00::100:401)  4.48 ms
  3   3  fc00::100:401  (fc00::100:401)  4.39 ms

The following output is an example of traceroute for an IPv4 prefix using the tcp and the detail options.

A:node-2# traceroute 192.168.34.2 protocol tcp detail
traceroute to 192.168.34.2, 30 hops max, 40 byte packets
  1   1  192.168.13.2  (192.168.13.2)  0.755 ms
  1   2  192.168.13.2  (192.168.13.2)  0.913 ms
  1   3  192.168.13.2  (192.168.13.2)  0.928 ms
  2   1  192.168.34.2  (192.168.34.2)  1.19 ms (port closed)
  2   2  192.168.34.2  (192.168.34.2)  1.29 ms (port closed)
  2   3  192.168.34.2  (192.168.34.2)  1.59 ms (port closed)

The following output is an example of traceroute for an IPv4 prefix using the tcp and the detail options.

A:node-2# traceroute 192.168.34.2 protocol tcp dest-port 862 detail
traceroute to 192.168.34.2, 30 hops max, 40 byte packets
  1   1  192.168.13.2  (192.168.13.2)  0.915 ms
  1   2  192.168.13.2  (192.168.13.2)  0.861 ms
  1   3  192.168.13.2  (192.168.13.2)  0.825 ms
  2   1  192.168.34.2  (192.168.34.2)  1.42 ms (port open)
  2   2  192.168.34.2  (192.168.34.2)  1.27 ms (port open)
  2   3  192.168.34.2  (192.168.34.2)  1.52 ms (port open)

The following output is an example of traceroute of an SRv6 SID using the decode original-datagram option.

A:node-2# traceroute 2002:abcd:1100:102:1:: detail decode original-datagram probe-count 1 
traceroute to 2002:abcd:1100:102:1::, 30 hops max, 60 byte packets
  1   1  2001:100:4:12::4  (2001:100:4:12::4)  1.23 ms
         Original Datagram
             IPv6 Header, Hop Limit 1, DSCP be
                 SA = 2001:1:1:1::112, DA = 2002:abcd:1100:102:1::
  2   1  2001:100:3:4::3  (2001:100:3:4::3)  2.25 ms
         Original Datagram
             IPv6 Header, Hop Limit 1, DSCP be
                 SA = 2001:1:1:1::112, DA = 2002:abcd:1100:101:1::
             Segment Routing Header SRv6, Segments Left 1
                 Segment_List[0] = 2002:abcd:1100:102:1::
  3   1  2001:100:1:3::1  (2001:100:1:3::1)  3.21 ms
         Original Datagram
             IPv6 Header, Hop Limit 1, DSCP be
                 SA = 2001:1:1:1::112, DA = 2002:abcd:1100:101:1::
             Segment Routing Header SRv6, Segments Left 1
                 Segment_List[0] = 2002:abcd:1100:102:1::
  4   1  2001:1:1:1::102  (2001:1:1:1::102)  9.16 ms
         Original Datagram
             IPv6 Header, Hop Limit 1, DSCP be
                 SA = 2001:1:1:1::112, DA = 2002:abcd:1100:102:1::
             Segment Routing Header SRv6, Segments Left 0
                 Segment_List[0] = 2002:abcd:1100:102:1::

The following output is an example of traceroute of an SRv6 policy.

A:node-2# traceroute srv6-policy color 10 endpoint 6:6:6:6::86 probe-count 1                                 
traceroute srv6-policy color 10 endpoint 6:6:6:6::86, 30 hops max, 60 byte packets (excluding SRH)
  1  fc00::a0a:203 (fc00::a0a:203)    2.76 ms
  2  fc00::a0a:505 (fc00::a0a:505)    5.11 ms
  3  6:6:6:6::86 (6:6:6:6::86)    6.18 ms

The following output is an example of traceroute of an SRv6 policy using the decode original-datagram option.

A:node-2# traceroute srv6-policy color 10 endpoint 6:6:6:6::86 probe-count 1 detail decode original-datagram 
traceroute srv6-policy color 10 endpoint 6:6:6:6::86, 30 hops max, 60 byte packets (excluding SRH)
  1   1  fc00::a0a:203  (fc00::a0a:203)  2.70 ms
         Original Datagram
             IPv6 Header, Hop Limit 1, DSCP be
                 SA = 1:1:1:1::61, DA = 3:3:3:3:0:a::
             Segment Routing Header SRv6, Segments Left 2
                 Segment_List[0] = 6:6:6:6::86
                 Segment_List[1] = 5:5:5:5:0:a::
  2   1  fc00::a0a:505  (fc00::a0a:505)  4.88 ms
         Original Datagram
             IPv6 Header, Hop Limit 1, DSCP be
                 SA = 1:1:1:1::61, DA = 5:5:5:5:0:a::
             Segment Routing Header SRv6, Segments Left 1
                 Segment_List[0] = 6:6:6:6::86
                 Segment_List[1] = 5:5:5:5:0:a::
  3   1  6:6:6:6::86  (6:6:6:6::86)  5.51 ms
         Original Datagram
             IPv6 Header, Hop Limit 1, DSCP be
                 SA = 1:1:1:1::61, DA = 6:6:6:6::86

The following output is an example of traceroute for a candidate path of an SRv6 policy.

A:node-2# traceroute srv6-policy color 20 endpoint fc00::a14:106 probe-count 1 detail candidate-path protocol-owner static distinguisher 126 preference 100 
traceroute srv6-policy color 20 endpoint fc00::a14:106 candidate-path protocol-owner static preference 100 distinguisher 126, 30 hops max, 60 byte packets (excluding SRH)
  1   1  fc00::a0a:203  (fc00::a0a:203)  2.87 ms
  2   1  fc00::a0a:505  (fc00::a0a:505)  4.58 ms
  3   1  fc00::a14:106  (fc00::a14:106)  6.28 ms

Context

[Tree] (config>service>ies>if>ipv6>vrrp traceroute-reply)

Full Context

configure service ies interface ipv6 vrrp traceroute-reply

Description

This command is valid only if the VRRP virtual router instance associated with this entry is a non-owner.

When this command is enabled, a non-owner master can reply to traceroute requests directed to the virtual router instance IP addresses.

A non-owner backup virtual router never responds to such traceroute requests regardless of the trace-route-reply status.

Default

no traceroute-reply

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if>vrrp traceroute-reply)

Full Context

configure service ies interface vrrp traceroute-reply

Description

This command is valid only if the VRRP virtual router instance associated with this entry is a non-owner.

When this command is enabled, a non-owner master can reply to traceroute requests directed to the virtual router instance IP addresses.

A non-owner backup virtual router never responds to such traceroute requests regardless of the trace-route-reply status.

Default

no traceroute-reply

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>if>ipv6>vrrp traceroute-reply)

[Tree] (config>service>vprn>if>vrrp traceroute-reply)

Full Context

configure service vprn interface ipv6 vrrp traceroute-reply

configure service vprn interface vrrp traceroute-reply

Description

This command is valid only if the VRRP virtual router instance associated with this entry is a non-owner.

When this command is enabled, a non-owner master can reply to traceroute requests directed to the virtual router instance IP addresses.

A non-owner backup virtual router never responds to such traceroute requests regardless of the trace-route-reply status.

Default

no traceroute-reply

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>if>ipv6>vrrp traceroute-reply)

[Tree] (config>router>if>vrrp traceroute-reply)

Full Context

configure router interface ipv6 vrrp traceroute-reply

configure router interface vrrp traceroute-reply

Description

This command is valid only if the VRRP virtual router instance associated with this entry is a non-owner.

When this command is enabled, a non-owner master can reply to traceroute requests directed to the virtual router instance IP addresses.

A non-owner backup virtual router never responds to such traceroute requests regardless of the trace-route-reply status.

Traceroute must not have been disabled at the management security level (either on the parental IP interface or the source host address).

Default

no traceroute-reply

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>pim>if tracking-support)

Full Context

configure service vprn pim interface tracking-support

Description

This command sets the T bit in the LAN Prune Delay option of the Hello Message. This indicates the router's capability to disable Join message suppression.

Default

no tracking-support

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>pim>interface tracking-support)

Full Context

configure router pim interface tracking-support

Description

This command sets the T bit in the LAN Prune Delay option of the Hello Message. This indicates the router's capability to enable join message suppression. This capability allows for upstream routers to explicitly track join membership.

The no form of this command disables tracking support.

Default

no tracking-support

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis traffic-engineering)

Full Context

configure router isis traffic-engineering

Description

This command enables this IS-IS instance to advertise TE link attributes for RSVP-TE and SR-TE enabled interfaces.

Default

no traffic-engineering

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ospf traffic-engineering)

Full Context

configure router ospf traffic-engineering

Description

This command enables the advertisement of the traffic engineering information for the router and its links.

Traffic engineering enables the router to perform route calculations constrained by nodes or links. The traffic engineering of this router are limited to calculations based on link and nodal constraints.

The no form of this command disables the advertisement of the traffic engineering information.

Default

no traffic-engineering

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis traffic-engineering-options)

Full Context

configure router isis traffic-engineering-options

Description

Commands in this context configure advanced traffic-engineering options.

The no form of this command deletes the context.

Default

no traffic-engineering-options

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ospf traffic-engineering-options)

Full Context

configure router ospf traffic-engineering-options

Description

Commands in this context configure the advanced traffic-engineering options.

The no form of this command removes the context to configure the advanced traffic-engineering options.

Default

no traffic-engineering-options

Platforms

7705 SAR Gen 2

Context

[Tree] (config>port transceiver)

Full Context

configure port transceiver

Description

Commands in this context configure transceiver parameters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>ipsec>tnl-temp transform)

[Tree] (config>ipsec>trans-mode-prof>dyn transform)

[Tree] (config>service>vprn>if>ipsec>ipsec-tunnel>dyn transform)

[Tree] (config>service>ies>if>ipsec>ipsec-tunnel>dyn transform)

[Tree] (config>router>if>ipsec>ipsec-tunnel>dyn transform)

Full Context

configure ipsec tunnel-template transform

configure ipsec ipsec-transport-mode-profile dynamic-keying transform

configure service vprn interface ipsec ipsec-tunnel dynamic-keying transform

configure service ies interface ipsec ipsec-tunnel dynamic-keying transform

configure router interface ipsec ipsec-tunnel dynamic-keying transform

Description

This command associates the IPsec transform sets allowed for this the CHILD_SA. A maximum of four transforms can be specified. The transforms are listed in decreasing order of preference (the first one specified is the most preferred).

The no form of this command removes the transform ID from the configuration.

Default

no transform

Parameters

transform-id

Specifies a number to identify a tranform used for CHILD_SA negotiation. Up to four transform ID can be specified.

Values

1 to 2048

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>if>sap>ipsec-tun>dyn transform)

Full Context

configure service vprn interface sap ipsec-tunnel dynamic-keying transform

Description

This command associates the IPsec transform sets allowed for this tunnel. A maximum of four transforms can be specified. The transforms are listed in decreasing order of preference (the first one specified is the most preferred).

Default

no transform

Parameters

transform-id

Specifies the value used for transforms for dynamic keying.

Values

1 to 2048

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>ttl-propagate transit)

Full Context

configure service vprn ttl-propagate transit

Description

This command overrides the global configuration of the TTL propagation for in transit packets which are forwarded over a MPLS LSPs in a given VPRN service context.

The global configuration is performed under config>router>ttl-propagate>vprn-transit.

The default behavior for a given VPRN instance is to inherit the global configuration for the same command. The user can explicitly set the default behavior by configuring the inherit value.

Default

transit inherit

Parameters

inherit

specifies the TTL propagation behavior is inherited from the global configuration under config>router>ttl-propagate>vprn-transit.

none

specifies the TTL of the IP packet is not propagated into the VC label or labels in the transport label stack.

vc-only

specifies the TTL of the IP packet is propagated into the VC label and not into the labels. in the transport label stack

all

specifies the TTL of the IP packet is propagated into the VC label and all labels in the transport label stack.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>ospf3>area>virtual-link transit-delay)

[Tree] (config>service>vprn>ospf>area>sham-link transit-delay)

[Tree] (config>service>vprn>ospf>area>virtual-link transit-delay)

[Tree] (config>service>vprn>ospf3>area>if transit-delay)

[Tree] (config>service>vprn>ospf>area>if transit-delay)

Full Context

configure service vprn ospf3 area virtual-link transit-delay

configure service vprn ospf area sham-link transit-delay

configure service vprn ospf area virtual-link transit-delay

configure service vprn ospf3 area interface transit-delay

configure service vprn ospf area interface transit-delay

Description

This command configures the estimated time, in seconds, that it takes to transmit a LSA on the interface or virtual link or sham-link.

The no form of this command reverts to the default delay time.

Default

transit-delay 1

Parameters

seconds

The transit delay in seconds expressed as a decimal integer.

Values

0 to 3600

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ospf3>area>virtual-link transit-delay)

[Tree] (config>router>ospf>area>interface transit-delay)

[Tree] (config>router>ospf3>area>interface transit-delay)

[Tree] (config>router>ospf>area>virtual-link transit-delay)

Full Context

configure router ospf3 area virtual-link transit-delay

configure router ospf area interface transit-delay

configure router ospf3 area interface transit-delay

configure router ospf area virtual-link transit-delay

Description

This command configures the estimated time, in seconds, that it takes to transmit a link state advertisement (LSA) on the interface or virtual link.

The no form of this command reverts to the default delay time.

Default

transit-delay 1

Parameters

seconds

Specifies the transit delay in seconds expressed as a decimal integer.

Values

1 to 1800

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>pki>ca-profile>ocsp transmission-profile)

Full Context

configure system security pki ca-profile ocsp transmission-profile

Description

This command specifies the transmission-profile for OCSP. When specified, this configuration overrides the service service-id or service service-name configured in the config>system>security>pki>ca-profile>ocsp context.

The no form of the command removes the profile name from the configuration.

Default

no transmission-profile

Parameters

name

Specifies the file transmission profile name, up to 32 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>pki>est-profile transmission-profile)

Full Context

configure system security pki est-profile transmission-profile

Description

This command specifies the transmission profile name created in the config>system file-transmission-profile context for the EST profile.

The no form of the command removes the name from the EST profile configuration.

Default

no transmission-profile

Parameters

name

Specifies the file transmission profile name, up to 32 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bfd>bfd-template transmit-interval)

Full Context

configure router bfd bfd-template transmit-interval

Description

This command specifies the transmit timer used for BFD packets. If the template is used for a BFD session on an MPLS-TP LSP, then this timer is used for CC packets.

The no form of this command reverts to the default value.

Default

transmit-interval 100

Parameters

transmit-interval

Specifies the transmit interval. The minimum interval that can be configured is hardware dependent.

Values

10 ms to 100,000 ms in 1 ms intervals

Default

10 ms for CPM3 or higher; 1 second for other hardware

Platforms

7705 SAR Gen 2

Context

[Tree] (config>port>ethernet>dot1x transmit-period)

Full Context

configure port ethernet dot1x transmit-period

Description

This command configures the period after which the router sends a new EAPOL request message.

The no form of this command returns the value to the default.

Default

transmit-period 30

Parameters

seconds

Specifies the server transmit period in seconds.

Values

1 to 3600

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>snmp transport)

Full Context

configure system snmp transport

Description

This command configures the transport protocol used by the SNMP agent.

The no form of this command removes the transport protocol.

Default

no transport

Parameters

transport-protocol

Specifies the transport protocol.

Values

udp — Keyword to specify UDP only.

tcp — Keyword to specify TCP only.

both — Keyword to specify TCP and UDP.

Default

udp

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ldp>if-params>ipv4 transport-address)

[Tree] (config>router>ldp>if-params>if>ipv4 transport-address)

[Tree] (config>router>ldp>if-params>ipv6 transport-address)

[Tree] (config>router>ldp>if-params>if>ipv6 transport-address)

Full Context

configure router ldp interface-parameters ipv4 transport-address

configure router ldp interface-parameters interface ipv4 transport-address

configure router ldp interface-parameters ipv6 transport-address

configure router ldp interface-parameters interface ipv6 transport-address

Description

This command configures the transport address to be used when setting up the LDP TCP sessions. The transport address can be configured as interface or system. The transport address can be configured globally (applies to all LDP interfaces) or per interface. The most specific value is used.

With the transport-address command, you can set up the LDP interface to the connection which can be set to the interface address or the system address. However, there can be an issue of which address to use when there are parallel adjacencies. This situation can not only happen with parallel links, it could be a link and a targeted adjacency since targeted adjacencies request the session to be set up only to the system IP address.

The transport-address value should not be interface if multiple interfaces exist between two LDP neighbors. Depending on the first adjacency to be formed, the TCP endpoint is chosen. In other words, if one LDP interface is set up as transport-address interface and another for transport-address system, then, depending on which adjacency was set up first, the TCP endpoint addresses are determined. After that, because the hello contains the LSR ID, the LDP session can be checked to verify that it is set up and then match the adjacency to the session.

For any iLDP interface, as the local-lsr-id parameters is changed to interface, the transport-address configuration loses effectiveness. Since it will be ignored and the iLDP session will always use the relevant interface IP address as transport-address even though system is chosen.

The no form of this command, at the global level, sets the transport address to the default value.

The no form of this command, at the interface level, sets the transport address to the value defined under the global level.

Default

system

Parameters

interface

Specifies the IP interface address is used to set up the LDP session between neighbors. The transport address interface cannot be used if multiple interfaces exist between two neighbors, since only one LDP session is set up between two neighbors.

system

Specifies the system IP address is used to set up the LDP session between neighbors.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>redundancy>multi-chassis>peer>sync transport-encryption)