u Commands

Context

[Tree] (config>service>nat>nat-policy>timeouts udp)

Full Context

configure service nat nat-policy timeouts udp

Description

This command configures the UDP mapping timeout.

Default

udp min 5

Parameters

hours

Specifies the timeout hours field.

Values

1 to 24

minutes

Specifies the timeout minutes field.

Values

1 to 59

seconds

Specifies the timeout seconds field.

Values

1 to 59

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>next-hop-resolution>labeled-routes>transport-tunnel>family>resolution-filter udp)

Full Context

configure router bgp next-hop-resolution labeled-routes transport-tunnel family resolution-filter udp

Description

This command selects UDP tunnel in TTM for next-hop resolution.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>nat>nat-policy>timeouts udp-dns)

Full Context

configure service nat nat-policy timeouts udp-dns

Description

This command configures the timeout applied to a UDP session with destination port 53.

Default

udp-dns sec 15

Parameters

hours

Specifies the timeout hours field.

Values

1 to 24

minutes

Specifies the timeout minutes field.

Values

1 to 59

seconds

Specifies the timeout seconds field.

Values

1 to 59

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>nat>nat-policy udp-inbound-refresh)

Full Context

configure service nat nat-policy udp-inbound-refresh

Description

This command enables UDP session timeout extended on inbound traffic.

The no form of the command disables UDP session timeout extended on inbound traffic.

Default

no udp-inbound-refresh

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>nat>nat-policy>timeouts udp-initial)

Full Context

configure service nat nat-policy timeouts udp-initial

Description

This command configures the UDP mapping timeout applied to new sessions.

Default

udp-initial sec 15

Parameters

minutes

Specifies the timeout minutes field.

Values

1 to 59

seconds

Specifies the timeout seconds field.

Values

1 to 59

Platforms

7705 SAR Gen 2

Context

[Tree] (config>oam-pm>session>ip>twamp-light>loss-events unavailability-event)

Full Context

configure oam-pm session ip twamp-light loss-events unavailability-event

Description

This command sets the threshold to be applied to the overall count of the unavailability indicators, not transitions, per configured direction. This value is compared to the 32 bit unavailability counter specific to the direction which tracks the number of individual delta-ts that have been recorded as unavailable. The aggregate is a function of summing forward and backward. This value is only used as a threshold mechanism and is not part of the stored statistics. If the optional clear clear-threshold parameter is not specified, the traffic crossing alarm is stateless. Stateless means the state is not carried forward to other measurement intervals. Each measurement interval is analyzed independently and regardless of any previous window. Each unique event can only be raised once within measurement interval. If the optional clear clear-threshold parameter is specified, the traffic crossing alarm uses stateful behavior. Stateful means each unique previous event state is carried forward to following measurement intervals. If a threshold crossing event is raised another is raised until a measurement interval completes and the clear threshold has not been exceeded. A clear event is raised under that condition.

The no form of this command removes the event threshold for frame loss ratio. The direction must be included with the no command.

Default

no unavailability-event forward

no unavailability-event backward

no unavailability-event aggregate

Parameters

forward

Specifies the threshold is applied to the forward direction count.

backward

Specifies the threshold is applied to the backward direction count.

aggregate

Specifies the threshold is applied to the aggregate count (sum of forward and backward).

raise-threshold

Specifies a numerical value compared to the unavailability counter that is the rising threshold that determines when the event is to be generated, when value reached.

Values

1 to 864000

clear-threshold

Specifies an optional value used for stateful behavior that allows the operator to configure a percentage of loss value lower than the rising percentage to indicate when the clear event should be generated.

Values

0 to 863999

A value of zero means that the unavailability counter must be 0.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters uncoloured-octets-offered-count)

[Tree] (config>log>acct-policy>cr>policer>e-counters uncoloured-octets-offered-count)

Full Context

configure log accounting-policy custom-record ref-policer e-counters uncoloured-octets-offered-count

configure log accounting-policy custom-record policer e-counters uncoloured-octets-offered-count

Description

This command includes the uncoloured octets offered count.

The no form of this command excludes the uncoloured octets offered count.

Default

no uncoloured-octets-offered-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>ref-policer>i-counters uncoloured-octets-offered-count)

[Tree] (config>log>acct-policy>cr>ref-queue>i-counters uncoloured-octets-offered-count)

[Tree] (config>log>acct-policy>cr>queue>i-counters uncoloured-octets-offered-count)

[Tree] (config>log>acct-policy>cr>policer>i-counters uncoloured-octets-offered-count)

Full Context

configure log accounting-policy custom-record ref-policer i-counters uncoloured-octets-offered-count

configure log accounting-policy custom-record ref-queue i-counters uncoloured-octets-offered-count

configure log accounting-policy custom-record queue i-counters uncoloured-octets-offered-count

configure log accounting-policy custom-record policer i-counters uncoloured-octets-offered-count

Description

This command includes the uncoloured octets offered in the count.

The no form of this command excludes the uncoloured octets offered in the count.

Default

no uncoloured-octets-offered-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>ref-policer>e-counters uncoloured-packets-offered-count)

[Tree] (config>log>acct-policy>cr>policer>e-counters uncoloured-packets-offered-count)

Full Context

configure log accounting-policy custom-record ref-policer e-counters uncoloured-packets-offered-count

configure log accounting-policy custom-record policer e-counters uncoloured-packets-offered-count

Description

This command includes the uncoloured packets offered count.

The no form of this command excludes the uncoloured packets offered count.

Default

no uncoloured-packets-offered-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>log>acct-policy>cr>ref-policer>i-counters uncoloured-packets-offered-count)

[Tree] (config>log>acct-policy>cr>queue>i-counters uncoloured-packets-offered-count)

[Tree] (config>log>acct-policy>cr>ref-queue>i-counters uncoloured-packets-offered-count)

[Tree] (config>log>acct-policy>cr>policer>i-counters uncoloured-packets-offered-count)

Full Context

configure log accounting-policy custom-record ref-policer i-counters uncoloured-packets-offered-count

configure log accounting-policy custom-record queue i-counters uncoloured-packets-offered-count

configure log accounting-policy custom-record ref-queue i-counters uncoloured-packets-offered-count

configure log accounting-policy custom-record policer i-counters uncoloured-packets-offered-count

Description

This command includes the uncolored packets offered count.

The no form of this command excludes the uncoloured packets offered count.

Default

no uncoloured-packets-offered-count

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>management-interface>cli>md-cli>environment>prompt uncommitted-changes-indicator)

Full Context

configure system management-interface cli md-cli environment prompt uncommitted-changes-indicator

Description

This command displays the change indicator.

The no form of this command suppresses the change indicator.

Default

uncommitted-changes-indicator

Platforms

7705 SAR Gen 2

Context

[Tree] (config>oam-pm>session>ip>twamp-light>loss-events undet-availability-event)

Full Context

configure oam-pm session ip twamp-light loss-events undet-availability-event

Description

This command sets the threshold to be applied to the overall count of the undetermined availability indicators, not transitions, per configured direction. This value is compared to the 32 bit unavailability counter specific to the direction which tracks the number of individual delta-ts that have been recorded as undetermined available. The aggregate is a function of summing forward and backward. This value is only used as a threshold mechanism and is not part of the stored statistics. If the optional clear clear-threshold parameter is not specified, the traffic crossing alarm is stateless. Stateless means the state is not carried forward to other measurement intervals. Each measurement interval is analyzed independently and regardless of any previous window. Each unique event can only be raised once within measurement interval. If the optional clear clear-threshold parameter is specified, the traffic crossing alarm uses stateful behavior. Stateful means each unique previous event state is carried forward to following measurement intervals. If a threshold crossing event is raised another is raised until a measurement interval completes and the clear threshold has not been exceeded. A clear event is raised under that condition.

The no form of this command removes the event threshold for frame loss ratio. The direction must be included with the no command.

Default

no undet-availability-event forward

no undet-availability-event backward

no undet-availability-event aggregate

Parameters

forward

Specifies the threshold is applied to the forward direction count.

backward

Specifies the threshold is applied to the backward direction count.

aggregate

Specifies the threshold is applied to the aggregate count (sum of forward and backward).

raise-threshold

Specifies the rising threshold that determines when the event is to be generated, when value reached.

Values

1 to 864000

clear-threshold

Specifies an optional value used for stateful behavior that allows the operator to configure a percentage of loss value lower than the rising percentage to indicate when the clear event should be generated.

Values

0 to 863999

A value of zero means that the undetermined availability counter must be 0.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>oam-pm>session>ip>twamp-light>loss-events undet-unavailability-event)

Full Context

configure oam-pm session ip twamp-light loss-events undet-unavailability-event

Description

This command sets the threshold to be applied to the overall count of the undetermined unavailability indicators, not transitions, per configured direction. This value is compared to the 32 bit unavailability counter specific to the direction which tracks the number of individual delta-ts that have been recorded as undetermined unavailable. The aggregate is a function of summing forward and backward. This value is only used as a threshold mechanism and is not part of the stored statistics. If the clear clear-threshold parameter is not specified the traffic crossing alarm is stateless. Stateless means the state is not carried forward to other measurement intervals. Each measurement interval is analyzed independently and without regard to any previous window. Each unique event can only be raised once within measurement interval. If the optional clear threshold is specified the traffic crossing alarm uses stateful behavior. Stateful means each unique previous event state is carried forward to following measurement intervals. If a threshold crossing event is raised another is not raised until a measurement interval completes and the clear threshold has not been exceeded. A clear event is raised under that condition.

The no form of this command removes the event threshold for frame loss ratio. The direction must be included with the no command.

Default

no undet-unavailable-event forward

no undet-unavailable-event backward

no undet-unavailable-event aggregate

Parameters

forward

Specifies the threshold is applied to the forward direction count.

backward

Specifies the threshold is applied to the backward direction count.

aggregate

Specifies the threshold is applied to the aggregate count (sum of forward and backward).

raise-threshold

Specifies the rising threshold that determines when the event is to be generated, when value reached.

Values

1 to 864000

clear-threshold

Specifies an optional value used for stateful behavior that allows the operator to configure a percentage of loss value lower than the rising percentage to indicate when the clear event should be generated.

Values

0 to 863999

A value of zero means that the undetermined availability counter must be 0.

Platforms

7705 SAR Gen 2

Context

[Tree] (candidate undo)

Full Context

candidate undo

Description

This command removes the most recent change(s) done to the candidate. The changes can be reapplied using the redo command. All undo or redo history is lost when the operator exits the edit-cfg mode. Undo can not be used to recover a candidate that has been discarded with candidate discard.

An undo command is blocked if another user has made changes in the same CLI branches that would be impacted during the undo.

Parameters

count

Specifies the number of previous changes to remove.

Values

1 to 50

Default

1

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>keychain>direction uni)

Full Context

configure system security keychain direction uni

Description

This command configures keys for send or receive stream directions.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>rip>group>neighbor unicast-address)

Full Context

configure service vprn rip group neighbor unicast-address

Description

This command configures the unicast IPv4 address, RIP updates messages will be sent to if the RIP send command is set to send unicast.

Multiple unicast-address entries can be configured, in which case unicast messages will be sent to each configured unicast IPv4 address.

The no form of this command deletes the specified IPv4 unicast address from the configuration.

Parameters

ip-address

Specifies the unicast IPv4 address in a.b.c.d format.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>ripng>group>neighbor unicast-address)

Full Context

configure service vprn ripng group neighbor unicast-address

Description

This command configures the unicast IPv6 address, RIPng updates messages will be sent to if the RIPng send command is set to send unicast.

Multiple unicast-address entries can be configured, in which case unicast messages will be sent to each configured unicast IPv6 address.

The no form of this command deletes the specified IPv6 unicast address from the configuration.

Parameters

ipv6-address

Specifies the unicast IPv6 address.

Values

ipv6-address	x:x:x:x:x:x:x:x (eight 16-bit pieces)
	x:x:x:x:x:x:d.d.d.d
	x [0 to FFFF]H
	d [0 to 255]D

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ripng>group>neighbor unicast-address)

[Tree] (config>router>rip>group>neighbor unicast-address)

Full Context

configure router ripng group neighbor unicast-address

configure router rip group neighbor unicast-address

Description

This command configures the unicast IPv6 address that RIP and RIPng update messages will be sent to if the send command is set to send unicast.

Multiple unicast-address entries can be configured, in which case unicast messages will be sent to each configured unicast IPv6 address.

The no form of the command deletes the specified IPv6 unicast address from the configuration.

Parameters

ipv6-address

Specifies the IPv6 unicast address to which unicast RIP or RIPng updates should be sent.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>isis unicast-import-disable)

Full Context

configure service vprn isis unicast-import-disable

Description

This command allows one IGP to import its routes into RPF RTM while another IGP imports routes only into the unicast RTM. Import policies can redistribute routes from an IGP protocol into the RPF RTM (the multicast routing table). By default, the IGP routes will not be imported into RPF RTM as such an import policy must be explicitly configured.

Default

no unicast-import-disable

Parameters

ipv4

Allows importation of IPv4 routes only.

ipv6

Allows importation of IPv6 routes only.

both

Allows importation of both IPv4 and IPv6 routes.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>ospf unicast-import-disable)

Full Context

configure service vprn ospf unicast-import-disable

Description

This command allows one IGP to import its routes into RPF RTM while another IGP imports routes only into the unicast RTM.

Import policies can redistribute routes from an IGP protocol into the RPF RTM (the multicast routing table). By default, the IGP routes will not be imported into RPF RTM as such an import policy must be explicitly configured

Default

no unicast-import-disable

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis unicast-import-disable)

Full Context

configure router isis unicast-import-disable

Description

This command allows one IGP to import its routes into RPF RTM while another IGP imports routes only into the unicast RTM.

Import policies can redistribute routes from an IGP protocol into the RPF RTM (the multicast routing table). By default, the IGP routes are not imported into RPF RTM, thus, an import policy must be explicitly configured.

Default

no unicast-import-disable both

Parameters

ipv4

Allows importation of IPv4 routes only.

ipv6

Allows importation of IPv6 routes only.

both

Allows importation of both IPv4 and IPv6 routes.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ospf unicast-import-disable)

[Tree] (config>router>ospf3 unicast-import-disable)

Full Context

configure router ospf unicast-import-disable

configure router ospf3 unicast-import-disable

Description

This command allows one IGP to import its routes into RPF RTM while another IGP imports routes only into the unicast RTM. Import policies can redistribute routes from an IGP protocol into the RPF RTM (the multicast routing table). By default, the IGP routes are not imported into RPF RTM as such an import policy must be explicitly configured.

Default

no unicast-import-disable

Platforms

7705 SAR Gen 2

Context

[Tree] (config>filter>redirect-policy>dest unicast-rt-test)

Full Context

configure filter redirect-policy destination unicast-rt-test

Description

This command configures a unicast route test for this destination. A destination is eligible for redirect if a valid unicast route to that destination exists in the routing instance specified by config>filter>redirect-policy>router. The unicast route test is mutually exclusive with other redirect-policy test types.

The test cannot be configured if no router is configured for this redirect policy.

The no form of the command disables the test.

Default

no unicast-rt-test

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>proxy-arp unknown-arp-request-flood-evpn)

Full Context

configure service vpls proxy-arp unknown-arp-request-flood-evpn

Description

This command controls whether unknown ARP-requests are flooded into the EVPN network. By default, the system floods ARP-requests, including EVPN (with source squelching), if there is no active proxy-arp entry for the requested IP.

The no form of the command will only flood to local SAPs/SDP-bindings and not to EVPN destinations.

Default

unknown-arp-request-flood-evpn

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>bgp-evpn unknown-mac-route)

Full Context

configure service vpls bgp-evpn unknown-mac-route

Description

This command enables the advertisement of the unknown-mac-route in BGP. This will be coded in an EVPN MAC route where the MAC address is zero and the MAC address length 48. By using this unknown-mac-route advertisement, the user may decide to optionally turn off the advertisement of MAC addresses learned from SAPs and SDP-bindings, hence reducing the control plane overhead and the size of the FDB tables in the data center. All the receiving NVEs supporting this concept will send any unknown-unicast packet to the owner of the unknown-mac-route, as opposed to flooding the unknown-unicast traffic to all other nodes part of the same VPLS. Although the 7705 SAR Gen 2 can be configured to generate and advertise the unknown-mac-route, the router will never honor the unknown-mac-route and will flood to the vpls flood list when an unknown-unicast packet arrives to an ingress SAP/SDP-binding.

Use of the unknown-mac-route is only supported for BGP-EVPN VXLAN.

Default

no unknown-mac-route

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>pcep>pcc unknown-message-rate)

Full Context

configure router pcep pcc unknown-message-rate

Description

This command configures the maximum rate of unknown messages which can be received on a PCEP session.

When the rate of received unrecognized or unknown messages reaches the configured limit, the PCEP speaker closes the session to the peer.

The no form of the command returns the unknown message rate to the default value.

Default

unknown-message-rate 10

Parameters

integer

the rate of unknown messages, in messages per minute

Values

1 to 255

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>proxy-nd unknown-ns-flood-evpn)

Full Context

configure service vpls proxy-nd unknown-ns-flood-evpn

Description

This command controls whether unknown Neighbor Solicitation messages are flooded into the EVPN network. By default, the system floods NS (with source squelching) to SAPs/SDP-bindings including EVPN, if there is no active proxy-nd entry for the requested IPv6.

The no form of the command will only flood to local SAPs/SDP-bindings but not to EVPN destinations.

Default

unknown-ns-flood-evpn

Platforms

7705 SAR Gen 2

Context

[Tree] (config>qos>sap-ingress>fc unknown-policer)

Full Context

configure qos sap-ingress fc unknown-policer

Description

Within a sap-ingress QoS policy forwarding class context, the unknown-policer command is used to map packets that match the forwarding class and are considered unknown in nature to the specified policer-id. The specified policer-id must already exist within the sap-ingress QoS policy. While the system is determining the forwarding class of a packet, it is also looking up its forwarding destination based on the ingress service type and the service instance forwarding records. If the service type is VPLS and the destination MAC address is unicast, but the MAC has not been learned and populated within the VPLS services FDB, the packet is classified into the unknown forwarding type.

Unknown forwarding type packets are mapped to either an ingress multipoint queue (using the unknown queue-id or unknown queue-id group ingress-queue-group commands) or an ingress policer (unknown-policer policer-id). The unknown and unknown-policer commands within the forwarding class context are mutually exclusive. By default, the unknown forwarding type is mapped to the SAP ingress default multipoint queue. If the unknown-policer policer-id command is executed, any previous policer mapping or queue mapping for the unknown forwarding type within the forwarding class is overridden if the policer mapping is successful.

A policer defined within the sap-ingress policy is not actually created on an ingress SAP or a subscriber using an sla-profile where the policy is applied until at least one forwarding type (unicast, broadcast, unknown, or multicast) from one of the forwarding classes is mapped to the policer. If insufficient policer resources exist to create the policer for a SAP or subscriber or multiservice site, or ingress policing is not supported on the port associated with the SAP or subscriber or multiservice site, the initial forwarding class forwarding type mapping will fail.

The unknown-policer command is ignored for instances of the policer applied to SAPs or subscribers’ multiservice site where unknown packets are not supported.

When the unknown forwarding type within a forwarding class is mapped to a policer, the unknown packets classified to the subclasses within the forwarding class are also mapped to the policer.

The no form of this command is used to restore the mapping of the unknown forwarding type within the forwarding class to the default multipoint queue. If all forwarding class forwarding types had been removed from the default multipoint queue, the queue will not exist on the SAPs or subscriber or multiservice site associated with the QoS policy and the no broadcast-policer command will cause the system to attempt to create the default multipoint queue on each object. If the system cannot create the queue on each instance, the no unknown-policer command will fail and the unknown forwarding type within the forwarding class will continue its mapping to the existing policer-id. If the no unknown-policer command results in a policer without any current mappings, the policer will be removed from the SAPs and subscribers associated with the QoS policy. All statistics associated with the policer on each SAP and subscriber will be lost.

Parameters

policer-id

When the forwarding class unknown-policer command is executed, a valid policer-id must be specified. The parameter policer-id references a policer-id that has already been created within the sap-ingress QoS policy.

Values

1 to 63

fp-redirect-group

Redirects a forwarding class to a forwarding plane queue-group as specified in a SAP QoS policy.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>qos>sap-ingress>fc unknown-queue)

Full Context

configure qos sap-ingress fc unknown-queue

Description

This command overrides the default unknown unicast forwarding type queue mapping for fc fc-name. The specified queue-id must exist within the policy as a multipoint queue before the mapping can be made. When the forwarding class mapping is executed, all unknown traffic on a SAP using this policy is forwarded using the queue-id.

The unknown forwarding type usually tracks the multicast forwarding type definition. This command overrides that default behavior.

The no form of this command sets the unknown forwarding type queue-id back to the default of tracking the multicast forwarding type queue mapping.

Parameters

queue-id

Specifies an existing multipoint queue defined in the config>qos>sap-ingress context.

Values

Any valid multipoint queue-id in the policy including 2 through 32.

Default

11

group queue-group-name

This optional parameter is used to redirect the forwarding type within the forwarding class to the specified queue-id within the queue-group-name. When the policy is applied, all packets matching the forwarding class and forwarding type will be redirected to the queue within the specified queue group. The queue-group-name are configured in the config>qos>queue-group-templates egress and ingress contexts.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if unnumbered)

Full Context

configure service ies interface unnumbered

Description

This command configures the interface as an unnumbered interface. Unnumbered IP interfaces are supported on a SONET/SDH access port with the PPP, ATM, Frame Relay, cisco-HDLC encapsulation. It is not supported on access ports that do not carry IP traffic, but are used for native TDM circuit emulation.

Parameters

ip-int-name

Specifies the name of an IP interface. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

ip-address

Specifies an IP address.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if unnumbered)

Full Context

configure service ies interface unnumbered

Description

This command configures the interface as an unnumbered interface. Unnumbered IP interfaces are supported on a SONET/SDH access port with the PPP, ATM, Frame Relay, cisco-HDLC encapsulation. It is not supported on access ports that do not carry IP traffic, but are used for native TDM circuit emulation.

Parameters

ip-int-name

Specifies the name of an IP interface. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes.

ip-address

Specifies an IP address.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>if unnumbered)

Full Context

configure service vprn interface unnumbered

Description

This command configures the interface as an unnumbered interface. An unnumbered IP interface is supported on a SONET/SDH access port with the PPP, ATM, Frame Relay, cisco-HDLC encapsulation. It is not supported on access ports that do not carry IP traffic, but are used for native TDM circuit emulation.

Parameters

ip-int-name

Specifies the name of an IP interface. If the string contains special characters (#, ?, space), the entire string must be enclosed between double quotes.

ip-address

Specifies an IP address.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>if unnumbered)

Full Context

configure service vprn interface unnumbered

Description

This command configures the interface as an unnumbered interface. An unnumbered IP interface is supported on a SONET/SDH access port with the PPP, ATM, Frame Relay, cisco-HDLC encapsulation. It is not supported on access ports that do not carry IP traffic, but are used for native TDM circuit emulation.

Parameters

ip-int-name

Specifies the name of an IP interface. If the string contains special characters (#, ?, space), the entire string must be enclosed between double quotes.

ip-address

Specifies an IP address.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>if unnumbered)

Full Context

configure router interface unnumbered

Description

This command sets an IP interface as an unnumbered interface and specifies the IP address to be used for the interface.

To conserve IP addresses, unnumbered interfaces can be configured. The address used when generating packets on this interface is the ip-addr parameter configured.

An error message will be generated if an unnumbered interface is configured, and an IP address already exists on this interface.

The no form of this command removes the IP address from the interface, effectively removing the unnumbered property. The interface must be shutdown before no unnumbered is issued to delete the IP address from the interface, or an error message will be generated.

Default

no unnumbered

Parameters

ip-int-name | ip-address

Optional. Specifies the IP address or IP interface name to associate with the unnumbered IP interface in dotted decimal notation. The configured IP address must exist on this node. It is recommended to use the system IP address as it is not associated with a specific interface and is therefore always reachable. The system IP address is the default if no ip-addr or ip-int-name is configured.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>if>ipv6>icmp6 unreachables)

[Tree] (config>service>vprn>if>icmp unreachables)

[Tree] (config>service>vprn>nw-if>icmp unreachables)

[Tree] (config>service>ies>if>icmp unreachables)

Full Context

configure service vprn interface ipv6 icmp6 unreachables

configure service vprn interface icmp unreachables

configure service vprn network-interface icmp unreachables

configure service ies interface icmp unreachables

Description

This command configures the rate for ICMP host and network destination unreachable messages issued on the router interface.

The unreachables command enables the generation of ICMP destination unreachables on the router interface. The rate at which ICMP unreachables is issued can be controlled with the optional number and seconds parameters by indicating the maximum number of destination unreachable messages which can be issued on the interface for a given time interval.

By default, generation of ICMP destination unreachables messages is enabled at a maximum rate of 100 per 10 second time interval.

The no form of this command disables the generation of ICMP destination unreachable messages on the router interface and reverts to the default values.

Default

unreachables 100 10

Parameters

number

Specifies the maximum number of ICMP unreachable messages to send. This parameter must be specified with the seconds parameter.

Values

10 to 2000

seconds

Specifies the time frame, in seconds, used to limit the number of ICMP unreachable messages that can be issued.

Values

1 to 60

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if>ipv6>icmp6 unreachables)

Full Context

configure service ies interface ipv6 icmp6 unreachables

Description

This command specifies that ICMPv6 host and network unreachable messages are generated by this interface.

When disabled, ICMPv6 host and network unreachable messages are not sent.

The no form of this command reverts to the default.

Default

unreachables 100 10

Parameters

number

Specifies the number of destination unreachable ICMPv6 messages are issued in the time frame specified by the seconds parameter.

Values

10 to 2000

seconds

Specifies the time frame, in seconds, that is used to limit the number of destination unreachable ICMPv6 messages to be issued.

Values

1 to 60

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>if>icmp unreachables)

Full Context

configure router interface icmp unreachables

Description

This command enables and configures the rate for ICMP host and network destination unreachable messages issued on the router interface.

The unreachables command enables the generation of ICMP destination unreachables on the router interface. The rate at which ICMP unreachables is issued can be controlled with the optional number and seconds parameters by indicating the maximum number of destination unreachable messages that can be issued on the interface for a given time interval.

By default, generation of ICMP destination unreachables messages is enabled at a maximum rate of 100 per 10 second time interval.

The no form of this command disables the generation of ICMP destination unreachables on the router interface.

Default

unreachables 100 10 — Maximum of 100 unreachable messages in 10 seconds.

Parameters

number

The maximum number of ICMP unreachable messages to send, expressed as a decimal integer. The seconds parameter must also be specified.

Values

10 to 2000

seconds

The time frame, in seconds, used to limit the number of ICMP unreachable messages that can be issued, expressed as a decimal integer.

Values

1 to 60

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>if>ipv6>icmp6 unreachables)

Full Context

configure router interface ipv6 icmp6 unreachables

Description

This command configures the rate for ICMPv6 unreachable messages. When enabled, ICMPv6 host and network unreachable messages are generated by this interface.

The no form of this command disables the generation of ICMPv6 host and network unreachable messages by this interface.

Default

unreachables 100 10 (when IPv6 is enabled on the interface)

Parameters

number

Determines the number destination unreachable ICMPv6 messages to issue in the time frame specified in seconds parameter.

Values

10 to 2000

seconds

Sets the time frame, in seconds, to limit the number of destination unreachable ICMPv6 messages issued per time frame.

Values

1 to 60

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>if untrusted)

Full Context

configure router interface untrusted

Description

This command configures the state of untrusted for a network IP interface.

The untrusted state identifies the participating interfaces in the label security feature for prefixes of a VPN family at an inter-AS boundary. The router supports a maximum of 15 network interfaces that can participate in this feature.

The user normally applies this command to an inter-AS interface. PIP keeps track of the untrusted status of each interface. In the data path, such an interface causes the default forwarding to be set to the default-forwarding value.

For backward compatibility reasons, the interface default-forwarding is set to the forward value; this means that labeled packets are checked in the normal way against the table of programmed ILMs to decide if they should be dropped or forwarded in a GRT, a VRF, or a L2 service context.

If the user sets the default-forwarding value to drop, all labeled packets received on that interface are automatically dropped.

This command sets the default behavior for an untrusted interface in the data path and for all ILMs. When enabling the label security for VPN IPv4 or VPN IPv6 prefixes, BGP programs the data path to provide an exception to the normal way of forwarding handling away from the default for those VPRN ILMs.

The no form of this command returns the interface into the default state of trusted.

Default

no untrusted

Parameters

default-forwarding

Specifies the default forwarding behavior of labeled packets received on this interface.

Values

forward, drop

Default

forward

Platforms

7705 SAR Gen 2

Context

[Tree] (file unzip)

Full Context

file unzip

Description

This command expands the contents of a ZIP file to the local file system. Any file that is zipped using the store, deflate, or zip64 compression methods can be unzipped. The source ZIP file location can be a locally installed solid-state storage device or a remote FTP or TFTP server. Files can only be unzipped to the active CPM.

Parameters

source-file-url, dest-file-url

Specifies the source or destination file URL.

Values

local-url	[cflash-id/]file-path
	200 chars max, including cflash-id
	directory length 99 chars max each
remote-url	{ftp | tftp}://[login:pswd@]
	remote-locn / [file-path]
	247 chars max, file-path 199 chars max
remote-locn	{hostname | ipv4-address | "["ipv6-address"]" }[:port]|
ipv4-address:	a.b.c.d
ipv6-address:	x:x:x:x:x:x:x:x[-interface]
	x:x:x:x:x:x:d.d.d.d[-interface]
	x: [0 to FFFF]H
	d: [0 to 255]D
	interface - 32 characters max, for link local addresses
port	[0 to 65535]
cflash-id	cf1: | cf1-A: | cf2: | cf2-A: | cf3: | cf3-A:

create-destination

Specifies that a non-existent directory structure that is explicitly entered as the destination file URL is created as part of the unzip operation. This parameter is required to create new directories.

list

Lists the content of the ZIP file without performing the unzip operation.

force

Overwrites without prompting, any file or directory contained within the ZIP file that already exists in the destination URL. This keyword does not automatically create new directories explicitly specified by dest-file-url. To create these directories, use the create-destination flag.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if>hold-time up)

[Tree] (config>service>vprn>nw-if>hold-time up)

[Tree] (config>service>vprn>if>hold-time up)

[Tree] (config>service>vpls>if>hold-time up)

Full Context

configure service ies interface hold-time up

configure service vprn network-interface hold-time up

configure service vprn interface hold-time up

configure service vpls interface hold-time up

Description

This command causes a delay in the deactivation of the associated IP interface by the specified number of seconds. The delay is invoked whenever the system attempts to bring the associated IP interface down.

The no form of this command removes the command from the active configuration and removes the delay in deactivating the associated IP interface. If the configuration is removed during a delay period, the currently running delay will continue until it expires.

Default

no up ip

Parameters

seconds

The time delay, in seconds, to make the interface operational.

Values

1 to 1200

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis>upa upa-lifetime)

Full Context

configure router isis prefix-unreachable upa-lifetime

Description

This command configures the amount of time a UPA is advertised.

The no form of this command reverts to the default.

Default

180

Parameters

upa-lifetime

Specifies the amount of time, in seconds, the UPA is advertised.

Values

30 to 1800

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>isis>upa upa-metric)

Full Context

configure router isis prefix-unreachable upa-metric

Description

This command configures a specific metric to an advertised UPA.

The no form of this command reverts to the default.

Default

4261412865

Parameters

upa-metric

Specifies the metric to an advertised UPA.

Values

4261412865 to 4294967294

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>bgp update)

Full Context

debug router bgp update

Description

This command decodes and logs all sent and received update messages in the debug log.

The no form of this command disables debugging.

Parameters

neighbor ip-address

Debugs only events affecting the specified BGP neighbor.

Values

ipv4-address:

• a.b.c.d (host bits must be 0)

ipv6-address:

• x:x:x:x:x:x:x:x [-interface] (eight 16-bit pieces)

• x:x:x:x:x:x:d.d.d.d [-interface]

• x: [0 to FFFF]H

• d: [0 to 255]D

• interface: up to 32 characters for link local addresses

group name

Debugs only events affecting the specified peer group name, up to 64 characters, and associated neighbors.

Platforms

7705 SAR Gen 2

Output

The following output is an example of debug router BGP update information.

debug router bgp update

17 2022/05/04 17:39:07.566 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.4
"Peer 1: 192.0.2.4: UPDATE
Peer 1: 192.0.2.4 - Received BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 76
    Flag: 0x90 Type: 14 Len: 32 Multiprotocol Reachable NLRI:
        Address Family L2VPN
        NextHop len 4 NextHop 192.0.2.4
        [VPLS/VPWS] preflen 21, veid: 4, vbo: 5, vbs: 1, label-base: 524252, RD 
192.0.2.4:801, csv: 0x00000000, type 1, len 1, 
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x80 Type: 4 Len: 4 MED: 0
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0xc0 Type: 16 Len: 16 Extended Community:
        target:64500:801
        l2-vpn/vrf-imp:Encap=5: Flags=-TRC: MTU=1514: PREF=0

158 2022/05/10 08:05:21.767 UTC MINOR: DEBUG #2001 Base Peer 1: 2001:db8::2
"Peer 1: 2001:db8::2: UPDATE
Peer 1: 2001:db8::2 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 81
    Flag: 0x90 Type: 14 Len: 36 Multiprotocol Reachable NLRI:
        Address Family EVPN
        NextHop len 4 NextHop 192.0.2.5
        Type: EVPN-AD Len: 25 RD: 192.0.2.5:201 ESI: ESI-0, tag: 5 Label: 838804
8 (Raw Label: 0x7ffdd0) PathId:
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0xc0 Type: 16 Len: 24 Extended Community:
        target:64500:201
        l2-attribute:MTU: 1514 C: 1 F: 1 P: 0 B: 0
        bgp-tunnel-encap:MPLS
"

367 2022/05/10 08:04:47.560 UTC MINOR: DEBUG #2001 Base Peer 1: 2001:db8::5
"Peer 1: 2001:db8::5: UPDATE
Peer 1: 2001:db8::5 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 77
    Flag: 0x90 Type: 14 Len: 28 Multiprotocol Reachable NLRI:
        Address Family EVPN
        NextHop len 4 NextHop 192.0.2.2
        Type: EVPN-INCL-MCAST Len: 17 RD: 192.0.2.2:500, tag: 0, orig_addr len: 
32, orig_addr: 192.0.2.2 
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0xc0 Type: 16 Len: 16 Extended Community:
        target:64500:500
        l2-attribute:MTU: 1514 C: 1 F: 1 P: 0 B: 0
        bgp-tunnel-encap:MPLS
    Flag: 0xc0 Type: 22 Len: 9 PMSI:
        Tunnel-type Ingress Replication (6)
        Flags: (0x0)[Type: None BM: 0 U: 0 Leaf: not required]
        MPLS Label 8388512
        Tunnel-Endpoint 192.0.2.2

2840 2024/09/04 18:22:17.332 UTC MINOR: DEBUG #2001 Base Peer 1: 2001:db8::1
"Peer 1: 2001:db8::1: UPDATE
Peer 1: 2001:db8::1 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 93
    Flag: 0x90 Type: 14 Len: 48 Multiprotocol Reachable NLRI:
        Address Family EVPN
        NextHop len 16 Global NextHop 2001:db8::2
        Type: EVPN-AD Len: 25 RD: 192.0.2.2:500 ESI: 01:66:00:00:00:00:00:00:00:
00, tag: 23 Label: 8388416 (Raw Label: 0x7fff40) PathId:
    Flag: 0x40 Type: 1 Len: 1 Origin: 0
    Flag: 0x40 Type: 2 Len: 0 AS Path:
    Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
    Flag: 0xc0 Type: 16 Len: 24 Extended Community:
        target:64500:500
        l2-attribute:MTU: 1514 V: Double-VID M: Default F: 1 C: 1 P: 1 B: 0
        bgp-tunnel-encap:MPLS
"

Context

[Tree] (config>service>vprn>bgp>group>neighbor>error-handling update-fault-tolerance)

[Tree] (config>service>vprn>bgp>group>error-handling update-fault-tolerance)

[Tree] (config>service>vprn>bgp>error-handling update-fault-tolerance)

Full Context

configure service vprn bgp group neighbor error-handling update-fault-tolerance

configure service vprn bgp group error-handling update-fault-tolerance

configure service vprn bgp error-handling update-fault-tolerance

Description

This command enables treat-as-withdraw and other similarly non-disruptive approaches for handling a wide range of UPDATE message errors, as long as there are no length errors that prevent all of the NLRI fields from being correctly identified and parsed.

Default

no update-fault-tolerance

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>group>neighbor>error-handling update-fault-tolerance)

[Tree] (config>router>bgp>group>error-handling update-fault-tolerance)

[Tree] (config>router>bgp>error-handling update-fault-tolerance)

Full Context

configure router bgp group neighbor error-handling update-fault-tolerance

configure router bgp group error-handling update-fault-tolerance

configure router bgp error-handling update-fault-tolerance

Description

This command enables treat-as-withdraw and other similarly non-disruptive approaches for handling a wide range of UPDATE message errors, as long as there are no length errors that prevent all of the NLRI fields from being correctly identified and parsed.

Default

no update-fault-tolerance

Platforms

7705 SAR Gen 2

Context

[Tree] (config>ipsec>rad-acct-plcy update-interval)

Full Context

configure ipsec radius-accounting-policy update-interval

Description

This command enables the system to send RADIUS interim-update packets for IKEv2 remote-access tunnels. The RADIUS attributes in the interim-update packet are the same as acct-start. The value of the Acct-status-type in the interim-update message is 3.

Default

update-interval 10

Parameters

minutes

Specifies the interval in minutes.

Values

5 to 259200

seconds

Specifies the jitter as the number of seconds when the system sends each interim-update packet.

Values

0 to 3600

Platforms

7705 SAR Gen 2

Context

[Tree] (admin>system>security>secure-boot update-key)

Full Context

admin system security secure-boot update-key

Description

This command updates secure boot keys.

Parameters

cpm-slot

Specifies the CPM slot.

Values

A,B

cpm-serial-number

Specifies the CPM serial number, up to 256 characters.

code

Specifies the signed software confirmation code, up to 32 characters.

file-url

Specifies the URL for the software image.

Values

[local-url | remote-url] (up to 180 characters)

where:

• local-url — [cflash-id/] [file-path]

  180 chars max, including cflash-id

  directory length 99 chars max each

• remote-url — [{ftp://| tftp://} login:pswd@remote-locn/][ file-path]

  180 chars max

  directory length 99 chars max each

  where: remote-locn — [hostname | ipv4-address | ipv6-address]

ipv4-address	a.b.c.d
ipv6-address	x:x:x:x:x:x:x:x[-interface]
	x:x:x:x:x:x:d.d.d.d[-interface]
	x - [0..FFFF]H
	d - [0..255]D
	interface - 32 chars max, for link
	local addresses
cflash-id	cf1:| cf1-A:| cf1-B:| cf2:| cf2-A:| cf2-B:| cf3:| cf3-A:| cf3-B:

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>rsvp>te-threshold-update update-timer)

Full Context

configure router rsvp te-threshold-update update-timer

Description

This command is to control timer-based IGP TE updates. Timer-based IGP updates can be enabled by specifying a non-zero time value. Default value of update-timer is 0.

The no form of this command should reset update-timer to the default value and disable timer-based IGP update.

Default

no update-timer

Parameters

seconds

Specifies the time in seconds.

Values

0 to 300

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>rip updates)

Full Context

debug router rip updates

Description

This command enables debugging for RIP updates.

Parameters

ip-int-name | ip-address

Debugs the RIP updates sent on the neighbor IP address or interface.

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>ripng updates)

Full Context

debug router ripng updates

Description

This command enables debugging for RIP updates.

Parameters

ip-int-name| ipv6-address

Debugs the RIP updates sent on the neighbor IP address or interface.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>nat>outside upstream-ip-filter)

[Tree] (config>service>vprn>nat>outside upstream-ip-filter)

Full Context

configure router nat outside upstream-ip-filter

configure service vprn nat outside upstream-ip-filter

Description

This command configures the ip-filter for upstream traffic. This filter is applied to the upstream traffic after the NAT function and before it enters the outside virtual router instance; it is useful for traffic that bypasses the ingress filters applied in the inside virtual router instance, such as DS-Lite traffic.

Default

no upstream-ip-filter

Parameters

filter-id

Specifies the identifier of an IP filter.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>pki>ca-prof>auto-crl-update>crl-urls>url-entry url)

Full Context

configure system security pki ca-profile auto-crl-update crl-urls url-entry url

Description

This command specifies the HTTP URL of the CRL file for the url-entry. The system supports both IPv4 and IPv6 HTTP connections.

Default

no url

Parameters

url

Specifies the URL, which specifies the location, where an updated CRL can be downloaded from.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>pki>ca-profile>cmpv2 url)

Full Context

configure system security pki ca-profile cmpv2 url

Description

This command specifies HTTP URL of the CMPv2 server. The URL must be unique across all configured ca-profiles.

The URL is resolved by the DNS server configured (if configured) in the corresponding router context.

If the service-id is 0 or omitted, then system tries to resolve the FQDN via DNS server configured in bof.cfg. After resolution, the system connects to the address in the management routing instance first, then the base routing instance.

Parameters

url-string

Specifies the HTTP URL of the CMPv2 server, up to 180 characters.

service-id service-id

Specifies the service instance that used to reach CMPv2 server.

This variant of this command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic). The url url-string service-name service-name variant can be used in all configuration modes.

Values

service-id: 1 to 2147483647 base-router: 0

service-name service-name

Identifies the service, up to 64 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>pki>ca-prof>auto-crl-update>crl-urls url-entry)

Full Context

configure system security pki ca-profile auto-crl-update crl-urls url-entry

Description

This command creates a new crl-url entry with the create parameter, or enters an existing url-entry configuration context without create parameter.

The no form of this command removes the specified entry.

Parameters

entry-id

Specifies a URL configured on this system.

Values

1 to 8

create

Creates an auto URL entry.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if urpf-check)

[Tree] (config>service>vprn>if urpf-check)

[Tree] (config>service>vprn>if>ipv6 urpf-check)

[Tree] (config>service>vprn>nw-if urpf-check)

[Tree] (config>service>ies>if>ipv6 urpf-check)

Full Context

configure service ies interface urpf-check

configure service vprn interface urpf-check

configure service vprn interface ipv6 urpf-check

configure service vprn network-interface urpf-check

configure service ies interface ipv6 urpf-check

Description

This command enables unicast RPF (uRPF) check on this interface.

The no form of this command disables unicast RPF (uRPF) Check on this interface.

Default

no urpf-check

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>network>ingress urpf-check)

Full Context

configure service vprn network ingress urpf-check

Description

This command enables the unicast RPF (uRPF) check of network ingress traffic to include traffic associated with the VPRN if the incoming network interface is configured with the urpf-selected-vprns command

If the command is not configured, then traffic associated with this VPRN that arrives on a network interface with urpf-selected-vprns configured bypasses the uRPF checking options specified for that network interface.

Default

no urpf-check

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>if urpf-check)

[Tree] (config>router>if>ipv6 urpf-check)

Full Context

configure router interface urpf-check

configure router interface ipv6 urpf-check

Description

This command enables unicast RPF (uRPF) Check on this interface.

The no form of this command disables unicast RPF (uRPF) Check on this interface.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>if urpf-selected-vprns)

Full Context

configure router interface urpf-selected-vprns

Description

This command enables uRPF checking of incoming traffic on the network interface for the following packets.

• Packets associated with the global routing table (base router) context.

• Packets associated with VPRNs that have enabled the uRPF check using the config>service>vprn>network> ingress>urpf-check command.

If the command is not configured, the default action is to perform uRPF checks for all ingress traffic on the network interface (associated with the base router and all VPRNs) based on the IPv4 and IPv6 urpf-check configuration options of the network interface.

Default

no urpf-selected-vprns

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if>dhcp use-arp)

[Tree] (config>service>vprn>if>dhcp use-arp)

Full Context

configure service ies interface dhcp use-arp

configure service vprn interface dhcp use-arp

Description

This command enables the use of ARP to determine the destination hardware address.

The no form of this command disables the use of ARP to determine the destination hardware address.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>bgp>next-hop-res use-bgp-routes)

Full Context

configure service vprn bgp next-hop-resolution use-bgp-routes

Description

This command enables the use of BGP routes to resolve BGP next hops. When this command is enabled, any unlabeled IPv4 or IPv6 BGP route received from a VPRN BGP peer becomes resolvable by up to four other BGP routes in order to resolve the route to a VPRN IP interface.

This command also allows unlabeled IPv4 or IPv6 BGP routes leaked from the GRT with unresolved next hops (in the GRT) to be resolvable by BGP-VPN routes (of the VPRN).

The no form of this command reverts to the default behavior. By default, a VPRN BGP route is not resolvable by another VPRN BGP route or by a BGP-VPN route.

Default

no use-bgp-routes

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>next-hop-res use-bgp-routes)

Full Context

configure router bgp next-hop-resolution use-bgp-routes

Description

This command specifies whether to use BGP routes to recursively resolve the BGP next-hop of unlabeled IPv4 and unlabeled IPv6 routes. Up to four levels of recursion are supported.

The no form of this command reverts to the default behavior. By default, a BGP route is not resolvable by another BGP route.

Default

no use-bgp-routes

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>next-hop-res>lbl-routes use-bgp-routes)

Full Context

configure router bgp next-hop-resolution labeled-routes use-bgp-routes

Description

Commands in this context configure labeled route options for next-hop resolution.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>aaa>rmt-srv>tacplus use-default-template)

[Tree] (config>system>security>tacplus use-default-template)

Full Context

configure service vprn aaa remote-servers tacplus use-default-template

configure system security tacplus use-default-template

Description

This command specifies whether the user-template tacplus_default is actively applied to the
TACACS+ user. When enabled, some parameters of the user-template tacplus_default are actively applied to all users that authenticate via TACACS+. See the user-template tacplus_default command for more details.

When disabled, the parameters of the template are not applied to TACACS+ users, and TACACS+ users cannot connect to an SR OS router since the user access parameters are not available. In this case, TACACS+ can only be used for accounting.

Default

use-default-template

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>radius use-default-template)

[Tree] (config>service>vprn>aaa>rmt-srv>radius use-default-template)

Full Context

configure system security radius use-default-template

configure service vprn aaa remote-servers radius use-default-template

Description

This command specifies whether the RADIUS default user template is actively applied to the RADIUS user if no VSAs are returned with the auth-accept from the RADIUS server. When enabled, the radius_default user-template is actively applied if no VSAs are returned with the auth-accept from the RADIUS server and radius authorization is enabled.

The no form of this command disables the use of the RADIUS default template.

Default

no use-default-template

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>ldap use-default-template)

Full Context

configure system security ldap use-default-template

Description

This command specifies whether the default template is to be actively applied to LDAP users.

Default

use-default-template

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>dhcp>server use-gi-address)

[Tree] (config>service>vprn>dhcp>server use-gi-address)

Full Context

configure router dhcp local-dhcp-server use-gi-address

configure service vprn dhcp local-dhcp-server use-gi-address

Description

This command enables the use of gi-address matching. If the gi-address flag is enabled, a pool can be used even if a subnets is not found. If the local-user-db-name is not used, the gi-address flag is used and addresses are handed out by GI only. If a user must be blocked from getting an address the server maps to a local user database and configures the user with no address.

A pool can include multiple subnets. Since the GI is shared by multiple subnets in a subscriber interface the pool may provide IP addresses from any of the subnets included when the GI is matched to any of its subnets. This allows a pool to be created that represents a sub-int.

The no form of the reverts to the default.

Parameters

scope

Specifies if addresses are handed out for a certain subnet where the gi-address belongs to only or for all subnets part of the pool.

Values

subnet — Addresses are only handed out for the subnet where the gi-address is part.

pool — All subnets part of the pool which contain subnet where the gi-address is part of can hand out addresses.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>next-hop-res use-leaked-routes)

[Tree] (config>service>vprn>bgp>next-hop-res use-leaked-routes)

Full Context

configure router bgp next-hop-resolution use-leaked-routes

configure service vprn bgp next-hop-resolution use-leaked-routes

Description

Commands in this context configure the use of leaked static routes to resolve BGP next hops.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>dhcp6>server use-link-address)

[Tree] (config>router>dhcp6>server use-link-address)

Full Context

configure service vprn dhcp6 local-dhcp-server use-link-address

configure router dhcp6 local-dhcp-server use-link-address

Description

This command configures the local pool selection for IPv6 address or prefix assignment for the configured link-address under relay configuration. The selected pool will contain a prefix covering the link-address. The scope option defines the scope for the match. With scope subnet, the prefix or address selection is limited to the prefix in the pool that covers the link-address. With scope pool, all the prefixes in the selected pool are eligible for assignment.

The no form of the reverts to the default.

Default

scope subnet

Parameters

scope

Specifies the scope of the IP address selection.

Values

subnet — Specifies that the prefix or address selection is limited to the prefix in the pool that covers the link address.

pool — Specifies that all prefixes in the selected pool are eligible for assignment.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>dhcp>server use-pool-from-client)

[Tree] (config>service>vprn>dhcp>server use-pool-from-client)

Full Context

configure router dhcp local-dhcp-server use-pool-from-client

configure service vprn dhcp local-dhcp-server use-pool-from-client

Description

This command enables the use of the pool indicated by DHCP client. When enabled, the IP address pool to be used by this server is the pool is indicated by the vendor-specific sub-option 13 of the DHCP option 82. When disabled or if there is no sub-option 13 in the DHCP message, the pool selection falls back to the use-gi-address configuration.

The no form of this command disables the use of the pool indicated by DHCP client.

Parameters

delimiter

A single ASCII character specifies the delimiter of separating primary and secondary pool names in Option82 VSO.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>router-advert>if use-virtual-mac)

Full Context

configure service vprn router-advertisement interface use-virtual-mac

Description

This command enables sending router advertisement messages using the VRRP virtual MAC address, provided that the virtual router is currently the master.

If the virtual router is not the master, no router advertisement messages are sent.

The no form of this command disables sending router advertisement messages.

Default

no use-virtual-mac

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>router-advert>if use-virtual-mac)

Full Context

configure router router-advertisement interface use-virtual-mac

Description

This command enables sending router advertisement messages using the VRRP virtual MAC address, provided that the virtual router is currently the master.

If the virtual router is not the master, no router advertisement messages are sent.

The no form of this command disables sending router advertisement messages.

Default

no use-virtual-mac

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security user)

Full Context

configure system security user

Description

This command creates a local user and a context to edit the user configuration.

If a new user-name is entered, the user is created. When an existing user-name is specified, the user parameters can be edited.

When creating a new user and then entering the info command, the system displays a password in the output. This is expected behavior in the hash2 scenario. However, when using that user name, there will be no password required. The user can login to the system and then <ENTER> at the password prompt, the user will be logged in.

Unless an administrator explicitly changes the password, it will be null. The hashed value displayed uses the username and null password field, so when the username is changed, the displayed hashed value will change.

The no form of this command deletes the user and all configuration data. Users cannot delete themselves.

Parameters

user-name

Specifies the name of the user up to 32 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>dhcp>server user-db)

Full Context

configure router dhcp local-dhcp-server user-db

Description

This command configures a local user database for authentication.

The no form of this command reverts to the default.

Parameters

local-user-db-name

Specifies the name of a user database, up to 32 characters.

create

Keyword used to create the user database. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>dhcp6>server user-db)

[Tree] (config>router>dhcp6>server user-db)

Full Context

configure service vprn dhcp6 local-dhcp-server user-db

configure router dhcp6 local-dhcp-server user-db

Description

This command assigns a local user database for DHCP lease data lookup.

The no form of this command removes the configuration.

Default

no user-db

Parameters

local-user-db-name

Specifies the local user database name, up to 32 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>dhcp>server user-ident)

[Tree] (config>router>dhcp>server user-ident)

Full Context

configure service vprn dhcp local-dhcp-server user-ident

configure router dhcp local-dhcp-server user-ident

Description

This command configures the user identification method for the DHCPv4 server.

The no form of the reverts to the default.

Default

user-ident mac-circuit-id

Parameters

user-ident

Specifies the user identification method

Values

client-id — Specifies to use the DHCPv4 client identifier as the user identification method.

circuit-id — Specifies to use the circuit identifier of the DHCPv4 client as the user identification method.

mac — Specifies to use the MAC address of the DHCPv4 client as the user identification method.

mac-circuit-id — Specifies to use the MAC address and circuit identifier of the DHCPv4 client as the user identification method.

remote-id — Specifies to use the MAC address of the remote end as the user identification method.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>dhcp6>server user-ident)

[Tree] (config>service>vprn>dhcp6>server user-ident)

Full Context

configure router dhcp6 local-dhcp-server user-ident

configure service vprn dhcp6 local-dhcp-server user-ident

Description

This command configures the keys for identification of the DHCPv6 lease being held in the lease-database (for configured period after lease timeout). Subscriber requesting a lease via DHCPv6 that matches an existing lease based on this configured key is handed the matched prefix or address. This allows address and prefix "stickiness” for DHCPv6 assigned prefixes (IA_NA or PD).

The no form of the reverts to the default.

Default

user-ident duid

Parameters

user-ident

Specifies the user identification method.

Values

duid — Specifies the IPv6 DHCP unique identifier from DHCPv6.

interface-id — Specifies the IPv6 interface-id option.

interface-id-link-local — Specifies the interface-id and link-local address.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls user-srlg-db)

Full Context

configure router mpls user-srlg-db

Description

This command enables the use of CSPF by the user SRLG database. When the MPLS module makes a request to CSPF for the computation of an SRLG secondary path, CSPF will query the local SRLG and compute a path after pruning links that are members of the SRLG IDs of the associated primary path. When MPLS makes a request to CSPF for an FRR bypass or detour path to associate with the primary path, CSPF queries the user SRLG database and computes a path after pruning links that are members of the SRLG IDs of the PLR outgoing interface.

If an interface was not entered into the user SRLG database, it is assumed that it does not have any SRLG membership. CSPF will not query the TE database for IGP advertised interface SRLG information.

The disable keyword disables the use of the user SRLG database. CSPF will then resume queries into the TE database for SRLG membership information. The user SRLG database is maintained.

Default

user-srlg-db disable

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security user-template)

Full Context

configure system security user-template

Description

This command configures default security user template parameters.

Parameters

tacplus_default

Specifies the default TACACS+ user template. All parameters of the tacplus_default template except the "profile” are actively applied to all TACACS+ users if tacplus use-default-template is enabled. The profile parameter is used for AAA command authorization if TACACS+ authorization is disabled, or if the TACACS+ server does not return a priv-lvl for a user when use-priv-lvl is enabled under tacplus authorization. See the tacplus authorization command for more details.

radius_default

Specifies the default RADIUS user template. The radius_default template is actively applied to a RADIUS user if radius authorization is enabled, radius use-default-template is enabled, and no VSAs are returned with the auth-accept from the RADIUS server.

ldap_default

Specifies the default LDAP user template.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>snmp usm-community)

Full Context

configure system security snmp usm-community

Description

This command is used to associate a community string with an SNMPv3 access group and its view. The access granted with a community string is restricted to the scope of the configured group.

Nokia’s SR OS implementation of SNMP uses SNMPv3. In order to implement SNMPv1 and SNMPv2c configurations, several access groups are predefined. In order to implement SNMP with security features (Version 3), security models, security levels, and USM communities must be explicitly configured. Optionally, additional views which specify more specific OIDs (MIB objects in the subtree) can be configured.

The no form of this command removes a community string.

Parameters

community-string

Specifies the SNMPv1/SNMPv2c community string to determine the SNMPv3 access permissions to be used. Allowed values are any string up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (for example, #, $, spaces), the entire string must be enclosed within double quotes.

group

Specifies the group that governs the access rights of this community string. This group must be configured first in the config>system>security>snmp> access group context. Nokia does not recommend associating a usm-community with an SNMP access group that is configured with the li (lawful intercept) context.

list-name

Specifies the usm-community to reference a specific src-access-list that will be used to validate the source IP address of all received SNMP requests that use this usm-community. Multiple community, usm-community, or vprn snmp community instances can reference the same src-access-list.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>port>ethernet util-stats-interval)

Full Context

configure port ethernet util-stats-interval

Description

This command configures the interval used to calculate the utilization statistics.

Port utilization statistics are only available for physical Ethernet ports on a host system. These statistics are not available for the following:

• Ethernet ports on an Ethernet satellite

• PXC ports

• vsm-cca-xp ports

Parameters

seconds

Specifies the size of the interval, in seconds.

Values

30 to 600

Default

300

Platforms

7705 SAR Gen 2