v Commands

Context

[Tree] (config>service>ies>if>vpls>egress v4-routed-override-filter)

Full Context

configure service ies interface vpls egress v4-routed-override-filter

Description

This command configures an IPv4 filter ID that is applied to packets egressing the IES R-VPLS interface. The filter overrides existing egress IPv4 filter applied to VPLS service endpoints such as SAPs or SDPs, if configured.

The no form of this command removes the IPv4 routed override filter from the egress IES R-VPLS interface. When removed, egress IPv4 packets will use the IPv4 egress filter applied to the VPLS endpoint, if configured.

Default

no v4-routed-override-filter

Parameters

ip-filter-id

Specifies the IP filter ID. This parameter is required when executing the v4-routed-override-filter command. The specified filter ID must exist as an IPv4 filter within the system or the override command fails.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if>vpls>ingress v4-routed-override-filter)

Full Context

configure service ies interface vpls ingress v4-routed-override-filter

Description

This command configures an IPv4 filter ID that is applied to routed unicast ingress packets entering the VPLS or I-VPLS service and destined to the R-VPLS interface MAC address. The filter overrides any existing ingress IPv4 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional and when it is not defined or it is removed. The IPv4 routed packets use any existing ingress IPv4 filter on the VPLS virtual port.

The no form of this command removes the IPv4 routed override filter from the ingress IP interface. When removed, the IPv4 ingress routed packets within a VPLS service attached to the IP interface use the IPv4 ingress filter applied to the packets virtual port, when defined.

Parameters

ip-filter-id

Specifies the IP filter ID. This parameter is required when executing the v4-routed-override-filter command. The specified filter ID must exist as an IPv4 filter within the system or the override command fails.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>if>vpls>egress v4-routed-override-filter)

Full Context

configure service vprn interface vpls egress v4-routed-override-filter

Description

This command configures an IPv4 filter ID that is applied to packets egressing the VPRN R-VPLS interface. The filter overrides the existing egress IPv4 filter applied to VPLS service endpoints such as SAPs or SDPs, if configured.

The no form of this command removes the IPv4 routed override filter from the egress VPRN R-VPLS interface. When removed, egress IPv4 packets will use the IPv4 egress filter applied to VPLS endpoint, if configured.

Parameters

ip-filter-id

Specifies the IP filter ID. This parameter is required when executing the v4-routed-override-filter command. The specified filter ID must exist as an IPv4 filter within the system or the override command fails.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>if>vpls>ingress v4-routed-override-filter)

Full Context

configure service vprn interface vpls ingress v4-routed-override-filter

Description

This command configures an IPv4 filter ID that is applied to all ingress packets entering the VPLS service. The filter overrides any existing ingress IPv4 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional and when it is not defined or it is removed, the IPv4 routed packet’s will use the any existing ingress IPv4 filter on the VPLS virtual port.

The no form of this command removes the IPv4 routed override filter from the ingress IP interface. When removed, the IPv4 ingress routed packets within a VPLS service attached to the IP interface will use the IPv4 ingress filter applied to the packets virtual port, when defined.

Parameters

ip-filter-id

Specifies the IP filter ID. This parameter is required when executing the v4-routed-override-filter command. The specified filter ID must exist as an IPv4 filter within the system or the override command fails.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if>vpls>egress v6-routed-override-filter)

Full Context

configure service ies interface vpls egress v6-routed-override-filter

Description

This command configures an IPv6 filter ID that is applied to packets egressing the IES R-VPLS interface. The filter overrides existing egress IPv6 filter applied to VPLS service endpoints such as SAPs or SDPs, if configured.

The no form of this command removes the IPv4 routed override filter from the egress IES R-VPLS interface. When removed, egress IPv6 routed packets uses the IPv6 egress filter applied to VPLS endpoint, if configured

Parameters

ipv6-filter-id

Specifies the IPv6 filter ID. This parameter is required when executing the v6-routed-override-filter command. The specified filter ID must exist as an IPv6 filter within the system or the override command fails.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if>vpls>ingress v6-routed-override-filter)

Full Context

configure service ies interface vpls ingress v6-routed-override-filter

Description

This command configures an IPv6 filter ID that is applied to routed unicast ingress packets entering the VPLS or I-VPLS service and destined to the R-VPLS interface MAC address. The filter overrides any existing ingress IPv6 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional and when it is not defined or it is removed, the IPv6 routed packets use any existing ingress IPv6 filter on the VPLS virtual port.

The no v6-routed-override-filter command is used to remove the IPv6 routed override filter from the ingress IP interface. When removed, the IPv6 ingress routed packets within a VPLS service attached to the IP interface will use the IPv6 ingress filter applied to the packet’s virtual port, when defined.

Default

no v6-routed-override-filter

Parameters

ipv6-filter-id

Specifies the IPv6 filter ID. This parameter is required when executing the v6-routed-override-filter command. The specified filter ID must exist as an IPv6 filter within the system or the override command fails.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>if>vpls>egress v6-routed-override-filter)

Full Context

configure service vprn interface vpls egress v6-routed-override-filter

Description

This command configures an IPv6 filter ID that is applied to packets egressing the VPRN R-VPLS interface. The filter overrides existing egress IPv6 filter applied to VPLS service endpoints such as SAPs or SDPs, if configured.

The no form of the command removes the IPv4 routed override filter from the egress VPRN R-VPLS interface. When removed, egress IPv6 packets will use the IPv6 egress filter applied to the VPLS endpoint, if configured.

Parameters

ipv6-filter-id

Specifies the IPv6 filter ID. This parameter is required when executing the v6-routed-override-filter command. The specified filter ID must exist as an IPv6 filter within the system or the override command fails.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>if>vpls>ingress v6-routed-override-filter)

Full Context

configure service vprn interface vpls ingress v6-routed-override-filter

Description

This command configures an IPv6 filter ID that is applied to all ingress packets entering the VPLS service. The filter overrides any existing ingress IPv6 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional and when it is not defined or it is removed, the IPv6 routed packets use the any existing ingress IPv6 filter on the VPLS virtual port.

The no form of the command removes the IPv6 routed override filter from the ingress IP interface. When removed, the IPv6 ingress routed packets within a VPLS service attached to the IP interface uses the IPv6 ingress filter applied to the packet’s virtual port, when defined.

Parameters

ipv6-filter-id

Specifies the IPv6 filter ID. This parameter is required when executing the v6-routed-override-filter command. The specified filter ID must exist as an IPv6 filter within the system or the override command fails.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>dhcp6>local-dhcp-server>pool>prefix valid-lifetime)

[Tree] (config>router>dhcp6>server>pool>prefix valid-lifetime)

Full Context

configure service vprn dhcp6 local-dhcp-server pool prefix valid-lifetime

configure router dhcp6 local-dhcp-server pool prefix valid-lifetime

Description

This command configures the valid lifetime for the IPv6 prefix or address in the option.

The no form of this command reverts to the default.

Default

valid-lifetime days 1

Parameters

infinite

Sets the valid lifetime to infinite value.

valid-lifetime

Specifies the valid lifetime

Values

days days	0 to 49710
hrs hours	0 to 23
min minutes	0 to 59
sec seconds	0 to 5

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>router-advert>if>prefix valid-lifetime)

Full Context

configure service vprn router-advertisement interface prefix valid-lifetime

Description

This command specifies the length of time in seconds that the prefix is valid for the purpose of on-link determination. A value of all one bits (0xffffffff) represents infinity.

The address generated from an invalidated prefix should not appear as the destination or source address of a packet.

Default

valid-lifetime 2592000

Parameters

seconds

Specifies the remaining length of time in seconds that this prefix will continue to be valid.

Values

0 to 429496729

infinite

Specifies that the prefix will always be valid. A value of 4,294,967,295 represents infinity.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>router-advert>if>prefix valid-lifetime)

Full Context

configure router router-advertisement interface prefix valid-lifetime

Description

This command specifies the length of time in seconds that the prefix is valid for the purpose of on-link determination. A value of all one bits (0xffffffff) represents infinity.

The address generated from an invalidated prefix should not appear as the destination or source address of a packet.

Default

valid-lifetime 2592000

Parameters

seconds

Specifies the remaining length of time in seconds that this prefix will continue to be valid.

infinite

Specifies that the prefix will always be valid. A value of 4,294,967,295 represents infinity.

Platforms

7705 SAR Gen 2

Context

[Tree] (admin>system>license validate)

Full Context

admin system license validate

Description

This command performs a validation on the license file pointed to by the command line argument. A validation ensures that the license is compatible with the current state of the target system but it does not change the existing license. Aspects that can cause a failure in the validation include:

• The license file was created for a different target system. The UUID encoded into the file must match that defined by the specific hardware platform.

• The license file does not include license information for the release of software currently running on the system.

• The current date/time reported to system is outside the validity period encoded in the license.

• The system is currently using a hardware upgrade license that is not included in the new file being validated.

Parameters

file-url

Specifies the file URL location to read the license file.

Values

local-url, remote-url

Platforms

7705 SAR Gen 2

Context

[Tree] (configure>system>security>profile>netconf>base-op-authorization validate)

Full Context

configure system security profile netconf base-op-authorization validate

Description

This command enables the NETCONF <validate> RPC.

The no form of this command disables the RPC.

Default

no validate

Platforms

7705 SAR Gen 2

Context

[Tree] (admin>system>security>secure-boot validate)

Full Context

admin system security secure-boot validate

Description

This command validates the specified software image.

Parameters

file-url

Specifies the URL for the file.

Values

[local-url | remote-url] (up to 180 characters)

where:

• local-url — [cflash-id/] [file-path]

  180 chars max, including cflash-id

  directory length 99 chars max each

• remote-url — [{ftp://| tftp://} login:pswd@remote-locn/][ file-path]

  180 chars max

  directory length 99 chars max each

  where: remote-locn — [hostname | ipv4-address | ipv6-address]

ipv4-address	a.b.c.d
ipv6-address	x:x:x:x:x:x:x:x[-interface]
	x:x:x:x:x:x:d.d.d.d[-interface]
	x - [0..FFFF]H
	d - [0..255]D
	interface - 32 chars max, for link
	local addresses
cflash-id	cf1:| cf1-A:| cf1-B:| cf2:| cf2-A:| cf2-B:| cf3:| cf3-A:| cf3-B:

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>static-route-entry>next-hop validate-next-hop)

Full Context

configure service vprn static-route-entry next-hop validate-next-hop

Description

This optional command tracks the state of the next hop in the IPv4 ARP cache or IPv6 Neighbor Cache. When the next hop is not reachable and is removed from the ARP or Neighbor Cache, the next hop will no longer be considered valid and the associated static route state removed from the active route-table.

When the next hop is reachable again and present in the ARP/Neighbor Cache, the static route is considered valid and is subject to being placed into the active route-table.

Default

no validate-next-hop

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>static-route-entry>next-hop validate-next-hop)

Full Context

configure router static-route-entry next-hop validate-next-hop

Description

This optional command tracks the state of the next-hop in the IPv4 ARP cache or IPv6 Neighbor Cache. When the next-hop is not reachable and is removed from the ARP or Neighbor Cache, the next-hop will no longer be considered valid and the associated static-route state removed from the active route-table.

When the next-hop is reachable again and present in the ARP/Neighbor Cache, the static route is considered valid and is subject to being placed into the active route-table.

Default

no validate-next-hop

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>if>spoke-sdp>egress vc-label)

Full Context

configure service vprn interface spoke-sdp egress vc-label

Description

This command configures the egress VC label.

Parameters

vc-label

A VC egress value that indicates a specific connection.

Values

16 to 1048575

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>if>spoke-sdp>ingress vc-label)

Full Context

configure service vprn interface spoke-sdp ingress vc-label

Description

This command configures the ingress VC label.

Parameters

vc-label

A VC ingress value that indicates a specific connection.

Values

2048 to 18431

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>mesh-sdp>egress vc-label)

[Tree] (config>service>vpls>spoke-sdp>egress vc-label)

[Tree] (config>service>ies>if>spoke-sdp>egress vc-label)

Full Context

configure service vpls mesh-sdp egress vc-label

configure service vpls spoke-sdp egress vc-label

configure service ies interface spoke-sdp egress vc-label

Description

This command configures the static MPLS VC label used by this device to send packets to the far-end device in this service via this SDP.

Parameters

egress-vc-label

Specifies a VC egress value that indicates a specific connection.

Values

16 to 1048575

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>mesh-sdp>ingress vc-label)

[Tree] (config>service>vpls>spoke-sdp>ingress vc-label)

[Tree] (config>service>ies>if>spoke-sdp>ingress vc-label)

Full Context

configure service vpls mesh-sdp ingress vc-label

configure service vpls spoke-sdp ingress vc-label

configure service ies interface spoke-sdp ingress vc-label

Description

This command configures the static MPLS VC label used by the far-end device to send packets to this device in this service via this SDP.

Parameters

ingress-vc-label

A VC ingress value that indicates a specific connection.

Values

2048 to 18431

Platforms

7705 SAR Gen 2

Context

[Tree] (config>mirror>mirror-dest>spoke-sdp>egress vc-label)

[Tree] (config>mirror>mirror-dest>remote-src>spoke-sdp>egress vc-label)

Full Context

configure mirror mirror-dest spoke-sdp egress vc-label

configure mirror mirror-dest remote-source spoke-sdp egress vc-label

Description

This command configures the spoke SDP egress VC label.

The no form of this command removes the egress VC label value from the configuration.

Parameters

egress-vc-label

Specifies a VC egress value that indicates a specific connection.

Values

16 to 1048575

Platforms

7705 SAR Gen 2

Context

[Tree] (config>mirror>mirror-dest>remote-src>spoke-sdp>ingress vc-label)

[Tree] (config>service>vprn>ipmirrorif>spoke-sdp>ingress vc-label)

Full Context

configure mirror mirror-dest remote-source spoke-sdp ingress vc-label

configure service vprn ip-mirror-interface spoke-sdp ingress vc-label

Description

This command configures the spoke SDP ingress VC label.

Parameters

vc-label

Specifies the VC ingress value that indicates a specific connection.

Values

32 to 18431

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>pw-template vc-type)

Full Context

configure service pw-template vc-type

Description

This command overrides the default VC type signaled for the binding to the far end SDP. The VC type is a 15 bit-quantity containing a value which represents the type of VC. The actual signaling of the VC type depends on the signaling parameter defined for the SDP. If signaling is disabled, the vc-type command can still be used to define the dot1q value expected by the far-end provider equipment. A change of the bindings VC type causes the binding to signal the new VC type to the far end when signaling is enabled. VC types are derived according to IETF draft-martini-l2circuit-trans-mpls.

• The VC type value for Ethernet is 0x0005.

• The VC type value for an Ethernet VLAN is 0x0004.

Parameters

ether

Defines the VC type as Ethernet. The ethernet and vlan keywords are mutually exclusive. When the VC type is not defined then the default is Ethernet for spoke SDP bindings. Defining Ethernet is the same as executing no vc-type and restores the default VC type for the spoke SDP binding. (hex 5)

vlan

Defines the VC type as VLAN. The top VLAN tag, if a VLAN tag is present, is stripped from traffic received on the pseudowire, and a vlan-tag is inserted when forwarding into the pseudowire. The ethernet and vlan keywords are mutually exclusive. When the VC type is not defined then the default is Ethernet for spoke SDP bindings.

Note:

The system expects a symmetrical configuration with its peer, specifically it expects to remove the same number of VLAN tags from received traffic as it adds to transmitted traffic. As some of the related configuration parameters are local and not communicated in the signaling plane, an asymmetrical behavior cannot always be detected and so cannot be blocked. Consequently, protocol extractions will not necessarily function for asymmetrical configurations as they would with a symmetrical configurations resulting in an unexpected operation.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe>bgp-vpws>ve-name ve-id)

[Tree] (config>service>epipe>bgp-vpws>remote-ve-name ve-id)

Full Context

configure service epipe bgp-vpws ve-name ve-id

configure service epipe bgp-vpws remote-ve-name ve-id

Description

This command configures a ve-id for either the local VPWS instance when configured under the ve-name, or for the remote VPWS instance when configured under the remote-ve-name.

A single ve-id can be configured per ve-name or remote-ve-name. The ve-id can be changed without shutting down the VPWS instance. When the ve-name ve-id changes, BGP withdraws the previously advertised route and sends a route-refresh to all the peers which would result in reception of all the remote routes again. The old PWs are removed and new ones are instantiated for the new ve-id value.

When the remote-ve-name ve-id changes, BGP withdraws the previously advertised route and send a new update matching the new ve-id. The old pseudowires are removed and new ones are instantiated for the new ve-id value.

NLRIs received whose advertised ve-id does not match the list of ve-ids configured under the remote ve-id will not have a spoke SDP binding auto-created but will remain in the BGP routing table but not in the Layer 2 route table. A change in the locally configured ve-ids may result in auto-sdp-bindings either being deleted or created, based on the new matching results.

Each ve-id configured within a service must be unique.

The no form of this command removes the configured ve-id. It can be used just when the BGP VPWS status is shutdown. The no shutdown command cannot be used if there is no ve-id configured.

Default

no ve-id

Parameters

value

A two bytes identifier that represents the local or remote VPWS instance and is advertised through the BGP NLRI.

Values

1 to 65535

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>bgp-vpls>ve-name ve-id)

Full Context

configure service vpls bgp-vpls ve-name ve-id

Description

This command configures a ve-id. Just one ve-id can be configured per BGP VPLS instance. The VE-ID can be changed without shutting down the VPLS Instance. When the VE-ID changes, BGP is withdrawing its own previously advertised routes and sending a route-refresh to all the peers which would result in reception of all the remote routes again. The old pseudowires are removed and new ones are instantiated for the new VE-ID value.

The no form of this command removes the configured ve-id. It can be used just when the BGP VPLS status is shutdown. The no shutdown command cannot be used if there is no ve-id configured.

Default

no ve-id

Parameters

value

Specifies a two-byte identifier that represents the local instance in a VPLS and is advertised through the BGP NLRI. Must be lower or equal with the max-ve-id.

Values

1 to 65535

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe>bgp-vpws ve-name)

Full Context

configure service epipe bgp-vpws ve-name

Description

This command configures the name of the local VPWS instance in this service.

The no form of this command removes the ve-name.

Parameters

name

Specifies a site name up to 32 characters in length.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>bgp-vpls ve-name)

Full Context

configure service vpls bgp-vpls ve-name

Description

This command creates or edits a ve-name. Just one ve-name can be created per BGP VPLS instance.

The no form of this command removes the configured ve-name from the bgp vpls node. It can be used only when the BGP VPLS status is shutdown. The no shutdown command cannot be used if there is no ve-name configured.

Default

no ve-name

Parameters

name

Specifies the A character string to identify the VPLS Edge instance up to 32 characters in length

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>ned>profile vendor-id)

Full Context

configure system network-element-discovery profile vendor-id

Description

This command configures the vendor ID to be advertised.

The no form of this command reverts to the default value.

Default

vendor-id "Nokia"

Parameters

vendor-id

Specifies the vendor ID to be advertised with the profile, up to 255 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>sap>dhcp>option vendor-specific-option)

[Tree] (config>service>vprn>if>dhcp>option vendor-specific-option)

[Tree] (config>service>ies>if>dhcp>option vendor-specific-option)

Full Context

configure service vpls sap dhcp option vendor-specific-option

configure service vprn interface dhcp option vendor-specific-option

configure service ies interface dhcp option vendor-specific-option

Description

This command enables the Nokia vendor-specific sub-option of the DHCP relay packet.

The no form of this command reverts to the default.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>if>dhcp>option vendor-specific-option)

Full Context

configure router interface dhcp option vendor-specific-option

Description

This command configures the Nokia vendor specific suboption of the DHCP relay packet.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>sap>igmp-snooping version)

[Tree] (config>service>vpls>spoke-sdp>mld-snooping version)

[Tree] (config>service>vpls>spoke-sdp>igmp-snooping version)

[Tree] (config>service>vpls>mesh-sdp>mld-snooping version)

[Tree] (config>service>vpls>mesh-sdp>igmp-snooping version)

[Tree] (config>service>vpls>sap>mld-snooping version)

Full Context

configure service vpls sap igmp-snooping version

configure service vpls spoke-sdp mld-snooping version

configure service vpls spoke-sdp igmp-snooping version

configure service vpls mesh-sdp mld-snooping version

configure service vpls mesh-sdp igmp-snooping version

configure service vpls sap mld-snooping version

Description

This command specifies the version of IGMP or MLD which is running on this SAP or SDP. This object can be used to configure a router capable of running either value. For IGMP or MLD to function correctly, all routers on a LAN must be configured to run the same version of IGMP or MLD on that LAN.

When the send-query command is configured, all type of queries generate ourselves are of the configured version. If a report of a version higher than the configured version is received, the report gets dropped and a new "wrong version” counter is incremented.

If the send-query command is not configured, the version command has no effect. The version used on that SAP or SDP is the version of the querier. This implies that, for example, when there is a v2 querier, a v3 group or group-source specific query when a host wants to leave a certain group will never be sent.

Parameters

version

Specifies the IGMP or MLD version

Values

1, 2, 3

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>igmp>if version)

Full Context

configure service vprn igmp interface version

Description

This command specifies the IGMP version. If routers run different versions of IGMP, they will negotiate the lowest common version of IGMP that is supported by hosts on their subnet and operate in that version. For IGMP to function correctly, all routers on a LAN should be configured to run the same version of IGMP on that LAN.

For IGMPv3, a multicast router that is also a group member performs both parts of IGMPv3, receiving and responding to its own IGMP message transmissions as well as those of its neighbors.

Default

version 3

Parameters

version

Specifies the IGMP version number.

Values

1, 2, 3

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>mld>if version)

Full Context

configure service vprn mld interface version

Description

This command specifies the MLD version. If routers run different versions, they will negotiate the lowest common version of MLD that is supported by hosts on their subnet and operate in that version. For MLD to function correctly, all routers on a LAN should be configured to run the same version of MLD on that LAN.

Default

version 2

Parameters

version

Specifies the MLD version number.

Values

1, 2

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>igmp>if version)

Full Context

configure router igmp interface version

Description

This command specifies the IGMP version. If routers run different versions of IGMP, they will negotiate the lowest common version of IGMP that is supported by hosts on their subnet and operate in that version. For IGMP to function correctly, all routers on a LAN should be configured to run the same version of IGMP on that LAN.

For IGMPv3, a multicast router that is also a group member performs both parts of IGMPv3, receiving and responding to its own IGMP message transmissions as well as those of its neighbors.

Default

version 3

Parameters

version

Specifies the IGMP version number.

Values

1, 2, 3

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mld>interface version)

Full Context

configure router mld interface version

Description

This command specifies the MLD version. If routers run different versions of MLD, they will negotiate the lowest common version of MLD that is supported by hosts on their subnet and operate in that version. For MLD to function correctly, all routers on a LAN should be configured to run the same version of MLD on that LAN.

Default

version 2

Parameters

version

Specifies the MLD version number.

Values

1, 2

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>pw-template>igmp-snooping version)

Full Context

configure service pw-template igmp-snooping version

Description

This command specifies the version of IGMP. This object can be used to configure a router capable of running either value. For IGMP to function correctly, all routers on a LAN must be configured to run the same version of IGMP on that LAN.

When the send-query command is configured, all type of queries generated are of the configured version. If a report of a version higher than the configured version is received, the report gets dropped and a new "wrong version” counter is incremented.

If the send-query command is not configured, the version command has no effect. The version used on that SAP or SDP is the version of the querier. This implies that, for example, when there is a v2 querier, a v3 group or group-source specific query when a host wants to leave a certain group is never sent.

Default

version 3

Parameters

version

Specifies the IGMP version.

Values

1, 2, 3

Platforms

7705 SAR Gen 2

Context

[Tree] (file version)

Full Context

file version

Description

This command displays the version of an SR OS *.tim image file.

Parameters

file-url

Specifies the file name of the target file.

Values

local-url	[cflash-id/][file-path]
	up to 200 characters, including cflash-id
	directory length up to 99 characters each
remote-url	[{ftp://| tftp://}login:pswd@remote-locn/ [file-path]
	up to 247 characters
	directory length 199 characters each
remote-locn	[hostname | ipv4-address | ipv6-address]
ipv4-address	a.b.c.d
ipv6-address	x:x:x:x:x:x:x:x[-interface]
	x:x:x:x:x:x:d.d.d.d[-interface]
	x - [0 to FFFF]H
	d - [0 to 255]D
	interface - up to 32 characters, for link local addresses
cflash-id	cf1:, cf1-A:, cf1-B:

check

Validates the SR OS *.tim image file.

Platforms

7705 SAR Gen 2

Output

The following output is an example of SR OS version information.

A:Redundancy>file cf3:\ # version  ftp://test:1234@192.0.2.79/usr/global/images/6.1/R4/cpm.tim
TiMOS-C-6.1.R4 for 7750
Thu Oct 30 14:21:09 PDT 2018 by builder in /relx.1/b1/Rx/panos/main
A:Redundancy>file cf3:\ # version check ftp://test:1234@192.0.2.79/usr/global/
images/6.1/R4/cpm.tim 
TiMOS-C-6.1.R4 for 7750
Thu Oct 30 14:21:09 PDT 2018 by builder in /relx.1/b1/Rx/panos/main
Validation successful
A:Redundancy>file cf3:\ #

Context

[Tree] (file vi)

Full Context

file vi

Description

Edit files with the text editor. For more information, refer to "Text Editor” in the 7705 SAR Gen 2 Basic System Configuration Guide.

Parameters

local-url

Specifies the local source file or directory.

Values

[cflash-id/]file-path

cflash-id: cf1:, cf2:, cf3:

Platforms

7705 SAR Gen 2

Context

[Tree] (candidate view)

Full Context

candidate view

Description

This command displays the candidate configuration along with line numbers that can be used for editing the candidate configuration.

Parameters

line

Displays the candidate configuration starting at the point indicated by the following options (the display is not limited to the current CLI context/branch).

Values

line, offset, first, edit-point, last
	line	absolute line number
	offset	relative line number to current edit point. Prefixed with '+' or '-'
	first	keyword - first line
	edit-point	keyword - current edit point
	last	keyword - last line that is not 'exit'

Platforms

7705 SAR Gen 2

Context

[Tree] (admin>rollback view)

Full Context

admin rollback view

Description

This command displays the checkpoint.

Parameters

latest-rb

Specifies the most recently created rollback checkpoint (corresponds to the file-url.rb rollback checkpoint file).

checkpoint-id

Indicates rollback checkpoint file to be viewed. Checkpoint-id of 1 corresponds to the file-url.rb.1 rollback checkpoint file. The higher the id, the older the checkpoint. Max is the highest rollback checkpoint supported or configured.

Values

1 to 9

rescue

Displays the rescue configuration.

Platforms

7705 SAR Gen 2

Context

[Tree] (admin view)

Full Context

admin view

Description

The context to configure administrative system viewing parameters. Only authorized users can execute the commands in the admin context.

Parameters

bootup-cfg

Specifies the bootup configuration.

active-cfg

Specifies current running configuration.

candidate-cfg

Specifies candidate configuration.

latest-rb

Specifies the latest configuration.

checkpoint-id

Specifies a specific checkpoint file configuration.

Values

1 to 9

rescue

Specifies a rescue checkpoint configuration.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>snmp view)

Full Context

configure system security snmp view

Description

This command configures a view. Views control the accessibility of a MIB object within the configured MIB view and subtree. Object identifiers (OIDs) uniquely identify MIB objects in the subtree. OIDs are organized hierarchically with specific values assigned by different organizations.

Once the subtree (OID) is identified, a mask can be created to select the portions of the subtree to be included or excluded for access using this particular view. See the mask command.

The view(s) configured with this command can subsequently be used in read, write, and notify commands which are used to assign specific access group permissions to created views and assigned to particular access groups.

Multiple subtrees can be added or removed from a view name to tailor a view to the requirements of the user access group.

A subtree statement matches (covers) any OID that is a descendant of the specified OID value. For example, the subtree 1.3.6.1 matches 1.3.6.1.x (for any value of x), 1.3.6.1.x.y (for any values of x & y), and so on.

Subtrees that are not covered by view statements are not accessible in the view.

Per RFC 2575, View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP), each MIB view is defined by two sets of view subtrees, the included view subtrees, and the excluded view subtrees (see the included and excluded parameters of the mask command). Every such view subtree, both the included and the excluded ones, are defined in this table. To determine if a particular object instance is in a particular MIB view, compare the object instance’s OID with each of the MIB view’s active entries in this table. If none match, then the object instance is not in the MIB view. If one or more match, then the object instance is included in, or excluded from, the MIB view according to the value of vacmViewTreeFamilyType in the entry whose value of vacmViewTreeFamilySubtree has the most sub-identifiers.

The no view view-name command removes a view and all subtrees.

The no view view-name subtree oid-value removes a sub-tree from the view name.

Parameters

view-name

Specifies a view name, up to 32 characters.

oid-value

Specifies the object identifier (OID) value for the view-name. This value, for example, 1.3.6.1.6.3.11.2.1, combined with the mask and include and exclude statements, configures the access available in the view.

It is possible to have a view with different subtrees with their own masks and include and exclude statements. This allows for customizing visibility and write capabilities to specific user requirements.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>ospf>area virtual-link)

[Tree] (config>service>vprn>ospf3>area virtual-link)

Full Context

configure service vprn ospf area virtual-link

configure service vprn ospf3 area virtual-link

Description

This command configures a virtual link to connect area border routers to the backbone via a virtual link.

The router-id specified in this command must be associated with the virtual neighbor. The transit area cannot be a stub area or a Not So Stubby Area (NSSA).

The no form of this command deletes the virtual link.

Default

No virtual link is defined.

Parameters

router-id

The router ID of the virtual neighbor in IP address dotted decimal notation.

transit-area area-id

The area-id specified identifies the transit area that links the backbone area with the area that has no physical connection with the backbone.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ospf3>area virtual-link)

[Tree] (config>router>ospf>area virtual-link)

Full Context

configure router ospf3 area virtual-link

configure router ospf area virtual-link

Description

This command configures a virtual link to connect area border routers to the backbone via a virtual link.

The router-id specified in this command must be associated with the virtual neighbor. The transit area cannot be a stub area or a Not So Stubby Area (NSSA).

The no form of this command deletes the virtual link.

By default, no virtual link is defined.

Default

no virtual-link

Parameters

router-id

Specifies the router ID of the virtual neighbor in IP address dotted-decimal notation.

area-id

Specifies the area-id that identifies the transit area that links the backbone area with the area that has no physical connection with the backbone.

Platforms

7705 SAR Gen 2

Context

[Tree] (debug>router>ospf virtual-neighbor)

[Tree] (debug>router>ospf3 virtual-neighbor)

Full Context

debug router ospf virtual-neighbor

debug router ospf3 virtual-neighbor

Description

This command enables debugging for an OSPF virtual neighbor.

Parameters

router-id

Specifies the router ID of the virtual neighbor.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>redundancy>mc>peer>mcr>l3ring>node>cv vlan)

Full Context

configure redundancy multi-chassis peer mc-ring l3-ring ring-node connectivity-verify vlan

Description

This command specifies the VLAN tag of the SAP used for ring-node connectivity verification of this ring node. It is only meaningful if the value of is not zero.

The no form of this command reverts to the default.

Parameters

vlan-encap

Specifies the node cc VLAN IP.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>bgp-evpn vlan-aware-bundle)

Full Context

configure service vpls bgp-evpn vlan-aware-bundle

Description

This command configures a name that is used to group a bundle of VPLS services (Broadcast Domains) that are part of the same VLAN-aware bundle instance. This name is optional and allows the user to execute show commands that are relevant to all the Broadcast Domains in a VLAN-aware bundle service group.

The optional Ethernet Tag ID can be encoded in the EVPN routes for control-plane interoperability mode with VLAN-aware bundle services. The configuration of a non-default value requires the previous configuration of a VLAN-aware bundle name on the service.

When the Ethernet Tag ID is set to a non-zero value, the EVPN routes advertised for the VPLS service are advertised with this value into the Ethernet Tag ID field of the routes.

On reception of EVPN routes with non-zero Ethernet Tag ID, BGP imports the routes based on the import route target as usual. However, the system checks the received Ethernet Tag ID field and processes only routes whose Ethernet Tag ID matches the local VLAN-aware bundle Ethernet Tag value.

The no form of this command removes the configuration.

Parameters

name

Specifies the VLAN-aware bundle name, up to 32 characters.

value

Specifies the Ethernet Tag ID.

Values

1 to 16777215

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>stp>mst-instance vlan-range)

Full Context

configure service vpls stp mst-instance vlan-range

Description

This command specifies a range of VLANs associated with a certain mst-instance. This range applies to all SAPs of the M-VPLS.

Every VLAN range that is not assigned within any of the created config>service>vpls>stp mst-instance is automatically assigned to mst-instance 0. This instance is automatically maintained by the software and cannot be modified. Changing the VLAN range value can be performed only when the specified mst-instance is shutdown.

The no form of this command removes the vlan-range from the specified config>service>vpls>stp mst-instance.

Parameters

vlan-range

The first VLAN range specifies the left-bound (i.e., minimum value) of a range of VLANs that are associated with the M-VPLS SAP. This value must be smaller than (or equal to) the second VLAN range value. The second VLAN range specifies the right-bound (i.e., maximum value) of a range of VLANs that are associated with the M-VPLS SAP.

Values

1 to 4094 to 1 to 4094

Platforms

7705 SAR Gen 2

Context

[Tree] (config>connection-profile-vlan vlan-range)

Full Context

configure connection-profile-vlan vlan-range

Description

This command allows the user to configure different ranges in the connection-profile-vlan. The ranges have the following characteristics:

• Ranges can contain a single VID or start-and-end values. When the to-vid is not specified, the end vid value is the same as the start vid value.

• On the fly addition/removal of ranges is allowed.

• When removing an entry, the no vlan-range vid to vid must be configured by the user.

• Multiple ranges are allowed under the same connection-profile-vlan. No VLAN values should overlap within the same connection-profile-vlan.

• The index for connection-profile and connection-profile-vlan must be unique between the two. For example, if connection-profile 100 is present, then connection-profile-vlan 100 is disallowed.

Each connection-profile-vlan must be explicitly configured.

Parameters

from

Specifies the beginning of the vlan-range associated to the connection-profile-vlan.

Values

1 to 4094

to

Specifies the end of the vlan-range associated to the connection-profile-vlan. If not specified, the vlan-range is comprised of only the from VLAN ID.

Values

1 to 4094

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>sdp vlan-vc-etype)

Full Context

configure service sdp vlan-vc-etype

Description

This command configures the VLAN VC EtherType.

The no form of this command returns the value to the default.

Default

no vlan-vc-etype

Parameters

ethernet-type

Specifies a valid VLAN etype identifier.

Values

0x0600 to 0xffff

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>spoke-sdp vlan-vc-tag)

[Tree] (config>service>vpls>mesh-sdp vlan-vc-tag)

Full Context

configure service vpls spoke-sdp vlan-vc-tag

configure service vpls mesh-sdp vlan-vc-tag

Description

This command specifies an explicit dot1q value used when encapsulating to the SDP far end. When signaling is enabled between the near and far end, the configured dot1q tag can be overridden by a received TLV specifying the dot1q value expected by the far end. This signaled value must be stored as the remote signaled dot1q value for the binding. The provisioned local dot1q tag must be stored as the administrative dot1q value for the binding.

When the dot1q tag is not defined, the default value of zero is stored as the administrative dot1q value. Setting the value to zero is equivalent to not specifying the value.

The no form of this command disables the command.

Default

no vlan-vc-tag

Parameters

vlan-id

Specifies a valid VLAN identifier to bind an 802.1Q VLAN tag ID.

Values

0 to 4094

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe>spoke-sdp vlan-vc-tag)

Full Context

configure service epipe spoke-sdp vlan-vc-tag

Description

This command specifies an explicit dot1q value used when encapsulating to the SDP far end. When signaling is enabled between the near and far end, the configured dot1q tag can be overridden by a received TLV specifying the dot1q value expected by the far end. This signaled value must be stored as the remote signaled dot1q value for the binding. The provisioned local dot1q tag must be stored as the administrative dot1q value for the binding.

When the dot1q tag is not defined, the default value of zero is stored as the administrative dot1q value. Setting the value to zero is equivalent to not specifying the value.

The no form of this command disables the command.

Default

no vlan-vc-tag

Parameters

tag

Specifies a valid VLAN identifier to bind an 802.1Q VLAN tag ID.

Values

0 to 4094

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>pw-template vlan-vc-tag)

Full Context

configure service pw-template vlan-vc-tag

Description

This command specifies an explicit dot1q value used when encapsulating to the SDP far end. When signaling is enabled between the near and far end, the configured dot1q tag can be overridden by a received TLV specifying the dot1q value expected by the far end. This signaled value must be stored as the remote signaled dot1q value for the binding. The provisioned local dot1q tag must be stored as the administrative dot1q value for the binding.

When the dot1q tag is not defined, the default value of zero is stored as the administrative dot1q value. Setting the value to zero is equivalent to not specifying the value.

The no form of this command disables the command.

Default

no vlan-vc-tag

Parameters

vlan-id

Specifies a valid VLAN identifier to bind an 802.1Q VLAN tag ID.

Values

0 to 4094

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service vpls)

Full Context

configure service vpls

Description

This command creates or edits a Virtual Private LAN Services (VPLS) instance. The vpls command is used to create or maintain a VPLS service. If the service-id does not exist, a context for the service is created. If the service-id exists, the context for editing the service is entered.

A VPLS service connects multiple customer sites together acting like a zero-hop, Layer 2 switched domain. A VPLS is always a logical full mesh.

When a service is created, the create keyword must be specified if the create command is enabled in the environment context. When creating a service, you must enter the customer keyword and specify a customer-id to associate the service with a customer. The customer-id must already exist, having been created using the customer command in the service context. The customer-id must already exist having been created using the customer command in the service context. Once a service has been created with a customer association, it is not possible to edit the customer association. The service must be deleted and re-created with a new customer association.

Once a service is created, the use of the customer customer-id is optional for navigating into the service configuration context. Attempting to edit a service with the incorrect customer-id specified will result in an error.

More than one VPLS service may be created for a single customer ID.

By default, no VPLS instances exist until they are explicitly created.

The no form of this command deletes the VPLS service instance with the specified service-id. The service cannot be deleted until all SAPs and SDPs defined within the service ID have been shut down and deleted, and the service has been shut down.

Parameters

service-id

Specifies unique service identification number identifying the service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number used for every router on which this service is defined.

Values

service-id: 1 to 2147483647

svc-name: 64 characters maximum

customer customer-id

Specifies the customer ID number to be associated with the service. This parameter is required on service creation and optional for service editing or deleting.

Values

1 to 2147483647

vpn vpn-id

Specifies the VPN ID number which allows you to identify virtual private networks (VPNs) by a VPN identification number

Values

1 to 2147483647

Default

null (0)

create

Keyword used to create the service ID. The create keyword requirement can be enabled/disabled in the environment>create context.

m-vpls

Specifies a management VPLS

e-tree

Specifies a VPLS service as an E-Tree VPLS. E-Tree VPLS services have root and leaf attachment circuit (AC) and root leaf tag SAPs/SDP bindings for E-Tree interconnection. The access root AC SAP behaves as a SAP in non-E-tree VPLS services. The leaf AC SAP communicates only with root-connected services. Leaf and root AC SAPs behave externally the same as SAPs in non-E-Tree VPLS services.

The root AC SDP bind behaves as an SDP bind in non-E-tree VPLS services. The leaf AC SDP bind communicates only with root-connected services.

In the E-Tree VPLS, the root AC SAP/SDP bindings can communicate with other root and leaf AC SAP/SDP bind services locally and remotely. Root-originated traffic is marked internally with a root indication and the root is tagged externally on tag SAP/SDP binds. The leaf AC SAP/SDP bindings can communicate with other root SAP/SDP bindings locally and remotely. Leaf-originated traffic is marked internally with a leaf indication and tagged externally on leaf tag SAP/SDP bindings.

Any number of root or leaf AC SAPs can be used, up to the configured SAP limits in the E-Tree VPLS.

Network-side root leaf tag SAPs use additional SAP resources. These tag SAPs used two tags; one for root and one for leaf. Network-side tag SDPs use a hard coded tag of 1 for root and 2 for leaf. AC SDP bindings are designated as root or leaf SDP bindings but carry no tags marking traffic on the egress frames.

The E-Tree SAP type must be specified when the SAP is created. To change the SAP type, the SAP must be removed and recreated.

b-vpls | i-vpls

Creates a backbone-vpls or ISID-vpls

name name

Configures an optional service name identifier, up to 64 characters, to a given service. This service name can then be used in configuration references, display, and show commands throughout the system. A defined service name can help the service provider or administrator to identify and manage services within the SR OS platforms.

To create a service, you must assign a service ID; however, after it is created, either the service ID or the service name can be used to identify and reference a service.

If a name is not specified at creation time, then SR OS assigns a string version of the service-id as the name.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if vpls)

Full Context

configure service ies interface vpls

Description

The vpls command, within the IP interface context, is used to bind the IP interface to the specified service name (VPLS or I-VPLS).

The system does not attempt to resolve the service name provided until the IP interface is placed into the administratively up state (no shutdown). Once the IP interface is administratively up, the system will scan the available VPLS services that have the allow-ip-int-bind flag set for a VPLS service associated with the name. If the service name is bound to the service name when the IP interface is already in the administratively up state, the system will immediately attempt to resolve the given name.

If a VPLS service is found associated with the name and with the allow-ip-int-bind flag set, the IP interface is attached to the VPLS service allowing routing to and from the service virtual ports once the IP interface is operational.

A VPLS service associated with the specified name that does not have the allow-ip-int-bind flag set or a non-VPLS service associated with the name is ignored and will not be attached to the IP interface.

If the service name is applied to a VPLS service after the service name is bound to an IP interface and the VPLS service allow-ip-int-bind flag is set at the time the name is applied, the VPLS service is automatically resolved to the IP interface if the interface is administratively up or when the interface is placed in the administratively up state.

If the service name is applied to a VPLS service without the allow-ip-int-bind flag set, the system will not attempt to resolve the applied service name to an existing IP interface bound to the name. To rectify this condition, the flag must first be set and then the IP interface must enter or reenter the administratively up state.

While the specified service name may be assigned to only one service context in the system, it is possible to bind the same service name to more than one IP interface. If two or more IP interfaces are bound to the same service name, the first IP interface to enter the administratively up state (if currently administratively down) or to reenter the administratively up state (if currently administratively up) when a VPLS service is configured with the name and has the allow-ip-int-bind flag set is attached to the VPLS service. Only one IP interface is allowed to attach to a VPLS service context. No error is generated for the remaining non-attached IP interfaces using the service name.

Once an IP interface is attached to a VPLS service, the name associated with the service cannot be removed or changed until the IP interface name binding is removed. Also, the allow-ip-int-bind flag cannot be removed until the attached IP interface is unbound from the service name.

Unbinding the service name from the IP interface causes the IP interface to detach from the VPLS service context. The IP interface may then be bound to another service name or a SAP or SDP binding may be created for the interface using the sap or spoke-sdp commands on the interface.

IP Interface MTU and Fragmentation

A VPLS service is affected by two MTU values; port MTUs and the VPLS service MTU. The MTU on each physical port defines the largest Layer 2 packet (including all DLC headers and CRC) that may be transmitted out a port. The VPLS itself has a service level MTU that defines the largest packet supported by the service. This MTU does not include the local encapsulation overhead for each port (QinQ, Dot1Q, TopQ or SDP service delineation fields and headers) but does include the remainder of the packet. As virtual ports are created in the system, the virtual port cannot become operational unless the configured port MTU minus the virtual port service delineation overhead is greater than or equal to the configured VPLS service MTU. Thus, an operational virtual port is ensured to support the largest packet traversing the VPLS service. The service delineation overhead on each Layer 2 packet is removed before forwarding into a VPLS service. VPLS services do not support fragmentation and must discard any Layer 2 packet larger than the service MTU after the service delineation overhead is removed.

IP interfaces have a configurable up MTU that defines the largest packet that may egress the IP interface without being fragmented. This MTU encompasses the IP portion of the packet and does not include any of the egress DLC header or CRC. This MTU does not affect the size of the largest ingress packet on the IP interface. If the egress IP portion of the packet is larger than the IP interface MTU and the IP header do not fragment flag is not set, the packet is fragmented into smaller packets that will not exceed the configured MTU size. If the do not fragment bit is set, the packet is silently discarded at egress when it exceeds the IP MTU.

When the IP interface is bound to a VPLS service, the IP MTU must be at least 18 bytes less than the VPLS service MTU. This allows for the addition of the minimal Ethernet encapsulation overhead; 6 bytes for the DA, 6 bytes for the SA, 2 bytes for the Etype and 4 bytes for the trailing CRC. Any remaining egress virtual port overhead (Dot1P, Dot1Q, QinQ, TopQ or SDP) required above the minimum is known to be less than the egress ports MTU since the virtual port would not be operational otherwise.

If the IP interface IP MTU value is too large based on the VPLS service MTU, the IP interface will enter the operationally down state until either the IP MTU is adequately lowered or the VPLS service MTU is sufficiently increased.

The no form of this command on the IP interface is used to remove the service name binding from the IP interface. If the service name has been resolved to a VPLS service context and the IP interface has been attached to the VPLS service, the IP interface will also be detached from the VPLS service.

Parameters

service-name

The service-name parameter is required when using the IP interface vpls command and specifies the service name that the system will attempt to resolve to an allow-ip-int-bind enabled VPLS service associated with the name. The specified name is expressed as an ASCII string comprised of up to 32 characters. It does not need to already be associated with a service and the system does not check to ensure that multiple IP interfaces are not bound to the same name.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls vpls-group)

Full Context

configure service vpls vpls-group

Description

This command defines a vpls-group index. Multiple vpls-group commands can be specified to allow the use of different VPLS and SAP templates for different ranges of service ids. A vpls-group can be deleted only in shutdown state. Multiple commands under different vpls-group ids can be issued and can be in progress at the same time.

Default

no vpls-group

Parameters

vpls-group-id

Specifies the ID associated with the VPLS group

Values

1 to 4094

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>bgp-ad vpls-id)

Full Context

configure service vpls bgp-ad vpls-id

Description

This command configures the VPLS ID component that is signaled in one of the extended community attributes (ext-comm).

Values and format (6 bytes, other 2 bytes of type-subtype is automatically generated)

Parameters

vpls-id

Specifies a globally unique VPLS ID for BGP auto-discovery in this VPLS service

Values

vpls-id: <ip-addr:comm-val>| <as-number:ext-comm-val>

ip-addr: a.b.c.d

comm-val: [0 to 65535]

as-number: [1 to 65535]

ext-comm-val: [0 to 4294967295]

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>template vpls-sap-template)

Full Context

configure service template vpls-sap-template

Description

This is the command used to create a SAP template to be used in a vpls-template. Only certain existing VPLS SAP attributes can be changed in the vpls-sap-template, not in the instantiated VPLS SAP

The following SAP attributes are set in the instantiated saps (no configuration allowed):

description: "Sap <sap-id> controlled by MVRP service <svc id>” – auto generated

shutdown: no shutdown

Parameters

name/id

Specifies the name in ASCII or the template ID

Values

1 to 2147483647

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>template vpls-template)

Full Context

configure service template vpls-template

Description

This command is used to create a vpls-template to be used to auto-instantiate a range of VPLS services. Only certain existing VPLS attributes specified in the command reference section can be changed in the vpls-template, not in the instantiated VPLS. The following attributes are automatically set in the instantiated VPLSs (no template configuration necessary) and the operator cannot change these values.

vpn-id: none

description: "Service <svc id> auto-generated by control VPLS <svc-id>”

service-name: "Service <svc id>” (Auto-generated)

shutdown: no shutdown

Following existing attributes can be set by the user in the instantiated VPLSs:

[no] sap

All the other VPLS attributes are not supported.

Parameters

name/id

Specifies the name in ASCII or the template ID

Values

name: ASCII string

Values

ID: [1 to 2147483647]

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>vpls-group vpls-template-binding)

Full Context

configure service vpls vpls-group vpls-template-binding

Description

This command configures the binding to a VPLS template to be used to instantiate pre-provisioned data VPLS using as input variables the service IDs generated by the vid-range command.

The no form of this command removes the binding and deletes the related VPLS instances. The command will fail if any of the affected VPLS instances have either a provisioned SAP or an active MVRP declaration/registration or if the related vpls-group id is in no shutdown state. Any changes to the vpls-template-binding require the vpls-group to be in shutdown state.

Default

no vpls-template-binding

Parameters

name/id

Specifies the name or the ID of the VPLS template

Values

1 to 1024

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>group>neighbor vpn-apply-export)

[Tree] (config>router>bgp>group vpn-apply-export)

[Tree] (config>router>bgp vpn-apply-export)

Full Context

configure router bgp group neighbor vpn-apply-export

configure router bgp group vpn-apply-export

configure router bgp vpn-apply-export

Description

This command causes the base instance BGP export route policies to be applied to vpn-ipv4/6, mvpn-ipv4/6, l2-vpn, mdt-safi, mcast-vpn-ipv4, and evpn routes.

The no form of this command disables the application of the base instance BGP route policies to vpn-ipv4/6, mvpn-ipv4/6, l2-vpn, mdt-safi, mcast-vpn-ipv4, and evpn routes.

Default

no vpn-apply-export

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>group vpn-apply-import)

[Tree] (config>router>bgp>group>neighbor vpn-apply-import)

[Tree] (config>router>bgp vpn-apply-import)

Full Context

configure router bgp group vpn-apply-import

configure router bgp group neighbor vpn-apply-import

configure router bgp vpn-apply-import

Description

This command causes the base instance BGP import route policies to be applied to vpn-ipv4/6, mvpn-ipv4/6, l2-vpn, mdt-safi, mcast-vpn-ipv4, and evpn routes.

The no form of this command disables the application of the base instance BGP import route policies to vpn-ipv4/6, mvpn-ipv4/6, l2-vpn, mdt-safi, mcast-vpn-ipv4, and evpn routes.

Default

no vpn-apply-import

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>ospf vpn-domain)

Full Context

configure service vprn ospf vpn-domain

Description

This command specifies type of the extended community attribute exchanged using BGP to carry the OSPF VPN domain ID. This applies to VPRN instances of OSPF only. An attempt to modify the value of this object will result in an inconsistent value error when is not a VPRN instance. The parameters are mandatory and can be entered in either order. This command is not applicable in the config>service>vprn>ospf3 context.

This command is not supported in OSPF3.

Default

no vpn-domain

Parameters

id

Specifies the OSPF VPN domain in the "xxxx.xxxx.xxxx” format. This is exchanged using BGP in the extended community attribute associated with a prefix. This object applies to VPRN instances of OSPF only.

type

Specifies the type of the extended community attribute exchanged using BGP to carry the OSPF VPN domain ID.

Values

0005, 0105, 0205, 8005

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>next-hop-resolution vpn-family-policy)

Full Context

configure router bgp next-hop-resolution vpn-family-policy

Description

This command specifies the VPN family policy that is applied when filtering routes for consideration for next-hop resolution process for EVPN and IP-VPN families.

This policy is supported by the following families:

• VPN-IPv4 and VPN-IPv6

• EVPN (all routes types 1-6, although AD per-ES and AD per-EVI routes are always shown as resolved)

• MCAST-VPN-IPv4 and MCAST-VPN-IPv6

In a VPN family policy:

• only prefix-lists are used to match the next hop of a resolving route. No other policy qualifiers are supported.

• the route resolving the next hop is accepted or rejected

  In other words, if an imported route's next hop is resolved by route N (N is the preferred entry in tunnel-table for MPLS or the longest prefix match in the route-table for VXLAN), and route N is rejected by vpn-family-policy, then the route next hop is unresolved. This is irrespective of the existence of a route M that could potentially resolve the next hop in the tunnel-table or route-table.

The no form of this command removes the VPN family policy.

Default

no vpn-family-policy

Parameters

policy-name

Specifies the route policy name. Allowed values are any string up to 64 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, ?, space), the entire string must be enclosed within double quotes. Route policies are configured in the config>router>policy-options context.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>system vpn-gre-source-ip)

Full Context

configure service system vpn-gre-source-ip

Description

This command configures a single system-wide alternate source IPv4 address of the GRE tunnels in all VPRN services using the auto-bind-tunnel or an explicit SDP binding (config>service>vprn>spoke-sdp) with a tunnel of encapsulation GRE.

A change to the value of the vpn-gre-source-ip parameter can be performed without disabling the service. Once the new value is configured, the system address is not used in services which bind to the GRE tunnel.

The primary IPv4 address of any local network IP interface, loopback or otherwise, may be used.

The address of the following interfaces are not supported, and the configuration is rejected:

• unnumbered network IP interface

• IES interface

• VPRN interface

• CSC VPRN interface

The vpn-gre-source-ip parameter value adheres to the following rules:

• This single source address counts towards the maximum of 15 distinct address values per system that are used by all GRE SDPs under the config>service>sdp>local-end context and all L2oGRE SDPs under the config>service>system>gre-eth-bridged>tunnel-termination context.

• The same source address can be used in both vpn-gre-source-ip and config>service>sdp>local-end contexts.

• The same source address cannot be used in both vpn-gre-source-ip and config>service>system>gre-eth-bridged>tunnel-termination contexts because an address configured for a L2oGRE SDP matches an internally created interface which is not available to other applications.

• The vpn-gre-source-ip address, when different from system, need not match the primary address of an interface which has the MPLS-over-GRE termination subnet configured, unless a GRE SDP or tunnel from the far-end router terminates on this address.

The no form of the command reverts to the default value.

Default

vpn-gre-source-ip ip-address (System interface primary IPv4 address)

Parameters

ip-address

Specifies the IPv4 address (a.b.c.d).

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>group>add-paths vpn-ipv4)

[Tree] (config>router>bgp>add-paths vpn-ipv4)

[Tree] (config>router>bgp>group>neighbor>add-paths vpn-ipv4)

Full Context

configure router bgp group add-paths vpn-ipv4

configure router bgp add-paths vpn-ipv4

configure router bgp group neighbor add-paths vpn-ipv4

Description

This command configures the add-paths capability for VPN-IPv4 routes. By default, add-paths is not enabled for VPN-IPv4 routes.

The maximum number of paths per VPN-IPv4 NLRI to send is the configured send-limit, which is a mandatory parameter. The capability to receive multiple paths per prefix from a peer is configurable using the receive keyword, which is optional. If the receive keyword is not included in the command the receive capability is enabled by default.

The no form of this command disables add-paths support for VPN-IPv4 routes, causing sessions established using add-paths for VPN-IPv4 to go down and come back up without the add-paths capability.

Default

no vpn-ipv4

Parameters

send-limit

Specifies the maximum number of paths per VPN-IPv4 NLRI that are allowed to be advertised to add-paths peers (the actual number of advertised routes may be less depending on the next-hop diversity requirement, other configuration options, route policies, or route advertisement rules). If the value is multipaths, then BGP advertises all of the used BGP multipaths for each VPN-IPv4 NLRI if the peer has signaled support for receiving multiple add paths. If the router has not installed any of the routes in its FIB then all BGP add-paths qualify for advertisement.

Values

1 to 16, none, multipaths

receive

Specifies that the router negotiates the add-paths receive capability for VPN-IPv4 routes with its peers.

none

Specifies that the router does not negotiate the add-paths receive capability for VPN-IPv4 routes with its peers.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>bgp>group>add-paths vpn-ipv6)

[Tree] (config>router>bgp>add-paths vpn-ipv6)

[Tree] (config>router>bgp>group>neighbor>add-paths vpn-ipv6)

Full Context

configure router bgp group add-paths vpn-ipv6

configure router bgp add-paths vpn-ipv6

configure router bgp group neighbor add-paths vpn-ipv6

Description

This command configures the add-paths capability for VPN-IPv6 routes. By default, add-paths is not enabled for VPN-IPv6 routes.

The maximum number of paths per VPN-IPv6 NLRI to send is the configured send-limit, which is a mandatory parameter. The capability to receive multiple paths per prefix from a peer is configurable using the receive keyword, which is optional. If the receive keyword is not included in the command the receive capability is enabled by default.

The no form of this command disables add-paths support for VPN-IPv6 routes, causing sessions established using add-paths for VPN-IPv6 to go down and come back up without the add-paths capability.

Default

no vpn-ipv6

Parameters

send-limit

Specifies the maximum number of paths per VPN-IPv6 NLRI that are allowed to be advertised to add-paths peers (the actual number of advertised routes may be less depending on the next-hop diversity requirement, other configuration options, route policies, or route advertisement rules). If the value is multipaths, then BGP advertises all of the used BGP multipaths for each VPN-IPv6 NLRI if the peer has signaled support for receiving multiple add paths. If the router has not installed any of the routes in its FIB then all BGP add-paths qualify for advertisement.

Values

1 to 16, none, multipaths

receive

Specifies that the router negotiates the add-paths receive capability for VPN-IPv6 routes with its peers.

none

Specifies that the router does not negotiate the add-paths receive capability for VPN-IPv6 routes with its peers.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>ospf vpn-tag)

Full Context

configure service vprn ospf vpn-tag

Description

This command specifies the route tag for an OSPF VPN on a PE router. This field is set in the tag field of the OSPF external LSAs generated by the PE. This is mainly used to prevent routing loops. This applies to VPRN instances of OSPF only. An attempt to modify the value of this object will result in an inconsistent value error when is not a VPRN instance.

This command is not supported in OSPF3.

Default

vpn-tag 0

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service vprn)

Full Context

configure service vprn

Description

This command creates or edits a Virtual Private Routed Network (VPRN) service instance.

If the service-id does not exist, a context for the service is created. If the service-id exists, the context for editing the service is entered.

VPRN services allow the creation of customer-facing IP interfaces in the same routing instance used for service network core routing connectivity. VPRN services require that the IP addressing scheme used by the subscriber must be unique between it and other addressing schemes used by the provider and potentially the entire Internet.

IP interfaces defined within the context of an VPRN service ID must have a SAP created as the access point to the subscriber network.

When a service is created, the customer keyword and customer-id must be specified and associates the service with a customer. The customer-id must already exist having been created using the customer command in the service context. When a service is created with a customer association, it is not possible to edit the customer association. The service must be deleted and re-created with a new customer association.

When a service is created, the use of the customer customer-id is optional to navigate into the service configuration context. If attempting to edit a service with the incorrect customer-id results in an error.

Multiple VPRN services are created to separate customer-owned IP interfaces. More than one VPRN service can be created for a single customer ID. More than one IP interface can be created within a single VPRN service ID. All IP interfaces created within an VPRN service ID belongs to the same customer.

The no form of this command deletes the VPRN service instance with the specified service-id. The service cannot be deleted until all the IP interfaces and all routing protocol configurations defined within the service ID have been shut down and deleted.

Parameters

service-id

Specifies the unique service identification number identifying the service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number used for every 7705 SAR Gen 2 router on which this service is defined.

Values

service-id:	1 to 2147483648
svc-name:	64 characters maximum

customer-id

Specifies an existing customer identification number to be associated with the service. This parameter is required on service creation and optional for service editing or deleting.

Values

1 to 2147483647

name name

This parameter configures an optional VPRN name, up to 64 characters, which adds a name identifier to a given vprn to then use that vprn name in configuration references as well as display and use vprn names in show commands throughout the system. This helps the service provider/administrator to identify and manage vprn within the SR OS platforms.

All services are required to assign a service ID to initially create a service. However, either the service ID or the service name can be used to identify and reference a given service once it is initially created.

If a name is not specified at creation time, then SR OS assigns a string version of the service-id as the name.

Service names may not begin with an integer (0 to 9).

create

Keyword used to create a service ID. The create keyword requirement can be enabled or disabled in the environment>create context.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security>vprn-aaa-server vprn)

Full Context

configure system security vprn-aaa-server vprn

Description

This command configures TACACS+ or RADIUS servers in a VPRN to be used for AAA by that VPRN and by sessions in VPRNs without a AAA server configured.

The no form of this command disables the use of servers in a VPRN.

Default

no vprn

Parameters

service-id

Specifies the VPRN server for AAA to use for sessions in VPRNs without a AAA server.

Values

service-id: 1 to 2147483648

svc-name: 64 characters maximum

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security vprn-aaa-server)

Full Context

configure system security vprn-aaa-server

Description

Commands in this context configure the use of AAA servers in a VPRN.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>mpls>lsp vprn-auto-bind)

[Tree] (config>router>mpls>lsp-template vprn-auto-bind)

Full Context

configure router mpls lsp vprn-auto-bind

configure router mpls lsp-template vprn-auto-bind

Description

This command determines whether the associated names LSP can be used or not as part of the auto-bind feature for VPRN services. By default, a names LSP is available for inclusion to be used for the auto-bind feature.

By configuring the command vprn-auto-bind exclude, the associated LSP will not be used by the auto-bind feature within VPRN services.

The no form of this command resets the flag back to the default value.

Default

vprn-auto-bind include

Parameters

include

Allows an associated LSP to be used by auto-bin for vprn services

exclude

Disables the use of the associated LSP to be used with the auto-bind feature for VPRN services.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ttl-propagate vprn-local)

Full Context

configure router ttl-propagate vprn-local

Description

This command configures the TTL propagation for locally generated packets which are forwarded over a MPLS LSPs in all VPRN service contexts.

For vpn-ipv4 and vpn-ipv6 packets forwarded in the context of all VPRN services in the system, including 6VPE packets, the all value of the command enables TTL propagation from the IP header into all labels in the stack:

The user can enable the TTL propagation behavior separately for locally generated packets by CPM (vprn-local) and for user and control packets in transit at the node (vprn-transit).

The vc-only value reverts to the default behavior by which the IP TTL is propagated into the VC label but not to the transport labels in the stack. The user can explicitly set the default behavior by configuring the vc-only value. This command does not have a no version.

The value none allows the user to disable the propagation of the IP TTL to all labels in the stack, including the VC label. This is needed for a transparent operation of UDP traceroute in VPRN inter-AS option B such that the ingress and egress ASBR nodes are not traced.

The user can override the global configuration within each VPRN instance using the following commands:

• config service vprn ttl-propagate local [inherit | none | vc-only | all]

• config service vprn ttl-propagate transit [inherit | none | vc-only | all]

The default behavior for a given VPRN instance is to inherit the global configuration for the same command. The user can explicitly set the default behavior by configuring the inherit value.

When a packet is received in a VPRN context but is looked up in the Global Routing Table (GRT), for example, leaking to GRT is enabled, the behavior of the TTL propagation is governed by the RSVP or LDP shortcut configuration when the matching routing is a LSP shortcut route. It is governed by the BGP label route configuration when the matching route is a RFC 8277 label route or a 6PE route.

When a packet is received on one VPRN instance and is redirected using Policy Based Routing (PBR) to be forwarded in another VPRN instance, the TTL propagation is governed by the configuration of the outgoing VPRN instance.

Default

vprn-local vc-only

Parameters

none

Specifies that the TTL of the IP packet is not propagated into the VC label or labels in the transport label stack

all

Specifies that the TTL of the IP packet is propagated into the VC label and all labels in the transport label stack.

vc-only

Specifies that the TTL of the IP packet is propagated into the VC label and not into the labels in the transport label stack.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>system>security vprn-network-exceptions)

Full Context

configure system security vprn-network-exceptions

Description

This command configures the rate to limit the processing of packets with label TTL expiry received within an LSP shortcut, or within all VPRN instances in the system, and from all network IP interfaces. This includes labeled user and control plane packets, ping and traceroute packets within GRT and VPRN, and ICMP replies. Packets over the configured rate are dropped.

This feature does not rate limit MPLS and service OAM packets (vprn-ping, vprn-trace, lsp-ping, lsp-trace, vccv-ping, and vccv-trace).

The no form of this command disables the rate limiting of the reply to these packets.

Parameters

number

Specifies the number limit of MPLS exception messages.

Values

10 to 10,000

seconds

Specifies the rate limit of MPLS exception messages, in seconds.

Values

1 to 60

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>ttl-propagate vprn-transit)

Full Context

configure router ttl-propagate vprn-transit

Description

This command configures the TTL propagation for in transit packets which are forwarded over a MPLS LSPs in all VPRN service contexts. For vpn-ipv4 and vpn-ipv6 packets forwarded in the context of all VPRN services in the system, including 6VPE packets, the all value of the command enables TTL propagation from the IP header into all labels in the stack:

The user can enable the TTL propagation behavior separately for locally generated packets by CPM (vprn-local) and for user and control packets in transit at the node (vprn-transit).

The vc-only value reverts to the default behavior by which the IP TTL is propagated into the VC label but not to the transport labels in the stack. The user can explicitly set the default behavior by configuring the vc-only value. This command does not have a no version.

The value none allows the user to disable the propagation of the IP TTL to all labels in the stack, including the VC label. This is needed for a transparent operation of UDP trace-route in VPRN inter-AS option B such that the ingress and egress ASBR nodes are not traced.

The user can override the global configuration within each VPRN service instance using the following commands:

• config service vprn ttl-propagate local [inherit | none | vc-only | all]

• config service vprn ttl-propagate transit [inherit | none | vc-only | all]

The default behavior for a given VPRN instance is to inherit the global configuration for the same command. The user can explicitly set the default behavior by configuring the inherit value.

When a packet is received in a VPRN context but is looked up in the Global Routing Table (GRT), for example, leaking to GRT is enabled, the behavior of the TTL propagation is governed by the RSVP or LDP shortcut configuration when the matching routing is a LSP shortcut route. It is governed by the BGP label route configuration when the matching route is a RFC 8277 label route or a 6PE route.

When a packet is received on one VPRN instance and is redirected using Policy Based Routing (PBR) to be forwarded in another VPRN instance, the TTL propagation is governed by the configuration of the outgoing VPRN instance

Default

vprn-transit vc-only

Parameters

none

Specifies that the TTL of the IP packet is not propagated into the VC label or labels in the transport label stack

all

Specifies that the TTL of the IP packet is propagated into the VC label and all labels in the transport label stack.

vc-only

Specifies that the TTL of the IP packet is propagated into the VC label and not into the labels in the transport label stack.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>bgp-ipvpn>mpls vrf-export)

[Tree] (config>service>vprn>bgp-evpn>mpls vrf-export)

Full Context

configure service vprn bgp-ipvpn mpls vrf-export

configure service vprn bgp-evpn mpls vrf-export

Description

This command configures route policies that control how routes are exported from the local VRF to other VRFs on the same or remote PE routers (using MP-BGP). Route policies are configured in the configure router policy-options context.

The vrf-export command can reference up to 15 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine final action to accept or reject the route.

Only one of the 15 objects referenced by the vrf-export command can be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 15 objects has a maximum length of 255 characters while the remaining 14 objects have a maximum length of 64 characters each.

When multiple vrf-export commands are issued, the last command entered overrides the previous command.

Aggregate routes are not advertised using MP-BGP protocols to the other MP-BGP peers.

The no form of this command removes all route policy names from the vrf-export list.

Default

no vrf-export

Parameters

plcy-or-long-expr

Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters).

plcy-or-expr

Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters). Up to 14 policies may be entered.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn vrf-export)

Full Context

configure service vprn vrf-export

Description

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>bgp-ipvpn>mpls vrf-import)

[Tree] (config>service>vprn>bgp-evpn>mpls vrf-import)

Full Context

configure service vprn bgp-ipvpn mpls vrf-import

configure service vprn bgp-evpn mpls vrf-import

Description

This command configures route policies that control how VPN-IP and EVPN-IFL routes exported by other VRFs, on the same or remote PEs, are imported into the local VRF. Route policies are configured in the configure router policy-options context.

The vrf-import command can reference up to 15 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine final action to accept or reject the route

Only one of the 15 objects referenced by the vrf-import command is allowed to be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 15 objects has a maximum length of 255 characters while the remaining 14 objects have a maximum length of 64 characters each.

When multiple vrf-import commands are issued, the last command entered overrides the previous command.

The no form of this command removes all route policy names from the import list

Default

no vrf-import

Parameters

plcy-or-long-expr

Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters).

plcy-or-expr

Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters).

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn vrf-import)

Full Context

configure service vprn vrf-import

Description

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>bgp-ipvpn>mpls vrf-target)

[Tree] (config>service>vprn>bgp-evpn>mpls vrf-target)

Full Context

configure service vprn bgp-ipvpn mpls vrf-target

configure service vprn bgp-evpn mpls vrf-target

Description

This command provides a simplified method to configure the route target added to advertised routes or compared against received routes from other VRFs on the same or remote PE routers (using MP-BGP).

BGP-VPN and EVPN-IFL routes imported with a VRF target policy use the BGP preference value of 170 when imported from remote PE routers, or retain the protocol preference value of the exported route when imported from other VRFs in the same router.

Specified VRF import or VRF export policies override the VRF target policy.

The no form of this command removes the VRF target policy.

Default

no vrf-target

Parameters

ext-comm

Specifies an extended BGP community in the type:x:y format. The value x can be an integer or IP address. The type can be the target or origin. y can be 16-bit integers.

Values

<ext-community>	: target:{<ip-addr:comm-val> | <2byte-asnumber:ext-comm-val> | <4byte-asnumber:comm-val>}
	ip-addr:	a.b.c.d
	comm-val:	[0 to 65535]
	2byte-asnumber:	[0 to 65535]
	ext-comm-val:	[0 to 4294967295]
	4byte-asnumber:	[0 to 4294967295]

import ext-community

Specifies communities allowed to be received from remote PE neighbors.

export ext-community

Specifies communities allowed to be sent to remote PE neighbors.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn vrf-target)

Full Context

configure service vprn vrf-target

Description

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>ies>if>ipv6 vrrp)

[Tree] (config>service>ies>if vrrp)

Full Context

configure service ies interface ipv6 vrrp

configure service ies interface vrrp

Description

This command configures the router to create or edit a Virtual Router ID (VRID) on the service IP interface. A VRID is internally represented in conjunction with the IP interface name. This allows the VRID to be used on multiple IP interfaces while representing different virtual router instances.

Two VRRP nodes can be defined on an IP interface. The vrrp virtual-router-id command is used to define the configuration parameters for the VRID.

The no form of this command removes the specified VRID from the IP interface. This terminates VRRP participation for the virtual router and deletes all references to the VRID. The VRID does not need to be shutdown to remove the virtual router instance.

Parameters

virtual-router-id

Specifies a virtual router ID or an ID that can be modified on the IP interface.

Values

1 to 255

owner

Keyword used to identify this virtual router instance as owning the virtual router IP addresses. If the owner keyword is not specified at the time of vrid creation, the vrrp backup commands must be specified to define the virtual router IP addresses. The owner keyword is not required when entering the vrid for editing purposes. When created as owner, a vrid on an IP interface cannot have the owner parameter removed. The vrid must be deleted, and then recreated without the owner keyword, to remove ownership.

passive

Keyword used to identify this virtual router instance as passive, and therefore, owning the virtual router IP addresses. A passive vrid does not send or receive VRRP advertisement messages, and is always in either the master state (if the interface is operationally up), or the init state (if the interface is operationally down). The passive keyword is not required when entering the vrid for editing purposes. When a vrid on an IP interface is created as passive, the parameter cannot be removed from the vrid. The vrid must be deleted, and then recreated without the passive keyword, to remove parameter.

group-name

Specifies the name of the oper-group, up to 32 characters to establish the associated VRRP instance as a following instance to the specified operational group. As a result of this association, the VRRP instance state follows that of the VRRP instance (the lead instance) associated with the specified operation group.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>if vrrp)

Full Context

configure service vprn interface vrrp

Description

This command creates or edits a Virtual Router ID (VRID) on the service IP interface. A VRID is internally represented in conjunction with the IP interface name. This allows the VRID to be used on multiple IP interfaces while representing different virtual router instances.

Two VRRP nodes can be defined on an IP interface. One, both, or none may be defined as owner. The nodal context of vrrp virtual-router-id is used to define the configuration parameters for the VRID.

The no form of this command removes the specified VRID from the IP interface. This terminates VRRP participation for the virtual router and deletes all references to the VRID. The VRID does not need to be shut down in order to remove the virtual router instance.

Parameters

virtual-router-id

Specifies a new virtual router ID or one that can be modified on the IP interface.

Values

1 to 255

owner

Identifies this virtual router instance as owning the virtual router IP addresses. If the owner keyword is not specified at the time of vrid creation, the vrrp backup commands must be specified to define the virtual router IP addresses. The owner keyword is not required when entering the vrid for editing purposes. Once created as owner, a vrid on an IP interface cannot have the owner parameter removed. The vrid must be deleted, and then recreated without the owner keyword, to remove ownership.

passive

Identifies this virtual router instance as passive, and therefore, owning the virtual router IP addresses. A passive vrid does not send or receive VRRP advertisement messages, and is always in either the master state (if the interface is operational-up), or the init state (if the interface is operational-down). The passive keyword is not required when entering the vrid for editing purposes. Once a vrid on an IP interface is created as passive, the parameter cannot be removed from the vrid. The vrid must be deleted, and then recreated without the passive keyword, to remove parameter.

group-name

Specifies the name of the oper-group, up to 32 characters to establish the associated VRRP instance as a following instance to the specified operational group. As a result of this association, the VRRP instance state follows that of the VRRP instance (the lead instance) associated with specified operation group.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vprn>if vrrp)

Full Context

configure service vprn interface vrrp

Description

This command configures the router to create or edit a Virtual Router ID (VRID) on the service IP interface. A VRID is internally represented in conjunction with the IP interface name. This allows the VRID to be used on multiple IP interfaces while representing different virtual router instances.

Two VRRP nodes can be defined on an IP interface. The vrrp virtual-router-id command is used to define the configuration parameters for the VRID.

The no form of this command removes the specified VRID from the IP interface. This terminates VRRP participation for the virtual router and deletes all references to the VRID. The VRID does not need to be shutdown to remove the virtual router instance.

Parameters

virtual-router-id

Specifies a virtual router ID or an ID that can be modified on the IP interface.

Values

1 to 255

owner

Keyword used to identify this virtual router instance as owning the virtual router IP addresses. If the owner keyword is not specified at the time of vrid creation, the vrrp backup commands must be specified to define the virtual router IP addresses. The owner keyword is not required when entering the vrid for editing purposes. When created as owner, a vrid on an IP interface cannot have the owner parameter removed. The vrid must be deleted, and then recreated without the owner keyword, to remove ownership.

passive

Keyword used to identify this virtual router instance as passive, and therefore, owning the virtual router IP addresses. A passive vrid does not send or receive VRRP advertisement messages, and is always in either the master state (if the interface is operationally up), or the init state (if the interface is operationally down). The passive keyword is not required when entering the vrid for editing purposes. When a vrid on an IP interface is created as passive, the parameter cannot be removed from the vrid. The vrid must be deleted, and then recreated without the passive keyword, to remove parameter.

group-name

Specifies the name of the oper-group, up to 32 characters to establish the associated VRRP instance as a following instance to the specified operational group. As a result of this association, the VRRP instance state follows that of the VRRP instance (the lead instance) associated with the specified operation group.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>router>if vrrp)

[Tree] (config>router>if>ipv6 vrrp)

Full Context

configure router interface vrrp

configure router interface ipv6 vrrp

Description

This command creates the context to configure a VRRP virtual router instance. A virtual router is defined by its virtual router identifier (VRID) and a set of IP addresses.

The optional owner keyword indicates that the owner controls the IP address of the virtual router and is responsible for forwarding packets sent to this IP address. The owner assumes the role of the master virtual router.

All other virtual router instances participating in this message domain must have the same vrid configured and cannot be configured as owner. Once created, the owner keyword is optional when entering the vrid for configuration purposes.

A vrid is internally associated with the IP interface. This allows the vrid to be used on multiple IP interfaces while representing different virtual router instances.

For IPv4, up to four VRRP VRID nodes can be configured on a router interface. Each virtual router instance can manage up to 16 backup IP addresses. For IPv6, only one VRID can be configured on a router interface.

The optional passive keyword indicates that a vrid can be configured as passive, in which case, the VRRP advertisement messages are suppressed on transmission and reception, and all routers configured with the same vrid become master. Passive VRIDs can exceed the limit of four VRRP VRID nodes on a router interface.

The no form of the command removes the specified vrid from the IP interface. This terminates VRRP participation and deletes all references to the vrid in conjunction with the IP interface. The vrid does not need to be shut down to remove the virtual router instance.

Default

no vrrp — No VRRP virtual router instance is associated with the IP interface.

Parameters

virtual-router-id

The virtual router ID for the IP interface expressed as a decimal integer.

Values

1 to 255

owner

Keyword used to identify this virtual router instance as owning the virtual router IP addresses. If the owner keyword is not specified at the time of vrid creation, the vrrp backup commands must be specified to define the virtual router IP addresses. The owner keyword is not required when entering the vrid for editing purposes. When created as owner, a vrid on an IP interface cannot have the owner parameter removed. The vrid must be deleted, and then recreated without the owner keyword, to remove ownership.

passive

Keyword used to identify this virtual router instance as passive, therefore owning the virtual router IP addresses. A passive vrid does not send or receive VRRP advertisement messages and is always in either the master state (if the interface is operationally up), or the init state (if the interface is operationally down). The passive keyword is not required when entering the vrid for editing purposes. When a vrid on an IP interface is created as passive, the parameter cannot be removed from the vrid. The vrid must be deleted, and then recreated without the passive keyword, to remove the parameter.

group-name

Specifies the name of the oper-group, up to 32 characters to establish the associated VRRP instance as a following instance to the specified operational group. As a result of this association, the VRRP instance state follows that of the VRRP instance (the lead instance) associated with the specified operation group.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>bgp vsi-export)

Full Context

configure service vpls bgp vsi-export

Description

This command specifies the name of the VSI export policies to be used for BGP EVPN, BGP auto discovery, BGP VPLS, BGP VPWS, and BGP multi-homing if these features are configured in this VPLS service.

If multiple policy names are configured, the policies are evaluated in the order they are specified. The first policy that matches is applied.

The policy name list is handled by the SNMP agent as a single entity.

The no form of this command removes the policy from the configuration.

Default

no vsi-export

Parameters

policy-name

Specifies up to five policy names, up to 32 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe>bgp vsi-export)

Full Context

configure service epipe bgp vsi-export

Description

This command specifies the name of the VSI export policies to be used for BGP EVPN, BGP VPWS and BGP multi-homing if these features are configured in this Epipe service.

If multiple policy names are configured, the policies are evaluated in the order they are specified. The first policy that matches is applied.

The policy name list is handled by the SNMP agent as a single entity.

The no form of this command removes the policy from the configuration.

Default

no vsi-export

Parameters

policy-name

Specifies up to five policy names, up to 32 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>bgp-ad vsi-id)

Full Context

configure service vpls bgp-ad vsi-id

Description

Commands in this context configure the Virtual Switch Instance Identifier (VSI-ID).

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>vpls>bgp vsi-import)

Full Context

configure service vpls bgp vsi-import

Description

This command specifies the name of the VSI import policies to be used for BGP EVPN, BGP auto discovery, BGP VPLS, BGP VPWS, and BGP multi-homing if these features are configured in this VPLS service.

If multiple policy names are configured, the policies are evaluated in the order they are specified. The first policy that matches is applied.

The policy name list is handled by the SNMP agent as a single entity.

The no form of this command removes the policy from the configuration.

Default

no vsi-import

Parameters

policy-name

Specifies up to five policy names, up to 32 characters.

Platforms

7705 SAR Gen 2

Context

[Tree] (config>service>epipe>bgp vsi-import)

Full Context

configure service epipe bgp vsi-import

Description

This command specifies the name of the VSI import policies to be used for BGP EVPN, BGP VPWS and BGP multi-homing if these features are configured in this Epipe service.

If multiple policy names are configured, the policies are evaluated in the order they are specified. The first policy that matches is applied.

The policy name list is handled by the SNMP agent as a single entity.

The no form of this command removes the policy from the configuration.

Default

no vsi-import

Parameters

policy-name

Specifies up to five policy names, up to 32 characters.

Platforms

7705 SAR Gen 2